Privacy Policy

On the move: This is what you need to know

We always recommend that our customers read this privacy policy in full. It explains who we are, how and why we collect personal data from you, how and why it will be processed by us and our commitment to protecting your data.

But just in case you’re on the move, or do not have time to read it in full, we have summarized the key points for you in our 'speed read' section below.

  • We are Anthology Inc. (Anthology Inc., we, our or us) and affiliates. We have entities in the US, Canada, UK, India and Brazil as detailed further below. We have appointed a Data Protection Officer who will be responsible for our approach to data protection and protecting your privacy. You can contact them at dpo@anthology.com.
  • We process your Personal Data (both, as defined below) to provide our services to you. This privacy policy explains Anthology Inc.’s approach to information it receives with regards to customer contacts, prospective customers and anyone who provides Personal Data to Anthology Inc. Under certain data protection laws, we are only permitted to process your Personal Data where we have a legal basis for doing so. We will only ever process your Personal Data in compliance with applicable law.
  • We may share your Personal Data with our affiliates and third-party suppliers, to enable the efficient and secure provision of services to you. Except as explained in this privacy policy, we will not share your data with third parties without your consent unless required to do so by law.
  • We will keep your data for as long as we provide services to you. We will then keep data for a limited period when we no longer provide services to you to deal with any queries or complaints.
  • Residents located within the European Economic Area (EEA) should note that, we may transfer your Personal Data to a recipient located outside of the EEA. If we do this, we will ensure that the transfer mechanism provides an adequate level of protection, which has been recognized by the European Commission. In addition, if you are a resident within the EEA you have additional rights in relation to your Personal Data; click here for more information.
  • Residents located within the United Kingdom should note that, after 31 December 2020, we may continue to transfer your Personal Data to a recipient located within the EEA, as confirmed by the UK data protection regulator, the Information Commissioner’s Office (ICO). Where we transfer your Personal Data to a recipient located outside of the EEA, we will ensure that the transfer mechanism provides an adequate level of protection on your Personal Data, as recognized by the ICO, including the Standard Contractual Clauses issued by the European Commission.
  • Our UK entity is registered as a data controller with the Information Commissioner's Office and our registration number is ZA294962.

Contents

  1. Definitions

    • “Process” or “processing” means any operation(s) performed on Personal Data, by automated means or not, such as collecting, protecting, using, sharing, organizing, storing, altering, or erasing.
    • “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
  2. About Anthology Inc.

    This privacy policy sets out how we process the Personal Data that you provide to us. We also set out details about how to contact us if you have any questions or comments.

    Anthology Inc. (Anthology Inc., we, our or us) includes the following entities:

    • Anthology Inc. (formerly known as Campus Management Corp.), a Florida corporation, whose principal place of business is at 5201 Congress Avenue, Boca Raton, FL, 33487, USA;
    • Campus Management Corp UK Limited, (specifically, CMC UK) a company registered in England and Wales under company number 06848622 whose registered office is at 3rd Floor, 5 Lloyds Avenue, London, EC3N 3AE, England;
    • Talisma Corporation Private Limited, a company registered in India whose registered office is at Ground Floor, “Phoenix” – Magnificia, Vijinapura, Mahadevapura Ward, Old Madras Road, Dooravaninagar, Bangalore – 560 016, Karnataka, India;
    • Campus Management Brasil Comércio de Softwares Educativos LTDA, a company registered in Brazil under company number 13.473.107/0001-07 whose registered office is at Avenida Paulista, 2300, Andar Pilotis, Cerqueira César, São Paulo, São Paulo, 01310-300, Brasil;
    • Campus Management International Private Limited, a company registered in India whose registered office is at 3rd Floor, Olympia / Building No: 1, Bagmane Tech Park, C V Raman Nagar, Byrasandra, Bangalore - 560093, Karnataka, India; and
    • Admissions US, LLC, a Delaware limited liability company whose principal place of business is at 5201 Congress Avenue, Boca Raton, FL, 33487, USA.
    • Campus Labs, ULC, a British Columbia Company whose principal place of business is at 20th Floor, 250 Howe Street Vancouver, BC V6C 3R8 Canada.
    • Anthology Inc. of NY, a Delaware corporation, whose principal place of business is at 298 Main St., Buffalo, NY 14202 (“Anthology NY”).
    • Anthology Inc. of Missouri, a Delaware corporation, whose principal place of business is at 8330 Ward Parkway, 5th floor, Kansas City, MO 64114 (“Anthology MO”).
  3. About this Privacy Policy

    This privacy policy applies to the Personal Data we collect about you through our websites www.campusmanagement.com, www.campusmanagement.com.br, www.campusmanagement.com/en-in, www.talisma.com, www.campusinsight.com, www.mycampusinsight.com, support.campusmgmt.com, and community.campusmanagement.com, www.campuslabs.com, www.imodules.com, www.anthology.com) (Website), by post, by telephone, and when you otherwise communicate with us.

    This privacy policy may change from time to time and, if it does, the up-to-date version will always be available on our Website. We will also tell you about any important changes to our privacy policy.

  4. What personal data do we collect about you?

    This section informs you of what information we collect about you and why.

