Effective Date 17 December 2020 and Last Updated: 1st February 2022
TO SUBMIT A CONSUMER RIGHTS REQUEST, PLEASE CLICK OUR WEB FORM HERE OR SEE THE “HOW TO CONTACT US” SECTION OR JURISDICTION-SPECIFIC TERMS BELOW.
1. Information Collected by Us.
Information You Provide.
Student Brands provides a family of products, Internet sites, services and browser-based and/or mobile applications (“Apps” and, collectively, "Services"). While registration with us is optional, please keep in mind that you will not be able to use many features of our Services unless you register with us. Depending on how you interact with our Services, you may provide us, our agents, vendors, consultants, and other service providers (collectively, “Service Providers,”) with, and the Services may include hyperlinks to websites, locations, platforms, applications or services operated by third parties (collectively, “Third-Party Services”) which require, information that may include:
- your name, email address, username, password, address, postal code, phone number, credit card number, gender, school attending, graduation year, and other registration information;
- transaction-related information, such as your orders for any Services, downloads or other features, or purchases, if any, that you make from us;
- information you otherwise provide us, such as when you contact us (e.g., for help); and
- other information related to your use of certain offerings on our Services.
Information Collected Automatically.
We, our Service Providers, or Third-Party Services may automatically receive or collect certain information from you when you use the Services. This information may include:
- your browser or operating system;
- your manner of connecting to the Internet (including the browser and/or type of device you are using) and the name of your Internet service provider or wireless carrier;
- your Internet protocol (“IP”) address;
- data relating to malfunctions or problems that occur when you use the Services;
- log file information, including your Web request, IP address, browser type, referring/exit pages and URLs, number of clicks and how you interact with links on our Services, domain names, landing pages, pages viewed, and other such information; and
- information collected by cookies, which are Cookies are small pieces of information or text files that a
website sends to your computer for record-keeping purposes, which information is stored in a file on your
computer's hard drive, and other tracking technologies, including but not limited to, web beacons (also known as
“tracking pixels”), embedded scripts, location-identifying technologies, fingerprinting, device
recognition technologies, in-app tracking methods and other tracking technologies now and hereafter developed
(“Tracking Technologies”) may be used to collect information about interactions with the Services or
emails, including information about your browsing and purchasing behavior. Cookies make Web-surfing and browsing
easier for you by saving your preferences so that we can use the saved information to facilitate and improve
your use of the Services.
- You can adjust your Internet browsers to reject cookies. However, if you disable the cookies on your computer you may not be able to use certain features of the Services and disabling cookies may invalidate opt outs that rely on cookies to function.
- Note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit; such signals may prevent third parties from collecting information about your online activities over time and across different websites. California law requires us to disclose how the Services respond to these kinds of “Do Not Track” signals. Like many websites, the Services currently are not designed to respond to “Do Not Track” signals from visitors' browsers. To learn more about “Do Not Track” you may wish to visit this site.
- We will treat information that does not personally identify you as non-personal information, and we may de-identify, anonymize or otherwise convert your personal information to non-personal information. As permitted by applicable law, we reserve the right to use, process, share and otherwise exploit your non-personal information without limitation.
- See our Cookie Disclosure, below, for more information.
Information Collected Through the Apps.
Depending on your personal device and App permission settings, when using the Apps, we may collect or have access to the following types of information:
- Stored information and files. These may allow the Apps to read, modify, or delete the contents of your USB storage including photographs and video clips.
- Camera. This may allow the Apps to take photos or videos for you.
- Other. The Apps will send and receive data to and from the Internet, and may view network connections, have full network access, or prevent your device from sleeping.
2. Use of Your Information.
Our Use of Your Information.
We may use your information to:
- process your registration, manage your account (including your payment information and preferences), and deliver our Services and features desired by you (including any customization features requested by you);
- improve our Services;
- fulfill other purposes disclosed to you at the time you provide us with your information or otherwise where we are legally permitted to do so;
- personalize content and offers and serve you advertising that may be of interest to you;
- respond to your inquiries;
- fulfill your request for Services;
- provide you with updates and other information regarding the Services;
- understand your general location (i.e., not your specific geolocation) based on your IP address;
- keep our Services safe and secure and to prevent detect fraud and abuse;
- comply with our legal obligations, policies, and procedures;
- administer and manage our Services including content and layout, site usage, troubleshooting, data analysis, testing, research, statistical and survey purposes; and
- improve our Website to ensure that consent is presented in the most effective manner for you and your computer, device or other item of hardware through which you access the Website.
