Common App for transfer privacy policy

This Privacy Policy (“Policy”) applies to the Common Application for Transfer℠ service (the “Transfer Service”), which is operated/administered by Liaison International Inc. (“Liaison”) on behalf of The Common Application, Inc., and includes the following domains: apply.transfer.commonapp.org, recommend.liaisoncas.com, and https://commonapp.webadmit.org (herein collectively "web site," “site,” "we", "us", "our”) for use by student transfer applicants to college/university undergraduate programs, school advisors, recommenders, evaluators and/or participating member Colleges and Universities. This Policy describes how we collect and use the personal information you provide on our web site when using the Transfer Service that Liaison operates/administers. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at privacy@commonapp.org.

Last updated July 25, 2019

• Changes to this Policy Statement
• What personally identifiable information does the Transfer Service collect from you?
• What are tracking technologies and how are they used?
• How does the Transfer Service use applicant information?
• How does the Transfer Service use school official information?
• Who is collecting your information?
• With whom do we share applicant information?
• What is our policy when there has been an allegation of fraud, misrepresentation or other inappropriate act or criminal allegation involving an applicant?
• What are the applicant's choices regarding collection, use, and distribution of information, including right to "opt-in" or "opt-out"?
• What is our policy on allowing you to access, update. correct, or delete your personally identifiable information?
• What kind of security precautions are in place to protect the loss, misuse, or alteration of your information, including your credit card information and how is your information stored, accessed and used by others?
• Your California privacy rights
• Your European Economic Area and Swiss Privacy Rights
• Do we have an identity theft policy for the Transfer Service?
• What kinds of patterns, practices or activities may indicate the existence of identity theft?
• What steps do we take to detect identity theft or breaches of personal data?
• What steps does we take to safeguard against, respond to and/or mitigate continued or future identity theft or breaches of personal data?
• Social Media Widgets
• Additional information and how you can contact us regarding this Policy.
• Emails that you send us

Through our U.S. based trustworthy partner, Liaison International, and its trustworthy independent web service providers Parchment, National Student Clearinghouse, SlideRoom, SmartyStreets, and Payment Processing Company, the Transfer Service collects, uses, and distributes personally identifiable information collected about you on-line to those participating member Colleges and/or Universities that you select. Participating members are all members of The Common Application, Inc. who now accept the Common Application for Transfer℠ application and service. All personal information that you submit to us is transmitted to, and stored in, the United States of America and will also be shared with participating member Colleges and Universities, at your discretion, in countries where laws may be less protective of your personal information than in your home country. Please carefully read the following Policy before registering with us and completing an on-line user registration form. Please note that this Policy only addresses the privacy practice concerning information collected from our own web site in conjunction with the Transfer Service and does not apply to information that may have been collected about you by others not on our behalf. This Policy also does not cover the privacy or information practices of those web sites that may be linked to or referenced by the Transfer Service or the privacy or information practices of those Colleges and/or Universities or other partners of ours that receive the personal information that is collected from our site and distributed to them as part of the transfer application admissions process or other purpose. In addition, this Policy does not address the privacy practices of any other applications or services administered or operated by The Common Application, Inc. which operates and administers the Common Application® for First Year application and service which is a different offered college admission service than the Transfer Service. Please also note that this Policy may change from time to time so please check back to review this Policy each time you visit or use the web site or the Transfer Service.

Changes to this Policy

If we decide to change our Privacy Policy we will post those changes to this Privacy Policy statement, login page and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this Policy at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our login page or other places we deem appropriate prior to the change becoming effective.

Our reservation of rights

We reserve the right to use your data collected under a previous privacy practice in ways that are consistent with the current disclosed practice, including but not limited to anonymized aggregate research and statistical analysis.

 What personally identifiable information do we collect from you?

We collect information for the Transfer Service in several ways from different parts of our web site. If you are a student applicant, certain required and optional personal information (such as your name, home and mailing address, email address, telephone number, citizenship, date and place of birth, parents' names and address, driver’s license number or state issued I.D. number, social security number including the names, telephone numbers and/or email addresses of your parents or legal guardian), device operating system version, device type and system response times, Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, date/time stamp, and/or clickstream data is collected from you when you voluntarily provide this information to us through the completion of an on-line User Registration form, when you access our site and/or voluntarily complete the Common Application for Transfer℠ application, application supplement or other related applicant forms. This personal information is collected from you voluntarily when you complete your "profile" screen as part of the registration and application process. During registration, we ask you to create a username and password. Your personal information including any personal information of your parents or legal guardian that you provide shall be considered to be "your personal information" for purposes of this Policy. Once you register you are no longer anonymous to The Common Application, Inc. and your email address that you provide to us becomes your "User Name" so that you are able to take full advantage of the Transfer Service. You can also enter your credit card information to pay for admission application fees for the member Colleges and/or Universities that you select. Please note that The Common Application does not directly collect or store your financial account information – instead, we use a reputable third party company (the “Payment Processing Company”) to collect and process your payment information. Rest assured, however, that we have taken steps to ensure that the Payment Processing Company protects Personal Information it collects from you in compliance with our Policy. See "The kind of security precautions that are in place to protect the loss, misuse, or alteration of your information, including your credit card information and how is your information stored and accessed by others" on how we keep your credit card information secure.

