Effective Date 1.31.2023
This Privacy Statement (“Privacy Statement”) is published by Iontuition, CP (referred to in this Privacy Statement as “Iontuition,” “we” “us” or “our”) to explain our privacy practices for any information we receive via https://Iontuition.us and any page or application controlled by us that links to this Privacy Statement (together, the “Site”). Certain portions of this Privacy Statement also apply to other personal information collected or maintained by Iontuition, for example, under the “California Residents’ Privacy Rights,” and “Virginia Residents’ Privacy Rights,” sections below.
By using the Site or receiving any services of Iontuition (the “Services”) you consent to the terms of this Privacy Statement. If you do not agree to the terms and conditions of this Privacy Statement, including having your Personal Information (as defined below) used in any of the ways described in this Privacy Statement, do not provide us with your information. Please note, however, that if you don’t provide us with your information, you may not be able to use certain parts or features of our Site or we may not be able to provide you certain Services.
Iontuition may update this Privacy Statement from time-to-time in our sole discretion by posting such revised Privacy Statement on the Site. Please note the Effective Date of this Privacy Statement at the top of the page. It is your responsibility to review this Privacy Statement regularly for any changes each time that you use the Site and/or the Services or provide us information.
There are cases in which Iontuition may ask you to provide personal information. As used in this Privacy Statement, “Personal Information” means any information that may be used, either alone or in combination with other information, to personally identify an individual as defined by applicable laws. We may collect certain information, including Personal Information, from and about our users in various ways:
- directly from you,
- from third parties, or
- automatically when you use our Services.
Directly from You
To access and utilize our Services, we will ask you to provide us with some important information about yourself. This information is either required by law, necessary to provide the requested Services, or is relevant for certain specified purposes, described in greater detail below. As we add new features and Services, you may be asked to provide additional information. We may ask you to provide us with one or more of the following categories of information:
- Identifiers, including real name, postal address, email address, telephone number, date of birth, credit card information
- Categories listed in The California Customer Records Statute (Cal. Civ. Code §1798.80(e)), including real name, telephone number, postal address, education, current employment information, employment history, financial information, signature, driver’s license number, state identification, passport number
- Protected Classification Characteristics under California and Federal Law (if applicable), including race, sex, gender, age, ethnicity, citizenship status
- Professional or Employment Related Information, including employment history, current employment status, employer’s name, salary, credentials, employee classification, resume, cover letter, past employer’s name, position held, salary, disciplinary record, wage preferences, job preferences, training or certifications
- Education Information, including date of birth, grade point average, estimated graduation date, hours remaining and completed, graduation date, any certifications, credentials, honors, awards, program you attend, description of the program and length, degrees available, financial information such as how you pay for school, types of financial products you have used, amounts of outstanding financial obligations
- Sensitive Personal Information, including race, ethnic origin, social security number, driver’s license number, state identification number, passport number
Special Category Information
Some of the personal information that we may collect as a result of providing the Services is particularly sensitive (e.g., information revealing racial or ethnic origin, social security number, driver’s license number, state identification number, passport number). We only collect this information as provided by or consented by you. Such sensitive personal information is only shared for the purpose of providing the Services you request or as consented for and will not be shared or used by us for any other purposes.
Collection of Your Personal Information from Third Parties
In addition to collecting some Personal Information directly from you, we may collect Personal Information from third parties including our Affiliates and Subsidiaries. You agree that the third-party providers of data, not Iontuition, are responsible for maintaining your information with proper and sufficient accuracy and authority in accordance with all governing laws and regulations. We make no effort to verify any information for any purpose, including accuracy, legality, or non-infringement that we properly receive from third parties. We also collect personal information automatically when you use visit our Site and while receiving our services.
You agree that the Data Providers, not Site Provider, are responsible for maintaining Account Information with proper and sufficient accuracy and authority in accordance with all governing laws and regulations. Site Provider makes no effort to verify any Account Information for any purpose, including accuracy, legality, or non-infringement.
