ECSI WEBSITE PRIVACY NOTICE
Last Updated: December 31, 2022
Educational Computer Systems, Inc. ("ECSI," "us", "we" or "our") respects your rights and preferences regarding data privacy. In this Privacy Notice ("Notice"), we describe how we collect, use, share and dispose of the personal information that we collect from users of our U.S. websites, forums and blogs ("Sites") that link to this notice, as well as from our U.S. prospects and customers and their personnel.
Please note that this Notice does not describe our processing of borrower personal information in connection with our provision of student loan processing services. If you are a borrower, and your loan is serviced by ECSI, you should refer to the separate privacy notice that we have delivered to you, available here. It describes the personal information that we collect and process about you as a borrower, as well as whether and when we share that personal information, and what rights you may have with respect to such sharing.
In this Notice, we provide the following information about our collection and processing of personal information from and about users of our Sites, as well as our U.S. prospects and customers and their personnel:
● PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
● HOW WE SHARE PERSONAL INFORMATION
● TRANSFERRING PERSONAL INFORMATION GLOBALLY
● HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
● COOKIES AND OTHER TRACKING TECHNOLOGIES
● CHILDREN
● YOUR LEGAL RIGHTS
● OTHER INFORMATION
● CONTACT US
PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
We will only collect, use, and share your personal information where we are satisfied that we have an appropriate legal basis to do so. Subject to your consent if required by law, we may collect the following types of personal information about you:
● Identifiers, including your name and your basic contact information, such as telephone number, email address, or postal address;
● Sensitive Personal Information, such as your account credentials;
● Employment Information, including your connection to the school or other customer with which you are affiliated;
● Internet/Electronic Activity, include information relating to your activity on our Sites and within our services, as well as basic browsing data collected automatically through your interactions with us over the internet (e.g. IP address, other browsing data, and information collected through “Cookies,” see below);
● Commercial Information, including information about the products and services we provide to you, your access and purchase history, and other information about your commercial activity; and
● Communications Contents and Metadata for any communication you may have with us, including transcripts, call recordings, and any information you provide when you participate in any blog, community or forum on our Sites.
How we use your personal information. We may use your personal information to:
● Create, maintain or provide service for your account
● Process or fulfill requests from you
● Respond to customer service requests from you
● Verify your information
● Process payments
● Undertake activities to maintain the quality, safety or integrity of the Sites or our services
● Maintain data security, including detecting and responding to security incidents and protecting you and us from fraud
● Monitor our Sites, including gathering usage data and other analytic information that enables us to maintain and improve the Sites and our services
● Other uses that are required for us to meet our legal, contractual or regulatory requirements
Sources of personal information. We collect information from various sources. Our sources for personal information include the following:
● Information that you provide to us: We collect personal information that you provide to us when you set up an account with us, visit our Sites, use our services, or communicate with us. For example, if you register for an account with us, we may request your name, contact information and other information.
● Information collected from third parties: We may collect information about you from third parties in the course of providing our services to you. For example, we may collect personal information like your name, contact information and employment status from your college or university in order to provide you with access to our services as an authorized user.
● Information collected through technology: When you visit our Sites or interact with an email we send to you, we may collect certain information automatically, such as your account or device identifier, and usage information such as pages that you visit, information about links you click, the types of content you interact with, the frequency and duration of your activities, and other information about how you use our services. You have the ability to express your preference regarding some of the ways we collect information through technology in some of our services (see “Cookies and Other Tracking Technologies” for more information).
The business purpose for our processing of your personal information. Our primary business purpose for processing your personal information is to perform the services outlined in our contracts with our customers. We may also use your personal information to enable the following additional business purposes: (1) detecting and managing security incidents or fraudulent activity, (2) providing customer service, fulfilling requests, and other functions directly related to the services, (3) maintaining our software including debugging and repairing errors, and (4) maintaining the quality of the services and developing enhancements and improvements to meet our customer needs.
