Privacy Policy

Introduction

Thank you for joining CAMPUS. As CAMPUS, we collect your privacy and want you to understand how we use, store, and share data about you. This Privacy Statement describes the personal data we collect or process which may include collecting, organizing, structuring, storing, or disclosing to provide products and services offered directly by CAMPUS, unless it's to a different policy as otherwise stated herein. This Privacy Statement applies when you use the CAMPUS websites, mobile applications, APIs, or related services. It applies to prospective users of our business and enterprise products.

By using Carmpus services, you agree to the collection and use of information in accordance with this.

Table of Contents

What Personal Data We Get

Any data we obtain from or about you, including information CAMPUS can associate with you and groups of persons, may collect or process behalf of tutors, the following categories of personal data when you or others interact with CAMPUS products and services:

• Account Information: Information associated with an account that licenses CARMPUS products and services, which may include administrator name, contact information, account ID, billing and transaction information, and account information.
• Profile and Learners/Tutors' Information: Information associated with the CARMPUS profile of a user who uses CARMPUS products and services under a licensed account or that is provided by an unlicensed participant joining a class, which may include name, display name, picture, email address, phone number, student information, stated locale, user ID, or other information provided by the user and/or their account owner.
• Contact Information: Contact information added by users to create contact lists on CARMPUS platform, which may include contact information a user integrates from a third-party app or provided by users to process referral invitations.
• Settings: Information associated with the preferences and settings on CARMPUS account or user profile, which may include audio and video settings, recording file location, screen sharing settings, and other settings and configuration information.
• Registration Information: Information provided when registering CARMPUS classes, webinars, lecture rooms, or recording, which may include name and contact information, responses to registration questions, and other registration information requested by the host.
• Device Information: Information about the computers, phones, and other devices used when using CARMPUS products and services, which may include information about the speakers, microphone, camera, OS version, hard disk ID, PC name, MAC address, IP address (which may be used to infer general location at a city or country level), device attributes (like operating system version and battery level), Wi-Fi information, and other device information (like Bluetooth signals).
• Content and Context from Classes, Webinars, Messaging, and Other Collaborative Features: Content generated in classes, webinars, or messages that are hosted on CARMPUS platforms, which may include audio, video, live class messages, chat messaging content, transcriptions, transcript edits and recommendations, written feedback, responses to Q&A, and files, as well as related contexts, such as invitation details, chat name, or class agenda. Content may contain your voice and image, depending on the settings, what you choose to share, your settings, and what you do on CARMPUS platforms.
• Usage Information Regarding Live-Classes, Webinars, Messaging, Collaborative Features, and the Website: Information about how people and their devices interact with Carmpus products and services, such as: when learners and tutors alike join and leave a class; whether learners/tutors sent new messages and whom they message; performance data; mouse movements, clicks, keystrokes or actions (such as mute/unmute or video on/off), edits to transcript text, where authorized by the account owner and other inputs that help Carmpus to understand feature usage, improve product design, and suggest features; which third-party apps are added to a class or other product or service and what information and actions the app is authorized to access and perform; use of third-party apps and the Carmpus App Marketplace; features used (such as screen sharing, emoji, or filters); and other usage information and metrics. This also includes information about when and how learners visit and interact with Carmpus' websites, including what pages are accessed, interaction with website features, and whether or not the learner of tutor signed up for a Carmpus product or service.
• Limited Information from Carmpus Email and Calendar Services: This policy refers to Carmpus' native email service and emails sent from Carmpus native email service. Carmpus Email is designed to be end-to-end encrypted by Carmpus by default for emails sent and received directly between active Carmpus users. When an email is end-to-end encrypted, only the users, and, depending on their settings, account owners, or designated account administrators control the encryption key and therefore access to the email content, including body text, subject line, attachments and custom labels applied to messages by users in their inboxes. Emails sent to or received from non-Carmpus users are encrypted after the email is sent or received from Carmpus' servers.
• Information from Partners: Carmpus obtains information about account owners and their users from third-party companies, such as market data enrichment services, including information about learners/tutors, contact information, or activity of certain enterprise domains. Carmpus may also obtain information from third-party advertising partners who deliver ads displayed on Carmpus products and services, such as whether you clicked on an ad they showed you.