Information Automatically Collected When You Use Our Services
We may automatically collect information about you when you use our Services including the Site. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics so that we can improve our Services. We may ask you to provide us with one or more of the following categories of information about you:
- Identifiers, including internet protocol (IP) address, cookies
- Commercial Information, including products or services purchased obtained or considered and other purchasing or consuming histories or tendencies
- Internet or Other Similar Network Activity, including browsing history; type; language; search history; information regarding your interaction with our Site including specific pages you accessed on our Site or prior to visiting; web logs; length of time you spent on our Site; cookies; application; advertisement; clickstreams; scrolling activity; device information and operating system used; domain name and type; contents, sender, recipients, format, or location of the sender or recipients at any point during electronic communication; time or date electronic communication was created, sent or received; IP address
- Geolocation Data, including IP address, zip code
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we collect information about your online activity while you are using our Site and may track which website you visit immediately before or after accessing the Site.
Purpose of Collection
Iontuition uses the Personal Information we collect above for the following purposes:
- Create, maintain, customize, and secure your account
- Fulfill an order or provide Services
- Provide customer service, feedback or support
- Provide, administer, expand, support, personalize, improve, and develop our Site, products, and services
- Investigate, detect, prevent, or take other action regarding actual or suspected illegal or fraudulent activities or potential threats
- Collect resumes, employment applications or other information relating to employment
- Accept and process payments
- Protect the security and integrity of our services
- Gather demographic information about our user base
- Remember user settings and items added to our service selection
- Determine whether your system meets the minimum requirements needed to use our Site and Services
- Comply with legal and regulatory requirements
- Meet other business purposes
- Fulfill or meet the reason you provided the information
How We Disclose the Information Collected
We do not sell, share, or otherwise disclose Personal Information collected from our Services to third parties for monetary or other valuable consideration, unless otherwise stated below or with your consent:
- Service Providers & Contractors. We may share your Personal Information with service providers and contractors to perform tasks on our behalf and to assist us in providing our Services, including but not limited to internal and business operations, security, and related services. Service providers and contractors may use the information only as necessary to provide the services to us and are contractually required to keep your information confidential and secure.
- Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information to business partners with whom we jointly offer products or services.
- Advertising Partners. We may share your personal information with third-party advertising partners, such as Google Display Advertising and Remarketing services. These advertising partners may use first- and third-party cookies together to inform, optimize, and serve ads based on your past visits to this website. You can opt out of these services using the Ads Preferences Manager or you can use the Google Analytics opt-out browser add-on. These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks, commonly referred to as “interest-based advertising.”
- Authorized Representatives. If another individual is managing your account on your behalf (for example, a wife managing the account of her husband), as authorized by you or as a personal representative under applicable law, that person can view all Personal Information about you in our Services.
- In the Event of Merger, Sale, Divestitures or Change of Control. We may transfer or assign Personal Information to an entity that acquires or is merged with us as part of a merger, acquisition, sale of ownership or assets, or other change of control.
We may share de-identified and/or aggregate analytics with third-party partners about how users interact with our Services, including usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through the Service.
Your Choices About Your Personal Information
You have choices about how we use your information. Please understand that if you choose not to disclose information to us, it may affect your ability to use some features of our Services.
- Marketing. From time to time if you have supplied your email address, Iontuition and its affiliates may send you marketing or informational emails. If you prefer not to receive any or all of our marketing and promotional communications, you may opt-out of these communications by following the opt-out prompts on these communications. You also may ask us not to send you other marketing or informational communications by contacting us as specified in the Contact Us section below, and we will honor your request. Please note that even after you are removed from our marketing lists, we may still send you non-promotional communications, such as responding to your support requests.
Our services are hosted in the United States and are intended solely for visitors located within the United States. If you do not reside in the United States and provide personal data to us, please note that your Personal Information will be transferred, processed, collected, used, accessed and/or stored in the United States and subject to U.S. laws. The laws in the United States may not provide the same protections for your Personal Information as the jurisdiction in which you are located. Do not provide your Personal Information to us if you do not want this information to be transferred or processed outside of your country, or if the laws in your country restrict such transfers.
California Residents’ Privacy Rights
This section explains how we collect, use, and disclose personal information about users, customers, and visitors who reside in California (“consumers” or “you”). It also explains certain rights afforded to consumers under California’s Shine the Light law and the California Consumer Privacy Act of 2018 (“CCPA”), as revised and updated by the California Privacy Rights Act (“CPRA”). This section uses certain terms that have the meaning given to them in the CCPA including personal information. “Personal Information” for purposes of this Privacy Statement is as defined by applicable laws.
