Privacy Policy

Last Updated: September 18, 2018

The Common Application, Inc. Online Privacy Policy

NOTICE:

This privacy policy applies to the web site of The Common Application, Inc., which is defined to include www.commonapp.org,apply.commonapp.org, and recommend.commonapp.org, (herein collectively “Web Site”,”Common Application®”, “We”, “Us”, “Our”), including our mobile app (Common App onTrack®), (the “App”) that is owned and operated by The Common Application, Inc. (“Common Application”), a not-for-profit organization that is based solely in the United States. This privacy policy describes how Common Application collects and uses the personal information you provide on our Web Site, and our App “Common App onTrack®“ that we own and operate. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

Please note that Common Application is based in the USA and any personal information you provide or we collect is transmitted to, and stored in, the USA, and will also be shared with our member Colleges and Universities, at your direction, in countries where laws may be less protective of your personal information than in your home country.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us directly.

Date of Last Update: July 31, 2018

This policy will let you know about:

Through our U.S. based trustworthy independent web service providers, Amazon Web Services, Inc., Higher One, Inc. dba Cashnet (“Higher One”), Strive for College, Naviance, Experian QAS, Learning Machine, Liaison International, and the Michael and Susan Dell Foundation (should you decide to opt in for the Scholar Snapp Scholarship Program), Common Application’s Web Site and App collect, use, and distribute to those member Colleges and/or Universities that you select personally identifiable information collected about you on-line. All personal information that you submit to us is handled within the United States of America. Please read carefully the following Privacy Policy before registering with us and completing an on-line user registration form. Please note that this Policy only addresses Common Application’s privacy practice concerning information collected from its own Web Site and ourApp and does not apply to information that may have been collected about you by others. This Policy also does not cover the privacy or information practices of those web sites that may be linked to or referenced by the Common Application Web Site or App or the privacy or information practices of those Colleges and/or Universities or other partners of ours that receive the personal information that is collected from our site and distributed to them as part of the application admissions process or other purpose. Please also note that this Policy may change from time to time so please check back to review this Policy each time you visit or use the Web Site or our App.

Changes in this Privacy Policy Statement

If we decide to change our Privacy Policy or email practices we will post those changes to this Privacy Policy statement, login page and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

We reserve the right to modify this Privacy Policy statement at any time, so please review it frequently. If we make material changes to this Policy, we will notify you here, by email, or by means of a notice on our login page or other places we deem appropriate prior to the change becoming effective.

Our Reservation of Rights

We reserve the right to use your data collected under a previous privacy practice in ways that are consistent with the current disclosed practice, including but not limited to anonymized aggregate research and statistical analysis.

What personally identifiable information does Common Application collect from you?

Through our trustworthy independent web service providers, Common Application collects information in several ways from different parts of our web site and our App.

If you are a student applicant, certain required and optional personal information (such as your name, home and mailing address, email address, telephone number, citizenship, date and place of birth, parents’ names and address, and social security number, including the names, telephone numbers and/or email addresses of your parents or legal guardian), device operating system version, device type and system response times (mobile device), Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, date/time stamp, and/or clickstream data, is collected from you when you voluntarily provide this information to us through the completion of an on-line User Registration form, when you access our App or Web Site and/or voluntarily complete the Common Application®, any application supplements, or other applicant forms. This personal information is collected from you voluntarily when you complete your “profile” screen as part of the registration and application process. During registration, Common Application asks you to create a username and password. Your personal information including any personal information of your parents or legal guardian that you provide shall be considered to be “your personal information” for purposes of this Privacy Policy. Once you register you are no longer anonymous to Common Application and your email address that you provide to us becomes your “User Name” so that you are able to take full advantage of Common Application’s online services. You can also enter your credit card information to pay for admission application fees for the member Colleges and/or Universities that you select. This is accomplished by linking you to the Higher One web site which collects your credit card information on our behalf and on behalf of our members. See “The kind of security precautions that are in place to protect the loss, misuse, or alteration of your information, including your credit card information and how is your information stored and accessed by others” on how we keep your credit card information secure.

If you are a student applicant we may collect personal information about you from recommenders and educational institutions you have attended, including information about your academic achievements and performance, including their impressions of you and any other information they choose to provide us to support your application(s).

If you are an administrator at one of our member colleges or universities who use the Common Application to receive student admission application data, we collect your name and email address to permit you to retrieve data of student applicants who have applied to your college or university using the Common Application. The personal identifying information of the administrator is also shared with Higher One, our third party payment card processing vendor, to enable member administrators to gain access to a student applicant’s payment status information. Please note that we do not collect, use, store or share personal identifying information of our member administrators for any other purpose.

If you are a parent or legal guardian we [may] collect personal information about you from the applicant, including your name, relationship with the applicant, address, telephone numbers and/or email address.

Wherever we collect personal information we make an effort to include a link or reference to this Privacy Policy on that page.

What are tracking technologies and how are they used?

Common Application Inc. and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our Web Site or service.

As is true of most web sites and apps, we gather certain information automatically and store it in log files. This information may include Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We do link this automatically-collected data to other information we collect about you. We do this to:

* Ensure that our Web Site and App work properly on your device so we can provide you with services you request.
* Promote our legitimate interests in safeguarding and ensuring the smooth operation of our IT systems, including our Web Site and App, and to safeguard your personal information.

