COVID-19 Response from The Colleges of Law:

Privacy Notice

[4/14/23]

This Website User Privacy Notice describes how [The Colleges of Law] (hereinafter “The Colleges of Law”, “we” and “our”) collects, processes, transfers and stores data from visitors to our Website at https://admin.collegesoflaw.edu (“Website“). This Website User Privacy Notice (“Notice”) applies only to the data collected on the Website and not to other data collected, processed, transferred or stored by The Colleges of Law as part of any service we provide to you.

Please read this Notice carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this Notice. This Notice may change from time to time (see Changes to Our Website User Privacy Notice section below). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the Notice periodically for updates.

1. OUR COMMITMENT TO YOUR PRIVACY

This Website User Privacy Notice describes:

  • How information about you is collected through our Website;
  • How we use this information; and
  • How we share this information.

If you have any questions regarding this Notice or our information collection and use practices, please contact us using the information in the Contact Us section below.

2. INFORMATION COLLECTED THROUGH OUR WEBSITE

The Colleges of Law collects information from Website visitors and also obtains information from third parties (including from service providers) in the course of your interaction with our Website and our online services (our “Services”), which we may add to the data we obtain through the Website. The information collected through our Website includes:

  • Information You Provide to Us. We collect information you provide to us, for example, when you enter information into any form fields on our Website, communications you have with us (including your communications with our Website’s chatbot), sign up to receive our emails, make a donation, or enter a promotion sponsored by us. This information may include your name, postal address, e-mail address, telephone number, payment card details, citizenship status, military status, or other identifier intended as a means to contact you online or offline (“Personal Information”). We collect this information to respond to requests for information from you and to communicate with you.
  • Device and Usage Information. Our Website collects standard technical, non-Personal Information when you use it, including internet protocol (“IP”) addresses (which may identify the general geographic area from which you are accessing our Website), referring URL, browser types, internet service providers (“ISPs”), phone GPS, web browser and/or operating system, the webpages and content you view or interact with on our Website, time spent on each webpage, the information you search for on each webpage, and your interactions with and submissions on our Website (such as buttons you click, mouse movements, information entered into form fields, and the date, time, and location of access to the Website). 
  • Information Collected Through Automatic Data Collection Technologies. Our Website collects certain information through the use Automatic Data Collection Technologies which may include:
    • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. For information about managing your privacy and security settings for cookies, see the Your Choices About How We Collect Your Information Through Our Website section below.
    • Pixel Tags. A pixel tag is a piece of code that a third party asks us to put on our Website to deliver their cookies. Pixel tags are often single pixel, transparent GIF images posted on a webpage, and they allow the third party serving the image to read and record cookies.
    • Server Logs. A server log is a text document that contains a record of all activity related to a specific web server over a defined period of time. The web server gathers data automatically and constantly to provide administrators with insight into how and when a server is used, as well as the users that correspond with that activity.
    • Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
    • Plug-ins. A plug-in is a piece of software that acts as an add-on to a web browser and gives the browser additional functionality. A plug-in can allow a web browser to display additional content it was not originally designed to display.
    • Chatbots. A chatbot is a computer program or software that simulates human conversation through text of voice interactions. We use a chatbot to communicate with visitors to our Website who are interested in learning more about our school and educational offerings.  
  • Third Party Use of Automatic Data Collection Technologies. Some content or applications, including advertisements, on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use Automatic Data Collection Technologies (including the examples described above) to collect information about you when you use our Website. The information they collect may be associated with your Personal Information or they may collect information, including Personal Information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. Examples of the types of third parties who use Automatic Data Collection Technologies on our Website include:
    • Google Analytics
    • Meta
    • Twitter
    • LinkedIn
    • Visual Website Optimizer

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see the Your Choices About How We Collect Your Information Through Our Website section below.

