Last Updated: 08/02/2018
The API Data Protection Officer is Fernando Dávila at firstname.lastname@example.org
We collect information from you in various ways when you use our Services. We may also supplement this information with information from other companies. We collect two general types of information, namely personal information and aggregate data. As used in this Policy, the term “personal information” means information that specifically identifies an individual (such as a name and email address), and demographic and other information when directly linked to information that can identify an individual.
Our definition of personal information does not include “aggregate data”. Aggregate data is information we collect about a group or category of services or users from which individual user identities have been removed. In other words, no personal information is included in aggregate data. Aggregate data helps us understand trends in our users’ needs so that we can better consider new features or otherwise tailor our Services.
The following are the specific types of information we collect from you:
Information You Give Us or That You Authorize Others to Give to Us
We collect information you give us on our Site and when you register for and use our Services and information that you authorize others to give to us. Examples include the following:
Registration and Profile Information
When you register to use our Services or update your profile, we may collect various kinds of information about you including, your name and email address; transcripts and other education records; and other profile information you provide or that you have others provide to us; demographic information; and information you upload such as photos, files, and documents.
We collect the email addresses you provide for contacts you enter or upload into your private contacts page. When you choose to collaborate or share information with others, we also collect email addresses you provide to email invitations to those individuals on your behalf.
Our payment processing vendor collects any credit card information you submit; and, we and our payment processor collect billing information you submit.
Submissions and API Service
From time to time we may use surveys, contests or sweepstakes requesting personal or demographic information and customer feedback.
Automatically Collected Information
We automatically receive certain types of information when you interact with our Services. For example, it is standard for your web browser to automatically send information to every website you visit, including ours. That information includes your computer’s IP address, access times, your browser type and language, and referring website addresses. We may also collect information about the type of operating system you use, your account activity, and files and pages accessed or used by you.
Cookies and Web Beacons
In general, we use your personal information to provide the Services, process your requests or transactions, to provide you with information or services you request, to inform you about other information, events, promotions, products or services we think will be of interest to you, to facilitate your use of, and our administration and operation of, the Services and to otherwise serve you and our users. For example, we may use your personal information:
- to provide information to educational institutions that you attend, or desire to attend;
- to request feedback and to enable us to develop, customize and improve our Services;
- to conduct marketing analysis, to send you surveys or newsletters, to contact you about services, products, activities, special events or offers from API or our service or marketing partners and for other marketing, informational, product development and promotional purposes;
- to send you a welcoming email and to contact you about your use of the Services; to respond to your emails, submissions, comments, requests or complaints; to perform after-sales services; to anticipate and resolve problems with our service; to respond to customer support inquiries, for assistance with our product and service development; and to inform you of updates to products and services from API that better meet your needs;
- to send emails to users you invite (and contacts you invite to become users) to collaborate and access your information;
- to enable you to communicate, collaborate, and share files with users you designate;
to contact you if you win a contest; and
- for other purposes about which we notify you.
DURATION OF PROCESSING OF PERSONAL DATA
Notwithstanding those instances where your Personal Data is processed or used by API based on a statutory permission or your consent, API will only store your Personal Data for as long as it is required to fulfil the purposes set out below, (until you object to API’s use of your Personal Data (if API uses your Personal Data based on legitimate interest), or until you withdraw your consent (if API uses your Personal Data based on your consent). However, where API is required by mandatory law to retain your Personal Data longer or where your Personal Data is required for API to assert or defend against legal claims, API will retain your Personal Data until the end of the relevant retention period or the settlement of the claims in question.
DATA SUBJECT'S RIGHTS UNDER GDPR
You can request from API at any time information about which Personal Data API processes about you and the correction or deletion of such Personal Data. Notwithstanding your request, API may retain your Personal Data if there is a statutory obligation or prevailing right of API to retain it. Kindly note that if you request the deletion of your Personal Data from API you will not be able to further use such API Services which require API’s use of your Personal Data.
If API uses your Personal Data based on your consent or to perform a contract with you, you may further request from API a copy of the Personal Data that you have provided to API To make such a request, please contact the email address below and specify the information or processing activities to which your request relates, the requested format for your Personal Data (provided it is commonly used), and whether the Personal Data shall be provided to you or another recipient. API will carefully review your request and discuss with you how it can be best implemented.