We partner with a third party to either display advertising ONLY on www.commonapp.org or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on www.commonapp.org and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here. Please note this does not opt you out of being served ads. You will continue to receive generic ads.

We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personally identifiable information you submit within the mobile application.

How does Common Application use applicant information?

When you seek to register with us, complete a Common Application®, an application supplement and/or other applicant form, we need to know your name, email address, telephone number and mailing address among other items of personal information, including the names, telephone numbers, and/or email addresses of your parents or legal guardian. See “What personally identifiable information is collected from you”.

We use this information in the following ways:

* To process your application(s) to our member Colleges and Universities which require the information to assess your suitability for admission, communicate with you about your application, meet institutional reporting requirements and obligations to safeguard students. If you do not provide the information our members require, we will be unable to process your application. This information is, therefore, necessary for the performance of our services to you.

* To allow us to communicate with you where necessary for the performance of our services to you. For example, to provide you with technical support, answer your questions about the Common Application® and provide you with updates on the progress of your application, including by reminding you of upcoming deadlines.

* To send you push notifications from time to time in order to update you about the admission application process as necessary for the performance of the Common App® service. If you no longer wish to receive these communications, you may turn them off on your device.

* To allow you to pay fees required for your application to our member Colleges or Universities to be processed, by linking you to the Higher One web site which collects your payment-related information.

* To allow us to send you other informational materials linked to our services, where you have engaged with us and have not opted-out from receiving such information or you have affirmatively consented to receive it.

* To allow us to confirm or “validate” through a third party verification service the accuracy of the mailing address that you provide to further our legitimate interest in preventing misuse of the Common Application® and our App.

* To create anonymized, aggregate data that we and our partners can use solely for research and statistical use.

* To allow our members to meet their institutional reporting requirements regarding certain protected characteristics including gender, race, ethnicity, sexual orientation.

If you select the “opt-out” option described in the Section entitled, “What are your choices regarding collection, use and distribution of my information, including your rights to ‘opt-in’ or ‘opt-out’,” users of the Web Site and App (if applicable) who use our services to apply to various member Colleges and/or Universities will not receive any College/University specific information concerning their respective admissions process; however, we may use your email address (User Name), your home address, and your cell phone number (if you opt in) to send or mail you registration and submission confirmation texts, physical mail, and/or emails, to contact the user/applicant to help answer a technical support question that you may have posed to us regarding your use of the site, or app. If you select the “opt-out” option described in the Section mentioned above for receiving communications from The Common Application, we will not communicate with you beyond what is in technical support of your admission application process. Technical support of the admission application process shall include such matters associated with processing a request for financial aid, reminding you of application admission deadlines, or encouraging you to complete an unfinished application.

When you download and use our Services, we automatically collect information on the type of device you use and operating system version.

Through our App, we send you push notifications from time-to-time in order to update you about the admission application process. If you no longer wish to receive these types of communications, you may turn them off at the device level. To ensure you receive proper notifications, we will need to collect certain information about your device such as operating system and user identification information.

How does Common Application use school official information?

By activating your account registration with our site your collected personal information may be shared and used by our member Colleges and/or Universities to contact you at any time and for any reason, including sending you texts to your cell phone number(s), written communications to your mailing address, and/or emails to your email address in order to provide you with other information relevant to the applicant’s admission application process. This information that we collect and share with our members includes your name, your official title, your email address, your cell phone number, your zip code, school code information and date, as well as your mailing address.

We do the above:

* With your consent, to allow us and member Colleges and Universities to which the relevant applicant(s) is applying to contact you in connection with the application.

* With your consent, to assess your recommendation and the applicant’s suitability for admission, as is necessary for the performance of the Common Application® service to applicants.

* To communicate with you as necessary for the performance of our services to associated applicants e.g., to provide you with updates on the application process, answer technical queries and provide service-related reminders and general service support.

If you “opt-out” of the online recommendation system via the email invitation initiated by the applicant, you will not receive any College/University specific information concerning their respective admissions process; however, we may use your email address (User Name), cell phone number and/or mailing address to send you registration and submission confirmation communications, text messages or emails, or we may need to contact the user/recommender to help answer a technical support question that you may have posed to us regarding your use of the Web Site and App and to provide you with other information relevant to the student’s admission application process. Additionally, any member colleges may communicate with you regarding the applicant, using the information you provide on any paper forms, or using contact information provided by the applicant on his or her application.

How does Common Application use member College and University administrator information?

To allow you to retrieve data of student applicants who have applied to your College or University using the Common Application®, as necessary for the performance of our services to you and applicants.

To communicate with you as necessary for the performance of our services to your College or University and associated applicants e.g., to provide you with updates on the application process, answer technical queries and provide service-related reminders and general service support.

To communicate with you to further our legitimate interests in promoting our services.

To share your information with our third party payment card processing vendor, to enable member administrators to gain access to a student applicant’s payment status information, only as is necessary to fulfil that applicant’s application for admission.

How does Common Application use parent/legal guardian information?

If the applicant is under 16, to allow us to communicate with you so we and our member Colleges and Universities can get evidence of your permission for the relevant applicant to provide us with their personal information.

Who is collecting your information?