    We collect Personal Data about you if you fill in forms on the Website or correspond with us by phone, email or otherwise. This includes information you provide when you submit an inquiry through our Website, request further information, register for events, buy our services, enter a competition, promotion or survey, give us your business card and when you report a problem with our Website. Please do not submit any Personal Data to us if you are less than 18 years of age.

    Personal data we process:

    • name(s);
    • job title;
    • place of employment;
    • home or business address and telephone number;
    • personal or business email address;
    • gender;
    • IP address.

    Optional information you may choose to provide:

    • birthday;
    • spouse’s name;
    • photos;
    • or personal comments as part of your profile.

    If you use our Website:

    If you use our Website, we automatically collect the following information:

    • web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform; and
    • information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our Website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as searches, scrolling, clicks and mouse-overs).

    Where we collect information about you in the ways described above, we do so on the basis that it is in our legitimate interests to collect and process this data. In most situations this will be anonymized but we collect and process this data to ensure that our site is functioning properly and that our customer experience is to the standard that you and we expect.

    The Website may, from time to time, contain links to and from the websites of non-Anthology Inc. parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

    We also use cookies on our Website. Please see this section for more information.

    Information we receive from other sources:

    We may receive information about you if you use any other website we operate or the other services we provide. We are also working closely with third parties, (including, for example, business partners and sub-contractors in technical services), and may receive information about you from them.

    When we receive information from other sources, we rely on them having the appropriate provisions in place telling you how they collect data and who they may share it with. We carefully check our sources to ensure that we only receive your information when it is lawful for us to do so.

  5. How will we use your personal data

    This section explains how we will collect, store and use Personal Data you provide to us in order to carry out the activities relevant to the provision of our services to you.

    We use the information held about you in the following ways:

    • Information you give to us. We will use this information to:
      • carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
      • respond to your inquiries or to process your requests in relation to your information;
      • let you know about important changes or developments to the site or our services;
      • provide and personalize our services generally;
      • administer records of our services;
      • carry out market research campaigns;
      • provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
      • provide you, or permit selected third parties that you have consented to provide you, with information about goods, services or educational programs we feel may interest you;
      • contact you to let you know about other products and services that we offer and feel may be of interest, as set out in the section on Marketing Communications;
      • we will aggregate your Personal Data in an anonymous manner to compile statistical and performance information related to the operation of our goods and services (“Aggregated Anonymous Data”). We use Aggregated Anonymous Data in order to create product and service enhancements; provided, that such information does not incorporate any of our Customer’s data, your Personal Data, or additional data you and our Customers provide. Our use of your Personal Data and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the services for our Customers. This includes Anthology Inc., our parent, subsidiaries, affiliates, and service providers;
      • ensure that content from our site is presented in the most effective manner for you and for your computer, making the site easier for you to use and providing you with access to all parts of the site.
    • Information we collect about you. We will use this information to:
      • administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
      • improve our site to ensure that content is presented in the most effective manner for you and for your computer;
      • allow you to participate in interactive features of our service, when you choose to do so;
      • be used as part of our efforts to keep our site safe and secure;
      • measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
      • make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
    • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).

    We must have a legal basis for processing your Personal Data. We consider that we have a legal basis where:

    • you have given us consent to do so for the specific purposes which we have told you about – for example, to send you certain marketing communications;
    • it is necessary for us to do so to enable us to provide you with the services that you have requested from us - for example contacting you about the services;
    • it is necessary in order to fulfil our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
    • the law otherwise permits or requires it.

    Where we process your Personal Data on the basis of our legitimate interests, these are our (or our third party’s) interests in providing our services to you in an efficient and secure manner.

  6. Marketing Communications

    This section is to explain how we will ensure that you are informed and aware of the products, services, promotions and events that we offer. By consenting to receive additional marketing communications (by mail, telephone, SMS, text/picture/video message, fax or email) from us, you agree to adhere to the rules and regulations contained herein and we will process your Personal Data in accordance with this privacy policy.

    To the extent that we send you any third party content, we take no responsibility for privacy rules of any third parties and encourage you to consider the privacy terms of those third parties separately.

    If you prefer not to receive any marketing communications from us, you can change your preferences and unsubscribe at any time by clicking on this link or contacting us at marketing@anthology.com with a subject line that reads “unsubscribe”. If you choose not to receive this information we will be unable to keep you informed of new products, services, events, user conferences, educational programs, newsletters, announcements and promotions that may interest you.

  7. Who will have access to your personal data

    This section is to explain who, within Anthology Inc., will have access to your data. Your Personal Data will only be seen or used by our employees or contractors who have a legitimate business need to access your Personal Data for the purposes set out in this privacy policy.

    We take your privacy seriously and have implemented appropriate physical, technical and organizational security measures designed to secure your Personal Data against accidental loss, destruction or damage and unauthorized access, use, alteration or disclosure.

  8. Who else might we share your personal data with

    This section will inform you of who we share your Personal Data with and why. Except as explained in this privacy policy, we will not share your Personal Data without your consent unless required to do so by law.

    We may share your Personal Data with any member of our group which means our subsidiaries and our ultimate holding company. This is to ensure efficiency and so we can provide the best service we can to you.

