Privacy Policy | Covista (original) (raw)

This Covista California Notice at Collection and Privacy Notice (“California Privacy Notice”) should be read in conjunction with the Covista Online Privacy Policy. This California Privacy Notice applies to information collected on our Services. We have adopted this notice pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”) and it applies only to residents of the State of California (“you”).

Scope

Some personal information we collect from you may not be covered by this California Privacy Notice because certain personal information collection and processing activities are exempt from the CCPA. Therefore, this California Privacy Notice and the California privacy rights set out below may not apply to you or to all your personal information.

Collection, use and disclosures of personal information

The below sets out our relevant data collection and processing practices over the last 12 months. Our collection, use, and disclosure of personal information depends on your relationship with us and your interaction with the Services.

Categories of personal information we collect

• Identifiers, such as, name, postal address, email address, phone numbers, online identifiers, or IP address.
• California Customer Records, such as, name, address, or phone numbers.
• Characteristics of Protected Classifications Under California or Federal Law, such as race, sex, gender, sexual orientation, marital status, military or veteran status, nationality.
• Commercial Information, such as, products or services purchased and other purchasing or consuming tendencies.
• Internet or Other Electronic Network Activity, such as, browsing history, search history, or website or advertisement interaction.
• Geolocation Data, such as, IP address or physical location.
• Audio, Video and Other Electronic Data, such as, photos, call recordings, or CCTV footage.
• Professional and employment-related information, such as business contact details, job title or employer.
• Education information (as defined in 20 U.S.C. § 1232g(a)(4)(A), 34 C.F.R. Part 99), meaning education records directly related to students maintained by us or a party acting on our behalf, such as grades, transcripts, class lists, student schedules, student identification codes, and student disciplinary records.
• This also includes student directory information (as defined in 20 U.S.C. § 1232g(a)(5)(A); 34 C.F.R. Part 99.3), including information such as a student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.
• Inferences drawn from this information, such as, a profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Sensitive personal information, such as social security number, criminal history, driver’s license information, state ID card, or passport number; racial or ethnic origin; biometric information; health data.

Disclosures of Personal Information. We may disclose each category of personal information listed above to our service providers who perform functions on our behalf (e.g., for purposes of IT services, data storage, etc.).
Categories of Sources. We generally collect personal information from the following categories of sources:

• Directly or indirectly from you.
• From your device.
• Automatically, such as via cookies and other tracking technologies.
• Our business partners, affiliates, and group companies.
• Data analytics providers.
• Advertising networks, social media, and related third-party platforms.
• Third party background check providers.
• Third parties such as the U.S. Government and other educational institutions.
• Operating systems and platforms.

Purposes of collection, Use, and disclosure

As more fully described in the How We Use the Personal Information Collected section above, we may collect, use, and disclose your personal information for the following purposes:

• Services and Support.
• Financial Operations
• Marketing and Advertising.
• AI Training and Improvement.
• Student Admissions and Management.
• Customization and Personalization.
• Contests and Promotions.
• Research and Surveys.
• Security, Protection of Rights, and Fraud Mitigation.
• Compliance and Legal Process.
• General Business and Operational Support.
• Alumni Programs
• As Otherwise Described.

Sensitive personal information.

We do not collect, use, or disclose sensitive personal information beyond the purposes authorized by the CCPA. Accordingly, we collect sensitive personal information for the following purposes:

• Social security number, driver’s license information, state ID card, or passport number: For identification purposes when you are applying for admission to one of our institutions or programs, and to identify you once you are on our premises.
• Racial/ethnic origin: When you make an application for admission to one of our institutions or programs, an application form asks you about your racial/ethnic origin. You are not required to give us this information but if you choose to do so we only use it for equal opportunities monitoring and share it with appropriate government agencies for this purpose.
• Health data; biometric information:
  • All applicants deemed academically eligible by a Covista institution may need to initiate drug, background and fingerprint screenings and either clear all screenings within 120 days of the session start date or sign a self-attestation and disclosure indicating their ability to clear all screenings within 120 days of the session start date before the applicant is granted acceptance. Through these checks, we may potentially process health data, criminal convictions and offences data, and your biometric fingerprint information from a third-party background check provider. If such a background check is necessary, we, or one of our institutions, will ask you whether we can do this. We only use this data for the purposes of conducting a fraud and security check and clearing your application for certain pre-licensure programs. We retain this data while you are active in the program and for six years after you leave the program.
  • Once your application to one of our courses or programs has been accepted, we collect details of any medical conditions you may have, your health insurance information and we may be able to infer information about your racial or ethnic origin from your nationality or from your passport. We only use this information for assisting students with any conditions you may tell us about so that we can arrange any additional support or make any necessary arrangements for you.
• Religious or health data: When attending events, you may be asked for this information so that Covista may arrange the appropriate accommodation for you.

Sales and sharing of personal information

The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. We disclose the following categories of personal information to third-party cookie and other ad-tech providers, who may further disclose your information throughout the digital advertising ecosystem. Such disclosures may be considered a sale or sharing for purposes of the CCPA.

• Identifiers.
• Internet or other electronic activity information.
• Geolocation data.
• Inferences drawn from personal information such as preferences, characteristics, and behaviors.

We do not sell or share sensitive personal information about individuals who we know are under age sixteen (16).

Retention of personal information

We retain the personal information we collect only as long as it is strictly necessary to fulfill the purposes described above or otherwise disclosed to you at the time of collection.

California privacy rights

To the extent provided by law and subject to applicable exemptions, you have the following rights in relation to the personal information about you that we have collected:

• Right to Know: You have the right to request the following information relating to our collection and use of your personal information:
• Categories of personal information we have collected about you;
• Categories of sources of the personal information we collected about you;
• Business and/or commercial purposes for collecting or, if applicable, selling that personal information;
• Categories of third parties to whom we have disclosed personal information for a business purpose; and
• Specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete your personal information. Subject to certain exceptions, we will endeavor to delete your personal information and direct any service provider to delete your personal information.
• Right to Opt-Out: You have the right to opt out of the sale and sharing of your personal information, including for purposes of cross-context behavioral advertising, also known as targeted advertising.
• Right to Non-Retaliation: You have the right not to be subject to retaliatory treatment for exercising any of the rights described above.
• Right to Correct Inaccurate Personal Information: You have the right to request corrections to inaccurate personal information that we may hold about you.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information—like precise geolocation, biometrics, race, religious beliefs, and health data—beyond core business purposes.

California residents may exercise any privacy rights to which you are entitled by contacting us at privacy@covista.com or calling us at 1-866-653-5656. You may make up to two “right to know” requests within a 12-month period.

To exercise your right to opt out of sales and sharing, you may use our cookie banner or click on the “Cookies Settings ” or “Do Not Sell or Share My Personal Information” link located in the footer of our web page and manage your preferences. In addition, if we detect that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or (“GPC”) signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our Site or use our Services from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

Verification. We will need to verify you identify before processing your request. In order to verify your identity, we will generally either require you to login to your account or we must be able to match certain information you provide us to the information we maintain about you. Certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

Requests Submitted by Authorized Agents. You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Do Not Track
Our entire site currently does not respond to “Do Not Track” signals. However, our site responds to other opt-out preference signals as required by law.