When you are on the Web Site and are asked for and provide personal information, this information is being collected by our trustworthy independent web service providers who provide all of the technical support, including collection, storage and protection of your personal information, in order to allow Common Application to offer our service to you. Please note that we and/or other trustworthy third party organizations and their contracted researchers may attempt to collect, provide our members access to, or compare personal information about you from sources other than what you voluntarily provide to us when using the Web Site or App in order to generate non-personal identifying demographic, historical, generic, analytical, statistical or aggregate data obtained from other sources, and/or data (collectively “aggregate data”) which we and/or the third party may publish, combine or enhance with other aggregate data obtained from other sources, and/or share or distribute the aggregate only data for monetary value with our members and other colleges or universities who are not members for the purpose of recruiting them to be part of our membership or with other third parties for research purposes only.

With whom does Common Application share applicant information?

We will share your personal information with third parties only in the ways that are described in this Privacy Policy.

Common Application shares your personal information (including your cell phone number and email address) with our trustworthy independent web service providers who then share your personally identifiable information (including but not necessarily limited to your name, date of birth, home mailing address, cell phone number and email address) with member Colleges and/or Universities to allow them to assess your suitability for admission, communicate with you, and meet institutional reporting requirements.

We also share your name, phone number and home address with Experian QAS, one of our trustworthy independent web service partners, solely to confirm or “validate” the accuracy of the mailing address that you entered and to enhance the aggregate data that we and our partners are developing solely for research use. Experian QAS does not store this personal information. Your credit card information is collected by our partner Higher One by way of a direct link to the Higher One web site. This information is then shared with the credit card processor that you have chosen in order to consummate online the payment of admission application fees to the Colleges and/or Universities you have selected. By voluntarily providing us with your personal information, you are giving us your express consent to share or provide access to your personal information with our trustworthy independent service providers (and subject to this Policy and/or their privacy policy and applicable law) so that we can provide the service for which you have registered. We may also share on a temporary basis your personal information (including, but not necessarily limited to, your name and date of birth) with other trustworthy third party organizations allowing us and/or them to generate aggregate data which we and/or the third party may publish, combine or enhance with other aggregate data obtained from other sources, and/or share or distribute the aggregate only data for monetary value with our members and prospective member colleges or universities or with other third parties for research purposes only. Note that even if you never submit an application through the Common Application, the Colleges and/or Universities in which you have indicated interest will still have access to personal information downloaded as part of your pre-application data prior to your application being submitted. Such Colleges and/or Universities may use this information, for example, to contact you even prior to the time your application is submitted to provide information about their institutions and admission processes and deadlines. See “What are your choices regarding collection, use and distribution of my information, including your rights to ‘opt-in’ or ‘opt-out’,” to find out more about how this works, and what information is shared and how you can limit it.

We may provide your personal information to Partner Programs (all located in the United States of America), but only when you request that we do so. To find out more about our Partner Programs click here.

While Common Application requires that each member College and University sign or assent to a membership profile agreement pledging that they will accept the Common Application® without prejudice and fully support its use, Common Application is not responsible for the failure of any College or University to accept the Common Application® or how any given College or University (after accessing or receiving your personal information from us) will use, protect or store the information in their possession. Users’ information will be shared (at their request) with the third party universities that are members of the Common Application. You are encouraged to review that College/University’s individual privacy policies and information practices as to how they use and protect your personal information and Common Application neither accepts nor assumes any liability or responsibility for the use, protection or storage of your personal information by said College or University.

If Common Application is involved in a merger, acquisition, or sale of substantially all of its assets, we will post a prominent notice on the Web Site informing you of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

What is Common Application’s policy when there has been an allegation of fraud, misrepresentation or other inappropriate act involving an applicant?

Members, secondary schools and applicants are advised that The Common Application functions and solely views itself as a conduit of information between the student applicant, his/her secondary school and the various member Colleges and Universities selected by the applicant. As such, it is Common Application’s policy not to judge, evaluate, conduct any verification of or perform an investigation on any data provided on or about a student applicant regardless of the source of that data. That said, where we have been informed of an act of fraud, misrepresentation or other inappropriate act involving an applicant, in certain situations, Common Application Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. The Common Application reserves the right to disclose your personally identifiable information as required by law or in any instance or circumstance when we believe that disclosure is necessary to protect our rights, the rights of our members and/or to comply with a judicial proceeding, police investigation, court order, or legal process served on our Web site or involving the Web Site, App or associated services. Subject to any rights afforded by law, Common Application also reserves the right upon notice to an applicant to disclose information collected from a registered user about which member Colleges and/or Universities a student applicant had applied to, including possibly suspending or closing an applicant’s on-line account upon notice to the student, when we have reason to believe that accessing and/or disclosing this information or taking such action is necessary to prevent, identify, contact or bring legal action against someone who may be violating any of our on-line user agreements or policies or who may be causing injury to or interference with (either intentionally or unintentionally) Common Application rights or property, other Common Application users, members or schools, or to help protect anyone else that could be harmed by such activities. Common Application may also disclose or access registered user information when we believe in good faith that the law requires it and for administrative, technical and other related purposes that we deem necessary to maintain or improve our services. Subject to the terms and conditions of The Common Application, Inc. Membership Non-Compliance Procedures, The Common Application also reserves the right in its sole discretion to remove any College or University as a member without any further or special notice.