    We may share your Personal Data with the following third-party service providers who assist us with administering the provision of our services to you:

    • business partners, suppliers, and sub-contractors for the performance of any contract we enter into with them or you;
    • analytics and search engine providers that assist us in the improvement and optimization of our site; and
    • agents we engage to perform functions on our behalf including sending customer communications, providing technical support services, analyzing data and providing marketing assistance. They have access to Personal Data needed to perform their functions, but may not use it for other purposes.

    We may also pass Aggregated Anonymous Data on the usage of our site (e.g., we might disclose the median ages of visitors to our site, or the numbers of visitors to our site that come from different geographic areas) to third parties, but this will not include information that can be used to identify you personally.

    If a business transfer or change of business ownership takes place or is envisaged, we may transfer your Personal Data to the new owner (or a prospective new owner). If this happens, you will be informed of this transfer following the completion of such transfer or change of business ownership.

  9. How do we protect your personal data?

    This section explains how we keep your Personal Data safe and where it will be held.

    We take your privacy seriously and are committed to maintaining the privacy and security of the Personal Data you provide to us, and the choices you have regarding our collection and use of your Personal Data.

    We follow strict security procedures as to how your Personal Data is stored and used, and who sees it, to help stop any unauthorized person getting hold of it. Once we have received your Personal Data, we will use strict procedures and security features to try to prevent unauthorized access.

    Anthology NY and Anthology MO have taken actions to make transactions secure for members on our sites and transaction pages. Login, electronic commerce, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”). For Anthology MO products only, all commerce transactions encrypt your Personal Data including name, address, and credit card number to prevent unauthorized access as the information travels over the internet. Anthology MO Customers can elect to have site activity data transmitted securely by adding full site SSL certification as an additional service.

    For Anthology MO products and services which require commerce transactions; Anthology MO takes the responsibility of your cardholder data seriously and maintains compliance with Payment Card Industry Data Security Standards (PCI DSS) by meeting all security requirements to help ensure commerce-based transaction data is protected. Anthology MO is certified compliant as a Level One Service Provider by a Qualified Security Assessor (QSA), authorized by the PCI Security Standards Council. Our processes, procedures, network configuration, and overall environment conform to all of the security guidelines as defined in the PCI DSS standard and are annually verified by an external auditor. This Level One compliance, the highest level of PCI DSS compliance, helps ensure your e-commerce transaction data is securely protected, transmitted, and stored by Anthology MO. As part of our policy, datacenters hosting the site must maintain their own annual SSAE 16 audit. Upon a Customer’s request, Anthology MO will provide the current attestation of compliance for PCI DSS as well as a certified SSAE 16, or equivalent review. The attestation and certified SSAE 16 are completed by an external audit firm, on behalf of the datacenter used for our services.

    Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Customer Data and Personal Data.

    Certain Anthology NY products use Federated Authentication. If applicable, the product will connect to Customers’ authentication systems in order to identify and credential users. This means that the Customer logs in using their campus username and password. The centerpiece of each method is a secure transmission of a unique identifier for a user upon a successful granting of credentials. Some of the supported protocols also allow for the passing of additional attributes from a directory or other campus system.

    Certain Anthology NY products make it easier to work with Google APIs, specifically, Google Drive. If applicable and provided by the Customer, you can connect to Google Drive in order to copy over individual files for use within their coursework. Anthology NY does not access data within Google Drive except when explicitly directed by the Customer on the individual’s behalf. Any files that are copied from Google Drive within the Anthology NY platform remains hosted until deleted by an authorized party, or until the Customer terminates this service.

    Unfortunately, the transmission of your Personal Data via the internet is not completely secure and although we do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.

  10. How long do we keep your personal data?

    This section explains the length of time that we will retain your Personal Data.

    We will keep your Personal Data for no longer than necessary, for the purposes we have set out above. We will retain your information for as long as needed in order to provide the relevant goods or services to you or perform any contract we have with you and for a limited period afterwards in order to deal with any queries or complaints.

    Any third parties that we engage will keep your data stored on their systems for as long as is necessary to provide the relevant services to you or us. If we end our relationship with any third party providers, we will make sure that they securely delete or return your Personal Data to us.

    We may retain Personal Data about you for statistical purposes (for example, to help us better advertise our services). Where data is retained for statistical purposes it will always be anonymized, meaning that you will not be identifiable from that data.

  11. California Residents: Your Rights

    This section only applies to you if you are a California resident and we process your Personal Data. If that is the case, you have certain additional rights in relation to your Personal Data under the California Consumer Privacy Act (CCPA), Cal. Civ. Code § 1798.100 et seq.

    If the CCPA applies to you, you have the right to request that we:

    • disclose or provide copies to you, no more than twice in a 12-month period, the Personal Data about you that we have collected, used, or disclosed during the preceding 12 months; or
    • delete the Personal Data we hold about you, but please note:
      • if we are providing services to you and you ask us to delete Personal Data we hold about you then we may be unable to continue providing those services to you;
      • we may not be required to delete your Personal Data if it is necessary to:
        • complete any transaction for which it was provided;
        • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;
        • exercise any right provided to us by law;
        • comply with a legal obligation; or
        • otherwise use your Personal Data internally in a lawful manner compatible with the context in which you provided it.

    To exercise your rights under the CCPA, if applicable, please contact us at the address, email address or phone number listed in Section 13 of this Policy. If you make a request pursuant to your rights under the CCPA, we will attempt to verify your identity by asking you to confirm information we already have on file for you, such as an email address, phone number, account identifier, or password. If you choose to exercise your rights under the CCPA, you have the right not to be treated differently from any other individual whose Personal Data we process.