The following section does not apply to individuals who do not live in California on a permanent basis, individuals who do not collect personal information about, or individuals for whom all of the information we collect is exempt from California laws.
Categories of Personal Information Collected
We may collect (and have collected during the 12-month period prior to the effective date of this Privacy Statement) the above categories of Personal Information about you in the Information Collected section above.
Purpose of Collection
We may use (and may have used during the 12-month period prior to the effective date of this Privacy Statement) your Personal Information for the business or commercial purposes described in the Purpose of Collection section above.
Sources of Personal Information
During the 12-month period prior to the effective date of this Privacy Statement, we may obtain (and may have obtained) Personal Information about you from the sources identified in the Information Collected section above.
Selling and Sharing of Personal Information
We do not sell your Personal Information in exchange for monetary consideration and have not done so during the preceding 12 months. During the 12-month period prior to the effective date of this Privacy Statement, we may have shared or disclosed the following categories of Personal Information about you for a business or commercial purpose with certain categories of third parties, as described below:
|Categories of Personal Information that May Be Sold, Shared, or Disclosed||Categories of Third Parties to whom Personal Information May Be Sold, Shared, or Disclosed||Categories of Third Parties to whom Personal Information May Be Sold, Shared, or Disclosed|
|Identifiers||Service ProvidersContractorsAffiliatesLenders or issuers||– Create, maintain, customize, and secure your account |
– Fulfill an order or provide Services
-Provide customer service, feedback or support Provide, administer, expand, support, personalize, improve, and develop our Site, products, and services
– Remember user settings and items added to our service selection
|Personal Information Categories Listed in The California Customer Records Statute (Cal. Civ. Code §1798.80(e))||Service ProvidersAffiliates||– Create, maintain, customize, and secure your account|
– Provide, administer, expand, support, personalize, improve, and develop our Site, products, and services
|Protected Classification Characteristics Under California or Federal Law||Service ProvidersAffiliates||-Provide services|
Maintain and operate our Services and Site
-Support our internal and business operations
|Commercial Information||Service ProvidersContractorsProfessional AdvisorsAffiliates||-Make our Site more user friendly|
-Gather demographic information about our user base
|Internet or Other Similar Network Activity||Service ProvidersContractorsProfessional AdvisorsAffiliates||-Recognize your location Present you with a more personal and interactive user experience to better match your interests and preferences|
-Ability to fully use our services
-Manage, improve, develop, and optimize our business, Site, and services
|Geolocation Data||Service ProvidersAffiliates||-Recognize your location |
-Present you with a more personal and interactive user experience to better match your interests and preferences
-Ability to fully use our services.
-Manage, improve, develop, and optimize our business, Site, and services
|Professional or Employment Related Information||Service ProvidersAffiliates||-Provide you with products and services from third parties for which you subscribe|
-Create, maintain, customize, and secure your account
|Non-Public Education Information||Service ProvidersAffiliates||-Provide you with products and services from third parties for which you subscribe|
-Create, maintain, customize, and secure your account
|Sensitive Personal Information||Service ProvidersAffiliates||-Provide you with products and services from third parties for which you subscribe|
-Create, maintain, customize, and secure your account
-Manage, improve, develop, and optimize our business, Site, and services
-Gather demographic information about our user base
In addition to the categories of third parties identified above, during the 12-month period prior to the effective date of this Privacy Statement, we may have shared Personal Information about you with government entities, self-regulatory organizations and third parties that may assume or have assumed control of part of our business as part of a merger or acquisition.
California Consumer Privacy Rights
Under California’s “Shine the Light” law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of Personal Information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us as directed in the Contact Us section below with a reference to California Disclosure Information.
Under CCPA, consumers have certain rights regarding their Personal Information, as described below.
- Right of Access: You have the right to request, twice in a 12-month period, that we disclose to you the following information about you, limited to the preceding twelve (12) months:
- The categories of Personal Information that we collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting or selling Personal Information;
- The categories of third parties with whom we share Personal Information;
- The specific pieces of Personal Information that we have collected about you;
- The categories of Personal Information that we disclosed about you for a business purpose or sold to third-parties; and
- For each category of Personal Information identified, the categories of third parties to whom the information was disclosed or sold.
