Privacy policy

Last Updated: August 10, 2020

At Novalsys, Inc. ("we" or "us") we are committed to protecting and respecting your privacy. This Privacy Policy explains how we look after your personal information when you visit and use our community engagement platform at https://www.campusgroups.com, our mobile sites or applications, or other dedicated CampusGroups sites, mobile or other applications designed and hosted by us for your Organization (collectively, the "Site") and where you access and use any of the tools and features that we provide through the Site (collectively, the "Services"). This Privacy Policy also tells you about your privacy rights with respect to your information.

USE OF THE SITE AND THE SERVICES

Authorized Users

If a profile which you did not create yourself exists on this Site it is because the school or university identified on the Site (the "School") or other club, group or organization (together with the School, an "Organization") has shared certain information with us due to your affiliation with the Organization (whether as a registered student, member of staff, alumni, parent, partner, employee, club member or other third party connected with the Organization and authorized to access the Services). If we have received such information from your Organization, your Organization has authorized your access to, and use of the Site and Services and for purposes of this Privacy Policy, you will be referred to as an "Authorized User". As an Authorized User, your Organization is responsible for and administers your CampusGroups account and is also responsible for the collection and use of any data that you submit or provide through the Services (including any messages, files or other content submitted through the Services) (collectively, "User Contributions"). We have a separate agreement with your Organization which governs delivery, access and use of the Services (the "Organization Agreement"). In addition to this Privacy Policy, your Organization may have additional policies which apply in relation to your use of the Service.

Independent Users

If you have created your own account on the Site to access certain Services that we provide to an Organization under an Organization Agreement (including, for example, registering or purchasing tickets for an event hosted by the Organization) , for purposes of this Privacy Policy, you will be referred to as an "Independent User". As an Independent User, the Organization is still responsible for and administers your CampusGroups account and will be responsible for the collection and use of any data that you submit or provide through the Services (as set out above in the case of Authorized Users). Please note: your data will be shared with the Organization and will be processed in accordance with their Privacy Policy as well as ours. Click here for a copy of your Organization’s Privacy Policy.

Trial Users

If you have created your own account on the Site following a request for a demo or other trial of the Site and the Services and there is no Organization Agreement in place, for the purposes of this Privacy Policy, you will be referred to as a "Trial User". As a Trial User, we administer your CampusGroups account and will be responsible for the collection and use of any data that you submit or provide through the Services. Novalsys will not share your data with your Organization.

Authorized Users, Independent Users and Trial Users, shall be referred to collectively as "End Users".

Your use of the Site and Services is governed by the Terms of Service [add https://www.campusgroups.com/terms and this Privacy Policy. If you have any questions about your use of the Services, including privacy settings and practices, please contact us at [email protected]. Where appropriate, we will forward your message to your Organization.

WHO ARE WE AND HOW CAN YOU REACH US?

We’re Novalsys, Inc. ("Novalsys") and we operate the Site and provide the Services. If you would like to contact us for any reason, including (i) to obtain more information about how we have received your information from your Organization or how we share your information with your Organization; (ii) how we process your information; or (iii) if you have any questions about the Site or the Services generally, please contact us at:

Novalsys, Inc.
902 Broadway, 6th Floor
New York, NY 10010
Phone: 1 (646) 797-3161
[email protected]

INFORMATION WE COLLECT AND RECEIVE

Personal data, or personal information, means any information about an individual from which that person can be identified.

We may collect, use, store, transfer and receive different kinds of personal information about you when you access and use the Site or Services, which we have grouped together as follows (collectively "Data"):

  • Identity Data includes first name, last name, legal first name, middle initial, maiden name, username or similar name, Organization identifiers (student ID, card number, etc.), title, nationality, languages, date of birth and gender.
  • Contact Data includes email address(es), preferred email address, personal address, work address, work contact details and phone numbers.
  • Transaction Data includes details about transactions which occur on our Site and through the Services, including payments to and from an End User and products and services an End User has purchased from the Groups. We do not store or come in contact with any credit card information.
  • Technical Data includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices used by the user to access the Site and/or the Services. Include logs of all requests made by the user to the site
  • Profile Data includes username and password, memberships in a group which is part of an Organization (a "Group"), membership end date, school program, degree, year of entry, year of graduation, work details (LinkedIn resume, company, work title), interests, preferences, feedback, surveys/forms/poll responses, platform join date, group officer status, validation status, opt-in subscriptions (sub-groups), member tags, posts on feeds.
  • User Contributions includes any messages, photos, news, files or other content submitted through the Services by individual End Users.
  • Usage Data includes information about how End Users use the Site and/or the Services – includes web analytics relating to usage of the Site and the platform in general and logs of all requests made by users to the Site, as well as usage of specific features of the Services such as events registration and attendance, tickets selected/purchased/cancelled, email engagement, member tags, likes and comments on feeds.
  • Marketing and Communications Data includes any preferences in receiving marketing from us, Groups, the Organization, other relevant third parties, plus any communication preferences – e.g. ways in which the user may be contacted.
  • Support Data includes any information that users of the Site or the Services provide when they contact or engage platform support regarding the Services.
  • Special Categories of Personal Data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We also collect, use and share Aggregated Data such as statistical and demographic data for any purpose. Aggregated Data may be derived from your personal information, but it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of the Service. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Policy.