If you are a student applicant, we may collect personal information about you from recommenders and educational institutions you have attended, including information about your academic achievements and performance, including their impressions of you and any other information they choose to provide us to support your application(s).

If you are an administrator at one of our participating member colleges or universities or a school evaluator or recommender who uses the Transfer Service to receive student admission application data and/or provide information about a student transfer applicant, we collect your name and email address to permit you to retrieve data of student applicants who have applied to your college or university using the Common Application for Transfer℠ application or to permit your to provide a school recommendation or evaluation on behalf of the student transfer applicant. Please note that we do not collect, use, store or share personal identifying information of our participating member administrators for any other purpose.

If you are a parent or legal guardian, we may collect personal information about you from the applicant, including your name, relationship with the applicant, address, telephone number(s) and/or email address.

Wherever we collect personal information we make an effort to include a link or reference to this Policy on that page.

What are tracking technologies and how are they used?

Technologies such as cookies, beacons, tags and scripts are used by us and/or our web service and technology support providers to analyze trends, administer the site, track users' movements around the site, and to gather demographic and aggregate data (see "who is collecting information") about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as on an aggregated basis.

We also use cookies for authentication purposes, to remember your web site or mobile app settings and preferences, to gain certain behavioral information about you that is shared between us and our members. Users can control the use of cookies at the individual browser level. If you reject all cookies, you may still use our site but your ability to use some features or areas of our site may be severely limited, including possibly not being able to use those Common Application® services that require registration in order to participate.

As is true of most web sites and apps, we gather certain information automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do link this automatically-collected data to other information we collect about you in order to:

• Ensure that our web site works properly on your device so we can provide you with the services you request.
• Promote our legitimate interests in safeguarding and ensuring the smooth operation of our IT systems, including our web site, and to safeguard your personal information.

We also use Local Storage Objects (LSOs) such as HTML5 to store content information and preferences. Various browsers may offer their own management tools for removing HTML5 LSOs.

How do we use applicant information?

When you seek to register with us, complete a Common Application for Transfer℠ application, an application supplement and/or other related applicant form, we need to know your name, email address, telephone number and mailing address among other items of personal information. See "What personally identifiable information is collected from you".

We use this information in the following ways:

• To process your application(s) to our member Colleges and Universities which require the information to assess your suitability for admission, communicate with you about your application, meet institutional reporting requirements and obligations to safeguard students. If you do not provide the information our members require, we will be unable to process your application. This information is, therefore, necessary for the performance of our services to you.
• To allow us to communicate with you where necessary for the performance of our services to you. For example, to provide you with technical support, answer your questions about the Common Application for Transfer℠ application, contact you in the event there is an issue with your payment to our member colleges or universities, processing a request for financial aid, and provide you with updates on the progress of your application, including by reminding you of upcoming deadlines or encouraging you to complete an unfinished application.
• To send you push notifications from time to time in order to update you about the admission application process as necessary for the performance of the Transfer Service. If you no longer wish to receive these communications, you may turn them off on your device.
• To allow us to send you other informational materials linked to our services, where you have engaged with us and have not opted-out from receiving such information or you have affirmatively consented to receive it.
• To allow us to confirm or “validate” through a third party verification service the accuracy of the mailing address that you provide to further our legitimate interest in preventing misuse of the Common Application for Transfer℠ application.
• To create anonymized, aggregate data that we and our partners can use solely for research and statistical use.
• To allow our members to meet their institutional reporting requirements regarding certain protected characteristics including gender, race, ethnicity, and sexual orientation.