3. HOW WE USE INFORMATION

We use information collected on our Website in a variety of ways intended to provide our Website and Services and to operate our business, including any of the following:

  • To present our Website and its contents to you.
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provided Personal Information to us.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to our Website or any products or services we offer or provide though it.
  • To allow you to participate in interactive features on our Website.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.
  • To display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

4. HOW WE SHARE INFORMATION

We may share, transfer, or disclose your information if you consent to us doing so, as well as in the following circumstances:

  • Disclosure of Aggregated Information. We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
  • Disclose of Personal Information. We may disclose Personal Information that we collect or you provide as described in this Notice including any of the following:
    • To our subsidiaries and affiliates.
    • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them.
    • To fulfill the purpose for which you provide Personal Information to us.
    • For any other purpose disclosed by us when you provide the information.
    • With your consent.
  • Compliance with Laws and Law Enforcement; Protection of Our Rights. We may disclose your information (including your Personal Information) to a third party if: (a) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental or regulatory request; (b) to enforce our agreements, policies and terms of service, including for billing or collection purposes; (c) to protect the security or integrity of our Website or Services; (d) if we believe disclosure is necessary or appropriate to protect the property, rights, or safety of The Colleges of Law, our customers, or others from harm or illegal activities; (e) to respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or (f) to investigate and defend ourselves against any third-party claims or allegations.
  • In Significant Business Transactions. Your information, including Personal Information, may be disclosed and otherwise transferred to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of The Colleges of Law’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by The Colleges of Law about our Website users is among the assets transferred.

5. OUR POLICY CONCERNING CHILDREN

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected].

6. CHANGES TO OUR WEBSITE USER PRIVACY NOTICE

This Notice may be updated from time to time. We will post the date our Notice was last updated at the top of this Notice. Please check back frequently to see any updates or changes to this Notice. Your continued use of the Website after any change in this Notice will constitute your acceptance of such change.

7. YOUR CHOICES ABOUT HOW WE COLLECT YOUR INFORMATION THROUGH OUR WEBSITE

Many Internet browsers automatically accept cookies. You may be able to instruct your browser or select settings on your mobile device to stop accepting cookies or to prompt you before accepting cookies from our Website. If you disable or refuse cookies, please note that some parts of our Website may then be inaccessible or not function properly.

The Colleges of Law does not respond to browser “Do Not Track” signals.

You can ask to review, update, or make changes to the personal information The Colleges of Law maintains about you by sending a written request to the portal address or email address in the Contact Us section below.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.

8. CONTACT US

If you have any questions, comments or concerns regarding our Notice and/or practices, please send an email to [email protected] or otherwise mail to the following:

The Community Solution Education System
ATTN: Marketing Department
203 N. LaSalle Street
Chicago, IL 60601

GDPR Privacy Notice

The European Union (“EU”) General Data Protection Regulation 2016/679 (the “GDPR”) regulates the protection of certain people with regard to the processing of their personal data and the free movement of such data. Before The Colleges of Law (“School”) collects any personal data from you, we are required to provide certain information which is contained in this GDPR Privacy Notice (“Notice”).

I. Applicability and Definitions

This Notice applies to persons located in the EU, a European Economic Area (“EEA”) member state, Switzerland, or any country which formally adopts the GDPR (“GDPR Countries”). GDPR went into effect on May 25, 2018, and applies to the processing of personal data from and after that date.

For the purpose of this Notice, the following definitions apply:

  • “Personal data” means any information that can be used to directly or indirectly identify you, such as your name, date of birth, addresses (including email addresses), identification numbers, location data, online identifiers, or factors specific to your physical, physiological, genetic, mental, economic, cultural, or social identity.
  • “Sensitive data” means personal data related to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetics, biometrics, health, sex life or sexual orientation.
  • “Processing” and “Process” is any operation performed on your personal data, including collecting, storing, altering, transferring, sharing, disclosing, erasing, or destroying your data.
  • “Controller” means an entity that determines the purposes and means of processing personal data. The School is a Controller within the meaning of the GDPR.

Terms in this Notice are intended to be used consistent with their definitions in the GDPR. The full text of the GDPR, is available at https://gdpr-info.eu/.

II. The Type of Data Collected and the School’s Purposes and Legal Bases to Process the Data

The School processes your personal data for the purpose of furthering its charitable, educational, and scientific missions and in connection with your relationship with the School as a prospective, current, or former student (or such student’s parent or guardian), a faculty or staff member, or an employee, contractor, donor, supporter, research subject, visitor to the School or its website, or attendee at a School event.