Our Processing of Sensitive Personal Information. Sensitive Personal Information includes personal information defined as sensitive under the applicable privacy and data protection laws. When we collect Sensitive Personal Information about you, we will limit our use and disclosure of that information to what is necessary to perform the services, unless we are required to do otherwise under applicable laws. In addition to processing Sensitive Personal Information as required to perform the services, we may process Sensitive Personal Information to detect and prevent security incidents or fraud, to ensure the physical safety of natural persons, for short-term transient uses (when consistent with the purpose for which the information was collected), and to verify or maintain the quality or safety of any services we perform. Under some privacy and data protection laws, you may have the right to limit the processing of your Sensitive Personal Information. You can find more information about your rights in other sections of this Notice, including any applicable section directed at residents of the state or country in which you reside.
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may share anonymized or aggregated data with our parents, subsidiaries, affiliates or with other third parties.
This Notice does not restrict ECSI's use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.
HOW WE SHARE PERSONAL INFORMATION
We disclose personal information as necessary to operate our Sites and provide the services. Except as otherwise specified, we may share any of the categories of your personal information in the manner and for the purposes described below:
● With ECSI affiliates where such disclosure is necessary to provide you with our services or to manage our business.
● With third-party service providers. For example, we share personal information with IT service providers who help manage our back office systems or administer our Sites and services. These third-party service providers have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, solely for the purpose of providing the contracted service to us.
● With our customer on whose behalf we interact with you in the provision of the services. For example, ECSI may share the personal information relating to customer personnel with the relevant customer, consistent with the terms of our contractual agreement(s) with that customer.
● With banks and payment providers to authorize and complete card payments.
● With the National Student Loan Database consistent with our obligations to our customers.
● We may share identifiers with logistics service providers to enable the delivery of packages to individuals.
● With other third parties with whom you direct us to share defined categories of your personal information.
ECSI may also disclose personal information about you if it believes such disclosure is necessary to comply with laws or respond to lawful requests and legal process, to enforce our agreements, policies and terms of use and to protect or defend the rights, safety or property of ECSI, users of the services or any person.
In addition, subject to applicable legal requirements, we may share personal information in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business assets to another company.
Unless otherwise disclosed in a specific notice, and subject to your consent where required by applicable law, we do not sell your personal information to third parties for monetary compensation, and we do not share your personal information with third parties for cross-context behavioral advertising.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
We operate on a global basis. This means that your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law.
HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
We take seriously our responsibility to protect the security and privacy of your personal information. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our policies and procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.
We retain the personal information we collect for different periods of time depending on what it is and how we use it. In some contexts, we will provide additional information about retention as you use the services. When we collect your personal information, we will retain it only for as long as is necessary to complete the legitimate business or legal purposes for which we collected it. In many cases, the retention time period will correspond to the time period for which you have an account or other type of business relationship with us plus a defined period after that relationship ends which will be defined by our regulatory requirements.
COOKIES AND OTHER TRACKING TECHNOLOGIES
A "cookie" is a text file that is stored to your browser when you visit a website.
Unique device identifiers like IP address or UDID recognize a visitor's computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of "remembering" computers or other devices used to access the Sites and Apps.
We may also use other technologies like pixels or tags that allow us to measure responses to our email communications.
Cookies can be classified by duration and by source:
● Duration. The Sites use both "session" and "persistent" cookies. Session cookies are temporary - they terminate when you close your browser or otherwise end your "active" browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for "How to Delete or Block Cookies").
● Source. Cookies can be "first-party" or "third-party" cookies, which means that they are either issued by or on behalf of ECSI or by a third-party operator of another website.
The cookies that we may use on the Sites fall into the following categories:
● Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.
● Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
● Functionality Cookies. These cookies enable the Sites to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly.
On some Sites, when technically feasible, we will enable tools to help you make choices about cookies and other tracking technologies. You may also delete or block cookies at any time by changing your browser settings. You can click "Help" in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Sites may not function properly.