Furthermore, you can request from API that API restricts your Personal Data from any further processing in any of the following events:
- You state that the Personal Data API has about you is incorrect, however, only for as long as API requires to check the accuracy of the relevant Personal Data;
- There is no legal basis for API’s processing of your Personal Data and you demand that API restricts your Personal Data from further processing;
- API no longer requires your Personal Data but you claim that you require such data in order to claim or exercise legal rights or to defend against third-party claims, or;
- In case you object to the processing of your Personal Data by API for as long as it is required to review as to whether API has a prevailing interest or legal obligation in processing your Personal Data. Please direct any such request to email@example.com.
RIGHT TO LODGE A COMPLAINT
If you take the view that API is not processing your Personal Data in accordance with the requirements set out herein or applicable EEA data protection laws, you can at any time lodge a GDPR complaint with the data protection authority of the EEA country where you live.
Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm
API does not knowingly collect personally identifiable information from children under the age of thirteen (13) without verifiable parental consent. If it is determined that such information has been inadvertently collected on anyone under the age of thirteen (13), we shall immediately take the necessary steps to ensure that such information is deleted from our system’s database. Anyone under the age of thirteen (13) must seek and obtain parent or guardian permission to use this website.
UPDATING AND ACCESSING PERSONAL INFORMATION
If your personal information changes in any way, you must correct or update your information as soon as possible. You can make updates to your profile information by logging into your account on API at any time. You can also request changes or access to your information by emailing firstname.lastname@example.org
We may send you communications or data regarding our Services, including but not limited to
- notices about your use of our Services, including any notices concerning violations of use;
- updates, and;
- promotional information and materials regarding our Services.
You may opt-out of receiving promotional emails from Us by following the opt-out instructions provided in those emails. You may also opt-out of receiving promotional emails and other promotional communications from us at any time by emailing email@example.com with your specific request. Opt-out requests will not apply to transactional service messages, such as security alerts and notices about your current account and Services.
EU and Swiss individuals have the right to access their Personal Information. Except as otherwise set forth below, upon written request (at the address provided below under the section of this Policy entitled “CONTACT US”), API shall allow such individuals to amend, correct or delete any of their Personal Information possessed by API that is inaccurate or that is being processed in violation of this Policy. The individual will need to provide sufficient identifying information. In some circumstances, we may charge a reasonable fee, where warranted, for access to such Personal Information.
DATA INTEGRITY & LIMITATIONS ON DATA USE
API shall only process and use Personal Information in a way that is compatible with and relevant for the purpose for which it was provided to API. To the extent necessary for those purposes, API shall take reasonable steps to ensure that Personal Information in our possession is accurate, complete, current and reliable for its intended use.
In accordance with this Policy and the Privacy Shield Principles, and except in connection with transfers to third parties performing tasks directly on our behalf and pursuant to our instructions, where we receive Personal Information directly from an EU or Swiss individual to which such Personal Information pertains, we will offer the individual the opportunity to choose (opt-out) whether his/her Personal Information is (1) disclosed to a third party; or (2) used for a purpose other than the purpose for which he/she provided consent. Anyone wishing to opt out can do so by contacting API at the address provided below under the section of this Policy entitled “CONTACT INFORMATION”
Where we receive Personal Information pertaining to EU and Swiss individuals directly from our clients (and not the individual to whom the Personal Information relates), we will cooperate with our clients’ reasonable requests to:
- Assist them in informing the impacted individuals about (a) the possibility that we may disclose such individuals’ information to third parties and (b) the individual’s ability to opt out of such disclosures (except for disclosures to third parties performing tasks directly on our behalf and pursuant to our instructions); and
- Reasonably ensure that we process the information for purposes compatible with those for which it was originally collected or subsequently authorized by the impacted individuals. Our clients will then inform us if any such individuals have opted out of such disclosures.