- Right of Deletion: You have the right to request that we delete any Personal Information about you which we have collected from you, subject to exceptions within the law.
- Right to Opt-Out: You have the right to opt-out of the disclosure of Personal Information about you for monetary or other valuable consideration. However, we do not sell any Personal Information.
- Right to Opt-In: We do not have actual knowledge that we collect, share, or sell the Personal Information of minors under the age of 16.
- Right to Limit Use and Disclosure of Sensitive Personal Information: You may request specific limitations on further sharing, use, or disclosure of your Sensitive Personal Information that is collected or processed for “the purpose of inferring characteristics about a consumer.” However, we do not collect or process Sensitive Data for this purpose.
- Right to Correction: You have the right to request that we maintain accurate Personal Information about you and correct any Personal Information about you which we have collected from you, subject to exceptions within the law.
If you would like to exercise your California rights, please refer to the Consumer Requests and Verification section below.
Virginia Residents’ Privacy Rights
This section explains how we collect, use, and disclose personal data about users, customers, and visitors who reside in Virginia (“consumers” or “you”). It also explains certain rights afforded to consumers under Virginia Consumer Data Protection Act (“VCDPA”). “Personal Data” for purposes of this section is as defined by VCDPA.
The following section does not apply to individuals who do not live in Virginia on a permanent basis, individuals who do not collect Personal Data about, or individuals for whom all of the information we collect is exempt from Virginia laws.
The categories of Personal Data processed, the purposes of processing, the categories of Personal Data shared, and the categories of third parties to which Personal Data is shared are provided in the above sections of this Privacy Statement, including the above sections Information Collected, Purpose of Collection, and Selling and Sharing of Personal Data.
Virginia Consumer Privacy Rights
Under VCDPA, residents have specific rights regarding Personal Data, including:
- To confirm whether or not we are processing your Personal Data and to access such Personal Data.
- To correct inaccuracies in your Personal Data which we have collected, taking into account the nature of the Personal Data and the purposes of processing the Personal Data.
- To request deletion of Personal Data for which we have collected, subject to legal exemptions.
- To obtain a copy of your Personal Data.
- Virginia residents also have the right to opt out of the processing of Personal Data for purposes of targeted advertising, the sale of Personal Data, or profiling in furtherance of decisions that produce legal or similarly significant effects. However, because We do not use Personal Data for these purposes, no opt out is required.
If you would like to exercise your Virginia rights, please refer to the Consumer Requests and Verification section below.
Consumer Requests and Verification
Right to Non-Discrimination
We may not discriminate against you because you exercise any of your rights under CCPA or VCDPA, including, but not limited to:
- Denying goods or services to you;
- Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
- Providing a different level or quality of goods or services to you; or
- Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
You may request to exercise your rights of access, deletion, or correction under CCPA and VCDPA by contacting us as described in the “Contact Us” section below. To help protect your privacy and maintain security, we will take steps to verify your identity before processing your request. If you request access to or deletion of your Personal Information, we may require you to provide any of the following information: name, date of birth, email address, telephone number, or postal address. When you make such a request, you can expect the following:
- As required under applicable law, we will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
- We will confirm that you want your information accessed, corrected, and/or deleted.
- We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
- We will respond to your request within 45 days upon receipt of your request. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, a request for access, correction, or deletion may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing Services or completing an order. If we deny your request, we will explain why we denied it and delete any other information that is not protected and subject to denial.
You may designate an authorized agent to request any of the above rights on your behalf. You may make such a designation by providing the agent with written permission, signed by you, to act on your behalf. Your agent may contact us as described in the Contact Us section below to make a request on your behalf. Even if you choose to use an agent, we may, as permitted by law, require:
- The authorized agent to provide proof that you provided signed permission to the authorized agent to submit the request;
- You to verify your identity directly with us; or
Virginia Appeal Process
If you have made a request to access, correct, or delete your Personal Data under VCDPA, and we have declined to take action, you may appeal our decision within 45 days of the denial. When you make such an appeal, you can expect the following:
- We will verify your identity. You will need to provide us with your email address and full name. We may ask for additional information if needed.
- We will review your appeal and respond in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision, within 45 days upon receipt of your appeal. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
- In certain cases, an appeal may be denied. For example, if we cannot verify your identity, the law requires that we maintain the information, or if we need the information for internal purposes such as providing Services or completing an order. If we deny your appeal, we will explain why we denied it and provide you with a method to contact your state’s Attorney General to submit a complaint.