If you select the "opt-out" option described in the Section entitled, "What are your choices regarding collection, use and distribution of my information, including your rights to 'opt-in' or 'opt-out'," users of the web site and app (if applicable) who use our services to apply to various member Colleges and/or Universities will not receive any College/University specific information concerning their respective admissions process; however, we may use your email address (User Name), your home address, and your cell phone number (if you opt in) to send or mail you registration and submission confirmation texts, physical mail, and/or emails, to contact the user/applicant to help answer a technical support question that you may have posed to us regarding your use of the site. If you select the "opt-out" option described in the Section mentioned above for receiving communications from The Common Application, we will not communicate with you beyond what is in technical support of your admission application process. Technical support of the admission application process shall include such matters associated with processing a request for financial aid, reminding you of application admission deadlines, or encouraging you to complete an unfinished application.

How do we use school official information?

By activating your account registration with our site your collected personal information may be shared and used by our member Colleges and/or Universities to contact you at any time and for any reason, including sending you texts to your cell phone number(s), written communications to your mailing address, and/or emails to your email address in order to provide you with other information relevant to the applicant's admission application process. This information that we collect and share with our members includes your name, your official title, your email address, your cell phone number, your zip code, school code information and date, as well as your mailing address. 

We do the above:

• With your consent, to allow us and member Colleges and Universities to which the relevant applicant(s) is applying to contact you in connection with the application.
• With your consent, to assess your recommendation and the applicant’s suitability for admission, as is necessary for the performance of the Transfer Service to applicants.
• To communicate with you as necessary for the performance of our services to associated applicants e.g., to provide you with updates on the application process, answer technical queries and provide service-related reminders and general service support.

If you "opt-out" of the online recommendation system via the email invitation initiated by the applicant, you will not receive any College/University specific information concerning their respective admissions process; however, we may use your email address (User Name), cell phone number and/or mailing address to send you registration and submission confirmation communications, text messages or emails, or we may need to contact the user/recommender to help answer a technical support question that you may have posed to us regarding your use of the site and app and to provide you with other information relevant to the student's admission application process. Additionally, any member colleges may communicate with you regarding the applicant, using the information you provide on any paper forms, or using contact information provided by the applicant on his or her application.

How do we use member College and University Administrator Information?

To allow you to retrieve data of student applicants who have applied to your College or University using the Common Application for Transfer℠ application, as necessary for the performance of our services to you and applicants.

To communicate with you as necessary for the performance of our services to your College or University and associated applicants e.g., to provide you with updates on the application process, answer technical queries and provide service-related reminders and general service support.

To communicate with you to further our legitimate interests in promoting our services.

How do we use Parent/Legal Guardian information?

If the applicant is under 16, to allow us to communicate with you so we and our member Colleges and Universities can get evidence of your permission for the relevant applicant to provide us with their personal information.

Who is collecting information?

When you are on the web site and are asked for and provide personal information, this information is being collected by our trustworthy independent web service provider who operates/administers the web site, including collection, storage and protection of your personal information, in order to offer the Transfer Service to you. Please note that we and/or other trustworthy third party organizations and their contracted researchers may attempt to collect, provide our members access to, or compare personal information about you from sources other than what you voluntarily provide to us when using the web site or app in order to generate non-personal identifying demographic, historical, generic, analytical, statistical or aggregate data obtained from other sources, and/or data (collectively "aggregate data") which we and/or the third party may publish, combine or enhance with other aggregate data obtained from other sources, and/or share or distribute the aggregate only data for monetary value with our members and other colleges or universities who are not participating members for the purpose of recruiting them to be part of the membership or with other third parties solely for the purpose of research.

With whom do we share applicant information?

We will share your personal information with third parties only in the ways that are described in this Policy.

The Common Application shares your personally identifiable information (including but not necessarily limited to your name, date of birth, current/permanent address, date of birth, ethnicity, sex, citizenship, phone number(s) and email address) with participating member Colleges and/or Universities through Liaison’s WebAdMIT service when you have selected a member College or University to which you are considering submitting your Common Application for Transfer℠ application. Your personal information is shared with member Colleges and/or Universities to allow them to track the demographics of their prospective applicant pool as well as assess your suitability for admission, communicate with you, and meet institutional reporting requirements. See “What are your choices regarding collection, use, and distribution of your information, including your rights to "opt-in" or "opt- out"?”

As a student applicant who has completed an on-line User Registration form, you will also be given the opportunity to choose whether you want us to securely share a more limited amount of personal information that you provided to us for the purpose of participating in certain partner programs.

With respect to our partnership with SlideRoom, a Liaison International company, (“SlideRoom” or the “SlideRoom Service”), we may share with SlideRoom certain personal information of an applicant or member if an applicant seeks to submit as part of its admission application various content, works or materials for eventual submission to a member College or University if the member to which the applicant is applying is utilizing the SlideRoom Service to receive such content, works or materials. Note that any personal information that we share with SlideRoom will be governed by the terms of the SlideRoom privacy policy displayed on their web site at www.slideroom.com so please be sure to read and understand that policy in order to determine how your personal information is being used by SlideRoom in connection with the services that they provide.