What are your choices regarding collection, use, and distribution of your information, including your rights to “opt-in” or “opt- out”?

You have the right not to provide us with any personal information about you when you visit the Web Site or App (if applicable) but you will not be able to utilize the service that Common Application provides unless you voluntarily decide to complete an on-line User Registration form and answer the required fields. When you first register with the Common Application, you are given the option to “opt-in” and “opt-out” of receiving communication from member Colleges and Universities and having certain personal information released to our member Colleges and Universities on your “My Colleges List” prior to submission of your application to that selected member College or University. You must affirmatively “opt-in” or “opt-out” according to your preference. Should you “opt-in,” you can later change your mind and “opt-out” for any member College or University by using the “Unsubscribe” link located at the bottom of the email you receive from that member College or University. Alternatively, you may “opt-out” for all member Colleges and Universities by appropriately changing the setting located on your “Account Maintenance” page. You can access the “Account Maintenance” page by clicking on the Settings icon in the upper right hand corner of your application after logging in.

Should you choose to “opt-in,” a limited amount of the personal information that you provided us will be released to your designated member Colleges and Universities prior to submission of your application to those selected members. The personal information shared will include your name, permanent home address, ethnicity, sex, citizenship, date of birth, phone number(s), email address, and social security number. If you decide to “opt-in”, you can also contact Technical Support by clicking “Help Center ” at www.commonapp.org in order to determine what specific portion of the personal information that you provided us is sent to your designated member Colleges and Universities prior to application submission. In addition, your “opting-in” will allow member Colleges and Universities to use your information to contact you at any time and/or to text you at your cell phone number.

Should you choose the “opt-out” option, a more limited amount of your personal information that you had provided us is released to your selected member Colleges and Universities to allow such Colleges and Universities to track the demographics of their prospective applicant pool as well as the ability to respond to inquiries from applicants who have indicated an interest in their institution. The personal information shared will include your name, city, state, zip code, country, ethnicity, sex, citizenship, and date of birth. If you choose to “opt-out,” you can also contact Technical Support by clicking “Help Center ” at www.commonapp.org in order to determine what specific portion of the personal information that you provided us is sent to your designated member Colleges and Universities prior to application submission. In addition, your decision to adopt the “opt-out” setting shall prevent member Colleges and Universities from texting you or from using your information to contact you until such time as you submit an application to that member College or University.

Once registered, while you are free not to provide any personal information requested on the Common Application®, any application supplement or other applicant form, to do so may cause the member College and/or University that you select not to accept the application, supplement or other applicant form as complete and consequently this may delay the application admission process or reject the submission as incomplete regardless of payment. Users/applicants can also decide not to provide information that is designated as “optional” on any application, supplement or other form and still utilize the service that we provide. Users should communicate with their designated College and/or University directly if any admission application is delayed or rejected or otherwise results in an outcome that does not satisfy the applicant’s expectations. The Common Application is not involved in and cannot be held responsible for any admission outcome of any specific applicant.

When you register with The Common Application, you are also required to “opt-in” or “opt-out” of receiving communications from The Common Application, not necessarily related to the technical support of your online applications. These communications may include emails, texts, or physical mailings to your address. These communications may go beyond the technical support of application submission to include information on financial aid, tips, and broader topics that The Common Application feels would benefit you. If you initially “opt-in” to receiving communications from us and later decide that you would like to “opt-out,” please contact the applicant Solutions Center with your request, using the “Instructions & Help” link from your applicant account, or by clicking on the gear icon from your applicant account and changing your communication preference.

What is Common Application’s policy on allowing you to access, update, correct, or delete your personally identifiable information?

The Common Application keeps your personal information for as long as it is necessary to provide you with the Common Application® service or we have another legitimate reason to retain it, including longitudinal studies using aggregate data. When determining how long to retain your personal information for, our considerations include our legal obligations and other mandatory record keeping requirements and the likelihood of you needing access to the personal information we hold for purposes related to your previous use of the Common Application or App.

Upon request Common Application Inc. will provide you with information about whether we hold any of your personal information. You may access and edit your registration information by using your User Name (your email address) and password. If you have forgotten your password, please click the “Forgot Password?” link at apply.commonapp.org to have password reset instructions emailed to you. For all other problems signing in to Common Application, please click “Help Center ” at www.commonapp.org. If you wish for us to delete or no longer use any of your personal information that you submitted to us, you may email us with such a request at privacy@commonapp.org and your personal information will be deleted or no longer used within thirty (30) business days after receiving your request. See “What kind of security precautions are in place to protect the loss, misuse, or alteration of your information including credit card information and how is your information stored, accessed and used by others?”

The Common Application, through its independent trustworthy web service providers will make reasonable efforts to see that your instructions to make revisions to your personal information are made. For any information that was erroneously provided by the applicant but was already submitted and can no longer be changed or re-submitted, you must contact the College/University or credit card processor directly to alert them to the erroneous information.

You may also update your email address and cell phone number within your on-line account, though once your email address information has been submitted to a selected member College/University, you can only update your email address and cell phone number if you contact that member College/University directly.

Participation in Partner Programs

As a student applicant user and registrant of the Common Application site, you will also be given the opportunity to choose whether you want us to securely share a more limited amount of personal information that you provided to us for the purpose of participating in certain partner programs.

