This Policy is incorporated into, and is subject to, our Terms of Service. Capitalized terms used but not defined in this Policy have the meaning given to them in our Terms of Service.
What University of Michigan and RahRah does with your data:
As described in detail below in legalese, here are the uses University of Michigan and RahRah makes and does not make of data about you, whether it is data you directly supply or data we collect through the Service:
- University of Michigan and RahRah does not sell your personally identifiable information. Any information University of Michigan and RahRah may sell will consist of aggregated data which cannot be traced to an individual user.
- University of Michigan and RahRah may transfer your personally identifiable information to your educational institution if you are a student, employee, or faculty member of an educational institution that is a University of Michigan and RahRah customer. Most of the information University of Michigan and RahRah provides back to its customers consists of aggregated data which cannot be traced to an individual user. However, to enhance our customer’s use of University of Michigan and RahRah for its core mission of improving campus engagement, information about you that is generated through the Service may be provided to your educational institution.
- University of Michigan and RahRah may transfer your personally identifiable information to a person or entity on an “opt-in” basis. If and only if you opt in to such a service, the Service may provide notification of specified activity or non-activity to a person or entity you have designated. This is not a currently enabled feature but in the future you might, for example, be able to designate an emergency contact through the Service who would be notified upon certain events. This will be on an opt-in basis only and you will not be required to opt in to use the Service in general.
- Collection of Information
- We collect different types of information from or through the Service. If you are using the Service as a student or employee of an educational institution, that institution may provide us with directory-type information to better tailor the Service to your interests. In general, we collect only Personal Information related to providing the Service and that the processing is carried out in the legitimate interest of providing the Service both to you and in providing statistical, non-personal information to the customers who pay us to provide the Service, which are further explained in the “Use of Information” section. We may also process Personal Information upon your consent, asking for it as appropriate.
- User-Provided Information
- When you use the Service, you may provide and we may collect certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: first name, last name, email address, username, password, student ID and, if you are a student of one of our customer institutions, directory-type educational data (course timetable, major, degree program, assignments, grades, attendance tracking, financial information, etc.). Personal Information also includes other information, such as preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Information in various ways on the Service. For example, when you use the Service, send us customer service-related requests, register for an account, interact with other users of the Service through communication or messaging capabilities, etc. If you choose to withhold any Personal Information requested by us, it may not be possible for you to gain access to certain parts of the Service.
- When you use the Service, we may collect information about your location. With your permission, we may also collect information about your precise location using methods that include GPS, wireless networks, cell towers, Wi-Fi access points, and other sensors, such as gyroscopes, accelerometers, and compasses.
- Our Services may also send push notifications to your mobile device. If you have previously consented to receiving push notifications and no longer wish to receive them, you can also turn push notifications off at the device level. Our Services may also request access to your device’s calendar application, camera, and gallery. If you have previously allowed access to your device’s calendar camera and/or gallery, and no longer wish to allow access, you may edit the application settings at the device level.
- Automatically Collected Information
- When you use the Service, we may automatically record certain information from your device by using various types of technology, including cookies and similar technologies. This automatically-collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content you view or interact with on the Service, and the dates and times of the visit, access, or use of the Service. We also may use these technologies to collect information regarding your interaction with email messages, such as whether you open, click on, or forward a message. You may limit the automatic collection of certain information by our Service, for instance by disabling the cookies using your browser options. Please be aware that by doing so it may prevent you from using specific features on our Service, such as maintaining an online account. We use automatically-collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering your information so that you will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of Service; (iv) monitor aggregate site usage metrics such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service.
- Integrated Services
- Information From Other Sources
- We may obtain information, including Personal Information, from third parties and sources other than the Service, such as our partners and Integrated Services. If we combine or associate information from other sources with Personal Information that we collect through the Service, we will treat the combined information as Personal Information in accordance with this Policy.
- Use of Information
- We take steps designed to ensure that only those employees who need access to your Personal Information to fulfill their employment duties will have access to it.
- We use the information that we collect in a variety of ways in providing the Service and operating our business, including:
- providing information to you through the Service that is timely and appropriate for your location and status; for example if you are a student on campus the Service may inform you about upcoming nearby events of particular interest to students within your major or degree program.
- operating, maintaining, enhancing and providing all features of the Service, responding to your requests for services and information as well as responding to respond to comments and questions support requests to users of the Service;
- analyzing usage trends and preferences of our users, improving the Service, and developing new products, services, feature, and functionality;
- sending you communications subject to applicable laws; or
- complying with applicable legal and regulatory requirements.
- Communication of Information
- In certain circumstances, in order to perform the Service, we may disclose certain information that we collect from you:
- within our family of companies, including parents, corporate, affiliates, subsidiaries, business units, and other companies that share common ownership;
- with your educational institution if you are a student or employee of one of our educational institution customers in order to carry out our obligations toward them;
- with third-party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Information as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information;
- with law enforcement and governmental entities when required by law. For greater clarity, we may disclose Personal Information or other information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies; and
- When we disclose your Personal Information to third parties, we take reasonable measures to ensure that the rules set forth in this Policy are complied with and these third parties provide sufficient guarantees to implement appropriate technical and organizational measures.