We also share your current address with SmartyStreets, one of our trustworthy independent web service partners, solely to confirm or "validate" the accuracy of the mailing address that you entered and to enhance the aggregate data that we and our partners are developing solely for research use. SmartyStreets does not store this personal information. Your credit card information is collected by our Payment Processing Company by way of a direct link to the Payment Processing Company’s web site. This information is then shared with the credit card processor that you have chosen in order to consummate online the payment of admission application fees to the Colleges and/or Universities you have selected.

By voluntarily providing us with your personal information, you are giving us your express consent to share or provide access to your personal information with our trustworthy independent service providers (and subject to this Policy and/or their privacy policy and applicable law) so that we can provide the service for which you have registered. We may also share on a temporary basis your personal information (including, but not necessarily limited to, your name, phone number and date of birth) with other trustworthy third party organizations allowing us and/or them to provide you with certain financial aid information or to generate aggregate data which we and/or the third party may publish, combine or enhance with other aggregate data obtained from other sources, and/or share or distribute the aggregate only data for monetary value with our members and prospective member colleges or universities or with other third parties for research purposes only. While we require that each member College and University sign or assent to a membership profile agreement pledging that they will accept the Common Application for Transfer℠ application without prejudice and fully support its use, we are not responsible for the failure of any College or University to accept the Common Application for Transfer℠ application or how any given College or University (after accessing or receiving your personal information from us) will use, protect or store the information in their possession. Users' information will be shared with your selected third party Colleges and Universities that are participating members of the Transfer Service. You are encouraged to review that College/University's individual privacy policies and information practices as to how they use and protect your personal information and we do not accept or assume any liability or responsibility for the use, protection or storage of your personal information by said College or University.

If we are involved in a merger, acquisition, or sale of substantially all of our assets, we will post a prominent notice on the web site informing you of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

What is The Common Application’s policy when there has been an allegation of fraud, misrepresentation or other inappropriate act involving an applicant?

Members, secondary schools and applicants are advised that the Transfer Service functions and solely views itself as a conduit of information between the student applicant, his/her secondary school and the various member Colleges and Universities selected by the applicant. As such, it is our policy not to judge, evaluate, conduct any verification of or perform an investigation on any data provided on or about a student applicant regardless of the source of that data. That said, where we have been informed of an act of fraud, misrepresentation or other inappropriate act involving an applicant, in certain situations, The Common Application may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements. The Common Application reserves the right to disclose your personally identifiable information as required by law or in any instance or circumstance when we believe that disclosure is necessary to protect our rights, the rights of our members and/or to comply with a judicial proceeding, police investigation, court order, or legal process served on our web site or involving the web site, or associated Transfer Service. Subject to any rights afforded by law, The Common Application also reserves the right upon notice to an applicant to disclose information collected from a registered user about which member Colleges and/or Universities a student applicant had applied to, including possibly suspending or closing an applicant's on-line account upon notice to the student, when we have reason to believe that accessing and/or disclosing this information or taking such action is necessary to prevent, identify, contact or bring legal action against someone who may be violating any of our on-line user agreements or policies or who may be causing injury to or interference with (either intentionally or unintentionally) The Common Application’s rights or property, other Transfer Service users, members or schools, or to help protect anyone else that could be harmed by such activities. The Common Application may also disclose or access registered user information when we believe in good faith that the law requires it and for administrative, technical and other related purposes that we deem necessary to maintain or improve our services. The Common Application also reserves the right to remove any College or University as a participating member of the Transfer Service without any further or special notice.

What are your choices regarding collection, use, and distribution of your information, including your rights to "opt-in" or "opt- out"?

You have the right not to provide us with any personal information about you when you visit the web site but you will not be able to utilize the Transfer Service unless you voluntarily decide to complete an on-line User Registration form and answer the required fields. In the Personal Information quadrant of the Common Application for Transfer℠ application, you are given the “opt-in” option to decide if you want to receive communications from your selected Colleges and/or Universities even though you have not submitted your Common Application for Transfer℠ application to them. If you select this opt-in option, your contact information is provided to each participating member selected by you so that they may communicate with you. Should you decide you do not want to receive communication from any selected participating member you may “opt-out” from such communication. Please consult the individual privacy policies of the participating member to understand how the member College and/or University uses that information to communicate with you, regardless of whether your Common Application for Transfer℠ application has been submitted.

