Last Updated August 9, 2018
Kepler (“Organization” or “We”) respects your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit, use and interact with the website, www.kepler.org, and all its subdomains as well as mobile applications, owned, operated or maintained by Organization (collectively the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
For your convenience, this Website may provide links to other third party websites that are not operated by Kepler (“Third Party Site(s)”). This policy applies only to Kepler and its Website and does not apply to information collected by any third party including on Third Party Sites that may link to or be accessible from or on the Website. Third Party Sites may have information practices different than ours. Always read the privacy notice of Third Party Sites before you click through. We neither control nor are responsible for information that is submitted to or collected by Third Party Sites.
Collection of Personal Data
We may collect several types of information, including some personal data, from and about users of our Website when you visit and interact with the Website, including when you donate, create an account, join our newsletter mailing list, or contact us (via email, telephone, or otherwise). If you are a current Kepler student or a prospective student applying for admission to Kepler, we collection personal data when you apply for admissions to Kepler; when you enroll or participate in programs through Kepler; when you register for an online account from Kepler; and when you send Kepler emails and other communications.
Categories of Personal Data we Process
We may process the following categories of personal data (as defined in the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”)) about you:
- Personal details: given name; preferred name; date of birth, addresses, identification numbers, location data, online identifiers, photograph, or factors specific to your physical, economic, national, or social identity.
- Contact details: correspondence address; telephone number; email address.
- Consent records: records of any consents you have given, together with the means of consent and any related information (e.g., the subject matter of the consent).
- Donation Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiration date; payment amount; and payment date.
Purposes of Processing and legal bases for Processing
Processing includes collecting, recording, organizing, storing, transferring, sharing, disclosing, erasing, or destroying your personal data. The purposes for which we process personal data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
- Provision of Website and services: providing our Website, products, or services; providing promotional items upon request; and communicating with you in relation to those Website, products, or services.
- Operating our organization: operating and managing our Website and our services; soliciting and facilitating donation payments; providing content to you; displaying information to you; communicating and interacting with you via our Website; and notifying you of changes to any of our Website, our products, or our services.
- Communications and marketing: communicating with you via any means (including via email, telephone, text message, social media, post or in person) to provide news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
- Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.
Specific Processing Related to Students and Prospective Students
This part applies if you apply for admission as a student to Kepler, whether you submit your application through Kepler’s online student application portals or directly via communications with Kepler. Kepler may use the details you provide on your application, together with any supporting documents you submit, additional details and documents provided by any references or third parties, including education and financial records, and any records made by Kepler during the application process.
In addition to the uses described above, we will process the personal data obtained during your application process for the purposes of identifying you, processing your application, verifying the information provided, and enrolling you in the program.
The processing of your personal data in connection with your student application process is necessary for us to to assess your application to study with us, necessary for compliance with a legal obligation, or necessary for the performance of tasks we carry out in the public interest. We require you to provide us the information we request during the application process to assess your application properly.
As well as circulating your application and related materials to the appropriate people at Kepler, we may share your personal data, as relevant and necessary, with entities that provide services to, or on behalf of, Kepler. If you are accepted, Kepler will include in your student files the personal data collected during your application process.
Disclosure of Personal Data to Third Parties
We may disclose personal data to other entities within the Kepler group, for legitimate business and organization purposes and the operation of our Website, in accordance with applicable law. In addition, we disclose personal data to:
- you and, where appropriate, your appointed representatives;
- contractors, service providers, and other third parties we use to support our organization and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
- a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kepler’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kepler about our Website users is among the assets transferred;
- any relevant party, law enforcement agency or court to comply with any court order, law, or legal process, including to respond to any government or regulatory request; and
International Transfer of Personal Data and Legal Rights
You may have the right to request access to the personal data which Kepler processes about you. Moreover, you may have the right to request that incorrect or incomplete personal data is corrected. You may also have the right to, at any time, withdraw your consent to Kepler’s processing of your personal data, with future effect.
You may also have, to the extent applicable data protection legislation provides, a right to object to certain processing of personal data, a right to request restriction of the processing of your personal data, and a right to data portability. The right to data portability covers such personal data which Kepler processes based on an agreement between you and Kepler or based on your consent, and which you have provided, i.e. name, email, phone number, country, products bought and registered, serial numbers, purchase date and point of purchase. If you have any questions or concerns regarding Kepler’s processing of your personal data, please contact firstname.lastname@example.org. Naturally, you also have the right, should you wish, to lodge a complaint with the national data protection authority.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We take every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Policy. We will retain personal data in a form that permits identification only for as long as: (a) we maintain an ongoing relationship with you (e.g., where you create an account with us, or where you are lawfully included in our mailing list and have not unsubscribed); or (b) your personal data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis.
Cookies and Similar Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The technologies we use for this automatic data collection may include:
- Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Organization, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).