API reserves the right to share aggregated information about our customers, sales, and traffic to our partners and advertisers. We may disclose personal information to a third party:
- To provide information to educational institutions that you attend, or desire to attend;
- To provide the Services to you, including by providing personal information to any third parties (such as cloud services providers and universities) who we may partner with to provide the Services;
- To comply with laws or respond to lawful requests and legal process;
- In the good faith belief that disclosure is needed to respond to an emergency, or protect the personal safety of any person;
This Policy in no way restricts or limits our collection and use of aggregate data, and we may share aggregate data about you and our users with third parties for various purposes in perpetuity, including to help us better understand our customer needs and improve our Services, to provide new Services and for advertising and marketing purposes.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
API’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, API remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles unless API proves that it is not responsible for the event giving rise to the damage.
We take reasonable steps to protect the information we collect from you to prevent loss, misuse and unauthorized access, disclosure, alteration, and destruction.
The servers on which information is stored are kept in a controlled environment with limited access. While we take reasonable efforts to guard personal information we knowingly collect directly from you, no security system is impenetrable. In addition, we cannot guarantee that any -collected personal information you choose to include in documents you store on our systems are maintained at adequate levels of protection to meet specific needs or obligations you may have relating to that information.
We work with a third party data center, Amazon Web Services, WPengine, IOZOOM, Google Cloud, and Software as a Service providers to host our Websites, services, and software in secure production environments that use firewalls and other technology to reasonably prevent access from outside intruders. API also uses Secure Socket Layer (SSL) for authentication and private communications in an effort to build users’ trust and confidence in the internet and website use by providing simple and secure access and communication of credit card and personal information. Our credit card processing vendor uses security measures to protect your information, both during the transaction and after it’s complete. API Is certified compliant with all Payment Card Industry (PCI) DSS 3.2 standards.
Academic Programs International. (“API”, “we” or “us) may automatically receive and record information on our server logs from your browser when you use the API Website and Services. We may use a variety of methods, including clear GIFs (also known as “web beacons”) and “cookies”, to collect this information.
1. COOKIES AND OTHER AUTOMATED MEANS OF PASSIVE DATA COLLECTION
This section provides more information about some of those technologies and how they work:
Cookies store information about your activities on a website or other platform. For example, cookies can store your session information for easy sign-in to a website or other platform you have previously visited. They enable us to make your use of the API Website and Services more enjoyable and to improve the functionality of the Service.
Clear GIFs (also known as web beacons) are used in combination with cookies to help website operators understand how visitors interact with their websites. A clear GIF is typically a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a website. The use of a clear GIF allows the website to measure the actions of the visitor opening the page that contains the clear GIF. It makes it easier to follow and record the activities of a recognized browser, such as the path of pages visited at a website.
Clear GIFs, which can be embedded in web pages, videos, or emails, can allow a web server to read certain types of information from your browser, check whether you have viewed a particular web page or email message, and
determine, among other things, the time and date on which you viewed the Clear GIF, the IP address of your computer, and the URL of the web page from which the Clear GIF was viewed.
For more information about cookies and web beacons, please visit http://www.allaboutcookies.org... local storage
We, along with our partners and vendors, use other kinds of local storage, such as Local Shared Objects, also referred to as “Flash cookies”, and HTML5 Local Storage (including IE local storage), also referred to as “browser cookies”.
These technologies are similar to the cookies discussed above in that they are stored on your computer and can be used to store certain information about your activities and preferences. However, these objects are stored in different parts of your computer from ordinary browser cookies.
We use Local Shares Objects in connection with the Services, including, but not limited to, in our legacy Web Application product, Apache, and also in communicating between pages or frames loaded from our domain and pages or frames loaded from our Client’s domain in browsers that do not support HTML5 for cross domain communication (for example, IE).
We are using PHP and HTML5 Local Storage to improve the Service performance and End User experience by caching certain data objects locally so they don’t have to always be fetched from the server. We also store certain End User states required for delivering the Service, and use HTML5 Local Storage to store identifiers and access tokens in browsers that do not allow setting 3rd party cookies (for example, Safari).
2. WHAT INFORMATION DO WE PASSIVELY COLLECT?
3. HOW DO WE USE PASSIVELY COLLECTED DATA?
On the API Website
On the API Website, we may use passively-collected data to: (a) remember your information so that you will not have to re-enter it during your visit or the next time you visit the API Website; (b) monitor your participation in various sections of the API Website; (c) customize our service to you, including by providing you with recommendations; (c) monitor aggregate website usage metrics such as total number of visitors and pages viewed; and (d) administer, operate, and improve the API Website and our other services and systems, and to provide services and content that are tailored to you.