You must affirmatively "opt-in" or "opt-out" according to your preference around communication by mail, email, phone, or text message from member Colleges and/or Universities. Should you want to change your communication preference, you can later change your selection by changing your communication preference within your Common Application for Transfer℠ application. 

You must affirmatively "opt-in" or "opt-out" according to your preference around communication by mail, email, phone, or text message from The Common Application regarding information relevant to the admission application process. These communications may go beyond the technical support of application submission to include information on financial aid, tips, and broader topics that we feel would benefit you. Should you want to change your communication preference, you can later change your selection by changing your communication preference within your Common Application for Transfer℠ application.

You must also affirmatively “opt-in” or “opt-out” according to your preference around text only communication from The Common Application when completing the on-line User Registration Form.  Should you want to change your preference around communication by text message, you can later change your selection within the My Profile section of your Common Application for Transfer℠ application.   Once registered, you are free not to provide any personal information requested on the Common Application for Transfer℠ application and any application supplement or other applicant form, but to do so may cause the member College and/or University that you select not to accept the application, supplement or other applicant form as complete and consequently this may delay the transfer application admission process or reject the submission as incomplete regardless of payment. Users/applicants can also decide not to provide information that is designated as "optional" on any application, supplement or other form and still utilize the service that we provide. Users should communicate with their designated College and/or University directly if any admission application is delayed or rejected or otherwise results in an outcome that does not satisfy the applicant's expectations. The Common Application is not involved in and cannot be held responsible for any admission outcome of any individual transfer applicant.

What is The Common Application’s policy on allowing you to access. update. correct, or delete your personally identifiable information?

The Common Application keeps your personal information for as long as it is necessary to provide you with the Transfer Service or we have another legitimate reason to retain it, including longitudinal studies using aggregate data. When determining how long to retain your personal information, our considerations include our legal obligations and other mandatory record keeping requirements and the likelihood of you needing access to the personal information we hold for purposes related to your previous use of the Transfer Service.

Upon request The Common Application will provide you with information about whether we hold any of your personal information. You may access and edit your registration information by using your User Name (your email address) and password. If you have forgotten your password, please click the "Forgot Your Username or Password" link at apply.transfer.commonapp.org to have password reset instructions emailed to you. For all other problems signing in to the web site, please click "Contact Us" at apply.transfer.commonapp.org. If you wish for us to delete or no longer use any of your personal information that you submitted to us, you may email us with such a request at privacy@commonapp.org and your personal information will be deleted or no longer used within thirty (30) business days after receiving your request. See "What kind of security precautions are in place to protect the loss, misuse, or alteration of your information including credit card information and how is your information stored, accessed and used by others?"

The Common Application, through its independent trustworthy web service providers will make reasonable efforts to see that your instructions to make revisions to your personal information are made. For any information that was erroneously provided by the applicant but was already submitted and can no longer be changed or re-submitted, you must contact the member College/University or credit card processor directly to alert them to the erroneous information.

You may also update your email address and cell phone number within your on-line account, though once your email address and cell phone information has been submitted to a selected member College/University, you can only update your email address and cell phone number if you contact that member College/University directly.

What kind of security precautions are in place to protect the loss, misuse, or alteration of your information including credit card information and how is your information stored, accessed and used by others?

Your User Registration information is password-protected. You may edit your User Registration information by using your User Name (your email address) and password.

We recommend that you do not divulge your password to anyone. Also remember to sign out of your Common Application for Transfer℠ registration account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer or other electronic device with someone else or are using a computer or other electronic device in a public place like a library or Internet "cafe." Also, to help ensure the security of your application, do not copy and paste links from within the online application into an email or share with others on a public forum. If you do not log out of the online system, users with technical knowledge may use these links to access your online application.

When you make submissions of the Common Application for Transfer℠ application, supplements or other applicant forms to designated member Colleges or Universities or when you access your user registered account information from our web site, we offer the use of a secure server. The secure server software encrypts all information you input before it is sent to us, including your credit card information. We also restrict access to the secure server through the use of firewalls.

When you give us your personal information on-line, that information is viewed by The Common Application and its trustworthy independent web service provider for the purpose of providing technical support for the services being provided to you.