    As discussed above, we do not sell your Personal Data, so we do not offer an opt-out to the sale of Personal Data.

  12. EEA Residents: Your Rights

    This section only applies to you if we process your data while you are in the EEA. It explains that you have a number of rights in relation to your Personal Data under the EU General Data Protection Regulation 2016/679 (“GDPR”). However, the additional rights only apply when we process your Personal Data while you reside within the EEA.

    CMC UK is registered as a data controller with the Information Commissioner's Office and our registration number is ZA294962.

    There are circumstances in which your rights may not apply. For example, if we process your Personal Data while you are present in the United States, we may not have to comply with EU regulations and so your rights may not apply. Essentially, the additional rights will only be active once you return to reside within the EEA and we continue to process your Personal Data.

    If the additional rights do apply, you have the right to request that we:

    • provide you with a copy of the information we hold about you;
    • update any of your Personal Data if it is inaccurate or out of date;
    • delete the Personal Data we hold about you - if we are providing services to you and you ask us to delete Personal Data we hold about you then we may be unable to continue providing those services to you;
    • restrict the way in which we process your Personal Data;
    • stop processing your data if you have valid objections to such processing; and
    • transfer your Personal Data to a third party.

    For more information on your rights and how to use them, or if you would like to make any of the requests set out above, please contact us using the details provided in this section. We will respond to all such requests within the time period required by law.

    As explained in the section on Marketing Communications above, even if you consented to the processing of your Personal Data for marketing purposes (by checking the relevant box or by requesting information about services), you have the right to ask us to stop processing your Personal Data for such purposes. You can exercise this right at any time by contacting us at dpo@anthology.com.

    In providing services to you, you understand that we may transfer your information to different locations around the world. For example, information that is collected within the European Economic Area (EEA) may be transferred to destinations outside of the EEA for the purposes described in this policy.

    For users resident in the EEA, where your Personal Data is transferred from the EEA to a recipient outside the EEA in a country not recognized by the European Commission as providing an adequate level of protection for Personal Data, such transfer shall be covered by a framework recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including, but not limited to, Standard Contractual Clauses (the agreement in the form annexed to the European Commission's decision of February 5, 2010 on Standard Contractual Clauses for the transfer of Personal Data to processors established in third countries which can be found here).

    If you are unsatisfied with our response to any data protection issues you raise with us or our DPO, you have the right to make a complaint to your national data protection authority.

    For UK residents, after 31 December 2020, GDPR will no longer directly apply to you. The UK will adopt the principles of GDPR into its national law (“UK GDPR”). Under UK GDPR, you have materially the same rights as data subject in the EEA whilst you reside in the UK. Where your Personal Data is transferred from the UK to a recipient outside the UK in a country not recognized by the ICO as providing an adequate level of protection for Personal Data, such transfer shall be covered by a framework recognized by the ICO or courts as providing an adequate level of protection for Personal Data, including, but not limited to, Standard Contractual Clauses described above.

  13. Cookies

    This section explains how the Website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your personal computer, mobile phone, or other device when you visit a website.

    Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies are useful because they allow a website to recognize a user's device.

    Cookies in themselves do not identify you, just the computer or device you are using. Cookies do lots of different jobs, like making it easier for you to log on to and use our site during future visits, letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience. They also allow us to monitor traffic on our site and can also help to ensure that advertisements you see online are more relevant to you and your interests.

    Cookies themselves only record which areas of our site have been visited by your computer or device and for how long. Allowing us to create a cookie does not give us access to the rest of your computer.

    We use the following cookies:

    • Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our website.
    • Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way the Website works, for example, by ensuring that users are finding what they are looking for easily.
    • Functionality cookies. These are used to recognize you when you return to the Website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
    • Targeting cookies. These cookies record your visit to the Website, the pages you have visited and the links you have followed. We will use this information to make the Website more relevant to your interests. We may also share this information with third parties for this purpose.

    You can find more information about the individual cookies we use and the purposes for which we use them below:

    • [DoubleClickID]: This is an anonymous, unique identifier used to track how successful our advertising is. It collects advertising information via pixels, or transparent GIF files, which are provided by our ad management partner, DoubleClick. These files allow DoubleClick to recognize a unique cookie on your web browser, which in turn, lets us know which advertisements to show you. The cookie allows the devices IP address to be sent to a website, but it doesn’t store the IP address or any other Personal Data. This is a third-party cookie.
    • [Google Analytics]: The Website uses Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies to help the website operators analyze how users use our Website. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for internet operators and providing other services relating to website activity and internet use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our Website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
    • [LeadLander]: We use this cookie to collect information about how visitors use our Website and email communications. The cookie collects information relating to where visitors have come to the site from, the number of visitors, which email communications they clicked on and the pages they visited. If you consent, we may use the information collected by this cookie, in combination with your Personal Data, to contact you and tailor our communications to you based on the pages you have visited.

    With most Internet browsers, you can erase or block cookies or ask to receive a warning before a cookie is stored. The “Help” function within your browser should tell you how. You will also find details on how to delete cookies from your computer as well as more general information about cookies.