- We may finally make certain automatically-collected, aggregated, or otherwise non-personally-identifiable information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding user interests, habits, and usage patterns for certain programs, content, services, and/or functionality available through the Service.
- Security and Retention
- We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. Both at our own facilities and through our hosting contractors, we maintain appropriate physical, technical and administrative safeguards to protect Personal Information against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Information in our possession. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or administrative safeguards. If you believe your Personal Information has been compromised, please contact us as set forth in the “Contact” section. If we learn of a security systems breach, we will inform you and the authorities of the occurrence of the breach in accordance with applicable law.
- We will only keep your Personal Information for as long as reasonably necessary to fulfill the relevant purposes set out in this Policy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which your Personal Information will be kept, please contact us as set forth in the “Contact” section.
- Data Transfer
- While the Service uses hosting facilities in the United States, if you travel outside the United States, your Personal Information may be temporarily stored in encrypted form during transmission from your location to our hosting facilities in the United States. In most cases, this will consist only of encrypted transmission to our hosting facilities in the United States. By using the Service, you consent to the transfer of information to countries outside your country of residence, which may have different data protection rules than in your country. While such information is outside of the United States, it may be subject to the laws of the country in which it is held, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. However, our practices regarding your Personal Information will at all times continue to be governed by this Policy and, if applicable, we will comply with the General Data Protection Regulation (“GDPR”) requirements providing adequate protection for the transfer of Personal Information to non-EU/EEA countries.
- Third-Party Services
- The Service may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through the Service. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through the Service. We encourage you to learn about third parties’ privacy and security policies before providing them with information.
- Rights Regarding Personal Information
- To make sure that the Personal Information we maintain about you is accurate and up to date, please inform us immediately of any change in your Personal Information through the application. Some of the Personal Information we maintain about you is collected through integrations with third parties; if this is the case and the third party continues to provide inaccurate information, it may be necessary for you to contact the third party and we will provide you with information adequate to do so.
- If the GDPR is applicable or if you are located in California, you may be entitled to specific rights provided by law including: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your Personal Information and certain other supplementary information, under certain conditions; (iii) the right to object to unlawful data processing, under certain conditions; (iv) the right to erasure of Personal Information about you, under certain conditions; (v) the right to demand that we restrict processing of your Personal Information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, or believe your Personal Information is inaccurate; (vi) the right to data portability of Personal Information that you provided us in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to lodge a complaint with data protection authorities. If you want to learn more about your rights under the GDPR, you can visit the European Commission’s page on Data Protection at: http://ec.europa.eu/justice/data-protection/index_en.htm. Please note that the term Personal Information used in this Policy is equivalent to the term “personal data” under the GDPR. With regard to rights you may have under California law, at this time we do not buy or sell the personal information of more than 4 million consumers and accordingly, there are no metrics to report associated with such purchase or sale.
- If you are entitled to rights under California Law, you may request such rights through firstname.lastname@example.org or through mail directed to RahRah at 379 West Broadway, Suite 402, New York, NY 10012.
- If you submit a request under these laws, in order to protect your Personal Information from inadvertent disclosure through these processes, you will need to provide a notarized affidavit attached to your request for such information. The notary process requires that you provide a form of photographic identification sufficient for a notary in your location to confirm identity and that you sign in front of the notary. You will also need to submit a notarized affidavit if you are designating a third party to make a request on your behalf.
- Data Controller / Data Processor
- Under the GDPR, we are acting both as a “Data Controller” and as a “Data Processor”. As Data Controller, we are responsible for safeguarding the data of our customers as they interact directly with our Service. As Data Processor, we are responsible for safeguarding the data of our customers’ users as it flows through our system.
- Children’s Privacy
- The Service is not directed to children under the age of 16, and we do not knowingly collect Personal Information from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Information has been collected on the Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has provided Personal Information, then you may alert us as set forth in the “Contact” section and request that we delete that child’s Personal Information from our systems.
- Financial Incentive
- There is no charge to you to use the Service and there is no financial incentive to you to provide or decline to provide your Personal Information. We do not sell your Personal Information. If you decline to provide certain Personal Information, the Service may be less useful to you and some features may not be available.
- Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision, and will comply with applicable law. Your continued use of the Service after the revised Policy has become effective indicates that you have read, understood, and agreed to the current version of the Policy.
- If you have any questions or comments about this Policy or your Personal Information, to make a written access or correction request, to exercise any applicable rights, to make a complaint, or to obtain information about our policies and practices with respect to any service providers outside the United States, our Privacy Officer can be reached by mail or email using the following contact information:
[Last Update: January 2023]