Credit Card Payments: Within the Transfer Service, applicants can pay admissions application fees online using a credit card. The Common Application uses the services of Liaison International’s reputable third party Payment Processing Company to collect and process an applicant’s payment information., This collection of credit card information by the Payment Processing Company is accomplished by directly linking you to the Payment Processing Company’s web site when you are ready to submit your credit card information. This feature is designed to accept ONE credit card transaction if you click "Submit" ONE time. However, if you click "Submit" more than once, it is possible your account will have a duplicate charge. Our member Colleges and/or Universities will reverse charges for any duplicate transaction. HOWEVER, NEITHER LIAISON INTERNATIONAL, COMMON APPLICATION, INC., PARTCIPATING MEMBER COLLEGES OR UNIVERSITIES, NOR THIRD PARTY INDEPENDENT CONTRACTORS WILL BE RESPONSIBLE FOR REFUNDING ANY PROCESSING FEES INCURRED BY THE INCORRECT USE OF THIS FEATURE. Accordingly, to avoid duplicate charges, please do not click the credit card SUBMIT button more than once! Your credit card information is not stored by us but is immediately transmitted under encryption to your designated credit card processor, and none of your personal information is stored on your computer or other electronic device or a computer of the College or University that would allow someone to by-pass the login authentication procedures.

The web site, through the secure servers of our trustworthy independent web server providers, retains your personal information for five consecutive application admissions cycles which ends on or about July 15 of each calendar year. Unless you take action to "roll-over" your applicant account (from one application admission cycle year to the next year's admission cycle), your personal information is removed or "archived," after two consecutive application admissions cycles have lapsed. This happens once the web site closes the academic year in July. Unless under order of subpoena, your transfer application once archived remains irretrievable. Therefore, you are strongly advised to print out for your own records a hard copy of all Common Application for Transfer forms that you have completed.

Note that the reasons for granting us continued limited access to your personal information may include, but are not necessarily limited to, allowing us, our trustworthy independent web service providers or other partners, or member Colleges/Universities to compile aggregate or historical information about applications submitted in previous years. For statistical purposes, your personal information will be used only in the aggregate meaning that personal identifying information such as your name and social security number shall not be used. For some historical purposes, however, we and our trustworthy independent web service providers or other partners, including participating member Colleges/Universities and non-member colleges and universities will have continued access to your archived personal identifying information as we and/or our trustworthy independent web service providers or other partners deem necessary.

Please note that whenever your personal information is handled as described above, regardless of where this occurs, steps are taken to ensure that your information is treated securely and in accordance with this Policy. When you enter sensitive information on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. Unfortunately, however, no data transmission over the Internet or electronic handling can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee or warrant the security of any information you transmit to us online, including any information that you send or receive as an email or text message that is sent or received over your own email domain account, cell phone app or cell phone service, and you do so at your own risk. ALSO, NEITHER LIAISON INTERNATIONAL NOR THE COMMON APPLICATION ARE RESPONSIBLE AND DO NOT ASSUME ANY LIABILITY FOR ANY TEXTS, EMAILS OR OTHER COMMUNICATIONS THAT YOU RECEIVE FROM OR SEND TO ANY OF OUR PARTICIPATING MEMBERS, AND WE CANNOT ACCEPT LIABILITY FOR DISCLOSURE OF ANY OF YOUR PERSONAL INFORMATION DUE TO ERRORS IN TRANSMISSION OR UNAUTHORIZED OR ILLEGAL ACTS OF THIRD PARTIES.

Your California Privacy Rights

If you are a California "consumer," upon your request (see Section entitled "Additional information and how you can contact us regarding this Policy"), we will disclose to you what personal information of yours was shared with what trustworthy third party provider within the last year (including disclosing to you our provider's name and address) and if such information was ever used by our provider for their marketing purposes. Note that our current trustworthy third party providers have agreed not to use your information for this purpose, however, but we may use or provide members or other trustworthy third party organizations access to your personal information in order to generate aggregate data that we or the third party may publish, combine or enhance with other aggregate data from other sources, and/or share or distribute the aggregate only data for monetary value with our members and other colleges or universities who are not members for the purpose of recruiting them to be part of our membership or with other third parties for research purposes only. In addition, all personal information that you provide to us is handled entirely within the United States of America.

California Civil Code section 1798.83 entitles residents of California to request information about the third parties with whom Common Application has shared personal information in the immediately preceding calendar year and if those third parties ever used such information for direct marketing purposes. California residents may submit one request per calendar year in the form of a report that details: (a) what type of information we shared, (b) with whom we shared such information and (c) the nature of the third party business.

California residents may submit their request by scrolling to the Section entitled "Additional information and how you can contact us regarding this Policy" and following directions for accessing the Help Center.

Your European Economic Area and Swiss Privacy Rights

If you are a student applicant, school representative, recommender or other individual based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland and you provide us with your personal data, you are now afforded new widespread privacy rights under the General Data Protection Regulation (GDPR) effective May 25, 2018. Under the GDPR, new higher standards on what is considered the lawful processing of EU data are imposed; there are now more explicit privacy rights afforded to you; and there are now new accountability standards imposed on organizations that collect, handle, store and/or process your data.