HOW IS YOUR INFORMATION COLLECTED?

We use different methods to collect information from and about you, including through:

Direct Interactions

You may submit certain Data when you use the Site and the Services. This includes (but is not limited to) personal information you share when you:

  • Register or log on in your individual capacity or as an Organization administrator ("Organization Administrator") or as a leader or an officer of your Group ("Group Officer");
  • Post material (including resumes, biographical information, and photos);
  • Request further services, purchase tickets to an event, when you wish to join a Group, or when you report a problem with the Site or the Services. Please note that in some cases, recording your membership of a particular Group may involve the processing of Special Categories of Personal Data;
  • Records and copies of your correspondence (including e-mail addresses), if you contact us;
  • Respond to surveys that we, your Organization or your Group might ask you to complete for research purposes;
  • Contact us with feedback or queries;
  • Post User Contributions on public areas of the Site or transmit to other users of the Site or third parties.

Automated technologies or interactions

As you interact with or navigate through the Site and the Services, we may automatically collect Data about your equipment, browsing actions and patterns. We may collect this information by using cookies and other similar technologies. Please note: you can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, some parts of the Site and the Services may then be inaccessible or not function properly. Please see our Cookie Policy for further details. https://www.campusgroups.com/terms?view=cookies

You are not under a statutory or contractual obligation to provide us with any personal information. However, certain information is collected automatically and if you don’t provide some information, such as account set-up details, we may be unable to provide the Services to you.

PURPOSES FOR WHICH YOUR INFORMATION IS USED

All End Users

We process personal information, as applicable, for our legitimate business interests as follows:

  • Contacting Organization Administrators for invoicing, account management or other administrative reasons (not applicable to Trial Users);
  • Notifying you about changes to our Terms of Service or Privacy Policy or contacting you with other important Service-related messages, such as security and fraud notices;
  • Carrying out data analytics, identifying usage patterns, customizing the Site and the Services to individual preferences, improving and enhancing user experiences, modifying the Site and the Services, developing new products and our business, auditing use and functionality of the Site and the Services, informing our marketing strategy, investigating and preventing service errors, security or technical issues, helping enforce compliance with our Terms of Service, protecting the Site and the Services, protecting our business;
  • Asking you to complete a survey or feedback form to collect your views or comments on the services we provide, helping us study how End Users use our products and services to develop and grow our business;
  • Responding to your requests, comments or queries relating to your use of the Site and the Services;
  • Subject to your marketing preferences, making suggestions and recommendations to you about goods or services that may be of interest to you or your Organization. This may include emails about new product features, promotional communications or other CampusGroups news.

We may also process personal information as necessary to comply with a legal obligation.

Users Other than Trial Users

Where your Organization has requested that we make the Services available to its Authorized Users under the applicable Organization Agreement, or where you access these Services as an Independent User, your personal information may be used for the purpose of providing the Services to you. Some examples of how your information may be used include (but are not limited to):

  • Publishing your Data to maintain an open directory of individuals affiliated with your Organization and your Groups (the membership of which may reveal particularly sensitive information, such as religious or philosophical beliefs, political opinions, sexual orientation, or racial or ethnic origin);
  • Sharing your Data with affiliates of your Organization or Group;
  • Sharing your Contact Data to enable you to receive communications from your Organization, your Groups and other individuals affiliated with your Organization;
  • Enabling you to communicate with other individuals associated with your Organization or your Groups;
  • Enabling you to register for events.

Trial Users Only

In addition to the uses applicable to all End Users, we process your information as necessary to perform our contract with you (as set out in the Terms of Service https://www.campusgroups.com/terms) to provide trial access to the Services, which includes but is not limited to registering you on the platform, sending you important service updates, responding to any queries or fulfilling your requests and providing features such as:

  • Groups and Membership Management;
  • Group Page Administration;
  • Creating, Promoting and Managing Events;
  • Messaging;
  • Creating and Managing Surveys, Forms & Polls;
  • Facilitating Online Payments;
  • Platform Analytics;
  • Directory services;
  • File Sharing;
  • Discussion Feeds.