The Scholar Snapp Scholarship Program is a program and scholarship application independently administered by the Michael and Susan Dell Foundation. While we urge you to visit the Scholar Snapp web site for information about the program, Scholar Snapp provides you with the opportunity to apply for scholarships offered through the Foundation and the Scholar Snapp web site provided by their Scholarship Providers. Should you choose to opt-in, you will be required to register on the Scholar Snapp web site and any personal information that you enter on their web site, including any personal information that we share with them at your request will be governed solely by the terms and conditions of the Scholar Snapp web site so we encourage you to read and understand their privacy policy and other terms of use before opting in to their program on our site. If you choose to opt-in to the Scholar Snapp Scholarship Program through our site, Scholar Snapp shall be solely responsible for the maintenance, use, handling and sharing of your personal information that we provide to them on your behalf. Note that this section of the Privacy Policy entitled “Participation in Partner Programs” is your definitive disclosure to you with respect to the use, maintenance, handling and sharing of your personal information should you choose to opt in to the Scholar Snapp Scholarship Program, and this section of the Privacy Policy supersedes any conflicting terms contained in other parts of the Privacy Policy which are primarily intended only to refer to the use, maintenance, handling and sharing of your personal information when you use the Common Application to apply to our member Colleges and/or Universities.

Strive for College is an independently administered mentoring program. While we urge you to visit the Strive for College web site for information about the program, Strive for College and its third party service providers provide you with the opportunity to connect with a mentor who will assist you in the college and financial aid application process. This is accomplished through the technology platform offered by Strive for College and its third party service providers who deliver the mentoring service independent from our Web Site. Should you choose to opt-in, you will be required to register on the Strive for College web site. Any personal information that you enter on their web site, including any personal information that we share with them at your request or personal information that Strive for College shares with its third party service providers and mentors, will be governed solely by the terms and conditions of the Strive for College web site. Accordingly, we encourage you to read and understand the Strive for College privacy policy and other terms of use before opting into their program on our Web Site. If you choose to opt-in to Strive for College through our Web Site, Strive for College shall be solely responsible for the maintenance, use, handling and sharing of your personal information that we provide to them on your behalf. Our partnership with Strive for College requires that Strive for College and its third party service providers and mentors use reasonable efforts to keep your personal information confidential and secure and to use your personal information solely in connection with providing you with mentoring services. Note that this section of the Privacy Policy entitled “Participation in Partner Programs” is your definitive disclosure to you with respect to the use, maintenance, handling and sharing of your personal information should you choose to opt in to Strive for College, and this section of the Privacy Policy supersedes any conflicting terms contained in other parts of the Privacy Policy which are primarily intended only to refer to the use, maintenance, handling and sharing of your personal information when you use the Common Application® to apply to our member Colleges and/or Universities.

If an applicant is utilizing our service through our partnership with Naviance, any personal information that we received about you from Naviance will be deleted upon the request of the applicant’s high school or school district to which the applicant is attending, provided the school or school district has control over that information.

With respect to our partnership with Learning Machine (aka “SlideRoom” or the “SlideRoom Service”), we may share with Learning Machine certain personal information of an applicant or member if an applicant seeks to submit as part of its admission application various content, works or materials for eventual submission to a member College or University if the member to which the applicant is applying is utilizing the SlideRoom Service to receive such content, works or materials. Note that any personal information that we share with Learning Machine will be governed by the terms of the SlideRoom privacy policy displayed on their web site at www.slideroom.com so please be sure to read and understand that policy in order to determine how your personal information is being used by Learning Machine in connection with the services that they provide.

What kind of security precautions are in place to protect the loss, misuse, or alteration of your information including credit card information and how is your information stored, accessed and used by others?

Your User Registration information is password-protected. You may edit your User Registration information by using your User Name (your email address) and password.

We recommend that you do not divulge your password to anyone. Also remember to sign out of your Common Application registration account and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence if you share a computer or other electronic device with someone else or are using a computer or other electronic device in a public place like a library or Internet “cafe.” Also, to help ensure the security of your application, do not copy and paste links from within the online application into an email or share with others on a public forum. If you do not log out of the online system, users with technical knowledge may use these links to access your online application.

When you make submissions of the Common Application, supplements or other applicant forms to designated member Colleges or Universities or when you access your user registered account information from our Web Site, or our App, or when you give us your permission to share certain of your personal information with Strive for College or with the Michael & Susan Dell Foundation for the purpose of participating in either program, we offer the use of a secure server. The secure server software encrypts all information you input before it is sent to us, including your credit card information. We also restrict access to the secure server through the use of firewalls. Note that your credit card information is not shared with the Strive for College or with the Michael & Susan Dell Foundation should you decide to opt-in to participate in either program.

When you give Common Application personal information on-line, that information is viewed by Common Application and its trustworthy independent web service providers for the purpose of providing technical support for the services being provided to you. This information is then accessed by the designated member Colleges and/or Universities with whom you select by logging into the secure system of our trustworthy independent web site service providers. Consequently, your personal information can then be viewed, printed and/or exported electronically to the designated member Colleges and/or Universities which are located outside and separate from the Common Application Web Site and outside of the jurisdiction and perhaps country where you originally entered the information.

