This Security and Privacy Policy Exhibit is hereby incorporated to the Service Agreement or Master Services Agreement (“Agreement”), as attached herein between Company and Client.
Introduction to our Privacy Policy
Introduction to our Privacy Policy
Anthology Inc. of Missouri (f/k/a iModules Software, Inc.) (“Anthology,” “Company,” “we,” “us,” or, “our”) is a hosted constituent engagement portal which has been purchased for your exclusive use (“Services,” “System,” “Site,” or “Website”) by your affiliated college, university, or other organization (“Client”). “You,” “your,” “Constituent,” “Member,” or “User” is referring to an individual who visits or has access to any of our associated Websites or Services.
Anthology has created this privacy policy statement in order to demonstrate its firm commitment to privacy and to describe the information-gathering and dissemination practices for the Website or any use of our Services.
This Website may disclose personal information (see the Personal Information section) when required by law or in the good-faith belief that such action is necessary to conform to the edicts of the law or comply with a legal process involving the Website.
Collection and Use of your Personal Information
Personal Information
This Site's registration form requires you to provide your Personal Information which will be used to identify you or a User. Such information may include your: full name, address, email address, password, gender, city, state, country, and zip code (“Personal Information”). You may also choose to provide optional information, such as maiden name, nickname, birthday, occupation, company, spouse's name, photos, or personal comments as part of your profile. You may update any of this information at any time by accessing your profile by clicking the "edit account information" link, or equivalent, in the navigation menu. You may opt out of receiving email communications from this community (see the Email Subscription/Opt-Out section). All date of birth data values are stored encrypted. Please note we do not support the collection or storage of any sensitive personal information relating to government issued identifications from you or our Clients on our Site (see the Personally Identifiable Information section for details).
Access to Personal Information
We provide Clients and their Constituents with reasonable access to an individual’s Personal Information maintained within our System. In addition to your ability to update Personal Information within your profile; you can contact us for inquiries to correct, amend, or delete inaccurate Personal Information. However, Anthology may deny access to Personal Information when providing such access is considered unreasonably burdensome, expensive, or as otherwise permitted under the Privacy Shield principles. See the Contacting the Website section for details on Clients and their Constituents resting access to an individual’s Personal Information.
Use and Disclosure of Personal Information
Our Services helps Clients advance fundamental engagement to you as a Constituent. In support of our Clients, we collect demographic data, such as your first and last name, email address, and other contact information (postal address and telephone number) to authenticate and enhance targeted communication to meet the Client’s objectives. As a User, we collect your Personal Information, as needed, to process your gift contributions, Membership dues, event registrations, etc. Additionally, we will aggregate your Personal Information in an anonymous manner to compile statistical and performance information related to the operation of our System (“Aggregated Anonymous Data”). Anthology uses Aggregated Anonymous Data in order to create product and Service enhancements; provided, that such information does not incorporate any of our Client’s data, your Personal Information, or additional data you and our Clients provide. Our use of your Personal Information and Aggregated Anonymous Data is strictly limited to the extent necessary to perform the Services for our Clients. This includes Anthology, our parent, subsidiaries, affiliates, and service providers.
EU and Swiss individuals have rights to access their Personal Information, and limit use and disclosure such Personal Information. Unless authorized by you; we will not use or disclose your Personal Information or other data identifiable to you that are outside the original intent necessary for our Site. As noted in the Access Personal Information Section above; individuals have the ability request access, limit our use or disclosure (opt out) through Anthology Customer Support (see Contacting the Website section). We will work with your University for any individual inquiry or opt out request received. Additionally, we may disclose your Personal Information if we are required to do so under applicable law, public authorities, enforceable government request, meet national security, or when we believe disclosure is necessary to prevent harm or financial loss or in connection with suspected or actual illegal activity.
As noted in our Personally Identifiable Information section below, Anthology does not collect sensitive personal information; including, but not limited to, government issued identifications, medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or other sensitive information as defined by the Privacy Shield framework.