    Please be aware that restricting cookies may have a negative impact on the functionality of the Website.

  14. Who can you ask for more information?

    If you have any questions or concerns about how we handle your Personal Data or about this Privacy Policy, you can contact us using any one (or more) of the following:

    Post:
    Corporate Communications Manager
    Re: Privacy Policy
    5201 North Congress Ave.
    Boca Raton, FL 33487

    Email: marketing@anthology.com

    Telephone number: 561-923-2500

    Alternatively, you can contact us through the inquiry form of the Website.

    We have appointed a Data Protection Officer who is responsible for our approach to data protection and protecting your privacy. You can contact them at dpo@anthology.com.

This Privacy Policy was last updated on December 28, 2020 and shall be updated at least annually.

Introduction to our Privacy Policy

Anthology Inc. of NY (f/k/a Campus Labs, Inc.) (“Anthology,” “we,” “us,” or, “our”) is a hosted constituent engagement portal which has been purchased for your exclusive use (“Services,” “System,” “Site,” or “Website”) by your affiliated college, university, institution, or other organization (“Client”). “You,” “Your,” “Constituent,” “Member,” or “User” is referring to an individual associated with the client, who visits or has access to any of our associated Websites or Services.

Anthology has created this privacy policy statement in order to demonstrate its commitment to privacy and to describe the information-gathering and dissemination practices for the Website or any use of our Services.

This Website may disclose personal information (see the Personal Information section) when required by law or in the good-faith belief that such action is necessary to conform to the edicts of the law or comply with a legal process involving the Website.

Collection and Use of your Personal Information

Personal Information

This Site requires your institution to provide your Personal Information which will be used to identify you or a User. Such information may include your: full name, address, email address, sex, city, state, country, and postal code (“Personal Information”). You may review and edit this information by contacting your institution. All data values are stored encrypted. Please note we do not support the collection or storage of any sensitive personal information relating to government issued identifications from you or our Clients on our Site (see the Personally Identifiable Information section for details).

Access to Personal Information

We provide Clients and their Constituents with reasonable access to an individual’s Personal Information maintained within our System. In addition to your ability to update Personal Information within your profile; you must contact your institution for inquiries to correct, amend, or delete inaccurate Personal Information. However, Anthology may deny access to Personal Information when providing such access is considered unreasonably burdensome, expensive, or as otherwise permitted under the Privacy Shield principles. See the Contacting the Website section for details on Clients and their Constituents resting access to an individual’s Personal Information.

Use and Disclosure of Personal Information

In support of our Clients, we collect demographic data, such as your first and last name, email address, and other contact information (postal address and telephone number) to authenticate and provide services that meet the Client’s objectives. Additionally, we will aggregate your Personal Information in an anonymous manner to compile statistical and performance information related to the operation of our System (“Aggregated Anonymous Data”). Anthology uses Aggregated Anonymous Data in order to create product and Service enhancements; provided, that such information does not incorporate any of our Client’s data, your Personal Information, or additional data you and our Clients provide. Our use of your Personal Information and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the Services for our Clients. This includes Anthology, our parent, subsidiaries, affiliates, and service providers.

EU and Swiss individuals have rights to access their Personal Information, and limit use and disclosure such Personal Information. Unless authorized by you; we will not use or disclose your Personal Information or other data identifiable to you that are outside the original intent necessary for our Site. As noted in the Access Personal Information Section above; individuals have the ability request access, limit our use or disclosure (opt out) through your institution. We will work with your Institution for any individual inquiry or opt out request received. Additionally, we may disclose your Personal Information if we are required to do so under applicable law, public authorities, enforceable government request, meet national security, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with suspected or actual illegal activity.

As noted in our Personally Identifiable Information section below, Anthology does not collect sensitive personal information; including, but not limited to, government issued identifications, medical or health conditions, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.

Use of Google APIs

Some of Anthology’s products make it easier to work with Google APIs, specifically, Google Drive. If applicable and provided by the Client, Constituents can connect to Google Drive in order to copy over individual files for use within their coursework. Anthology does not access data within Google Drive except when explicitly directed by the Client on the Constituent’s behalf. Any files that are copied from Google Drive within Anthology’s platform remains hosted until deleted by an authorized party, or until the Client terminated this service.

Cookies

This Website uses cookies to support the authentication process and to maintain your active session. The cookies are encrypted and do not save any personally identifiable information about you, such as your user name, password, or email address (see the Personally Identifiable Information section for further details).

Use of our Site and Services

Fraudulent Behavior

This Site cannot guarantee the accuracy of information presented. However, anyone demonstrated to have engaged in fraudulent behavior may be subject to (but not limited to) loss of privileges as a member as well as face prosecution to the fullest extent of the law.

Photo, Blog, and other Personal Content Policy

This Site retains the right to remove or reject any content that it deems obscene or objectionable or has been reported as such by other members. In addition, the Client licensors of the Website can at any time deem content to be objectionable and can remove or request it be removed from the Site. This Site does not endorse any user generated content that is posted on the Site. Members will not post copyrighted content without permission from the owner. Members understand content — whether it be text, graphic, or audio visual — is the sole responsibility of the person from which such content originated. This Site is no way responsible for the accuracy, integrity, or quality of such content.