Credit Card Payments: The Common Application, working with our trustworthy independent web service provider for credit card payments (Higher One), allows applicants to pay admissions application fees online using a credit card. This collection of credit card information by Higher One is accomplished by directly linking you to the Higher One web site when you are ready to submit your credit card information. This feature is designed to accept ONE credit card transaction if you click “Submit” ONE time. However, if you click “Submit” more than once, it is possible your account will have a duplicate charge. Our member Colleges and/or Universities will reverse charges for any duplicate transaction. HOWEVER, NEITHER COMMON APPLICATION, INC., ITS MEMBER COLLEGES OR UNIVERSITIES, NOR THIRD PARTY INDEPENDENT CONTRACTORS OF COMMON APPLICATION, INC. WILL BE RESPONSIBLE FOR REFUNDING ANY PROCESSING FEES INCURRED BY THE INCORRECT USE OF THIS FEATURE. Accordingly, to avoid duplicate charges, please do not click the credit card SUBMIT button more than once! Your credit card information is not stored by us but is immediately transmitted under encryption to your designated credit card processor, and none of your personal information is stored on your computer or other electronic device or a computer of the College or University that would allow someone to by-pass the login authentication procedures.

The Common Application Web Site, through the secure servers of our trustworthy independent web server providers, retains your personal information for two consecutive application admissions cycles which ends on or about July 15 of each calendar year. Unless you take action to “roll-over” your applicant account (from one application admission cycle year to the next year’s admission cycle), your personal information is removed or “archived,” after two consecutive application admissions cycles have lapsed, off the “live” servers and “backed-up” to a separate secured remote server for storage (at least until overwritten when space is needed to back-up more recent data) where no one can access it except on a very limited basis by us or our trustworthy independent web service provider responsible for storage of your personal information. This happens once the Web Site closes for the academic year in July. Unless under order of subpoena, your application once archived remains irretrievable. Therefore, you are strongly advised to print out for your own records a hard copy of all Common Application® forms that you have completed.

When you “roll-over” your applicant account, much but not all, of your personal information is carried over from one application admissions cycle to the next. Therefore, we recommend that you download and save offline any information that you would like to have available to you in upcoming application admissions cycles, beginning each year on or around August 1 and ending on or around July 15 of the following year, such as details from your application, essay responses, and contact information for your recommenders.

Note that the reasons for granting us continued limited access to your personal information from the remote server may include, but are not necessarily limited to, allowing us, our trustworthy independent web service providers or other partners, or member Colleges/Universities to compile aggregate or historical information about applications submitted in previous years. For statistical purposes, your personal information will be used only in the aggregate meaning that personal identifying information such as your name and social security number shall not be used. For some historical purposes, however, we and our trustworthy independent web service providers or other partners, including member Colleges/Universities and non-member colleges and universities will have continued access to your archived personal identifying information as we and/or our trustworthy independent web service providers or other partners deem necessary.

Please note that whenever your personal information is handled as described above, regardless of where this occurs, steps are taken to ensure that your information is treated securely and in accordance with this Privacy Policy. When you enter sensitive information on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL). We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. Unfortunately, however, no data transmission over the Internet or electronic handling can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee or warrant the security of any information you transmit to us online, including any information that you send or receive as an email or text message that is sent or received over your own email domain account, cell phone app or cell phone service, and you do so at your own risk. ALSO, THE COMMON APPLICATION IS NOT RESPONSIBLE AND DOES NOT ASSUME ANY LIABILITY FOR ANY TEXTS, EMAILS OR OTHER COMMUNICATIONS THAT YOU RECEIVE FROM OR SEND TO ANY OF OUR MEMBERS, AND WE CANNOT ACCEPT LIABILITY FOR DISCLOSURE OF ANY OF YOUR PERSONAL INFORMATION DUE TO ERRORS IN TRANSMISSION OR UNAUTHORIZED OR ILLEGAL ACTS OF THIRD PARTIES.

Your California Privacy Rights

If you are a California “consumer,” upon your request (see Section entitled “Additional information and how you can contact us regarding this Policy”), we will disclose to you what personal information of yours was shared with what trustworthy third party provider within the last year (including disclosing to you our provider’s name and address) and if such information was ever used by our provider for their marketing purposes. Note that our current trustworthy third party providers have agreed not to use your information for this purpose, however, but we may use or provide members or other trustworthy third party organizations access to your personal information in order to generate aggregate data that we or the third party may publish, combine or enhance with other aggregate data from other sources, and/or share or distribute the aggregate only data for monetary value with our members and other colleges or universities who are not members for the purpose of recruiting them to be part of our membership or with other third parties for research purposes only. In addition, all personal information that you provide to us is handled entirely within the United States of America.

California Civil Code section 1798.83 entitles residents of California to request information about the third parties with whom Common Application has shared personal information in the immediately preceding calendar year and if those third parties ever used such information for direct marketing purposes. California residents may submit one request per calendar year in the form of a report that details: (a) what type of information Common Application shared, (b) with whom Common Application shared such information and (c) the nature of the third party business.

California residents may submit their request by scrolling to the Section entitled “Additional information and how you can contact us regarding this Policy” and following directions for accessing the Help Center.

Your European Economic Area and Swiss Privacy Rights

If you are a student applicant, school representative, recommender or other individual based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland and you provide us with your personal data, you are now afforded new widespread privacy rights under the General Data Protection Regulation (GDPR) effective May 25, 2018. Under the GDPR, new higher standards on what is considered the lawful processing of EU data are imposed; there are now more explicit privacy rights afforded to you; and there are now new accountability standards imposed on organizations that collect, handle, store and/or process your data.