The categories of personal data we process about you may include the following:

  • Identity data – includes name, aliases, date of birth, title, gender, and identification numbers
  • Contact data – includes mailing and email addresses, phone and fax numbers, and emergency contact information
  • Background data– includes historical information related to past employment, education, references, and other records
  • Financial data – includes information related to personal and family finances
  • Technical data – includes technical information related to your use and access of School websites, online applications and tools, such as internet protocol (IP) address, login data, and browser and operating system type and version
  • Profile data – includes usernames and passwords, profile pictures, interests, application preferences, and feedback
  • Marketing and Communication data – includes your preference in receiving marketing from the School and your communication preferences
  • Sensitive data – includes data defined as “sensitive data” in Section I of this Notice, including data related to racial or ethnic origin, health, sex life and sexual orientation

The School processes your personal data only when we have a legal basis to do so. Most commonly, it is necessary for the School to process your personal data for the following legal bases recognized by the GDPR:

  • To take steps to enter a contract with you, or to perform a contract to which you are a party.
  • Where the School or a third party has a legitimate interest, and your interests and fundamental rights do not override those interests.
  • To protect the vital interests of health and safety of you or a third party.
  • To comply with a legal or regulatory obligation.

When the School cannot rely on any of these legal bases, or if it is necessary for the School to process your sensitive personal data, it will seek your prior consent.

The purposes for which the School collects your personal data, and the legal bases for processing such personal data, are summarized in the below chart. Where the School relies on a legitimate interest, it identifies the legitimate interests. The School may have more than one legal basis to process your personal data depending on the specific purpose for which your personal data is used.