Links to Other Sites

This Site may contain links to other sites. This Site is not responsible for the privacy practices or the content of such websites.

Compliance and Security

Security

Anthology treats the security of our Clients’ data and Constituent data with utmost importance. We take many precautions at the infrastructure and software layers to deliver the highest level of protection for your Personal Information and other additional Constituent data provided by you or our Clients. Anthology owns and operates the database and web servers that host Clients' websites and, stores Client and Constituent data, including your Personal Information. These servers are protected by securely configured firewalls that prevent data from being accessed via the Internet. Each of our Client's data, Personal Information, and other additional Constituent data are stored in a dedicated database; this prevents the intrusion or corruption of data. In addition, our Clients' data catalogs cannot see or access each other's data.

SSL

Measures have been taken to make transactions secure for Members on our Sites and transaction pages. Login, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”). All transactions encrypt your Personal Information to prevent unauthorized access as the information travels over the Internet.

Logins and Passwords

Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Constituent data.

Federated Authentication

Anthology connects to Clients’ authentication systems in order to identify and credential users. This means that the client logs in using their campus username and password. The centerpiece of each method is a secure transmission of a unique identifier for a user upon a successful granting of credentials. Some of the supported protocols also allow for the passing of additional attributes from a directory or other campus system.

Personally Identifiable Information (PII)

Anthology does not encourage the collection, storage, or display of sensitive personal information or personally identifiable information in our System or use of our Services. We define “Personally Identifiable Information” or “PII” as information which includes: (i) Non-Public Directory information as defined by the Family Educational Rights and Privacy Act (FERPA); (ii) Health Insurance Portability and Accountability Act (HIPAA); or (iii) government issued identifications, including, but not limited to, Social Security Numbers, Driver License Numbers, and Individual Taxpayer Identification Numbers.

As part of our company policy, we maintain confidentiality and security features consistent with commercially reasonable industry standards which are appropriate to protect our System, as well as any data provided by you and our Clients. To the extent Personal Information or other additional Constituent information you provide is stored in our System, such information is treated as confidential information by Anthology.

Our security standards and data protection cover the data entered and maintained within the system. Client’s authorized administrators are also required to follow proper guidelines and standards in the use of the data and our Services to prevent unintended access of all data we maintain within our System. Accordingly, we offer our Clients comprehensive product training which includes setup and configuration of the Site, as well as ongoing product support, for purposes of ensuring Clients adhere to our confidentiality standards and proper use of our System. However, Clients are responsible for process and procedures to ensure the proper use of our Services, including data provided by you and our Clients comply with all applicable governing laws related to your Personal Information and confidentiality.

Privacy Shield

Anthology complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions. Anthology has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.

In compliance with the Privacy Shield Principles, Anthology commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals should first contact Anthology with inquiries or complaints regarding the Privacy Shield policy (see the Contacting the Website section below). Anthology has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If Anthology fails to respond within a reasonable time, or if our response does not address your concerns, you may contact the EU DPA’s or FDPIC, as applicable, for more information or to file a complaint. The services of the EU DPA’s or FDPIC are provided at no cost to you.

As a final point, Anthology commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

California Consumer Privacy Act (CCPA)

Effective January 1, 2020, this CCPA section of our Privacy Policy contains information required by the CCPA and supplements our Privacy Policy. Please note CCPA is not applicable to Anthology since as a Service Provider, Anthology primarily conducts business with non-profit organizations within the higher education industry.

If in the rare instance the iModules hosted site you are visiting is outside of the non-profit or higher education industry and if you reside in California, then you have the following rights:

  • You have the right to request the deletion of your personal information.
  • You have the right to request us to disclose to you, no more than twice in a 12-month period, the personal information about you that we collect, use, disclose, and sell during the preceding 12 months. You can contact us as set forth in Section 12 of this Privacy Policy.
  • We will not discriminate against you because you exercised your rights under this section of the Privacy Policy.

We do not sell your personal data, so we do not offer or require an opt-out to the sale of personal data. For a description of the personal data we collect please see ‘Collection and Use of your Personal Information’ Section within this Privacy Policy.

General Inquiry and Other Policy Items

Updates to This Privacy Policy

On an annual basis, this Site has the right to make changes or additions to this policy at any time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Policy. If you have questions regarding this policy, please check this policy periodically or contact Customer Support.

Contacting the Website

If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Website, please contact Customer Support at support@campuslabs.com or (716) 270-0000.

Last updated August 1, 2020

Data Processing Agreement

This Security and Privacy Policy Exhibit is hereby incorporated to the Service Agreement or Master Services Agreement (“Agreement”), as attached herein between Company and Client.

Introduction to our Privacy Policy

Anthology Inc. of Missouri (f/k/a iModules Software, Inc.) (“Anthology,” “Company,” “we,” “us,” or, “our”) is a hosted constituent engagement portal which has been purchased for your exclusive use (“Services,” “System,” “Site,” or “Website”) by your affiliated college, university, or other organization (“Client”). “You,” “your,” “Constituent,” “Member,” or “User” is referring to an individual who visits or has access to any of our associated Websites or Services.

Anthology has created this privacy policy statement in order to demonstrate its firm commitment to privacy and to describe the information-gathering and dissemination practices for the Website or any use of our Services.