Well before the GDPR went into effect, we have been working diligently along with our trustworthy partners and members to implement an organizational, technical and cooperative framework so that all of your rights are respected and honored by us, our members and partners with respect to the collection, handling, storing and processing of your data.

If you are based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland, you may have rights over your personal data we handle about you, including but not necessarily limited to:

• The right to know who decided what personal data is being collected from you and the purpose behind doing so
• The right to know each purpose and legal justification why your personal data is being collected and processed and why collecting and processing it is needed to accomplish the disclosed purpose(s)
• The identity of all third party recipients who are to receive your personal data
• The right to know if your personal data is to be transferred out of the EU
• The right to know how long your personal data will be stored and not to have it stored longer than needed to accomplish the stated purpose
• The right to access, receive or correct your personal data at any time
• The right to have your personal data erased (where there is no longer legal or necessary grounds to process or store your personal data)
• The right to have your personal data transferred to another at any time
• The right to restrict or otherwise object to, the processing of your personal data at any time where your personal data is not accurate, where the processing is unlawful, where your personal data is no longer needed or where there is no longer good legitimate grounds to process your personal data
• The right to object to your personal information being processed if the lawful basis for processing your personal information is either our or a third party’s legitimate interests or a reason of public interest, or we use your personal information for direct marketing
• The right to easily and conveniently withdraw your consent to the collection, handling, storage and/or processing of your personal data at any time
• The right to complain to us and/or the appropriate EU “supervisory authorities” if you believe any of your rights are being violated
• The right to know if you are being “profiled” or “monitored” or if certain decisions are being made automatically based on your personal data
• The right to know and to have your personal data processed only for the purpose for which it was collected

The lawful collection and processing of your personal data is necessary for us to perform the service of providing you with use of the Common Application for Transfer℠ service and you are always provided with affirmative options so that you may decide if you want us to process your data for a particular purpose. We strive to make certain that all of the data that we request is necessary in order to provide you with the service or to otherwise accomplish the stated purpose. When we share your data with a third party, we always inform you of the name of the recipient of such data. Further, all of the opt-in consents that are presented to you are intended to fully inform you whether you want us to process your data, the purpose behind processing your data and who, if anyone, we will be sharing your data with in order to accomplish that purpose.

Please note that if you are an individual who is based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland who is under the age of 13, you will not be permitted use of the Transfer Service and we will neither accept nor process your personal data. If you are under the age of 16 but age 13 or over, we will not process any of the personal data that you may have submitted until we have promptly received the express consent from your parent or legal guardian. If this consent is not promptly provided, any data that you may have submitted during the account creation process will be immediately purged in order to make certain that none of your data is being retained. Note also that no data about you will be retained if you are unable to complete the account creation process or if you decide at any time that you are withdrawing your consent. If you withdraw a previously submitted consent, we shall also inform all of our relevant partners that your consent has been withdrawn.

Note also that we have put into place with our trustworthy partners certain mechanisms of cooperation, communication and agreements so that your EU privacy rights are also honored by partners and member colleges. Accordingly, should you decide to access, rectify, erase, object to or otherwise transfer any of your data that you submitted or if you wish to withdraw any one or all of your consents, please send your instruction to privacy@commonapp.org and we will act on it promptly.

If you are a member college who is established in the EU, we and our partner The Common Application, Inc. understand the need to plan data collection and processing practices for the Transfer Service to be in line with what the GDPR requires.  Accordingly, where necessary, express consents are utilized to ensure the lawful processing of the data that is collected so that EU established member colleges may honor the appropriate data rights and obligations when such data is accessed by these members.

Please note that if you are an individual who is based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland and you have sent to us your personal data unsolicited, after we have completed our review of your communication, we will appropriately delete your communication, including any personal data that may be contained therein.

If you have any questions or concerns about your rights under the GDPR or the steps that we have taken to comply with the GDPR, please contact us at privacy@liaisonedu.com.

Do we have an identity theft policy for the Transfer Service?

While rare, the risk of identity theft to on-line users of the Internet is on the rise and we recognize the importance of taking steps to help its student applicants, users, customers and participating members identify and detect patterns, practices or activities that may indicate the existence of identity theft involving the Transfer Service or our web site, including implementing the appropriate actions or responses to help safeguard against and/or mitigate the risk of future or continued theft.

The identity theft portions of this Policy are to help all users of the Common Application for Transfer℠ service identify identity theft and to provide them with information about what steps we take to detect identity theft, safeguard against, respond to and/or mitigate continued or future identity theft involving the Transfer Service and our web site.