Cookies
This Website uses cookies to recognize you and allow you to automatically log in without re-entering your user name and password each time you visit our Site. The cookies are encrypted and do not save any personally identifiable information about you, such as your user name, password, or email address (see the Personally Identifiable Information section for further details). If cookies are disabled in your browser, you can still use the Site but you will be required to enter your password each time you visit.
Personal Profile and Directory Information
Your Personal Profile features information you may wish to share with other Site Members on your Profile Page. Only people who are Members of this Site can view other Members' Profile Pages. The only information automatically displayed on your Profile Page is your first name, last name, and selected additional information. Additional information fields from your Personal Profile information — including comments and other personal information you choose to share, along with any photos — will appear only if you have opted to provide those items and have also selected to have those fields in your Profile Page View.
Credit Card Transactions
Some features of this Site enable credit card transactions. These features are completely voluntary to Members. They include the purchasing of event registrations, merchandise purchases, online donations, membership purchases, or the payment of other types of fees through the Site (see the PCI section).
Use of our Site and Services
Fraudulent Behavior
This is a community site that is based primarily on Member input. This Site cannot guarantee the accuracy of information presented. However, anyone demonstrated to have engaged in fraudulent behavior may be subject to (but not limited to) loss of privileges as a member as well as face prosecution to the fullest extent of the law.
Email Subscription Opt-Out
The Site provides you with the opportunity to choose to receive email communications about this Site and the groups you are registered with, as well as emails from other Members. In all email communications you receive from this community — except confirmation emails for event registrations, purchases, donations, or other payments — you will be provided an unsubscribe option to opt out of the specific email communication type. You can also modify the email types you receive at any time by going to your account profile and changing your opt-in status.
Photo, Blog, and other Personal Content Policy
This Site retains the right to remove or reject any content that it deems obscene or objectionable, or has been reported as such by other members. In addition, the Client licensors of the Website can at any time deem content to be objectionable and can remove it from the Site. This Site does not endorse any user generated content that is posted on the Site. Members will not post copyrighted content without permission from the owner. Members understand content — whether it be text, graphic, or audio visual — is the sole responsibility of the person from which such content originated. This Site is no way responsible for the accuracy, integrity, or quality of such content.
Links to Other Sites
This Site contains links to other sites. This Site is not responsible for the privacy practices or the content of such websites.
Compliance and Security
Security
Anthology treats the security of our Clients’ data and Constituent data with utmost importance. We take many precautions at the infrastructure and software layers to deliver the highest level of protection for your Personal Information and other additional Constituent data provided by you or our Clients. Anthology owns and operates the database and web servers that host Clients' websites and, stores Client and Constituent data, including your Personal Information. These servers are protected by securely configured firewalls that prevent data from being accessed via the Internet. Each of our Client's data, Personal Information, and other additional Constituent data are stored in a dedicated database; this prevents the intrusion or corruption of data. In addition, our Clients' data catalogs cannot see or access each other's data.
SSL
Measures have been taken to make transactions secure for Members on our Sites and transaction pages. Login, electronic commerce, and administrative activity are transmitted over an industry standard Secure Socket Layer (“SSL”).All commerce transactions encrypt your Personal Information including name, address, and credit card number to prevent unauthorized access as the information travels over the Internet. Clients can elect to have site activity data transmitted securely by adding full site SSL certification as an additional service.
Logins and Passwords
Strong passwords are required for each login, and they are stored in a format that cannot be read by administrators or employees. Multiple failed logins or lost login requests are challenged by reCaptcha. An administrative rights system restricts authenticated but unauthorized access to Constituent data.
Personally Identifiable Information (PII)
Anthology does not support the collection, storage, or display of sensitive personal information or personally identifiable information in our System or use of our Services. We define “Personally Identifiable Information” or “PII” as information which includes: (i) Family Educational Rights and Privacy Act (FERPA); (ii) Health Insurance Portability and Accountability Act (HIPAA); or (iii) government issued identifications, including, but not limited to, Social Security Numbers, Driver License Numbers, and Individual Taxpayer Identification Numbers.