Through the API Services
Our Clients, in implementing API’s Services, utilize their own websites. When you use the Service, our servers passively collect data through the implementation of the API API including, but not limited to, your IP address, page views, browser type, interactions with API’s Services, the web page you are currently visiting and the web page you were visiting before you came to the Service, and social actions such as sharing and commenting. This information is used to facilitate delivery of the Service and, in some cases, for internal reports. Additionally, some of the information collected is used in the Client Reports. The Client Reports may contain both passively-collected information and End User Personal Information.
4. WHAT COOKIES DO WE USE AND WHY?
We use the following types of cookies:
Strictly necessary cookies – These cookies are used for the sole purpose of either (i) carrying out a transmission of a communication over an electronic communications network, or (ii) to allow the provider of an information society service to provide such service as explicitly requested by you.
Performance cookies – These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often, and if they get error messages from web pages. These cookies do not collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. it is only used to improve how a website works.
Functionality cookies – These cookies allow the website to remember choices you make (such as your user name, language or region you are in) and provide enhanced, more personal features.
Social media cookies – These cookies are used based on social connect functionalities or when you make use of a social media add-on button (e.g. clicking on the ‘Like’ icon on a webpage).
Whether a cookie is considered as a ‘first’ or ‘third party’ cookie refers to the domain placing the cookie. First-party cookies are those cookies set by a website that is being visited by the user at the time (e.g. cookies placed by [www.apiabroad.com]). Third-party cookies are cookies that are set by a domain other than that of the website being visited by the user. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie.
Session cookies allow website operators to link your actions during a browser session - A browser session starts when you open the browser window and finishes when you close the browser window. Session cookies are created temporarily. Once you close the browser, all session cookies are deleted. Persistent cookies on the other hand are cookies which remain on your device for the period of time specified in the cookie. We use both session and persistent cookies.
You can find more information about the individual cookies we use, and the specific purposes for which we use them, in the attached table below.
5. HOW TO DISABLE OR REMOVE COOKIES
You can configure your Internet browser, by changing its options, to stop accepting cookies completely or to prompt you before accepting a cookie from the website you visit. If you do not accept cookies, however, you may not be able to use all portions of the API Website or all functionality of the Services.
Other Local Storage
For information about disabling or deleting information contained in Local Shared Objects, please visit https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html.
For information about disabling or deleting information contained in HTML5 Local Storage, please refer to your browser’s user manual or please visit http://www.allaboutcookies.org/cookies/.
Please note that disabling these technologies may interfere with the performance and features of the Services.
7. CONTACTING US
8. COOKIE MAP INVENTORY
Click here to view a cookie map inventory (Updated 5/23/2018)
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, API is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles (collectively, the “Privacy Shield Principles”), API commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union and Swiss individuals with Privacy Shield inquiries or complaints should first contact API at the address provided below under the section of this Policy entitled “CONTACT INFORMATION”.
API has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
VERIFICATION OF PRIVACY SHIELDS
API has undertaken a self-assessment verifying that this Policy conforms to the Privacy Shield Principles. We will continue to undertake annual self-assessments to verify that this Policy remains compliant with the Privacy Shield Principles and the Frameworks.
We may change this Policy from time to time. If we make any changes to this Policy, we will change the “last updated” date above. If there are material changes to this Policy and you have an active account with us, we will notify you more directly. We encourage you to check this Policy whenever you use any of Services to understand how your personal information is used.
If you have any questions, comments, or concerns about this privacy statement or the practices of the Websites, you can contact us:
Academic Programs International - API
301 Camp Craft, Ste 100
Austin, Texas, 78746
Opt Out Email: firstname.lastname@example.org
EFFECTIVE DATE OF POLICY AND UPDATE THIS POLICY
This Policy is effective as of May 24, 2018. API reviews this Policy from time to time and may make changes this Policy in connection with such review. We will post any changes to this Policy on these web pages following such change. You should check this page regularly to ensure you are familiar with any changes. You agree that any posted changes to this Policy will be binding on you.