External Links
ECSI may provide links on our Sites and Apps to other websites that are not under our control. We do not endorse or make any warranty of any type regarding the content contained on such websites or products and services offered on those websites. We encourage our users to be aware when they leave our Sites and to read the privacy statements of each and every website that collects personal information. This Notice applies solely to personal information collected by us. You should read any other applicable privacy and cookies notices carefully before accessing and using other websites.
CHILDREN
The Sites and our services are not intended for use by children. We do not solicit or knowingly accept any personal information from persons under the age of 18 and we do not sell or share personal information of consumers under age 18. Please do not use the Sites or our services if you are under the age of 18.
YOUR LEGAL RIGHTS
● Know whether we process your personal information;
● Know how your personal information is used;
● Access, request and receive the personal information we have collected in a portable manner;
● Object to having your personal information sold or shared; and
● Request that we delete your personal data.
You may contact us using the information in the Contact Us section of this Notice for additional information about how to exercise your rights.
The following sections include information for residents of specific jurisdictions.
Information for California Residents
If you are a California resident, this section applies to you in addition to the rest of the privacy Notice.
California Shine the Light
If you are a resident of California, you may request information concerning the categories of personal information (if any) we share with third parties or affiliates for their direct marketing purposes. If you would like more information, please submit a written request to us using the information provided in the “Contact Us” section of this Notice.
Categories of Personal Information We Collect and Our Purposes for Collection and Use
You can find a list of the categories of personal information that we collect, as well as a description of how we use it, in the section titled, “Personal Information We Collect and How We Use It,” above.
Categories of Personal Information Disclosed and Categories of Recipients
We disclose the following categories of personal information for business or commercial purposes to the categories of recipients listed below:
● We disclose Identifiers to service providers, affiliates, and third-party partners.
● We disclose Sensitive Personal Information to service providers and affiliates.
● We disclose Employment Information to service providers, affiliates, and third-party partners.
● We disclose Internet/Electronic Activity to service providers, affiliates, and third-party partners.
● We disclose Commercial Information to service providers, affiliates, and third-party partners.
● We disclose Communication Contents and Metadata to service providers, affiliates, and third-party partners.
For more information on how your information is shared, please see the “How We Share Personal Information" section, which provides more detail.
As a California resident, you have specific rights with regard to your personal information. When we act as a business for the purpose of processing your personal data you can contact us using the information provide in the “Contact Us” section of this Notice with regard to the following rights:
|
Right to know about personal information collected, disclosed, and sold |
You have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months: ● the categories and specific pieces of personal information we have collected about you; ● the categories of sources from which we collected the personal information; ● the business or commercial purpose for which we collected or sold the personal information; ● the categories of third parties with whom we shared the personal information; and ● the categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose. |
|
You may request that we do not sell your personal information to third parties. You may also request that we do not share your personal information for cross-context behavioral advertising. |
|
|
Right to request deletion |
In some circumstances, you have the right to have your personal information erased or deleted. |
|
Right to equal service and prices (“non-discrimination”) |
Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in services offered or pricing. |
|
Right to request correction |
You have the right to request that we correct any inaccuracies in your personal information. |
|
Right to limit the use and disclosure of sensitive personal information |
In some circumstances, you may request that we limit the use and disclosure of your sensitive personal information. |
OTHER INFORMATION
