Information We Collect
We collect various types of information from our visitors so we can adjust our site to meet our users’ needs and expectations. Some of this information is collected automatically through cookies.
Information Collected Automatically
The types of information your browser or internet session automatically sends us each time you visit our sites, which we automatically collect, includes:
- Your browser, e.g., Internet Explorer, Chrome, Firefox.
- Your Internet domain, e.g., Yahoo, Google.
- You computer’s operating system, e.g., Windows, Mac, UNIX, Linux.
- Your navigation path, i.e., the URLs of where you come to our site from, which of our pages you visit, and where you go as you leave.
- Your IP address.
This information lets us see how users are finding our sites, and it tells us which pages are visited the most often so we can make our website more useful.
Information You Provide to Us
In addition to the information automatically collected by your browser, we also collect information that you provide to us when you contact us, such as through the “Contact Us” page of our website, or when you submit information to us as part of our supplier onboarding process or through our compliance helpline. We may engage one or more service providers to provide software tools or otherwise assist us in managing information submitted through these channels.
How We Use This Information
We use the information we automatically collect to help us better plan our website to meet your Internet needs. We use information you submit to us for the purposes for which it was submitted.
Your Rights, Our Obligation
Vanta Education does not sell or rent any personal data submitted by visitors to our site to any third parties. The company respects the privacy of users visiting our Vanta Education site. On occasion, we may use certain directory information that we have collected to send you information about products and services, or updates and other information we think may be of interest to you. Occasionally we may share this information with our educational subsidiaries to bring similar information to your attention. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will respect your wishes.
Other than directory information, data you provide to us as you use our website will be held in confidence by us and will be used for internal purposes only. The company may share aggregate information about our users with advertisers, business partners, sponsors and other third parties. However, the individual information you provide us within the Vanta Education website will be known only to you and Vanta Education. We will not share your personal data with anyone else, except as may be required by law.
For More Information
If you have questions about our information practices, please contact us.
Data created by a web server that is stored on a user’s computer. It provides a way for the website to keep track of a user’s patterns and preferences and, with the cooperation of the web browser, to store them on the user’s own hard disk.
The cookies contain a range of URLs (web addresses) for which they are valid. When the browser encounters those URLs again, it sends those specific cookies to the web server. For example, if a user’s ID were stored as a cookie, it would save that person from typing in the same information all over again when accessing that service for the second and subsequent time during the same browser session.
NOTE: If you disable cookies in your browser, you will not be able to access any of Vanta Education’s secured websites.
IP (Internet Protocol) Address
This is the address of a computer attached to a TCP/IP network. Every client and server station must have a unique IP address. Client workstations have either a permanent address or one that is dynamically assigned for each dial-up session. IP addresses are written as four sets of numbers separated by periods; for example, 220.127.116.11.
EU-U.S. PRIVACY SHIELD FRAMEWORK
Vanta Education, Inc., Apollo Global, Inc., and BPP (individually and collectively, the “Company”) participates in the EU-U.S. Privacy Shield Framework (the “Framework”). Company’s participation in the Framework applies to personal data received in the United States from the European Union (“EU”) about employees (“EU Employee Data”), students (“EU Student Data”), clients (“EU Client Data”) and suppliers (“EU Supplier Data”) (collectively, “EU Personal Data”). In addition to having implemented Standard Contractual Clauses for the transfer of certain EU Personal Data, we are committed to subjecting such EU Personal Data to the Framework to the extent that we have received it in reliance on the Framework, including its Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
EU Personal Data Collection, Use, and Disclosure
EU Employee Data: The Company provides to EU employees a notice about the collection, use, and disclosure of their EU Employee Data through internal company policies.
EU Student and Prospective Student Data: The Company collects and processes the following categories of EU Student and Prospective Student Data: name, email address, student number, national ID number (where permitted by applicable law), city, telephone number, financial account information, network usage information, educational information (classes, grades, schedule, academic record). The Company will use and otherwise process EU Student and Prospective Data in the United States for the following purposes: educational related activities, finance and accounting related activities, technical support, and disaster recovery. The Company transfers EU Student and Prospective Student Data to the following types of third parties: student management system provider; IT helpdesk and support provider; backup storage provider.
EU Client and Prospective Client Data: The Company collects and processes the following categories of EU Client and Prospective Client Data: name, email address, client number, national ID number (where permitted by applicable law), city, telephone number, financial account information, network usage information, educational information (classes, schedule, educational record). The Company will use and otherwise process EU Client and Prospective Client Data in the United States for the following purposes: educational related activities, finance and accounting related activities, legal compliance activities, contracting, sales, technical support, and disaster recovery. The Company transfers EU Client and Prospective Client Data to the following types of third parties: client management system provider; IT helpdesk and support provider; backup storage provider.
EU Supplier Data: The Company collects and processes the following categories of EU Supplier Data: name, email address, mailing address, telephone number, financial account information. The Company will use and otherwise process EU Supplier Data in the United States for the following purposes: finance and accounting related activities, legal compliance activities, contracting, sales, project management, technical support, and disaster recovery. The Company transfers EU Supplier Data to the following types of third parties: supplier management system provider; IT helpdesk and support provider; backup storage provider.
Rights of EU Data Subjects
If you are an EU data subject, you have the right to access your own EU Personal Data subject to certain limitations, such as where the legitimate rights of other persons would be infringed or where the burden or expense of providing access would be disproportionate. If you wish to exercise such rights, please contact us as described below.
Choices of EU Data Subjects
Students and clients have the right to exercise choice (opt-out) from our use of their EU Student Data or EU Client Data for direct marketing purposes. To exercise this right, please email firstname.lastname@example.org or follow the instructions in any direct marketing message you may have received. We do not otherwise use or disclose EU Student Data and EU Client Data in a manner that is subject to choice requirements under the Framework. We describe the choices for EU Employee Data through internal company policies.
Recourse, Enforcement, and Liability
Please contact us as specified below if you have any questions, need access to your EU Personal Data, or otherwise need assistance. We remain responsible for our collection, use and disclosure of EU Personal Data in accordance with the Framework. We also are responsible for third party agents that are processing such data on our behalf, unless we prove that we are not responsible for the event giving rise to the damage. In certain situations, we may be required to disclose EU Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If you have an unresolved concern about EU Personal Data that we have not addressed satisfactorily, we have committed to cooperate with the panel established by the EU Data Protection Authorities to serve as our independent dispute resolution body for the Framework. We are also subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the Framework. In addition, under certain conditions, more fully described on the Privacy Shield website, EU residents may invoke binding arbitration for non-monetary issues when other dispute resolution procedures have been exhausted.
Please contact us at email@example.com if you have any questions, wish to exercise your rights of access, or seek other assistance as described above.