How We Get Your Data

Apart from inputting your data on the Carmpus platform, we also use tools like cookies, web beacons, and similar tracking technologies to gather data. Cookies and Data Collection Tools Carmpus uses cookies, which are small text files stored by your browser, to collect, store, and share data about your activities on our website. This allows us to remember certain information about your visits to Carmpus, like your preferred language, and to make our site easier to use. We may also use clear pixels in emails to track deliver ability and open rates. Carmpus and other service providers acting on our behalf like Google Analytics and third-party advertisers use server log files and automated data collection tools like cookies, tags, scripts, customized links, device or browser fingerprints, and web beacons when you access and use the services. These Data Collection Tools automatically track and collect certain System Data and Usage Data when you use the services. In some cases, we tie data gathered through those Data Collection Tools to other data that we collect as described in this Privacy Policy.

Carmpus uses the following types of Data Collection Tools for different purposes as mentioned below:

1. Necessity: These Data Collection Tools enable you to access the site, provide basic functionality (like logging in or accessing content), secure the site, protect against fraudulent logins, and detect and prevent abuse or unauthorized use of your account. These are required for the services to work properly.
2. Functionality: These Data Collection Tools remember data about your browser and your preferences, provide additional site functionality, customize content to be more relevant to you, and remember settings affecting the appearance and behavior of the Services (like your preferred language or volume level for video playback).
3. Performance: These Data Collection Tools help measure and improve the services by providing usage and performance data, visit counts, and traffic sources. These tools can help us test different versions of the Carmpus platform to see which features or content users prefer and determine which email messages are opened.
4. Advertisement: These Data Collection Tools are used to deliver relevant ads based on things we know about you like your usage and system data, and things that the ad service providers know about you based on their tracking data. The ads can be based on your recent activity or activity over time and across other sites and services. To help deliver tailored advertising, we may provide these service providers with a hashed, anonymized version of your email address and content that you share publicly on the services.
5. Social Media: These Data Collection Tools enable social media functionality, like sharing content with other learners, tutors, and groups. These cookies may track a user or device across other sites and build a profile of user interests for targeted advertising purposes.

How We Use Personal Data

1. No Disclosure Without Consent: Carmpus will not disclose or transfer your personal data to third parties without your consent or as otherwise permitted by law, whether for such third parties' marketing purposes or otherwise.
2. Third-Party Service Providers: Carmpus may provide access to your personal data to third-party service providers engaged by us to provide services related to our programmes as well as business activities, including in connection with some client services, in the manner agreed upon in our client services agreements. We maintain processes designed to ensure that any processing of personal data by third-party service providers is consistent with this Privacy Policy and protects the confidentiality, availability, and integrity of your data.
3. Support Services: We also may share your personal data with third party providers who perform services and functions on our behalf to support our interactions with you, for example, processing educational content materials, administering surveys, or communicating with you.
4. Legal and Safety Disclosures: In addition, we may disclose information about you on the following conditions:
   • If we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
   • In the event of a reorganization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
   • When we are required to do so by law or legal process
   • On law enforcement authorities or other government officials' request
   • If disclosure is necessary to protect the vital interests of an individual
   • To protect our intellectual property, services, and legal rights
   • To prevent fraud against Carmpus, our subsidiaries, affiliates, and/or business partners
   • To support auditing, compliance, and corporate governance functions
   • To comply with any and all applicable laws.
5. User Forums: Users should be aware that whenever they publicly disclose information online, that information could be collected and used by others. Carmpus will not be responsible for any action or policies of any third parties who collect information that users publicly disclose in any such forums on the sites.
6. Link to Third-Party Sites: Carmpus may provide links to third-party websites or information as a service to our users. If you use these links, such links do not constitute or imply an endorsement, sponsorship, or recommendation by Carmpus of the third party, the third-party website, or the information contained therein, and Carmpus shall not be liable for your use thereof. Such use shall be subject to the terms of use and privacy policies applicable to those websites.
7. Social Networking: Carmpus may allow you to sign into and associate with your social network accounts such as Twitter, LinkedIn, Facebook, etc. The sites may also allow you to log in to a Carmpus account using certain social network account credentials. By associating your social network account with Carmpus or logging in to Carmpus platform using your social network account credentials, you give us permission to access information that you have made available in your public profile for that social network account. The information available in your public profile varies based on the social network and your settings including email address, real name, profile picture, gender, and location. We use the information we receive from your social network account in accordance with the social network's terms of use and this Privacy Policy. Always refer to the privacy settings in your social network account for information about what data is shared with Carmpus and other connected applications and to manage the data that is shared through your account, including information about your activities using our sites. If you would like to disconnect a social media account from us, refer to the settings of that social network account and its provider.

How We Share Personal Data

CAMPUS may share personal data with third parties for service provision or legal requirements, with your consent where applicable.