Data Processing Purpose & UsesCategory of Data CollectedLawful Basis(es) for Processing
Recruiting and Marketing. Data is processed to identify you; track inquiries and website activity; identify and recruit prospective students, faculty, and staff; and market the School’s courses, programs, and services.Identity
Contact
Technical
Profile
Marketingand Communication		Necessary to enter a contractNecessary to pursue the School’s legitimate interest in recruiting qualified students, faculty and staff to the School.Prior consent
Application by candidate located in the EU for School or program admission. Data is processed to identify you, administratively process your application for admission to the School or to a particular program (such as study abroad, certificate, or degree programs), verify information provided, evaluate your qualification for admission, and communicate the outcome to you. The data is also used to manage student accounts (including invoicing, processing payments and refunds, pursuing collection efforts if necessary); administer financial aid, grant and scholarship programs; manage student affairs and provide student support services (such as services for disability accommodations, advising, safety, and wellness); provide clinical, internship or job placement services; manage academic affairs and provide academic support services; and provide IT and technology services (such as School email accounts, learning management systems and applications, network and communication gateways, intranet sites, and data warehousing). The data may also be used to prevent or detect fraud, for disciplinary or academic integrity proceedings, to meet legal or regulatory reporting and compliance requirements, to evaluate the School’s diversity and equal opportunity performance, and for research and statistical purposes.Identity
Contact
Background
Financial
Technical
Profile
Marketing and Communication
Sensitive		Necessary to enter and/or perform a contractNecessary to pursue the School’s legitimate interest in furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational servicesNecessary to comply with legal or regulatory obligationsNecessary to protect the vital interest of you or anotherPrior consent where sensitive data is collected
Register, Enroll and Participate in Programs and Courses while in the EU. Data is processed to identify you; facilitate your participation in programs and courses; track attendance, course and program progress and completion; assign coursework; evaluate academic performance; administer tests; facilitate instruction; prepare educational records (such as transcripts and diplomas); and provide related services while you are in the EU such as transportation, lodging, health and safety, and insurance. The data is also used to manage student accounts (including invoicing, processing payments and refunds, pursuing collection efforts if necessary); administer financial aid, grant and scholarship programs; manage student affairs and provide student support services (such as services for disability accommodations, advising, safety, and wellness); provide clinical, internship or job placement services; manage academic affairs and provide academic support services; and provide IT and technology services (such as School email accounts, learning management systems and applications, network and communication gateways, intranet sites, and data warehousing). The data may also be used to prevent or detect fraud, for disciplinary or academic integrity proceedings, to meet legal or regulatory reporting and compliance requirements, to evaluate the School’s diversity and equal opportunity performance, and for research and statistical purposes. Identity
Contact
Background
Financial
Technical
Profile
Marketing and Communication
Sensitive 		Necessary to enter and/or perform a contractNecessary to pursue the School’s legitimate interest in furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational servicesNecessary to comply with legal or regulatory obligationsNecessary to protect the vital interest of you or anotherPrior consent where sensitive data is collected
Applications for employment in the EU. Data is processed to identify you, administratively process your application, verify information provided, evaluate your employment qualifications, conduct background checks, and communicate the outcome to you. The data is also used to maintain personnel files, prepare and process performance evaluations, manage payroll, provide and administer employment benefits, manage employee relations; provide IT and technology services (such as School email accounts, network and communication gateways, intranet sites, and data warehousing); manage complaint, grievance, and disciplinary proceedings; to prevent or detect fraud; to meet legal or regulatory reporting and compliance requirements; to evaluate the School’s diversity and equal opportunity performance, and for research and statistical purposes. Identity
Contact
Background
Financial
Technical
Profile
Marketing and Communication
Sensitive 		Necessary to enter and/or perform a contractNecessary to comply with legal or regulatory obligationsNecessary to protect the vital interest of you or anotherPrior consent where sensitive data is collected
Complaint, Grievance, and Disciplinary Procedures for incidents arising in the EU. Data is processed to identify you; administratively process complaints or grievances, or engage in disciplinary procedures; verify information provided; evaluate and investigate incidents; protect health and safety; communicate with you; communicate the outcome to appropriate parties; and provide information required by third parties to meet legal or regulatory reporting and compliance requirements.Identity
Contact
Background
ProfileSensitive		Necessary to perform a contractNecessary to comply with legal or regulatory obligationsNecessary to protect the vital interest of you or anotherPrior consent where sensitive data is collected
Offering Access to School Information and Technology Services to Persons in EU. Data is processed to identify you; provide a School email account; allow students, faculty, staff, and alumni, and other authorized persons the right to access and use School licensed software, tools and applications; and storing data. Identity
Contact
Background
Financial
Technical
Profile
Marketing and Communication		Necessary to enter and/or perform a contractNecessary to comply with legal or regulatory obligations
Research Involving Personal Data of Persons in the EU. Data may be processed to conduct educational, scientific, and other research and related statistical analysis Terms and conditions of research projects are negotiated before acceptance to ensure ability to comply with applicable research grants, agreements, laws, rules regulations and policies.Varies depending on research.Necessary to enter and/or perform a contractNecessary to pursue the School’s legitimate interest in carrying out research activities to advance knowledge and create applications that benefit societyPrior consent where sensitive data is collected
Alumni and donors in the EU. Data is processed to identify you; communicate with and provide services to alumni and donors; and to seek and accept gifts and donations. The data may also be used for research and statistical purposes. Identity
Contact
Background
Financial
Technical
Profile
Marketing and Communication
Sensitive 		Necessary to enter and/or perform a contractNecessary to pursue the School’s legitimate interest furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational servicesPrior consent where sensitive data is collected
Comply with Legal and Regulatory Obligations. Data is processed to comply with applicable laws and regulations, including, without limitation, the Internal Revenue Code, Title IV and Title IX, U.S. Department of Education laws and regulations, the Immigration and Naturalization Service, the Department of Homeland Security, and regional and national accreditation requirements and standards.Identity
Contact
Background
Financial
Sensitive		Necessary to enter and/or perform a contractNecessary to pursue the School’s legitimate interest furthering its charitable, educational, and scientific missions, and providing excellent and competitive educational servicesNecessary to comply with legal or regulatory obligationsNecessary to protect the vital interest of you or another

If you have additional questions regarding the type of personal data collected about you, or the School’s purpose or legal basis for processing your personal data, please contact the School at the contact provided below.