How We May Share Your Information.
We may share your information:
- with our Service Providers in connection with their work on our behalf;
- with our family of Student Brands affiliates who may have content and offers of interest to you. We do not share your personal information to non-affiliate third parties for marketing purposes unless expressly authorized by you;
- in the event of a change of ownership, as described below;
- to comply with law, law enforcement or other legal process, and, where permitted, in response to governmental requests or legal process (for example, a court order, search warrant or subpoena); and
- to other circumstances in which we have a good faith belief that a crime has been or is being committed by a user.
3. Sweepstakes, Contests and Promotions.
4. Information You Disclose Publicly or to Others.
California minors should see the “Minors” section below regarding potential removal of certain UGC they have posted on the Services.
5. Third-Party Content, Third-Party Services, Social Features, Advertising and Analytics.
- Third-Party Services may use their own Tracking Technologies to independently collect information about you and may solicit personal information from you. For example, Student Brands maintains its own branded pages on various social networks. When you visit these branded social media pages, the provider of the social network and other Third-Party Services may set Tracking Technologies on your browser or device.
- Certain functionalities on the Services may permit interactions that you initiate between the Services and certain Third-Party Services, such as third-party social networks (“Social Features”). Examples of Social Features include: enabling you to send content such as contacts and photos between the Services and a Third-Party Services; “liking” or “sharing” Student Brands content; logging in to the Services using your Third-Party Services account (e.g., using Facebook Connect to sign-in to the Services); and to otherwise connect the Services to a Third-Party Services (e.g., to pull or push information to or from the Services). If you use Social Features, and potentially other Third-Party Services, information you post or provide access to may be publicly displayed on the Services (see “Information You Disclose Publicly or to Others” section above) or by the Third-Party Services that you use. Similarly, if you post information on a third-party service that references the Services (e.g., by using a hashtag associated with Student Brands or its affiliates in a tweet or status update), your post may be used on or in connection with the Services or otherwise by Student Brands and its affiliates. Also, both Student Brands and the third party may have access to certain information about you and your use of the Services and any Third-Party Services.
- We may engage and work with Service Providers and other third parties to serve advertisements on the Services and/or on Third-Party Services. Some of these ads may be tailored to your interest based on your browsing, across time, of the Services and elsewhere on the Internet, which may include use of data from cross-device usage, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”), which may include sending you an ad on a third-party service after you have left the Services (i.e., “retargeting”). Our advertisers' and ad networks' use of Tracking Technologies are governed by their own privacy policies.
Your Tracking Technologies Choices.
- Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. Also, tools from commercial browsers may not be effective with regard to some Tracking Technologies, such as HTML5 cookies. Please be aware that if you disable or remove these technologies, some parts of the Services may not work and that when you revisit the Services your ability to limit browser-based Tracking Technologies is subject to your browser settings and limitations.
- Some App-related Tracking Technologies in connection with non-browser usage (e.g., most functionality of a mobile app) can only be disabled by uninstalling the app. To uninstall an app, follow the instructions from your operating system or handset manufacturer. Apple and Google mobile device settings have settings to limit ad tracking, and other tracking, but these may not be completely effective.
- Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor's browser. To find out more about “Do Not Track,” you can visit https://www.allaboutdnt.com, but we are not responsible for the completeness or accuracy of this third-party information. You have the right to request information from us about the Services that currently do not respond to "do not track" mechanisms featured in any Internet browser by contacting us according to the “How to Contact Us” section below.
- Many advertisers and service providers that perform advertising-related services for us and third parties participate in voluntary programs that provide tools to opt-out of such interest-based advertising such as the Digital Advertising Alliance's (“DAA”) Self- Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding Interest-based Advertising for DAA members, visit here and here for information on the DAA's opt-out program for mobile apps. Some of these companies also are members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see here. You can also go to here to adjust your advertising preferences with our service provider, NextRoll, Inc. (which used to be called AdRoll), or here to opt out of the use of your data by one of our other service providers, LiveRamp.