Privacy Act Notice. The Privacy Act of 1974 requires that the following notice be provided to you: The authorities for collecting the requested information from and about you are §421 et seq., §451 et seq., or §461 of the Higher Education Act of 1965, as amended (20 U.S.C. 1071 et seq., 20 U.S.C. 1087a et seq., or 20 U.S.C. 1087aa et seq.) and the authorities for collecting and using your Social Security Number (SSN) are §§428B(f) and 484(a)(4) of the HEA (20 U.S.C. 1078-2(f) and 1091(a)(4)) and 31 U.S.C. 7701(b). Participating in the Federal Perkins Loan (Perkins Loan) or Health Profession Loan Program and giving us your SSN are voluntary, but you must provide the requested information, including your SSN, to participate. The principal purposes for collecting the information, including your SSN, are to verify your identity, to determine your eligibility to receive a loan or a benefit on a loan (such as a deferment, forbearance, discharge, or forgiveness) under the Perkins Loan and Health Profession Loan Program, to permit the servicing of your loans, and, if it becomes necessary, to locate you and to collect and report on your loans if your loans become delinquent or default. We also use your SSN as an account identifier and to permit you to access your account information electronically. The information in your file may be disclosed, on a case-by-case basis or under a computer matching program, to third parties as authorized under routine uses in the appropriate systems of records notices. The routine uses of this information include, but are not limited to, its disclosure to federal, state, or local agencies, to private parties such as relatives, present and former employers, business and personal associates, to consumer reporting agencies, to financial and educational institutions, and to guaranty agencies in order to verify your identity, to determine your eligibility to receive a loan or a benefit on a loan, to permit the servicing or collection of your loans, to enforce the terms of the loans, to investigate possible fraud and to verify compliance with federal student financial aid program regulations, or to locate you if you become delinquent in your loan payments or if you default. To provide default rate calculations, disclosures may be made to guaranty agencies, to financial and educational institutions, or to state agencies. To provide financial aid history information, disclosures may be made to educational institutions. To assist program administrators with tracking refunds and cancellations, disclosures may be made to guaranty agencies, to financial and educational institutions, or to federal or state agencies. To provide a standardized method for educational institutions to efficiently submit student enrollment statuses, disclosures may be made to guaranty agencies or to financial and educational institutions. To counsel you in repayment efforts, disclosures may be made to guaranty agencies, to financial and educational institutions, or to federal, state, or local agencies. In the event of litigation, we may send records to the Department of Justice, a court, adjudicative body, counsel, party, or witness if the disclosure is relevant and necessary to the litigation. If this information, either alone or with other information, indicates a potential violation of law, we may send it to the appropriate authority for action. We may send information to members of Congress if you ask them to help you with federal student aid questions. In circumstances involving employment complaints, grievances, or disciplinary actions, we may disclose relevant records to adjudicate or investigate the issues. If provided for by a collective bargaining agreement, we may disclose records to a labor organization recognized under 5 U.S.C. Chapter 71. Disclosures may be made to our contractors for the purpose of performing any programmatic function that requires disclosure of records. Before making any such disclosure, we will require the contractor to maintain Privacy Act safeguards. Disclosures may also be made to qualified researchers under Privacy Act safeguards.
Changes and Updates. We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Notice, in whole or in part, at any time. When we amend this Notice, we will revise the "last updated" date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing you direct communication about such changes or providing a notification through the Services, as appropriate. If you provide personal information to us or access or use the Services after this Notice has been changed, you will be deemed to have unconditionally consented and agreed to such changes. The most current version of this Notice will be available on the Sites and Apps and will supersede all previous versions of this Notice.
Choice of Law. Except where prohibited by law, this Notice, including all revisions and amendments thereto, is governed by the laws of the United States, State of Georgia, without regard to its conflict or choice of law principles which would require application of the laws of another jurisdiction.
Arbitration. Except where prohibited by law, by using the Services in any way, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against ECSI and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the "ECSI Entities") arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by JAMS and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act ("FAA"), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator's decision shall be controlled by the terms and conditions of this Notice and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable ECSI Entity's individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any ECSI Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Global Entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, ECSI agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, ECSI will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor ECSI shall be entitled to arbitrate their dispute. For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.
CONTACT US
If you have questions about this Notice, or if you want to exercise your rights as described in this Notice, you can submit a request by completing this form or may contact us as follows:
ECSI
1200 Cherrington Parkway, Suite 200
Moon Township, PA 15108
privacy@globalpay.com
888-549-3274
If you designate an authorized agent to make a rights request on your behalf, we request that you notify us of such designation by contacting us using the methods listed above.