Kepler Website Privacy Policy

Last Updated August 9, 2018

Introduction

Kepler (“Organization” or “We”) respects your privacy and are committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit, use and interact with the website, www.kepler.org, and all its subdomains as well as mobile applications, owned, operated or maintained by Organization (collectively the “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

By using the Website you consent to the terms of this policy, and you signify your assent to all of the terms of this policy and our terms of use [https://kepler.org/terms-of-use/ ].  If at any time you do not agree to the terms of this policy, please do not use the Website. Your continued use of the Website constitutes your agreement to this policy.

For your convenience, this Website may provide links to other third party websites that are not operated by Kepler (“Third Party Site(s)”). This policy applies only to Kepler and its Website and does not apply to information collected by any third party including on Third Party Sites that may link to or be accessible from or on the Website. Third Party Sites may have information practices different than ours. Always read the privacy notice of Third Party Sites before you click through. We neither control nor are responsible for information that is submitted to or collected by Third Party Sites.

Collection of Personal Data

We may collect several types of information, including some personal data, from and about users of our Website when you visit and interact with the Website, including when you donate, create an account, join our newsletter mailing list, or contact us (via email, telephone, or otherwise). If you are a current Kepler student or a prospective student applying for admission to Kepler, we collection personal data when you apply for admissions to Kepler; when you enroll or participate in programs through Kepler; when you register for an online account from Kepler; and when you send Kepler emails and other communications.

Categories of Personal Data we Process

We may process the following categories of personal data (as defined in the EU General Data Protection Regulation ((EU) 2016/679) (“GDPR”)) about you:

  • Personal details: given name; preferred name; date of birth, addresses, identification numbers, location data, online identifiers, photograph, or factors specific to your physical, economic, national, or social identity.
  • Contact details: correspondence address; telephone number; email address.
  • Consent records: records of any consents you have given, together with the means of consent and any related information (e.g., the subject matter of the consent).
  • Donation Payment details: invoice records; payment records; billing address; payment method; bank account number or credit card number; cardholder or accountholder name; card or account security details; card ‘valid from’ date; card expiration date; payment amount; and payment date.

Purposes of Processing and legal bases for Processing

Processing includes collecting, recording, organizing, storing, transferring, sharing, disclosing, erasing, or destroying your personal data. The purposes for which we process personal data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:

  • Provision of Website and services: providing our Website, products, or services; providing promotional items upon request; and communicating with you in relation to those Website, products, or services.
  • Operating our organization: operating and managing our Website and our services; soliciting and facilitating donation payments; providing content to you; displaying information to you; communicating and interacting with you via our Website; and notifying you of changes to any of our Website, our products, or our services.
  • Communications and marketing: communicating with you via any means (including via email, telephone, text message, social media, post or in person) to provide news items and other information in which you may be interested, subject always to obtaining your prior opt-in consent to the extent required under applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
  • Management of IT systems: management and operation of our communications, IT and security systems; and audits (including security audits) and monitoring of such systems.

Specific Processing Related to Students and Prospective Students

This part applies if you apply for admission as a student to Kepler, whether you submit your application through Kepler’s online student application portals or directly via communications with Kepler. Kepler may use the details you provide on your application, together with any supporting documents you submit, additional details and documents provided by any references or third parties, including education and financial records, and any records made by Kepler during the application process.

In addition to the uses described above, we will process the personal data obtained during your application process for the purposes of identifying you, processing your application, verifying the information provided, and enrolling you in the program.

The processing of your personal data in connection with your student application process is necessary for us to to assess your application to study with us, necessary for compliance with a legal obligation, or necessary for the performance of tasks we carry out in the public interest. We require you to provide us the information we request during the application process to assess your application properly.

As well as circulating your application and related materials to the appropriate people at Kepler, we may share your personal data, as relevant and necessary, with entities that provide services to, or on behalf of, Kepler. If you are accepted, Kepler will include in your student files the personal data collected during your application process.

Disclosure of Personal Data to Third Parties

We may disclose personal data to other entities within the Kepler group, for legitimate business and organization purposes and the operation of our Website, in accordance with applicable law. In addition, we disclose personal data to:

  • you and, where appropriate, your appointed representatives;
  • contractors, service providers, and other third parties we use to support our organization and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them;
  • a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Kepler’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Kepler about our Website users is among the assets transferred;
  • any relevant party, law enforcement agency or court to comply with any court order, law, or legal process, including to respond to any government or regulatory request; and
  • any relevant party for the purposes of enforcing our terms of use [https://kepler.org/terms-of-use/ ] and other agreements, including for billing and fraud protection.

International Transfer of Personal Data and Legal Rights

The General Data Protection Regulation (‘GDPR’) is a European Union regulation concerning the use and processing of personal information. We are committed to processing your information in compliance with the GDPR, as applicable. As a global organization, we may transfer your information to servers located outside the country in which you live or to other trusted third parties based in other countries so that they may process information on our behalf. By using the Website or otherwise providing us with your personal information, you agree to us doing so in accordance with the terms of this privacy policy and applicable data protection laws and regulations. You should be aware that many countries do not afford the same legal protection to personal information as you might enjoy in your country of origin. While your personal information is in another country, it may be accessed by the courts, law enforcement and national security authorities in that country in accordance with its laws.

You may have the right to request access to the personal data which Kepler processes about you. Moreover, you may have the right to request that incorrect or incomplete personal data is corrected. You may also have the right to, at any time, withdraw your consent to Kepler’s processing of your personal data, with future effect.

You may also have, to the extent applicable data protection legislation provides, a right to object to certain processing of personal data, a right to request restriction of the processing of your personal data, and a right to data portability. The right to data portability covers such personal data which Kepler processes based on an agreement between you and Kepler or based on your consent, and which you have provided, i.e. name, email, phone number, country, products bought and registered, serial numbers, purchase date and point of purchase. If you have any questions or concerns regarding Kepler’s processing of your personal data, please contact info@kepler.org. Naturally, you also have the right, should you wish, to lodge a complaint with the national data protection authority.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions will be encrypted using SSL technology.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Data retention

We take every reasonable step to ensure that your personal data are only processed for the minimum period necessary for the purposes set out in this Policy. We will retain personal data in a form that permits identification only for as long as: (a) we maintain an ongoing relationship with you (e.g., where you create an account with us, or where you are lawfully included in our mailing list and have not unsubscribed); or (b) your personal data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis.

Cookies and Similar Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
  • Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of this Website may then be inaccessible or not function properly.
  • Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Organization, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users’ personal information, we will notify you by email. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: info@kepler.org.