Covista Inc. privacy policy

Cookies and similar technologies

We, as well as third parties that provide content or other functionality for our Services, may use cookies, pixel tags, web beacons, local storage, and other technologies to automatically collect information through the Services. These tracking technologies are small data files downloaded to or stored on your computer, tablet, mobile phone or other internet-enabled device that enable us to record certain pieces of information whenever you visit or interact with our email communications, website, applications, tools, and other online services. These technologies allow us to understand who has interacted with us and also help us to operate our Services more efficiently, personalize your experience on our website, improve our content and offerings, engage in analytics and measurement, and show you advertisements in which you may be interested. These technologies also help us deliver online advertising to you.

• Cookies. Our website uses cookies that fall into the following categories: Strictly Necessary, Functionality, Performance, Third-Party and Marketing and Advertising. For more information on cookies, please read our Online Cookie Policy at the appropriate website’s footer (i.e., Covista Inc., Walden University, LLC, Chamberlain University LLC, RUSM (Barbados) Inc., Ross University School of Veterinary Medicine (St. Kitts) Limited, and AUC School of Medicine B.V.)
• Pixel tags/web beacons. A pixel tag (also known as a web beacon) is a piece of code embedded on the website that collects information about users’ engagement on that web page. The use of a pixel allows us to record, for example, that a user has visited a particular web page.
• Interest-based advertising. We permit third parties to use technologies on our website to collect information about your device and your use of our Services to advertise products and services to you that are tailored to your perceived interests, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. Such third parties may act on our behalf, and we may grant them the right to use your information for their own purposes. Typically, the information used for interest-based advertising is collected through cookies and other tracking technologies which recognize the device you are using and collect information about it and your use of our website and other websites and applications over time, including click stream information, browser type, time and date you visited the Services, AdID, precise geolocation and other information. For example, one such third party vendor, Google, shows our ads and uses cookies to serve ads based on a user’s prior visits to this website. We also use data analytics to serve ads based on a user’s prior visits to this website. Click here for more information about Google Ads.
• Analytics. We also use Google Analytics and Google Analytics Demographics and Interest Reporting to collect information regarding visitor behavior and visitor demographics for some of our Services and to develop content. Click here for more information about Google Analytics.
• Social media. Our website may include social media features, such as Twitter or other widgets. These social media companies may recognize you and collect information about your visit to our website, and they may set a cookie or employ other tracking technologies. Your interactions with those features are governed by the privacy policies of those companies.

Your choices in relation to tracking and online advertising

• Users can visit Google Ad for more information about its settings. 
• Users can visit Google Analytics for information on how to opt-out of Google Analytics.
• To opt-out of third-party interest-based advertising from advertisers and third parties that participate in certain self-regulatory programs, please visiting the Network Advertising Initiative and the Digital Advertising Alliance. Alternatively, you may opt-out of this advertising if you are located in the European Union by visiting Your Online Choices. Opt-outs are generally device and browser specific, meaning that you will need to opt-out on each device and browser you use. Please note, even if you opt-out of interest-based advertising, you will continue to receive generic ads.
• Users can manage their cookie preferences by utilizing the online cookie preference center by clicking on the “Cookies Settings” or “Do Not Sell or Share My Personal Information” link on the web page footer.
• For California users, please see our California Notice at Collection and Privacy Notice.

Security

To help protect the privacy and security of your personal information we use reasonable security measures, including administrative, technical, and physical measures. These measures are designed to protect against loss, misuse or unauthorized access, disclosure, alteration, or destruction of your personal information. Additionally, we train our colleagues about the importance of confidentiality and maintaining the privacy and security of your personal information.

While we do our best to protect your personal information, please be aware that no security measures are perfect or impenetrable. If you know or have reason to believe that your personal information has been lost, stolen, misappropriated, or otherwise compromised, please see the final section of this policy for ways to contact us.

International transfer of personal information

Covista operates and processes personal information in multiple jurisdictions. Personal information may be collected, used, disclosed, stored, and processed in a jurisdiction other than where you reside or are located, including in the United States where we are based and in other countries including United Kingdom, Portugal, France, Germany, Canada, India, Barbados, St. Kitts, and Sint Maarten where the parties listed above are based for the purposes outlined above. These jurisdictions may have data protection laws that differ from your home jurisdiction. For individuals located in the EEA and UK, we are committed to protecting the privacy and confidentiality of your personal information when it is transferred. Where we transfer personal data from the EEA or UK to a country that is not subject to an adequacy decision issued by the European Commission, we rely on appropriate safeguards, such as the European Commission’s standard contractual clauses or the UK Addendum to the EU standard contractual clauses, as applicable. You may request a copy of the relevant safeguards by contacting us using the contact details listed at the end of this Privacy Policy.

We keep personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. In doing this we will have regard to the amount, nature, and sensitivity of the personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and applicable legal requirements.