- Please be aware that, even if you are able to opt out of certain kinds of Interest-based Advertising, you may continue to receive other types of ads. Opting out only means that those selected, participating members should no longer deliver certain interest-based advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your browser-based opt-out may not, or may no longer, be effective.
- We support the ad industry's 2009 Self-regulatory Principles for Online Behavioral Advertising (https://www.iab.com/wp-content/uploads/2015/05/ven-principles-07-01-09.pdf) and expect that ad networks that we directly engage to serve you interest-based advertising will do so as well, though we cannot guaranty their compliance. We are not responsible for the effectiveness of, or compliance with, any third-parties' opt-out options or programs or the accuracy of their statements regarding their programs.
- In addition, we may serve ads on third-party services that are targeted to reach people on those services that are also identified on one of more of our databases (“Matched List Ads”). This is done by using Tracking Technologies, or by matching common factors between our databases and the databases of the third-party services. We are not responsible for these third-party services, including without limitation their security of the data. We are not responsible for such third parties' failure to comply with your or our opt-out instructions as they may not give us notice of opt-outs to our ads that you give to them, and they may change their options without notice to us or you.
- We may use Third-Party Services such as Google Analytics and Sailthru to help us analyze our performance and
our delivery of services and advertising to you. For example, we may use Remarketing with Google Analytics,
Google Display Network Impression Reporting, the DoubleClick Campaign Manager and Google Analytics Demographics
and Interest Reporting.
- We and third-party vendors, including Google, may use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our site.
- We may use Third-Party Services such as Google Analytics and Sailthru to help us analyze our performance and our delivery of services and advertising to you. For example, we may use Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager and Google Analytics Demographics and Interest Reporting.
6. Opting Out of Promotional Communications.
You can make choices about how your information may be used by us to provide information and offers to you. You may opt out of commercial messages by clicking on the "opt out" or "unsubscribe" link provided with each message. These preferences do not apply to transactional communications, such as those that are related to your registration with us, required or important notices related to your use of our Services, or the fulfillment of a specific transaction.
7. Opting Out of Providing Personal Information Through the Apps.
You may be able to enable or disable certain permissions features (e.g., allowing the App to: read, modify, or delete the contents of your USB storage; take pictures and videos; view Wi-Fi connection) by adjusting the permissions in your device. If you no longer want to provide any information to us through the Apps, you may uninstall them from your device.
8. Accessing and Changing Information.
We may provide web page(s), other mechanisms or processes allowing you to delete, correct, or update some of the personal information that we collect from you, and potentially certain other information about you (e.g., profile and account information). We will make good faith efforts to make requested changes in our then-active databases as soon as practicable, but it is not always possible to completely change, remove or delete all of your information or public postings from our databases and residual and/or cached data may remain archived thereafter. Further, we reserve the right to retain data: (a) as required by applicable law; and (b) for so long as reasonably necessary to fulfill the purposes for which the data is retained except to the extent prohibited by applicable law.
California minors should see the “Minors” section below regarding potential removal of certain UGC they have posted on the Services.
Children under the age of sixteen (16) are not eligible to use the Services and must not submit any personal information to us.
Minor CA Residents.
- Any California residents under the age of eighteen (18) who have registered to use the Services, and who posted content or information on the Services, can request removal by contacting us in the manner described under the “How to Contact Us” section below, detailing where the content or information is posted and attesting that you posted it. We will then make reasonable, good faith efforts to remove the post from prospective public view or anonymize it so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines and others that we do not control.
10. Links and Other Sites.
11. Change of Ownership.
In the event that our ownership was to change as a result of a merger, acquisition, or any transaction involving the transfer of some or all of our assets by another company, your Services information may be transferred. We will provide you notice prior to any such transfer of your Personal Information.