Well before the GDPR went into effect, we have been working diligently along with our trustworthy partners and members to implement an organizational, technical and cooperative framework so that all of your rights are respected and honored by us, our members and partners with respect to the collection, handling, storing and processing of your data.

If you are based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland, you may have rights over your personal data we handle about you, including but not necessarily limited to:

* The right to know who decided what personal data is being collected from you and the purpose behind doing so

* The right to know each purpose and legal justification why your personal data is being collected and processed and why collecting and processing it is needed to accomplish the disclosed purpose(s)

* The identity of all third party recipients who are to receive your personal data

* The right to know if your personal data is to be transferred out of the EU

* The right to know how long your personal data will be stored and not to have it stored longer than needed to accomplish the stated purpose

* The right to access, receive or correct your personal data at any time

* The right to have your personal data erased (where there is no longer legal or necessary grounds to process or store your personal data)

* The right to have your personal data transferred to another at any time

* The right to restrict or otherwise object to, the processing of your personal data at any time where your personal data is not accurate, where the processing is unlawful, where your personal data is no longer needed or where there is no longer good legitimate grounds to process your personal data

* The right to object to your personal information being processed if the lawful basis for processing your personal information is either our or a third party’s legitimate interests or a reason of public interest, or we use your personal information for direct marketing

* The right to easily and conveniently withdraw your consent to the collection, handling, storage and/or processing of your personal data at any time

* The right to complain to us and/or the appropriate EU “supervisory authorities” if you believe any of your rights are being violated

* The right to know if you are being “profiled” or “monitored” or if certain decisions are being made automatically based on your personal data

* The right to know and to have your personal data processed only for the purpose for which it was collected

The lawful collection and processing of your personal data is necessary for us to perform the service of providing you with use of the Common Application® and we always seek to provide you with affirmative options so that you may decide if you want us to process your data for a particular purpose. We strive to make certain that all of the data that we request is necessary in order to provide you with our service or to otherwise accomplish the stated purpose. When we share your data with a third party, we always inform you of the name of the recipient of such data. Further, all of the opt-in consents that are presented to you are intended to fully inform you whether you want us to process your data, the purpose behind processing your data and who, if anyone, we will be sharing your data with in order to accomplish that purpose.

Please note that if you are an individual who is based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland who is under the age of 13, you will not be permitted use of the Common Application® service and we will neither accept nor process your personal data. If you are under the age of 16 but age 13 or over, we will not process any of the personal data that you may have submitted to us until we have promptly received the express consent from your parent or legal guardian. If this consent is not promptly provided to us, any data that you may have submitted during the account creation process will be immediately purged from our system in order to make certain that we are not retaining any of your data. Note also that no data about you will be retained by us if you are unable to complete the account creation process or if you decide at anytime that you are withdrawing your consent. If you withdraw a previously submitted consent, we shall also inform all of our relevant partners that your consent has been withdrawn.

Note also that we have put into place with our trustworthy partners and members certain mechanisms of cooperation, communication and agreements so that your EU privacy rights are also honored by our partners and members. Accordingly, should you decide to access, rectify, erase, object to or otherwise transfer any of your data that you submitted to us or if you wish to withdraw any one or all of your consents, please send your instruction to privacy@commonapp.org and we will act on it promptly.

Please note that if you are an individual based in a European Union country, Iceland, Liechtenstein, Norway, or Switzerland and you have sent to us your personal data unsolicited, after we have completed our review of your communication, we will appropriately delete your communication, including any personal data that may be contained therein.

If you have any questions or concerns about your rights under the GDPR or the steps that we have taken to comply with the GDPR, please contact us at privacy@commonapp.org.

Does Common Application have an identity theft policy?

While rare, the risk of identity theft to on-line users of the Internet is on the rise and The Common Application recognizes the importance of taking steps to help its student applicants, users, customers and members identify and detect patterns, practices or activities that may indicate the existence of identity theft involving the Common App Online® service, the Common Application Web Site, and Common App onTrack®, including implementing the appropriate actions or responses to help safeguard against and/or mitigate the risk of future or continued theft. Please read carefully the identity theft portions of this Privacy Policy before using the Common App Online® service, the Web Site or our App.

The identity theft portions of this Privacy Policy are to help all Common Application users identify identity theft and to provide them with information about what steps The Common Application takes to detect identity theft, safeguard against, respond to and/or mitigate continued or future identity theft involving the Common App Online® service, The Common Application Web Site or our App.

Please also note that the identity theft portions of this Policy also only address Common Application’s identity theft policy concerning activities involving its own Web Site, service and our App and it does not apply to activities or identity theft policies of others or other web sites or apps independent from, referenced or linked to the Common Application Web Site, such as web sites, apps or IT systems of secondary schools, member Colleges or Universities or other third parties or any individuals or officials that may be associated with these other institutions or third parties.

What kinds of patterns, practices or activities may indicate the existence of identity theft?