Any links to third-party websites on our site are provided solely as a convenience to you. We do not endorse or make any representations about these websites or any products, materials, or services. Any personal information you provide on these third-party websites is subject to the privacy practices and policies of those sites. We do not accept any responsibility or liability for the privacy practices or content of any websites or services that are not operated by or for us.

Parents/guardians

Our Services are not directed to children as defined under applicable law. We do not knowingly collect any personal information from children. If we become aware that we have unknowingly collected personal information from a child (as defined under applicable law), and do not have parent or guardian consent on file, we will endeavor to delete such personal information from our records. If you believe we are incorrectly processing the personal information of a child, we recommend you contact us as provided in the final section of this policy.

Changes to this privacy policy

This Privacy Policy may be updated periodically. If we make material changes, we will attempt to let you know via email or other communication. We encourage you to periodically review this page for the latest information on our privacy practices. As long as you continue to use the Services, you agree to this Privacy Policy and any updates we make to it. We will not, however, use your personal information in a manner that is materially different than what we disclosed to you at the time the personal information was collected without your consent.

If we make any retroactive material change to our privacy practices, we will notify affected individuals. For personal data collected prior to the effective date of such changes, we will provide an opportunity for individuals to withdraw consent to any materially different collection, processing, or sharing of their personal data.

How to contact us

If you have any questions or concerns about this Privacy Policy, contact us at:
Covista Inc.
233 S Wacker Drive
Suite 800
Chicago, IL 60606
Email Us:  privacy@covista.com

Notice for US residents in certain states

Residents of US states including Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia may have the following rights, subject to certain limitations:

• Access. To confirm whether we are processing their personal information and to obtain a copy of their personal information in a portable and, to the extent technically feasible, readily usable format.
• Deletion. To delete their personal information provided to or obtained by us.
• Correction. The right to correct inaccuracies in their personal information, taking into account the nature and purposes of the processing of the personal information.
• Opt-out. To opt out of certain types of processing, including:
  • to opt out of the “sale” of their personal information;
  • to opt out of targeted advertising by us; and
  • to opt out of any processing of personal information for purposes of making decisions that produce legal or similarly significant effects.
• Revoke consent. If you have provided your consent in order for us to process your personal information, you may revoke such consent.

You may submit a request to exercise your privacy rights by emailing us at privacy@covista.com. To opt out of the use of your online browsing information for purposes of “sales” or targeted advertising by us, you can adjust your cookies settings by using the cookie banner popup on our Site or by clicking Cookie Settings or Do Not Sell or Share My Personal Information in  the footer. In addition, our website responds to global privacy control—or “GPC”—signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of “sale” and/or targeted advertising (i.e., via cookies and tracking tools) on our Site.
We will respond to your request as required under applicable U.S. privacy law(s). When you submit a request, we will take steps to verify your identity and your request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for the denial. 
To the extent required under applicable U.S. privacy laws, if we deny your request, you may appeal our decision in accordance with the instructions we provide in our response.
To the extent permitted under applicable U.S. privacy laws, you may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization, and we may also require the relevant consumer to directly verify the identity and authority of the authorized agent.
If you are a resident of Delaware, Minnesota, or Maryland, you may contact us at privacy@covista.com to request a list of the third parties with whom we have disclosed your personal information. Please note, the categories of third parties that we disclose personal information to generally are listed in the Disclosing Personal Information section above.

Sale of Personal Information

While we do not disclose personal information to third parties in exchange for monetary compensation, our use of third-party analytics and advertising cookies may be considered “selling” under applicable privacy laws. We may “sell” the following categories of personal information: identifiers; commercial information; location information; and Internet and network activity information. We may disclose these categories to third-party advertising networks and analytics providers for purposes of marketing and advertising, to improve and measure our ad campaigns, and to better understand user activity on our Sites. You may opt out of the sale of your personal information as further described above. 
 

California notice at collection and privacy notice

This Covista California Notice at Collection and Privacy Notice (“California Privacy Notice”) should be read in conjunction with the Covista Online Privacy Policy. This California Privacy Notice applies to information collected on our Services. We have adopted this notice pursuant to the California Consumer Privacy Act of 2018, as amended (“CCPA”) and it applies only to residents of the State of California (“you”).

Scope

Some personal information we collect from you may not be covered by this California Privacy Notice because certain personal information collection and processing activities are exempt from the CCPA. Therefore, this California Privacy Notice and the California privacy rights set out below may not apply to you or to all your personal information.

Collection, use and disclosures of personal information

The below sets out our relevant data collection and processing practices over the last 12 months. Our collection, use, and disclosure of personal information depends on your relationship with us and your interaction with the Services. 

