PRIVACY POLICY
Introduction
Massachusetts Higher Education Assistance Corporation, d/b/a American Student Assistance® (“ASA” or “we” or “us”) respects your privacy and is committed to protecting it through our compliance with this privacy policy (“Policy”).
This Policy describes the types of information we may directly or indirectly collect from you or receive from you when you use our services on ExpandOpportunities.org (the “Services”), including any page, functionality or feature, and all content, information, links and other materials (“Materials”) made available on or through the Services.
We may aggregate or de-identify information described in this Policy. Aggregate or de-identified information that we do not attempt to re-identify is not subject to this Policy.
As described in greater detail below, this policy applies to information we collect:
- In the course of providing the Services; and
- In any email(s), text(s), and other electronic messages that we send or receive from you in relation to the Services.
Please read this Policy carefully to understand our practices in relation to your information and how we will treat it. If you do not agree with this Policy, you may choose not to use the Services. By accessing or using the Services, you acknowledge that you have read and understood this Policy.
This Policy may change from time to time (see “Changes to Our Privacy Policy” at the end of this Policy). Your continued use of the Services after we make changes represents your acceptance of those changes.
Children Under the Age of 13
We designed the Services to avoid collecting personal information from children under 13 years of age, and therefore do not knowingly collect personal information from children who identify as being under 13 years of age. If you are under 13 years of age, do not register on the Services, do not use any of the interactive features of the Services, and do not provide any personal information about yourself including your name, address, telephone number, email address, or any screen name or username you may use. If we learn that we have collected or received personal information from a child under 13 years of age without parental consent, we will delete that information in accordance with applicable law. If you believe that we might have collected personal information from or about a child under 13 years of age, please contact us as soon as possible at [email protected].
Information We Collect About You and How We Collect It
We may collect several types of information from or about you when you use the Services, including:
- Information by which you may be personally identified, such as your name, date of birth, postal address, e-mail address, telephone number, or any other identifier by which you may be identified or contacted online or offline;
- Information you voluntarily provide, such as gender or ethnicity;
- Information about your activity when using our Services, such as pages visited, links clicked on, duration of your usage of the Services, and other usage details; and
- Information about your internet connection and the device(s) you use to access the Services.
We collect this information in two ways:
- Directly from you when you provide it to us; and
- Automatically as you use the Services. Information collected automatically may include usage details and IP addresses, as well as information collected through application program interfaces (“APIs”), cookies, web beacons, and other tracking technologies, as further detailed below.
Information You Provide to Us
The information we collect from you on or through the Services may include:
- Information that you provide when using the Services, including information that you provide at the time you register to use an ASA-operated website. We may also ask you for information when you report a problem with the Services;
- Records and copies of communications between you and ASA (including email addresses) if you contact us; and
- Your responses to surveys that we might ask you to complete for research purposes.
- Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with the Services, we, and our partners and vendors, may use automatic data collection technologies to collect and analyze certain information about your equipment, browsing actions, and usage patterns, including:
- Details of your visits to a website when using the Services, including traffic data, URL source, generalized location data based on IP address, logs, and other communication data, and the resources that you access and use on the Services; and
- Information about your device(s) and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically helps us to deliver and provide better and more personalized Services, including by enabling us to:
- Estimate our audience size and usage patterns;
- Store information about your preferences, allowing us to customize the Services according to your individual interests;
- Speed up your searches; and
- Recognize you when you return to the Services.
The technologies we and our partners and vendors use to carry out such automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer that allows us to understand how users interact with the Services. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may not be able to access certain parts of the Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Services;
- Tracking Pixels. The Services may contain embedded HTML code snippets that enable ASA to measure the performance of advertising and marketing campaigns carried out on third-party websites and services; and
- Web Beacons. The Services may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit ASA, for example, to count users who have visited those pages and analyze other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).