Security of Your Data

Carmpus has implemented generally accepted standards of technology and operational security to protect personal data from loss, misuse, alteration, or destruction. Only authorized McKinsey personnel and third party service providers are provided access to personal data, and these employees and service providers are required to treat this information as confidential. Despite these precautions however, McKinsey cannot guarantee that unauthorized persons will not obtain access to your personal data.

The GDPR also covers the transfer of personal data to non-EU countries and international organizations. The European Commission is in charge of assessing the level of protection given by a territory or processing sector in a non-EU country. Where the Commission has not taken an adequate decision on territory or sector, transfer of personal data may still take place in particular cases or when there are appropriate safeguards in place.

Rights of individuals

Infographic - Data Protection Regulation

The GDPR lists the rights of the data subject, meaning the rights of the individuals whose personal data is being processed. These strengthened rights give individuals more control over their personal data, including through:

1. Clear Consent: The need for an individual's clear consent to the processing of his or her personal data
2. Easier Access: Easier access for the data subject to his or her personal data
3. Right to Rectification, Erasure, and 'To Be Forgotten': The right to rectification, to erasure, and 'to be forgotten'
4. Right to Object: The right to object, including to the use of personal data for the purpose of profiling.
5. Data Portability: The right to data portability from one service provider to another

The regulation also lays down the obligation for controllers (those who are responsible for the processing of data) to provide transparent and easily accessible information to individuals on the processing of their data.

Obligations for businesses and organizations

The GDPR establishes the general obligations of data controllers and of those processing personal data on their behalf (processors). These include the obligation to implement appropriate security measures, according to the risk involved in the data processing operations they perform. Controllers are also required in certain cases to provide notification of personal data breaches. All public authorities and those companies that perform certain risky data processing operations will also need to appoint a data protection officer.

Application of data protection rules

The regulation confirms the existing obligation for member states to establish an independent supervisory authority at national level and establishes a mechanism to create consistency in the application of data protection law across the EU. The GDPR establishes that a single supervisory decision is taken in cross-border cases where several national supervisory authorities are involved. This principle, known as the 'one-stop-shop' principle, means that a company with subsidiaries in several member states will only have to deal with the data protection authority in the member state of its main establishment. The European Data Protection Board makes sure that the GDPR is fully applied. This board consists of representatives of all 27 independent supervisory authorities. Individuals can lodge a complaint with a supervisory authority and have the right to judicial remedy and compensation. They have the right to have a decision by their data protection authority reviewed by their national court, irrespective of the member state in which the data controller concerned is established. Severe sanctions are provided for against controllers or processors who violate data protection rules. Data controllers can face fines of up to €20 million or 4% of their global annual turnover.

Transfers to non-EU countries

The GDPR also covers the transfer of personal data to non-EU countries and international organizations. The European Commission is in charge of assessing the level of protection given by a territory or processing sector in a non-EU country. Where the Commission has not taken an adequate decision on territory or sector, transfer of personal data may still take place in particular cases or when there are appropriate safeguards in place.

California & Other U.S. State Privacy Rights

Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents may have a right to:

• Access the categories and specific pieces of personal data Carmpus has collected, the categories of sources from which the personal data is collected, the business purpose(s) for collecting the personal data, and the categories of third parties with whom Carmpus has shared personal data
• Delete personal data under certain circumstances
• Correct personal data under certain circumstances
• Opt out of the "sale" of personal data or "sharing" of personal data for targeted advertising purposes. We do not sell your personal data in the conventional sense. However, like many companies, we may use advertising and analytics services that are intended to analyze your interactions with our website or app, based on information obtained from cookies or other trackers, including for delivering advertising to you (such as interest-based, targeted, or cross-context behavioral advertising). You can get more information and opt out of the use of cookies and other trackers on our website and app by clicking the Do Not Sell My Personal Information link, also on our homepage, and setting your preferences. You will need to set your preferences from each device and each web browser from which you wish to opt out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to re-select your preferred settings. California residents may also set the Global Privacy Control (GPC) to opt out of the "sale" or "sharing" of your personal information for each participating browser system that you use. Carmpus does not have actual knowledge that it "sells" or "shares" the personal information of consumers under 16 years of age.
• Appeal a denial of your request. Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision.

Consent: changes to Privacy Policy

By subscribing to the Carmpus products and services, you consent to the collection, use, and storage of your personal data by us as described in this Privacy We reserve the right to make changes to this Privacy Policy from time to time. We will inform you of any such changes by updating this Privacy Policy. If we make material changes to this Privacy Policy that increase our rights to use personal data that we have previously collected about you, we will obtain your consent either through an email to your registered email address.