14. How to Contact Us.
- Toll-free by phone: 833-720-0427
- By email: firstname.lastname@example.org
- By webform (Privacy Requests only): LINK
Student Brands, LLC
523 W 6th St. Suite 1234
Los Angeles, CA 90014
15. Jurisdiction-Specific Terms.
For Users Located in the European Economic Area (“EEA”) or the United Kingdom (“UK”)
Controller of your Personal Data
Legal Bases for Using Personal Data
We process your personal data only if we have a legal basis to do so, including:
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party;
- where you have given consent to our specific use.
The purpose for which we use and process your information and the legal basis on which we carry out each type of processing is further explained below.
Purposes for which we will process the information Legal Basis for the processing To deliver services and features desired by you. It is necessary for us to process your personal data in order to deliver the services and process transactions according to the applicable contract between us. To improve our services to you. It is necessary for us to process your personal data in order to improve our services to you according to the applicable contract between us. To personalize content and offers and serve you advertising that may be of interest to you. We will personalize content and offers to you and serve you advertising based on your interests and online activities if you have consented to this processing. To respond to your inquiries. It is necessary for us to process your personal data in this manner to respond to your inquiries according to the applicable contract between us. To fulfill your request for products or services. It is necessary for us to process your personal data to fulfill your request for products or services according to the applicable contract between us. To use your login user ID and password to register you on your behalf and to give you access to our affiliate websites and services as part of a “single sign-on” feature. It is necessary for us to process your personal data to use carry out these activities according to the applicable contract between us. To provide you with updates and other information regarding the Services. It is necessary for us to process your personal data to provide you with updates and other information regarding the Services according to the applicable contract between us. To share your information with the company that employed you, engaged you, or authorized you to access and use the Services. It is in the legitimate interests of the company that employed you, engaged you, or authorized you to access and use the Services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. To analyze statistically site usage and to customize our site's content, layout and services. It is in our legitimate interests to process your personal data to analyze our site usage and to customize our site's content, layout and services. We consider this use to be proportionate and will not be prejudicial or detrimental to you. To enable our family of companies and affiliates and with trusted business partners that we do business with who may have content and offers of interest to you. It is in our legitimate interests to process your personal data to enable our family of companies and affiliates who may have content of interest to you. We process your personal data to enable our family of companies and affiliates and trusted business partners to send you offers and market to you only if you have consented to these activities. To enable our agents and service providers to perform certain activities on our behalf. It is necessary for us to process your personal data in this manner in order to deliver the services and process transactions according to the applicable contract between us. It is also in our legitimate interest to enable our service providers to perform certain activities on our behalf. We consider this use to be proportionate and will not be prejudicial or detrimental to you. To offer you the opportunity to use our invitation service and application so that you can tell your friends about the Services. We process your data for these activities only if you have given your consent to do so. To administer our Website including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
To improve our Website to ensure that consent is presented in the most effective manner for you and your computer, device or other item of hardware through which you access the Website.
For all these categories, it is in our legitimate interest to continually monitor and improve our services and your experience of the Website and to ensure network security. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
To keep our Website safe and secure and to prevent detect fraud and abuse; and
To comply with our legal obligations, policies, and procedures.
We may process your personal data to respond:
- To governmental requests or legal process (for example, a court order, search warrant or subpoena);
- To other circumstances in which we have a good faith belief that a crime has been or is being committed by a user;
- To an emergency that poses a threat to the safety of you or another person;
- When necessary to protect our property;
- In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, asset sale or in the unlikely event of bankruptcy.
We conduct this processing to comply with our legal obligations and to protect the public interest. To process otherwise for internal administrative and analytics purposes. It is in our legitimate interest to process your personal data for internal administrative or analytics purposes. We consider this use to be proportionate and will not be prejudicial or detrimental to you.
Some of our processing of your data will involve transferring your data outside the EEA or the UK. Some of our service providers are also based outside of the EEA or the UK, and their processing of your personal data will involve a transfer of data outside the EEA or the UK. This specifically includes to the United States. Where personal data is transferred to and stored in a country not determined by the European Commission or by the UK, as applicable, as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data.
Retention of Personal Data
Data Subject Access Rights
You have the following rights:
- Right of access to your personal data: You have the right to ask us for confirmation on whether we are processing your personal data, and access to the personal data and related information.
- Right to correction: You have the right to have your personal data corrected, as permitted by law.
- Right to erasure: You have the right to ask us to delete your personal data, as permitted by law.