As part of our company policy, we maintain confidentiality and security features consistent with commercially reasonable industry standards which are appropriate to protect our System, as well as any data provided by you and our Clients. To the extent Personal Information or other additional Constituent information you provide is stored in our System, such information is treated as confidential information by Anthology. Our security standards and data protection cover the data entered and maintained within the system. Client’s authorized administrators are also require to follow proper guidelines and standards in the use of the data and our Services to prevent unintended access of all data we maintain within our System. Accordingly, we offer our Clients comprehensive product training which includes setup and configuration of the Site, as well as ongoing product support, for purposes of ensuring Clients adhere to our confidentiality standards and proper use of our System. However, Clients are responsible for process and procedures to ensure the proper use of our Services, including data provided by you and our Clients comply with all applicable governing laws related to your Personal Information and confidentiality.
PCI Compliance
Anthology takes the responsibility of your cardholder data seriously and maintains compliance with Payment Card Industry Data Security Standards (PCI DSS) by meeting all security requirements to help ensure commerce-based transaction data is protected. We are certified compliant as a Level One Service Provider by a Qualified Security Assessor (QSA), authorized by the PCI Security Standards Council. Anthology's processes, procedures, network configuration, and overall environment conform to all of the security guidelines as defined in the PCI DSS standard and are annually verified by an external auditor. This Level One compliance, the highest level of PCI DSS compliance, helps ensure your e-commerce transaction data is securely protected, transmitted, and stored by Anthology. As part of Anthology’s policy, datacenters hosting the Site must maintain their own annual SSAE 16 audit. Upon a Client’s request, Anthology will provide the current attestation of compliance for PCI DSS as well as a certified SSAE 16, or equivalent review. The attestation and certified SSAE 16 are completed by an external audit firm, on behalf of the datacenter used for our Services.
Privacy Shield
Anthology complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of Personal Information from the EU and Switzerland, including the onward transfer liability provisions. Anthology has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
In compliance with the Privacy Shield Principles, Anthology commits to resolve complaints about our collection or use of your Personal Information. EU and Swiss individuals should first contact Anthology with inquiries or complaints regarding the Privacy Shield policy (see the Contacting the Website section below). Anthology has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If Anthology fails to respond within a reasonable time, or if our response does not address your concerns, you may contact the EU DPA’s or FDPIC, as applicable, for more information or to file a complaint. The services of the EU DPA’s or FDPIC are provided at no cost to you. Under certain conditions, specified on the Privacy Shield website, you may invoke binding arbitration as outlined in Annex I of the Privacy Shield Binding Arbitration Mechanism.
As a final point, Anthology commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
California Consumer Privacy Act (CCPA)
Effective January 1, 2020, this CCPA section of our Security and Privacy Policy contains information required by the CCPA and supplements our Security and Privacy Policy. Please note CCPA is not applicable to Anthology since as a Service Provider, Anthology primarily conducts business with non-profit organizations within the higher education industry.
If in the rare instance the Anthology hosted site you are visiting is outside of the non-profit or higher education industry and if you reside in California, then you have the following rights:
- You have the right to request the deletion of your personal information.
- You have the right to request us to disclose to you, no more than twice in a 12-month period, the personal information about you that we collect, use, disclose, and sell during the preceding 12 months. You can contact us as set forth in Section 12 of this Security and Privacy Policy.
- Anthology will not discriminate against you because you exercised your rights under this section of the Security and Privacy Policy.
Furthermore, we do not sell your personal data, so we do not offer or require an opt-out to the sale of personal data. For a description of the personal data we collect please see ‘Collection and Use of your Personal Information’ Section within this Security and Privacy Policy.
General Inquiry and Other Policy Items
Updates to This Privacy Policy
On an annual basis, this Site has the right to make changes or additions to this policy at any time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Policy. If you have questions regarding this policy, please check this policy periodically or contact Customer Support.
Contacting the Website
If you have any questions about this privacy statement, the practices of this Site, or your dealings with this Website, please contact Customer Support at info@imodules.com or (913) 888-0772..
Last updated August 1, 2020.