Last Updated: June 4, 2020
Welcome to Grafted, a community development platform that engages with institutions to bring students, alumni and employers together for the purpose of personal and professional development.
From the onset, we’ve been intentional to design our platform in a way that respects the data privacy of both institutions and its members (e.g.students, alumni and university professionals). Ensuring you are ultimately in control of your data is at the foundation of everything we do.
Here is a quick summary for how we handle data privacy for both Members and Community Customer:
· Members are in complete control of whether or not their information is viewable within the community.
· Member data is not publicly viewable within theServices until that Member opts-in and completes the onboarding process.
· Members can delete their Member Profile at anytime.
· Community Customers receive administrative access to all data, including Member Accounts and Employer Customer Accounts.
· Community Customers control what data is automatically shared with Grafted in order to generate Member Accounts.
· Community Customers approve Member Accounts aspart of the Member Profile creation process, before such Member Profiles are made public within the Services.
· Community Customers grant access to EmployerCustomers.
WHAT WE COLLECT
We get information about Members in a variety of ways.
Information You Give Us. We collect your name, email address, username, password as well as other information you directly give us on our Services as part of creating a Member Profile during the onboarding process or your responses to surveys.
Information We Get From Others. We may get some information about you from other sources such as your Community Customer. If a Community Customer shares data governed by FERPA, such information will be protected as required by applicable laws.
Information Automatically Collected. We automatically log information about you and your computer. For example, when you use the Services, we log your computer operating system type, browser type, browser language, IP address, the website you visited before browsing to our website, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site.
How We Use Your Personal Data
Grafted processes, stores, and uses your personal information to serve you through its Services. Here are some common ways in which we use your personal information:
· Providing services such as allowing you to join live Q&A broadcasts, conduct video calls or appear in recommended connections with other Members in the community
· Delivering communications from other Members(e.g. alumni and other students) or potential employers by in-app messaging in accordance with your account settings
· Allowing you to contact employers
· Personalizing the Service. For example, we will recommend other Members as connections based on your job interests, graduation year and/or sport
· Operating, maintaining and improving our sites, applications, and services.
· Responding to comments and questions with regard to customer service.
· Researching new ways to improve the Grafted Services
When We May Share Your Personal Data
We will only share your personal data with third parties under the following circumstances.
· We may share personal information with your consent. For example, you may let us share personal information with others for purposes of career development.
· We may share personal information for legal, protection, and safety purposes.
o We may share information to comply with laws.
o We may share information to respond to lawful requests and legal processes.
o We may share information in response to lawful requests and legal processes. This includes protecting the safety of our employees and agents, our customers, or any person. We will notify you of the request to share information.
· We may share information with those who need it to do work for us, such as cloud service providers. These service providers are contractually obligated to take appropriate data security measures to keep your data safe.
SHARING OF AGGREGATED DATA
We may also share aggregated and/or anonymized data for a variety of purposes such as research, reporting, and other analytical purposes. Such aggregated data cannot reasonably be linked back to any individual.
INFORMATION CHOICES AND CHANGES
Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails.Non-marketing emails include emails about your accounts and our business dealings with you.
DELETING YOUR MEMBER PROFILE
You may delete your member profile at any time if you no longer wish for your information to be viewable within Grafted. In this way, you may opt out participating and we will delete the data you submitted as part of the onboarding process. Please note that if you choose to participate in the future, you will need to re-enter all information as part of re-creating your Member Profile.
THIRD PARTY SITES AND LINKS
The Services may contain links to third party sites. Grafted is not responsible for the privacy policies or practices of third-party sites, and we strongly encourage you to read the privacy policies of third-party sites to understand those policies and make an informed decision as to whether to share your information with those sites.Your interactions with third party sites, including social media sites, are governed by the privacy policies of each of those sites.
DO NOT TRACK
We are currently unable to recognize or honor Do Not Track (DNT) signals.
COOKIES AND SIMILAR TECHNOLOGIES
PROTECTING YOUR INFORMATION
We maintain security measures that are commercially reasonable in the industry. We take protecting your information very seriously, but please note that no method of storing or transmitting information on the internet is completely secure, and therefore we cannot guarantee or warrant the security of information you share with us. Despite taking reasonable precautions, it is impossible to protect all information from a breach, also referred to as a data breach or security breach.
Individuals under 16 are not permitted to use the Services without the express written consent of the both the Community Customer and parental consent. Such consent gives minors permission to use the services and is an agreement to be bound by these Terms.
We do not knowingly collect information from individuals under 13. If you believe we have unintentionally collected personal information from a minor under 13, please contact us immediately at firstname.lastname@example.org so that we can quickly delete such information.
CALIFORNIA PRIVACY RIGHTS
If you are a resident of California, the California Consumer Privacy Act(CCPA) gives you rights concerning your personal information. Here’s a summary of those rights:
Right to Know
· The right to know what information we have collected and disclosed in the last 12months
· What specific information we have collected
· The categories and sources of such personal information
· The categories of personal information and types of recipients to which that information was disclosed
· The categories of personal information and types of recipients to whom the information was sold
· The typeof business or purpose for collecting and selling the personal information
Deletion: You have the right to request that we delete certain personal information we have collected from you.
Opting out of Sales: You have the right to tell us not to sell your personal information to third parties.
Non-discrimination: We cannot discriminate against you for exercising these rights. Note that if you restrict certain personal information processing that we may not be able to provide the Services as intended.
If you are a California resident and would like to exercise any of the rights provided for by the CCPA, please submit a request at email@example.com with the subject line, “CCPA Request.”
Grafted complies with the EU-US Privacy Shield Framework provided by theUS Department of Commerce for the collection, use, and retention of personal information from residents of European Union member countries. The FederalTrade Commission has investigatory and enforcement powers over Grafted as part of our participation in Privacy Shield. If you would like to learn more aboutPrivacy Shield program, you may visit: http://www.privacyshield.gov
Grafted collects personal information and processes that information in away that is appropriate and relevant to the purposes for which such information was collected or authorized by individuals. In instances where we receive personal information from institutions or community organizations, those institutions or community organizations determine those purposes.
EEA and UK individuals have the right to reasonable access to the personal information about you that we hold. On request, we will also take reasonable steps to correct, update, amend or delete any information that is demonstrated to be inaccurate, except where the burden or expense of doing so would be disproportionate to the risks to your privacy in the case in question or where the rights of third parties would be violated. Where we process personal information on behalf of an Institution, we will direct any individual requests for access or to limit use or disclosure to the Institution, and we will work with such Institution in complying with such requests in accordance with applicable law and our obligations under Privacy Shield.
If our response to a complaint does not satisfy your concerns, you may submit your complaint to AAA, Grafted’s designated Privacy Shield dispute resolution provider, here: https://go.adr.org/privacyshield.html
If you have any questions about the information that we collect from youin reliance on Privacy Shield, please contact us at firstname.lastname@example.org.
If you are located in the European Union, and some other jurisdictions, you have certain rights regarding your personal information pursuant to GDPRand other legislation. For example, you may have the right to request access to your information, the right to update your information, and the right to have use rase personal information we have stored about you.
In many instances, you will be able to access, update, and delete some of your information by logging into your account. By deleting your Grafted MemberProfile, you will be deleting the information that you have provided to us.However, if you cannot access, update, or delete the information yourself, you should first contact your institution or community organizer and we will cooperate with that institution or community organizer to support your request.Otherwise, you can email us directly as email@example.com to exercise your rights and we will work with you in achieving the desired outcome as required by law.
2108 South Blvd.
Charlotte, NC 28203