- Right to withdraw consent: You have the right to withdraw consent that you have provided.
- Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority in the member state of your habitual residence.
- Right to restriction of processing: You have the right to request the limiting of our processing under limited circumstances.
- Right to data portability: You have the right to receive the personal data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible.
- Right to object: You have the right to object to our processing of your personal data, as permitted by law, under limited circumstances.
In order to exercise any of these rights, please contact us according to the “How to Contact Us” section herein. Please note that the above rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.
Your California Privacy Rights.
The California Consumer Privacy Act (“CCPA”), which provides California Consumers certain rights regarding their Personal Information (“PI”) as those terms are defined in the CCPA, became effective on January 1, 2020.
We are providing you with notice of the PI we collect and our purposes for that collection for data that may be subject to the CCPA (“CCPA Notice”). This CCPA Notice does not cover information that is outside of the scope of the CCPA. This notice also does not apply to data collected from employees, applicants or contractors or to data collected from individuals acting as representatives of another business in connection with business communications or transactions.
We collect PI directly from you, your device or browser, your education institution, our service providers and suppliers, and our corporate affiliates. We use and share PI for the following business purposes:
- to provide requested products and Services;
- to advertise and offer new products and services;
- to improve our products and services;
- for quality assurance;
- for research development;
- for prevention of fraud and illegal activity; and
- for marketing purposes.
We collect the following categories of PI from Consumers which we share with our service providers, agents and licensees who perform services on our behalf, with our affiliates, and with your education institution:
- identifiers (e.g., name, phone number, email address, I.P. address);
- personal records (e.g., name, phone number, email address);
- customer account details / commercial information (e.g., your order history);
- internet usage information (e.g., information regarding your interaction with our online services);
- geolocation data (e.g., your general location based on your I.P. address); and
- inferences from PI collected (e.g., your preferences, your performance).
If you are a California Consumer and would like to register a request under your “right to know about personal information collected, disclosed or sold” (including right to obtain copies of specific pieces and/or information about categories of PI practices), “right to request deletion of personal information,” or “right to opt-out of the sale of personal information,” you can contact us at CaliforniaPrivacy@BNED.com or toll-free at 833-729-0427. You may opt out of cookies and other tracking technologies by clicking on the CA Do Not Sell My Personal Information link at the bottom of this website. You have the right to not receive discriminatory treatment in a manner prohibited by the CCPA as a result of your exercising your rights under the CCPA.
To fulfill your CCPA request, we may require you to provide sufficient information to reasonably verify you are the Consumer about whom we collected PI. This verification process includes providing us at least two (2) unique data points, depending on the type of request.
Consumers have the right to exercise CCPA privacy rights via an authorized agent who meets the agency requirements of the CCPA. Authorized agent requests must include a copy of the agency agreement between the authorized agent and the consumer. We will ask the consumer to independently confirm the agency relationship.
The Right to Know
Categories. You have the right, subject to statutory exceptions, to send us a request, no more than twice in a twelve-month period, for any of the following for the period that is twelve months prior to the request date:
- The categories of PI we have collected about you.
- The categories of sources from which we collected your PI.
- The business or commercial purposes for our collecting or selling your PI.
- The categories of third parties to whom we have shared your PI.
- A list of the categories of PI disclosed for a business purpose in the prior 12 months, or that no disclosure occurred.
Specific Pieces. You have the right, subject to statutory exceptions, to make or obtain a transportable copy, no more than twice in a twelve-month period, of your PI that we have collected in the period that is 12 months prior to the request date and are maintaining.
The Right to Deletion
You have the right, subject to statutory exceptions, to request that we delete your PI that we have collected directly from you and are maintaining. Note also that we are not required to delete your PI that we did not collect directly from you.
You may alternatively exercise more limited control of your PI by instead by canceling or modifying our email marketing communications you receive from us. You can do so by following the instructions contained within our promotional emails.
The Right to Opt Out of Sale of Personal Information
We do not “sell” PI that we collect from you, including PI of minors under the age of 16, in accordance with the definition of “sell” in the CCPA. We treat all PI that we collect from you as subject to a “do not sell” request.
Your Nevada Privacy Rights.