This Website may disclose personal information (see the Personal Information section) when required by law or in the good-faith belief that such action is necessary to conform to the edicts of the law or comply with a legal process involving the Website.

Collection and Use of your Personal Information

Personal Information
This Site's registration form requires you to provide your Personal Information which will be used to identify you or a User. Such information may include your: full name, address, email address, password, gender, city, state, country, and zip code (“Personal Information”). You may also choose to provide optional information, such as maiden name, nickname, birthday, occupation, company, spouse's name, photos, or personal comments as part of your profile. You may update any of this information at any time by accessing your profile by clicking the "edit account information" link, or equivalent, in the navigation menu. You may opt out of receiving email communications from this community (see the Email Subscription/Opt-Out section). All date of birth data values are stored encrypted. Please note we do not support the collection or storage of any sensitive personal information relating to government issued identifications from you or our Clients on our Site (see the Personally Identifiable Information section for details).

Access to Personal Information
We provide Clients and their Constituents with reasonable access to an individual’s Personal Information maintained within our System. In addition to your ability to update Personal Information within your profile; you can contact us for inquiries to correct, amend, or delete inaccurate Personal Information. However, Anthology may deny access to Personal Information when providing such access is considered unreasonably burdensome, expensive, or as otherwise permitted under the Privacy Shield principles. See the Contacting the Website section for details on Clients and their Constituents resting access to an individual’s Personal Information.

Use and Disclosure of Personal Information
Our Services helps Clients advance fundamental engagement to you as a Constituent. In support of our Clients, we collect demographic data, such as your first and last name, email address, and other contact information (postal address and telephone number) to authenticate and enhance targeted communication to meet the Client’s objectives. As a User, we collect your Personal Information, as needed, to process your gift contributions, Membership dues, event registrations, etc. Additionally, we will aggregate your Personal Information in an anonymous manner to compile statistical and performance information related to the operation of our System (“Aggregated Anonymous Data”). Anthology uses Aggregated Anonymous Data in order to create product and Service enhancements; provided, that such information does not incorporate any of our Client’s data, your Personal Information, or additional data you and our Clients provide. Our use of your Personal Information and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the Services for our Clients. This includes Anthology, our parent, subsidiaries, affiliates, and service providers.

EU and Swiss individuals have rights to access their Personal Information, and limit use and disclosure such Personal Information. Unless authorized by you; we will not use or disclose your Personal Information or other data identifiable to you that are outside the original intent necessary for our Site. As noted in the Access Personal Information Section above; individuals have the ability request access, limit our use or disclosure (opt out) through Anthology Customer Support (see Contacting the Website section). We will work with your University for any individual inquiry or opt out request received. Additionally, we may disclose your Personal Information if we are required to do so under applicable law, public authorities, enforceable government request, meet national security, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with suspected or actual illegal activity.

As noted in our Personally Identifiable Information section below, Anthology does not collect sensitive personal information; including, but not limited to, government issued identifications, medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.

Cookies
This Website uses cookies to recognize you and allow you to automatically log in without re-entering your user name and password each time you visit our Site. The cookies are encrypted and do not save any personally identifiable information about you, such as your user name, password, or email address (see the Personally Identifiable Information section for further details). If cookies are disabled in your browser, you can still use the Site but you will be required to enter your password each time you visit.

Personal Profile and Directory Information
Your Personal Profile features information you may wish to share with other Site Members on your Profile Page. Only people who are Members of this Site can view other Members' Profile Pages. The only information automatically displayed on your Profile Page is your first name, last name, and selected additional information. Additional information fields from your Personal Profile information — including comments and other personal information you choose to share, along with any photos — will appear only if you have opted to provide those items and have also selected to have those fields in your Profile Page View.

Credit Card Transactions
Some features of this Site enable credit card transactions. These features are completely voluntary to Members. They include the purchasing of event registrations, merchandise purchases, online donations, membership purchases, or the payment of other types of fees through the Site (see the PCI section).

Use of our Site and Services

Fraudulent Behavior
This is a community site that is based primarily on Member input. This Site cannot guarantee the accuracy of information presented. However, anyone demonstrated to have engaged in fraudulent behavior may be subject to (but not limited to) loss of privileges as a member as well as face prosecution to the fullest extent of the law.

Email Subscription Opt-Out
The Site provides you with the opportunity to choose to receive email communications about this Site and the groups you are registered with, as well as emails from other Members. In all email communications you receive from this community — except confirmation emails for event registrations, purchases, donations, or other payments — you will be provided an unsubscribe option to opt out of the specific email communication type. You can also modify the email types you receive at any time by going to your account profile and changing your opt-in status.

Photo, Blog, and other Personal Content Policy
This Site retains the right to remove or reject any content that it deems obscene or objectionable, or has been reported as such by other members. In addition, the Client licensors of the Website can at any time deem content to be objectionable and can remove it from the Site. This Site does not endorse any user generated content that is posted on the Site. Members will not post copyrighted content without permission from the owner. Members understand content — whether it be text, graphic, or audio visual — is the sole responsibility of the person from which such content originated. This Site is no way responsible for the accuracy, integrity, or quality of such content.

Links to Other Sites
This Site contains links to other sites. This Site is not responsible for the privacy practices or the content of such websites.

