DATE OF ISSUE: July 2024
INTO University Partnerships Group
Supplementary Privacy Notice for Users of our Services in the U.S.
This supplementary Privacy Notice outlines the personal information handling practices which apply to the collection, use, disclosure and handling of personal information for users of our services who are individual residents of the States of Colorado, Connecticut, Oregon, Texas, Utah and Virginia. The information provided is required under the following laws, (collectively, “U.S. State Privacy Laws”):
Colorado Privacy Act of 2021 (the “CPA”)
Connecticut Data Privacy Act (“CTDPA”)
Oregon Consumer Data Privacy Act (“OCDPA”)
Texas Data Privacy and Security Act ("TXDPSA")
Utah Consumer Privacy Act of 2022 (“UCPA”)
Virginia Consumer Data Protection Act of 2021 (“VCDPA”)
If you are a resident of the State of California, our California Privacy Notice will apply to you.
If you are applying for a job with us, our Candidate Privacy Notice will also apply to you.
We reserve the right to update this Privacy Notice at any time by making changes that applies to your use of our services and websites. We will use reasonable efforts to notify you if any material changes are made to our processing activities and/or this Privacy Notice, either by posting a message on our website or sending you an email.
Scope of Notice
For residents of the above-named States ("users" or "you"): This Privacy Notice for the U.S. supplements information in the INTO University Partnerships Group’s main Privacy Notice and provides additional information about our personal information processing practices relating to individual residents of these States.
This Privacy Notice only applies where the INTO University Partnerships Group (“we”, “our”, and “us”) acts as a ‘business’ or ‘controller’, for example for the operation of our websites and for marketing purposes. Where our services are provided in collaboration with a university based in the U.S., we may process personal information as a ‘service provider’ or ‘processor’ in accordance with our contractual agreements. In such cases, the relevant university’s own privacy notice will govern the use of personal information and the rights and choices that individuals may have regarding their personal information.
When we process Student Data, we will retain, use, and disclose the Student Data in accordance with written agreements with our university partners and we will also comply with relevant requirements of the Family Educational Rights and Privacy Act (FERPA).
For the purposes of this Privacy Notice, personal information does not include:
publicly available information from government records
deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you
information relating to our employees, contractors, and other personnel (which is covered by a separate privacy notice published internally).
Any terms used that are not defined in this Privacy Notice will have the same meaning as in the applicable U.S. State Privacy Law.
Personal Information Collection and Use
In section 2. “Information we collect about you” of our Privacy Notice we provide details about the types of personal information we collect from or about you. Over the last 12 months since this Privacy Notice was published, this may have included the following:
Identifiers such as your name, customer or student ID, address, phone number, email address, date of birth or other similar identifiers.
Demographic Information such as age and gender.
Protected Classification Characteristics such as disability (if provided for student accommodation or classroom purposes) or national original.
Commercial Information such as records of products or services you have purchased or intend to purchase.
Internet/Network Information such as device information, IP address, logs and analytics data.
Geolocation Data such as precise location information from your device or rough location based on your IP address.
Professional/Employment Information such as the organisation you are affiliated with, and your role in the organisation.
Other Personal Information that may be contained in online chat, document uploads, or user-generated content.
Inferences about your interests and preferences generated or derived from your use of our websites or browsing of courses or available services.
Purposes for Collection
The purposes for processing your personal data are described in more detail in section 5. “How we use your personal information” of our Privacy Notice. We will use your personal information to communicate with you, to provide the services for which it was originally collected, or for any other business and operational purpose described in our Privacy Notice and as otherwise permitted or required by law.
Sensitive Information
Some of the categories of personal information we collect may be classified as “sensitive” under some of the U.S. State Privacy Laws (“sensitive information”). This includes disability information, collected for example so we can ensure students are appropriately accommodated whilst pursuing their study programmes or help them access appropriate support. We use this sensitive information only for the purposes described in our Privacy Notice or as disclosed at the time of collection, and as set out in our Special Category and Criminal Offence Data Policy.
Personal Information Disclosure
Depending on your relationship with us, we may disclose any or all the categories of personal information described above to the categories of third parties identified in section 6. “Disclosures of your personal information” of our Privacy Notice.
Retention of Personal Information
We keep your Personal Information for the period reasonably necessary to provide our services to you and for the period reasonably necessary to support our business operational purposes. Further details about how long your personal information made be kept for is available in section 9. “Information retention” of our Privacy Notice.
Right to Opt-Out of Marketing and Advertising
We recognize the right to opt-out of targeted marketing and advertising communications. You can exercise this right by using the ‘unsubscribe’ link included in communications that we may send you from time to time, by sending us an email to privacy@intoglobal.com or by completing our Online Rights' Request form.
Your Privacy Rights
Depending on your State of residency and subject to certain legal limitations and exceptions in the U.S. State Privacy Laws, you may exercise some or all of the following privacy rights – a right to know, access, correct, delete, transfer (portability), opt-out of marketing or targeted advertising, or a right of control over your sensitive information. We recognize all requests to exercise State privacy rights as including personal data, personal information, and personally identifiable information ("PII") under the applicable State law and as defined in our Privacy Notice.
To exercise your privacy rights, please submit a request by:
emailing us at privacy@intoglobal.com or
complete our Online Rights' Request form.
You must provide us with sufficient personal information to allow us to verify your identity and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We will only use such personal information to review and comply with your request. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate information in our systems, or as permitted by law.
Authorized agents may be permitted to submit a request on your behalf. The authorized agent must provide a signed authority by you that confirms they have permission to submit a request on your behalf or must provide sufficient evidence to show they have been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent permission to submit the request. It may therefore take additional time to complete agent-submitted requests, and a request may be denied in the event we are not able to verify the authorized agent’s authority to act on your behalf.
Time To Respond
The privacy laws of the above-named States require us to handle and respond to privacy rights’ requests within 45 days from the date of receipt, except for the State of Nevada which mandates such requests must be completed within 60 days of receipt. However, our general procedure is to normally complete and respond to privacy rights’ requests within 30 calendar days.
Right of Appeal
Depending on your State of residency, you may have the right to appeal a decision we have made by notifying us that you disagree with our decision. All appeal requests should be submitted by email to privacy@intoglobal.com
Right to Complain
If we deny any request you made under our Privacy Notice or this supplementary notice for the U.S., you may file a complaint with your State’s attorney general.
Updates to this Privacy Notice
We will update this Privacy Notice from time to time. When we make changes, the "Date of issue" will be change at the beginning of this Notice. All changes will be effective from the date of publication unless otherwise provided in any notification that we provide you.