Please also note that the identity theft portions of this Policy also only address our identity theft policy concerning activities involving our own web site and the Transfer Service and it does not apply to activities or identity theft policies of others or other web sites independent from, referenced or linked to our web site, such as other web sites, IT systems of secondary schools, member Colleges or Universities or other third parties or any individuals or officials that may be associated with these other institutions or third parties.

What kinds of patterns, practices or activities may indicate the existence of identity theft?

• In order to be on-guard for possible identity theft, all student transfer applicants, users, customers and participating members should be aware of the potential indicators of identity theft. These may include but are not necessarily limited to the following:
• Receiving an alert, notification or warning from a consumer reporting agency
• Receiving notification of a credit freeze or address discrepancy
• Receiving notification of an abnormal increase in the number of credit inquiries, new credit relationships or new credit uses
• Receiving notification of an account being involuntarily closed or a credit abuse being identified
• Receiving or becoming aware of suspicious documents, information or photos provided for identification that appear to have been altered or forged or are inconsistent with other authenticated and accessible personal identifying information
• Receiving or becoming aware of suspicious documents, information or photos provided for identification that appear to be associated with prior fraudulent practices or activities or are attributable to another student applicant, user, customer, member or other third party
• Any unusual use of or suspicious activity involving or relating to any account involving the use of the Transfer Service

What steps do we take to detect identity theft?

The Transfer Service primarily functions as an information and document conduit between students that apply to various member Colleges and Universities using the Transfer Service and the various secondary school officials and participating members that also utilize the service and our site. While the Transfer Service deploys several security measures to protect the personal identifying information (including credit card information) of its users (see the section on security precautions in place discussed in this Policy), such security measures may not always prevent the crime of identity theft due to the specific nature of this crime. Accordingly, we must also rely upon the credible reporting of suspicious patterns, practices or activities of identity theft from its trustworthy student applicants, users, customers, participating members or school officials.

In this connection, any student applicant, user, school official or participating member that becomes aware of any suspicious pattern, practice or activity suggestive of an identity theft that also involves or relates to the Transfer Service is urged to notify us via email at privacy@commonapp.org. Please be sure to disclose your name, all relevant information about the suspected identity theft including information about how you may be contacted.

What steps do we take to safeguard against, respond to and/or mitigate continued or future identity theft or breaches of personal data?

Upon receiving credible information about a possible identity theft or other possible related wrongdoing involving or relating to the Transfer Service or our web site from a trustworthy student applicant, user, customer, member, school official or other trustworthy third party, The Common Application will do what it reasonably can to investigate the merits of the claim by gathering up any other information within our reasonable control in order to evaluate whether there has been a possible attempt to commit identity theft or other possible related wrongdoing. If The Common Application believes there are grounds for believing in good faith that an attempt at wrongdoing was made, The Common Application reserves the right to cancel or close an offending or possible tainted transaction or account, monitor a particular account or line of communication, change applicable security codes, notify law enforcement officials, notify the victim of the alleged attempted fraud or other wrongdoing, provide to the victim certain information (including the personal identifying information of another user) if reasonably requested or justified and/or do such other acts reasonable and/or necessary to protect Liaison International, The Common Application and/or victim of the alleged theft or other possible wrongdoing and otherwise comply with any data breach notification or identity theft law that is applicable to the particular circumstance. The Common Application also reserves the right not to take any action if no such action is warranted. Finally, The Common Application reserves the right to rely upon our trustworthy independent web service providers to help implement, safeguard against and/or mitigate continued or future identity theft or other possible wrongdoing involving any student applicant, user, customer, participating member or school official when the alleged theft or other possible wrongdoing involves or is related to the Transfer Service or our web site.

Please click "Contact Us" at apply.transfer.commonapp.org to pose any questions, comments, feedback or complaints regarding the identity theft portion of this Policy.

Additional Information and how you can contact us regarding this Policy

We encourage you to review the Frequently Asked Questions for additional information and instructions about any questions that you may have regarding this Policy.

Please click "Contact Us" at apply.transfer.commonapp.org to pose any questions, comments, feedback or complaints regarding this Policy or the use of personal information by our web site or the Transfer Service.

If you have questions or concerns regarding this Policy statement, you should first contact the following Common Application representative by email, phone or mail at the address below:

Privacy Compliance

The Common Application, Inc.

3003 Washington Blvd., Ste. 1000

Arlington, VA 22201

privacy@commonapp.org

(703) 378-9788

Emails That You Send Us

Please note that any emails, text messages, or other communications that you send us or which we have been given legal access to may be copied, forwarded or distributed to our participating members within our sole discretion.