FOR HOW LONG DO WE KEEP YOUR INFORMATION?

Where we process your personal information on behalf of your Organization, we will retain your information in accordance with your Organization’s instructions and in accordance with any legal obligations.

For all other personal information, we will only keep it for as long as necessary to fulfil the purposes we collected it for as set out in this Privacy Policy. For Trial Users, any Data you submit to the platform as part of your trial may be deleted where you have not accessed the Services within a 30-day period. However, we will continue to process certain personal information so that we can contact you with direct marketing unless you have opted out from receiving such communications.

When you connect your account with third party apps & platforms, such as Google Calendar or Zoom, we also store the data required for the integration you selected. When you disconnect the integration, the tokens used to access your data on the third party platform are deleted. Data which was retrieved through the integration prior to it being disabled may still be available on the platform if it is still in use, such as the Zoom meeting link for an event, unless specifically deleted. You may find additional details on how to disconnect an existing integration or how to delete your data on our help center.

HOW IS YOUR INFORMATION SHARED AND DISCLOSED?

This section describes how we may share and disclose your information. Please note that Organizations determine their own policies and practices for the sharing and disclosure of information.

Organization’s Instructions

Where we collect or receive personal information from Authorized Users and Independent Users through their use of the Site and the Services, we will only share and disclose information in accordance with the Organization’s instructions, including any applicable terms in the Organization Agreement and in compliance with applicable law.

Directory Services

Unless you (or your Organization, if relevant) have updated your privacy settings to "private", we may disclose personal information that we collect, or you submit, as described in this Privacy Policy to provide an active and open directory of individuals affiliated with your Organization, to your Organization, your Groups, and to individuals who access your Organization’s or your Group’s pages. For Trial Users of Directory Services, your personal information will only be available to those individuals authorized to access the trial platform.

Please Note: Some of the information you provide on the Site, including Profile Data, User Contributions and Group affiliations might be widely available to the public. You should also be aware that even pages that you mark as "private" in your settings will be accessible to Organization Administrators and Group Officers regardless of your privacy settings. If you do not want these individuals to see your information, please contact us at [email protected] and we will advise you regarding how your personal information can be removed from the Site.

Aggregated Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

Organization Access

Organization Administrators, Group Officers, and other Organization representatives and personnel may be able to access, modify or restrict access to your personal information. This may include, for example, your Organization using features of the Services to export activity logs or modifying access to other Service features. Organization Administrators may also have access to your personal information where you create an account to access certain Services as an Independent User. If you have any questions about your Organization’s account settings, please contact us at [email protected]. Where appropriate, we will forward your message to your Organization.

Third Party Service Providers working on our behalf. We may pass your information to our third-party service providers, agents, subcontractors and other associated organizations for the purposes of completing tasks and providing services to you on our behalf or on behalf of your Organization or your Groups.

Purchases on Our Sites

Unless your Organization has made an alternative arrangement, when you purchase products or services on our Site, your transaction is processed by a third-party payment processor, who specializes in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us at [email protected].

Sale of Our Business/Legal Requirements

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets or as part of any business restructuring or reorganization, or if we’re under a duty to disclose or share your personal information in order to comply with any legal obligation or to enforce or apply our Terms of Service or to protect the rights, property or safety of our supporters and customers.

Additional Sharing of Your Information

We may also share your information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

YOUR CHOICES

Direct Communications from Novalsys

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the features of our Site and our products and services, you can opt-out by clicking the unsubscribe link in such communications or sending us an email stating your request to [email protected].

Please Note: opting out of marketing communications from Novalsys does not mean that you will not receive:

  • Messaging from other individuals through the Site;
  • Messages from your Organization Administrators or Group Officers;
  • Messages from us, your Organization or your Group if we need to contact you as a result of a product purchase, event registration, other transaction or other service-related matter.

If you do not want to receive any messages from individuals who are connected with the Site, please contact us at [email protected] and we will advise you regarding how your personal information can be removed from the Site.

INTERNATIONAL DATA TRANSFERS

Novalsys is based in the United States. We may therefore transfer your personal information to countries other than the one in which you live. For EEA data subjects, this may involve transferring your information outside the EEA.