We retain personal information pursuant to our records retention program for as long as is necessary for the purposes set out in this Policy, unless a longer period is required or permitted under applicable law or is needed to resolve disputes or protect our legal rights.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information, for the following purposes:
- To present and provide you with access to the Services, including interactive features, where applicable;
- To recognize you across our Services;
- To evaluate the use, results, and effectiveness of our Services;
- To provide you with information or other services that you request from us;
- To fulfill any other purpose for which you provide it;
- To carry out our obligations and enforce our rights arising out of this Policy, the Terms of Use, which are accessible here (Terms & Conditions), and any other legal terms applicable to use of the Services;
- To notify you about changes to the Services;
- To protect the rights, property, or safety of ASA, our customers, or others;
- To measure the performance of our advertising and marketing campaigns, including through third-party websites and services;
- In any other way we may describe when you provide the information; and
- For any other purpose with your consent.
Disclosure of Your Information
We may disclose information without restriction that does not identify an individual, including information in aggregated or de-identified form. This may include aggregated information gathered via cookies, web beacons, and tracking pixels.
We may disclose personal information that we collect for the following purposes:
- To vendors, contractors, and other third parties that support us in providing the Services and who are bound by contract to keep personal information confidential and use it only for the business purposes for which we disclose it to them;
- To third parties that provide a feature, functionality or service that you have otherwise requested;
- To fulfill the purpose(s) for which you provided it;
- For any other purpose disclosed by us when you provide the information;
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- To enforce or apply this Policy, the Terms of Use, or any other terms that apply to the use of the Services;
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of ASA, our customers, or others;
- As part of a change in business structure or ownership of ASA, we may disclose personal information to the buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of ASA’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by ASA about users of the Services is among the assets transferred; and
- For any other purpose with your consent.
We do not sell your personal information, nor does ASA display any targeted advertising on ASA-operated websites.
ASA does share data with advertising service providers to measure the performance of our advertising and marketing campaigns on other websites, apps, or services, including on Facebook, Snapchat, various Google services, and other social networks.
Per the above, please note that we use our best efforts and take multiple steps to avoid the collection of information for targeted advertising purposes from children under 13 years of age, including by prohibiting children under 13 years of age from creating a user profile on the Services. In addition, we prohibit access to certain areas of the Services by children under 13 years of age in this Policy.
Personal Information Rights
Applicable law may recognize certain rights in relation to personal information, including the right to access, correct, or delete personal information, restrict the processing of personal information (including sensitive personal information, as applicable), and data portability, among others.
You may send us an email at [email protected] to exercise rights applicable to your personal information, or to have an authorized agent do so on your behalf. We will respond to such requests in accordance with applicable law, and we may request further information from you to verify your identity and/or verify the identity of your authorized agent (as well as confirm their authority to act on your behalf). We may not accommodate a request if we believe the change would violate any law or legal requirement, cause the information to be incorrect, or otherwise is subject to an applicable exception under law. We will inform you in accordance with applicable law if we do not accommodate your request. You may have the right to appeal our determination under local law, which can also be exercised by contacting us at [email protected]. We will not discriminate against you when you exercise personal information rights.
Data Transfers
As set out in our Terms of Use, our Services are strictly for use by and solely directed to persons located in the United States. If you are not in the United States, YOU MAY NOT ACCESS OR USE THE SERVICES. If you access or use the Services from outside the United States, you do so at your own risk and are responsible for compliance with local laws.
Data Security
We have implemented industry-standard security technologies, procedures, and organizational measures designed to secure your personal information from accidental loss and or unauthorized access, use, alteration, or disclosure.
The safety and security of your information also depends on you. If you choose or are provided with a username, a password, or any other information as part of our security procedures, you must keep that information confidential and not disclose it to any other person or entity. You may not provide any other person with access to the Services or portions of it using your user name, password, or other security information. You are responsible for all activity occurring under your account or with use of your username and password.
You agree to notify us immediately of any unauthorized access to or use of your username or password, or any other breach of security of which you become aware. You may report unauthorized access by sending an email to [email protected].
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to the Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services.
Changes to Our Privacy Policy
We may revise and/or update this Policy from time to time in our sole discretion. The date this Policy was last revised is identified at the top of the page. If we make material changes to how we treat our users’ personal information, we will notify return users via an on-site message. You are responsible for periodically visiting the Services and this Policy to check for any changes, regardless of whether you have an account or not.
Contact Information
To ask questions or comment about this Policy and our privacy practices, or to register a complaint or concern, contact us at [email protected].