In order to be on-guard for possible identity theft, all student applicants, users, customers and members should be aware of the potential indicators of identity theft. These may include but are not necessarily limited to the following:

* Receiving an alert, notification or warning from a consumer reporting agency

* Receiving notification of a credit freeze or address discrepancy

* Receiving notification of an abnormal increase in the number of credit inquiries, new credit relationships or new credit uses

* Receiving notification of an account being involuntarily closed or a credit abuse being identified

* Receiving or becoming aware of suspicious documents, information or photos provided for identification that appear to have been altered or forged or are inconsistent with other authenticated and accessible personal identifying information

* Receiving or becoming aware of suspicious documents, information or photos provided for identification that appear to be associated with prior fraudulent practices or activities or are attributable to another student applicant, user, customer, member or other third party

* Any unusual use of or suspicious activity involving or relating to any account that is held with The Common Application

What steps does Common Application take to detect identity theft?

The Common Application primarily functions as an information and document conduit between students that apply to various member colleges and universities using the Common App Online service, Common Application Web Site, Common App onTrack®, and the various secondary school officials and members that also utilize the service, Web Site and App. While The Common Application through its trustworthy web service providers deploys several security measures to protect the personal identifying information (including credit card information) of its users (see the section on security precautions in place discussed in this Policy), such security measures may not always prevent the crime of identity theft due to the specific nature of this crime. Accordingly, The Common Application must also rely upon the credible reporting of suspicious patterns, practices or activities of identity theft from its trustworthy student applicants, users, customers, members or school officials.

In this connection, any student applicant, user, school official or member that becomes aware of any suspicious pattern, practice or activity suggestive of an identity theft that also involves or relates to the Common App Online service, the Common Application Web Site or our App is urged to notify the Common Application via email at privacy@commonapp.org. Please be sure to disclose your name, all relevant information about the suspected identity theft including information about how you may be contacted.

What steps does Common Application take to safeguard against, respond to and/or mitigate continued or future identity theft or breaches of personal data?

Upon receiving credible information about a possible identity theft or other possible related wrongdoing involving or relating to the Common App Online® service, the Common Application Web Site or from Common App onTrack® from a trustworthy student applicant, user, customer, member, school official or other trustworthy third party, The Common Application will do what it reasonably can to investigate the merits of the claim by gathering up any other information within its reasonable control in order to evaluate whether there has been a possible attempt to commit identity theft or other possible related wrongdoing. If The Common Application believes there are grounds for believing in good faith that an attempt at wrongdoing was made, The Common Application reserves the right to cancel or close an offending or possible tainted transaction or account, monitor a particular account or line of communication, change applicable security codes, notify law enforcement officials, notify the victim of the alleged attempted fraud or other wrongdoing, provide to the victim certain information (including the personal identifying information of another user) if reasonably requested or justified and/or do such other acts reasonable and/or necessary to protect The Common Application and/or victim of the alleged theft or other possible wrongdoing and otherwise comply with any data breach notification or identity theft law that is applicable to the particular circumstance. Common Application also reserves the right not to take any action if no such action is warranted. Finally, Common Application reserves the right to rely upon its trustworthy independent web service providers to help implement, safeguard against and/or mitigate continued or future identity theft or other possible wrongdoing involving any student applicant, user, customer, member or school official when the alleged theft or other possible wrongdoing involves or is related to the Common App Online® service, the Common Application Web Site or Common App onTrack®.

Please click “Help Center ” at www.commonapp.org to pose any questions, comments, feedback or complaints regarding the identity theft portion of this Privacy Policy.

Referrals

If you choose to use our referral service (“Email this topic”) to tell a friend about the Web Site, service or App, we will ask you for your friend’s email address. We will automatically send your friend this one-time email. Common Application does not store and only uses this address for the sole purpose of sending this one-time email to your friend.

Social Media Widgets and Integrated Services

The Web Site and App, include social media features (“Features”) such as The Facebook®Like button and widgets or interactive mini-programs that run on the Web Site and our App. These Features may collect your IP address, which page you are visiting on the Web Site and App, and may set a cookie to enable the Features to function properly. The Features and widgets are either hosted by a third party or hosted directly on the Web Site or our App. Your interactions with the Features are governed by the privacy policy of the company providing it.

The Google API Service is used to provide a student access to their Google Drive files, if they choose to use the integrated service. No data about the user’s Google account is stored or shared by the Common Application.

Additional Information and how you can contact us regarding this Policy

We encourage you to review the Frequently Asked Questions for additional information and instructions about any questions that you may have regarding this Privacy Policy.

Please click “Help Center ” at www.commonapp.org to pose any questions, comments, feedback or complaints regarding this Privacy Policy or the use of personal information by this Web Site, our services or our App.

If you have questions or concerns regarding this Privacy Policy statement, you should first contact the following Common Application representative by email, phone or mail at the address below:

Jesse Raben
Privacy Compliance
The Common Application, Inc.
3003 Washington Blvd., Ste. 1000
Arlington, VA 22201
privacy@CommonApp.org
(703) 378-9788

Emails That You Send Us

Please note that any emails, text messages, or other communications that you send us or which we have been given legal access to may be copied, forwarded or distributed to our members within our sole discretion.

Reach Higher at The Common App

info@ReachHigher.org

DONATE

Reach Higher and Better Make Room is housed within Common App, a nonprofit 501(c)(3) organization.

DONATE

Reach Higher is housed within The Common App, a 501(c)(3) nonprofit membership organization.