We will only keep your personal information for as long as necessary to fulfill the purposes set out in this Privacy Statement, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this Privacy Statement will require us to keep your personal information for longer than six (6) months past the termination of the user’s account.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize your information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Correcting & Updating Your Information
You can edit, correct or remove any or all of the personal information you provide us by accessing the account you create when you subscribe for a Service. Remember, however, that removing personal information may limit your ability to access some or all of the features of the Services and Websites. In addition, to keep you in control of your personal information and the communications directed to you, we allow you to opt-out of receiving communications from us about new Services or Website features.
Confidentiality and Security
We maintain reasonable safeguards to protect the Personal Information we collect. While we implement these measures, please note that 100% security is not possible, and we cannot guarantee that the security measures we have in place to safeguard personal information will never be defeated or fail, or that those measures will always be sufficient or effective.
Iontuition may assign you a user ID and a password when you as part of your participation and access to the Site and your account. Only you may use your user ID and password. You may not share your user ID and password with anyone else, and you are solely responsible for maintaining and protecting the confidentiality of your user ID and password. You are fully responsible for all activities that occur under your user ID. You play a role in protecting your information as well.
We do not knowingly collect or solicit personal information from children under the age of 16. By using the Site or Services, you represent that you are at least 16 years old. If you are under 16, please do not attempt to register for an account or send any Personal Information about yourself to us. If we become aware that we have inadvertently received or collected Personal Information from a user of the Site who is under the age of 16, we will attempt to immediately delete that information from our files and records. Furthermore, we encourage users of the Site that are minors that are 16 years of age or older to ask their parents or guardians for permission before sending any information about themselves over the Internet.
If you believe a child who is under the age of 16 has provided us with Personal Information, please contact us using the information below.
Visitors from Switzerland, United Kingdom and the European Economic Area
Identification of Data Controller:
If we are providing Services directly to you, we, are the controller. To contact us, please see our contact information below. Otherwise, the institution through which we service your account is the controller.
Identification of Primary Member State Supervisory/Data Protection Authority
You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.
Legal Basis for Processing:
GDPR allows processing of personal data based on one of six legal bases. The legal bases for processing personal data are:
- Consent – your freely given, specific, informed and unambiguous indication of your wishes by which you agree to the processing of personal data.
- Contract – we needs to process your personal data for performance of a contract or processes the information at your request prior to entering into a contract.
- Legal Obligation – processing is necessary to comply with a legal obligation.
- Vital Interests – your (or someone else’s) health, safety or other vital interests require processing personal data.
- Public Interest – we needs to process personal data to carry out a task that’s in the public interest.
- Legitimate Interest – processing personal data is in our legitimate interests.
|To monitor and improve the experience of the Site||Consent; Legitimate Interest|
|To conduct promotional and marketing efforts||Consent; Legitimate Interest|
|To provide products or services||Contract|
|To comply with legal obligations and to cooperate with public and government authorities, courts or regulators||Legal Obligation|
|To comply with judicial proceedings, court orders or legal processes||Legal Obligation|
We will not disclose Personal Data to a third party except as stated below:
We may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, we will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the personal information transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request.
We may also be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.
Retention of Personal Data:
Right of Access to your Personal Data
Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of the GDPR, a Data Subject may also request that Personal Data be corrected, amended, or deleted. When we receive Personal Data, we do so on behalf of the individual submitting such Personal Data. To request access to, or correction, amendment or deletion of Personal Data, Data Subjects should contact us at the address in the “Questions?” section below. We will cooperate with all reasonable requests to assist Data Subjects to exercise their rights under the GDPR.
Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should submit that request to us. We will cooperate with Data Subjects’ instructions regarding the above Data Subject choices.
Transfers to the United States from the European Union:
When we transfer personal information from the EU to entities within our organization located outside of the EU, we may rely on standard contractual clauses adopted by the European Commission to help establish adequate safeguards. If we transfer personal information from the EU to another party located outside the EU, we may rely on a legal framework that provides appropriate safeguards, which could include the standard contractual clauses, binding corporate rules, or another framework deemed adequate by the European Commission.