ADDITIONAL INFORMATION FOR END USERS LOCATED IN THE EEA

For users of the Site located in the European Economic Area ("EEA"), data protection laws refer to the concepts of "data controllers" and "data processors". A data controller decides how and why your information is used. A data processor is responsible for processing your information on behalf of the data controller and does so only in accordance with the controller’s instructions.

As a data processor we may use your Data in accordance with the written instructions of your Organization (as data controller), including any applicable terms in the Organization Agreement, and as required to comply with a legal or regulatory obligation.

As a data controller, we will use your Data:

  • Where we have your explicit consent (for example, to collect and store Special Categories of Personal Data).
  • Where we need to perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate business interests in operating the Site and providing the Services (including carrying data analytics on the Site and the Services or the purposes set out in this Privacy Policy).
  • Where we need to comply with a legal or regulatory obligation.

We offer EU Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Organizations that operate in the European Union or whose Authorized Users are located in the European Union.

Your rights

Individuals located in the EEA have certain statutory rights in relation to their personal information. Subject to any exemptions provided by law, you may have the right to:

  • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information the data controller holds about you and to check that they are lawfully processing it.
  • Request correction of the personal information held about you. This enables you to have any incomplete or inaccurate information the data controller holds about you corrected.
  • Request erasure of your personal information. This enables you to ask the data controller to delete or remove personal information where there is no good reason for them continuing to process it. You also have the right to ask the data controller to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information where the data controller is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where they are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your personal information. This enables you to ask the data controller to suspend the processing of personal information about you, for example if you want them to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.

How you can access, correct, and delete your information. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

You and your Organization (if applicable) may access, correct and delete information that you have uploaded to the Site through your use of the Services by logging into the Site and using the tools within the account profile page. If you are not able to do so using the tools provided, you should contact us at [email protected] and we will forward your request on to your Organization where appropriate. For individual users of the Site who are not Authorized Users, you can email us at [email protected] to request access to, correct or delete (if applicable) any of your personal information.

If you delete your User Contributions from the Site, copies of your User Contributions may remain viewable in cached and archived pages or might have been copied or stored by other Site users. Proper access and use of information provided on the Site, including User Contributions, is governed by our Terms of Service https://www.campusgroups.com/terms.

To access any of the other rights set out above, please contact us at [email protected]. We will forward your request to your Organization where appropriate.

ADDITIONAL RIGHTS OF CALIFORNIA RESIDENTS

Under California Civil Code Section 1798.83 you may request certain data regarding CampusGroups disclosure, if any, of personal information to third parties for the third parties' direct marketing purposes. To make such a request, please send an e-mail message to [email protected] with "Request for California Privacy Information" in the subject line of your email. You may make such a request up to once per calendar year. If applicable, we will provide you, by e-mail, a list of the categories of personal information disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the third parties & names and addresses. Please note that not all personal information sharing is covered by Section 1798.83&s requirements.

ADDITIONAL INFORMATION FOR STUDENTS OF UNITED STATES SCHOOLS GOVERNED BY THE FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT OF 1974 ("FERPA")

If your School is subject to FERPA, it may have shared certain Data with us as permitted under FERPA. To get more information about whether your School is governed by FERPA, please visit the homepage of your School. To review a copy of our FERPA Statement, please click here: https://www.campusgroups.com/terms?view=ferpa

SECURITY

We have implemented appropriate security measures designed to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know

All data we collect is stored securely on our servers. Firewalls are in place exposing only the necessary services to the Internet as well as between our servers. All information transmitted between your browser and our servers is encrypted using industry standard security protocols such as TLS 1.2

We have put in place procedures to deal with any suspected personal data breach and will notify you or your Organization (if applicable) and any relevant data protection regulator of a breach where we are legally required to do so.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site and the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Site. The information you share in public areas may be viewed by any user of the Site.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.

LINKS TO OTHER WEBSITES

Our Site may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.

13 OR UNDER

Our Site is not intended for children under 13 years of age. If you are under 13, do not use or provide any information on the Site. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].

HOW TO CONTACT US

Please feel free to contact us if you have any questions about this Privacy Policy or our practices in general. You can contact us via e-mail at [email protected] or by mail at Novalsys, Inc., 902 Broadway, 6th Floor, New York, NY 10100

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy. To communicate with our DPO, please email [email protected].

HOW TO COMPLAIN

We hope that we can resolve any query or concern you raise about our use of your personal information. In addition, for users located in the EEA, you have the right to make a complaint at any time with your local data protection authority, or the relevant data protection authority in the country where any alleged infringement of data protection laws occurred.

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy from time to time so please check this page occasionally to ensure that you are comfortable with any changes. By using the Site and the Services, you’re agreeing to be bound by this Privacy Policy.