Compliance and Security

Security
Anthology treats the security of our Clients’ data and Constituent data with utmost importance. We take many precautions at the infrastructure and software layers to deliver the highest level of protection for your Personal Information and other additional Constituent data provided by you or our Clients. Anthology owns and operates the database and web servers that host Clients' websites and, stores Client and Constituent data, including your Personal Information. These servers are protected by securely configured firewalls that prevent data from being accessed via the Internet. Each of our Client's data, Personal Information, and other additional Constituent data are stored in a dedicated database; this prevents the intrusion or corruption of data. In addition, our Clients' data catalogs cannot see or access each other's data.

SSL
Measures have been taken to make transactions secure for Members on our Sites and transaction pages. Login, electronic commerce, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”).All commerce transactions encrypt your Personal Information including name, address, and credit card number to prevent unauthorized access as the information travels over the Internet. Clients can elect to have site activity data transmitted securely by adding full site SSL certification as an additional service.

Logins and Passwords
Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Constituent data.

Personally Identifiable Information (PII)
Anthology does not support the collection, storage, or display of sensitive personal information or personally identifiable information in our System or use of our Services. We define “Personally Identifiable Information” or “PII” as information which includes: (i) Family Educational Rights and Privacy Act (FERPA); (ii) Health Insurance Portability and Accountability Act (HIPAA); or (iii) government issued identifications, including, but not limited to, Social Security Numbers, Driver License Numbers, and Individual Taxpayer Identification Numbers.

As part of our company policy, we maintain confidentiality and security features consistent with commercially reasonable industry standards which are appropriate to protect our System, as well as any data provided by you and our Clients. To the extent Personal Information or other additional Constituent information you provide is stored in our System, such information is treated as confidential information by Anthology. Our security standards and data protection cover the data entered and maintained within the system. Client’s authorized administrators are also require to follow proper guidelines and standards in the use of the data and our Services to prevent unintended access of all data we maintain within our System. Accordingly, we offer our Clients comprehensive product training which includes setup and configuration of the Site, as well as ongoing product support, for purposes of ensuring Clients adhere to our confidentiality standards and proper use of our System. However, Clients are responsible for process and procedures to ensure the proper use of our Services, including data provided by you and our Clients comply with all applicable governing laws related to your Personal Information and confidentiality.

PCI Compliance
Anthology takes the responsibility of your cardholder data seriously and maintains compliance with Payment Card Industry Data Security Standards (PCI DSS) by meeting all security requirements to help ensure commerce-based transaction data is protected. We are certified compliant as a Level One Service Provider by a Qualified Security Assessor (QSA), authorized by the PCI Security Standards Council. Anthology's processes, procedures, network configuration, and overall environment conform to all of the security guidelines as defined in the PCI DSS standard and are annually verified by an external auditor. This Level One compliance, the highest level of PCI DSS compliance, helps ensure your e-commerce transaction data is securely protected, transmitted, and stored by Anthology. As part of Anthology’s policy, datacenters hosting the Site must maintain their own annual SSAE 16 audit. Upon a Client’s request, Anthology will provide the current attestation of compliance for PCI DSS as well as a certified SSAE 16, or equivalent review. The attestation and certified SSAE 16 are completed by an external audit firm, on behalf of the datacenter used for our Services.

Privacy Shield
Anthology complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions. Anthology has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. 

In compliance with the Privacy Shield Principles, Anthology commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals should first contact Anthology with inquiries or complaints regarding the Privacy Shield policy (see the Contacting the Website section below). Anthology has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If Anthology fails to respond within a reasonable time, or if our response does not address your concerns, you may contact the EU DPA’s or FDPIC, as applicable, for more information or to file a complaint. The services of the EU DPA’s or FDPIC are provided at no cost to you. Under certain conditions, specified on the Privacy Shield website, you may invoke binding arbitration as outlined in Annex I of the Privacy Shield Binding Arbitration Mechanism.

As a final point, Anthology commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).

California Consumer Privacy Act (CCPA)

Effective January 1, 2020, this CCPA section of our Security and Privacy Policy contains information required by the CCPA and supplements our Security and Privacy Policy. Please note CCPA is not applicable to Anthology since as a Service Provider, Anthology primarily conducts business with non-profit organizations within the higher education industry.

If in the rare instance the Anthology hosted site you are visiting is outside of the non-profit or higher education industry and if you reside in California, then you have the following rights:

  • You have the right to request the deletion of your personal information.
  • You have the right to request us to disclose to you, no more than twice in a 12-month period, the personal information about you that we collect, use, disclose, and sell during the preceding 12 months. You can contact us as set forth in Section 12 of this Security and Privacy Policy.
  • Anthology will not discriminate against you because you exercised your rights under this section of the Security and Privacy Policy.

Furthermore, we do not sell your personal data, so we do not offer or require an opt-out to the sale of personal data. For a description of the personal data we collect please see ‘Collection and Use of your Personal Information’ Section within this Security and Privacy Policy.

General Inquiry and Other Policy Items

Updates to This Privacy Policy
On an annual basis, this Site has the right to make changes or additions to this policy at any time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Policy. If you have questions regarding this policy, please check this policy periodically or contact Customer Support.

Contacting the Website
If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Website, please contact Customer Support at info@imodules.com or (913) 888-0772.

Last updated August 1, 2020.

Choose your Region