III. Other Recipients of Your Personal Data

We may share your personal data with other recipients in connection with the purposes and lawful bases stated in Section II of this Notice. Categories of recipients who may receive your personal data may include the following:

  • School faculty and staff responsible for or involved in the activities described in the above chart.
  • Public safety authorities, such as local, state, federal or international law enforcement.
  • Health care providers, such as hospitals and clinics.
  • Security providers, such as private campus safety personnel.
  • Regional and national accreditors and professional licensing bodies.
  • Third parties who underwrite, administer, or provide services related to the School’s programs or to individuals associated with the School, such as independent contractors, marketing services, event hosting, international service providers, payment processors, insurance and benefits providers and administrators, lenders and service providers who assist in student loans, scholarship and other financial aid programs.
  • Third parties to whom personal data is required to be communicated in order for the School to comply with legal obligations established by any and all applicable laws and regulations, such as local, state, federal or international legal, governmental and regulatory entities.
  • Third-party data processors who host and/or process information on behalf of the School.
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

We require third parties to respect the security of your personal data and to treat it in accordance with applicable law.

IV. International Data Transfers

Personal data that you provide while in GDPR Countries will be transferred internationally to the School, which is located in the United States, and may be transferred to third parties in other countries in connection with the purposes and lawful bases stated in Section II of this Notice. In the international transfer of your personal data, the School will employ suitable safeguards to protect the privacy and security of your personal data so that it is only used in a manner consistent with this Notice.

V. Data Security

The School, by design, has put in place appropriate security measures to protect personal data from unauthorized access, alteration, disclosure or destruction. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know, and who process your personal data at our direction. Where there is a personal data breach, we will notify you and any applicable regulatory authority where we are legally required to do so.

VI. Data Retention

The School retains your personal data for as long as necessary to fulfill the purposes for which we collected it. To determine the appropriate retention period for personal data, we consider the nature of the personal data, the purpose for which personal data is processed and retained, and the applicable legal, accounting, reporting and regulatory requirements applicable to such data.

Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting the School at the contact provided below.

In some circumstances we may anonymize your personal data (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.

VII. Your Rights Regarding Your Personal Data

Under the GDPR, you have a number of rights regarding your personal data, subject to exceptions stated in the GDPR or its implementing regulations. Specifically, you have the right to:

  • Request access to your personal data and receive a copy of the personal data that we hold about you.
  • Request correction of your personal data that we hold which is inaccurate or incomplete.
  • Request erasure of your personal data from our records. Where it is necessary for the School to maintain the data for legal, accounting, reporting, or regulatory reasons, we may not be able to comply with your request and will notify you if that is the case.
  • Object to processing of your personal data where we are relying on a legitimate interest for processing such data, unless the School can demonstrate compelling legitimate grounds for processing that override your interest in prohibiting such processing.
  • Request restriction of processing your personal data under certain circumstances.
  • Request the transfer (portability) of your personal data to a third party.
  • Withdraw consent at any time where the School relies solely on the legal basis of consent to process your personal data. If you withdraw consent, the withdrawal will not change the fact that your data has been processed legally up to that point. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • File a complaint concerning your personal data with the applicable EU supervisory authority. Supervisory authority contact information is available here.

Nearly all of your rights are qualified in various ways and there are numerous exemptions. For additional information about your rights, the full text of the GDPR is available at https://gdpr-info.eu/.

If you wish to exercise any of these rights, please contact the School at the contact provided below.

The School strives to respond to all legitimate requests within one month. It may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

VIII. Are You Obligated to Provide Personal Data?

Through this Notice, the School informs you that it may process your personal data in accordance with this Notice, and as permitted or required by law. If you do not agree with this Notice, please do not provide any personal data to the School.

If you choose not to provide personal data that is necessary for the School to provide you with specific products or services, the School may not be able to provide those products or services to you. For example, if you do not provide personal data needed to perform a contract for educational services with you, such as information necessary to process admissions, financial aid, or employment applications, you will not be admitted to the School, awarded financial aid, or employed by the School.

IX. Contact Information and Rights Requests

If you would like to contact the School in its capacity as a controller, including to ask questions about this Notice, the GDPR, and the personal data being processed by the School, or if you wish to exercise any of your rights under the GDPR or lodge a complaint involving a violation of this Notice or the GDPR, please contact:

The Colleges of Law
4475 Market Street
Ventura, CA 93003
[email protected]

Please note that the School is not a public authority or body. Also, its core activities do not include the regular and systematic monitoring of data subjects on a large scale, nor processing on a large scale of special categories of data or personal data relating to criminal convictions and offenses. For these reasons, the GDPR does not obligate the School to designate a data protection officer within the meaning of the GDPR.

Updated: 9/4/2018