Categories of personal information we collect

• Identifiers, such as, name, postal address, email address, phone numbers, online identifiers, or IP address.
• California Customer Records, such as, name, address, or phone numbers.
• Characteristics of Protected Classifications Under California or Federal Law, such as race, sex, gender, sexual orientation, marital status, military or veteran status, nationality.
• Commercial Information, such as, products or services purchased and other purchasing or consuming tendencies.
• Internet or Other Electronic Network Activity, such as, browsing history, search history, or website or advertisement interaction.
• Geolocation Data, such as, IP address or physical location.
• Audio, Video and Other Electronic Data, such as, photos, call recordings, or CCTV footage.
• Professional and employment-related information, such as business contact details, job title or employer.
• Education information (as defined in 20 U.S.C. § 1232g(a)(4)(A), 34 C.F.R. Part 99), meaning education records directly related to students maintained by us or a party acting on our behalf, such as grades, transcripts, class lists, student schedules, student identification codes, and student disciplinary records.
• This also includes student directory information (as defined in 20 U.S.C. § 1232g(a)(5)(A); 34 C.F.R. Part 99.3), including information such as a student’s name, address, telephone listing, date and place of birth, major field of study, participation in officially recognized activities and sports, weight and height of members of athletic teams, dates of attendance, degrees and awards received, and the most recent previous educational agency or institution attended by the student.
• Inferences drawn from this information, such as, a profile reflecting preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
• Sensitive personal information, such as social security number, criminal history, driver’s license information, state ID card, or passport number; racial or ethnic origin; biometric information; health data.

Disclosures of Personal Information. We may disclose each category of personal information listed above to our service providers who perform functions on our behalf (e.g., for purposes of IT services, data storage, etc.).
Categories of Sources. We generally collect personal information from the following categories of sources:

• Directly or indirectly from you.
• From your device.
• Automatically, such as via cookies and other tracking technologies.
• Our business partners, affiliates, and group companies.
• Data analytics providers.
• Advertising networks, social media, and related third-party platforms.
• Third party background check providers.
• Third parties such as the U.S. Government and other educational institutions.
• Operating systems and platforms.

Purposes of collection, Use, and disclosure 

As more fully described in the How We Use the Personal Information Collected  section above, we may collect, use, and disclose your personal information for the following purposes:

• Services and Support.
• Financial Operations
• Marketing and Advertising.
• AI Training and Improvement.
• Student Admissions and Management.
• Customization and Personalization.
• Contests and Promotions.
• Research and Surveys.
• Security, Protection of Rights, and Fraud Mitigation.
• Compliance and Legal Process.
• General Business and Operational Support.
• As Otherwise Described.

Sensitive personal information.

We do not collect, use, or disclose sensitive personal information beyond the purposes authorized by the CCPA. Accordingly, we collect sensitive personal information for the following purposes:

• Social security number, driver’s license information, state ID card, or passport number: For identification purposes when you are applying for admission to one of our institutions or programs, and to identify you once you are on our premises.
• Racial/ethnic origin: When you make an application for admission to one of our institutions or programs, an application form asks you about your racial/ethnic origin. You are not required to give us this information but if you choose to do so we only use it for equal opportunities monitoring and share it with appropriate government agencies for this purpose.
• Health data; biometric information: 
  • All applicants deemed academically eligible by a Covista institution may need to initiate drug, background and fingerprint screenings and either clear all screenings within 120 days of the session start date or sign a self-attestation and disclosure indicating their ability to clear all screenings within 120 days of the session start date before the applicant is granted acceptance. Through these checks, we may potentially process health data, criminal convictions and offences data, and your biometric fingerprint information from a third-party background check provider. If such a background check is necessary, we, or one of our institutions, will ask you whether we can do this. We only use this data for the purposes of conducting a fraud and security check and clearing your application for certain pre-licensure programs. We retain this data while you are active in the program and for six years after you leave the program.
  • Once your application to one of our courses or programs has been accepted, we collect details of any medical conditions you may have, your health insurance information and we may be able to infer information about your racial or ethnic origin from your nationality or from your passport. We only use this information for assisting students with any conditions you may tell us about so that we can arrange any additional support or make any necessary arrangements for you.
• Religious or health data: When attending events, you may be asked for this information so that Covista may arrange the appropriate accommodation for you.

Sales and sharing of personal information

The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third-party for purposes of cross-context behavioral advertising. We disclose the following categories of personal information to third-party cookie and other ad-tech providers, who may further disclose your information throughout the digital advertising ecosystem. Such disclosures may be considered a sale or sharing for purposes of the CCPA.

• Identifiers.
• Internet or other electronic activity information.
• Geolocation data.
• Inferences drawn from personal information such as preferences, characteristics, and behaviors.

We do not sell or share sensitive personal information about individuals who we know are under age sixteen (16).

Retention of personal information

We retain the personal information we collect only as long as it is strictly necessary to fulfill the purposes described above or otherwise disclosed to you at the time of collection.

California privacy rights

To the extent provided by law and subject to applicable exemptions, you have the following rights in relation to the personal information about you that we have collected:

• Right to Know: You have the right to request the following information relating to our collection and use of your personal information:
• Categories of personal information we have collected about you;
• Categories of sources of the personal information we collected about you;
• Business and/or commercial purposes for collecting or, if applicable, selling that personal information;
• Categories of third parties to whom we have disclosed personal information for a business purpose; and
• Specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request that we delete your personal information. Subject to certain exceptions, we will endeavor to delete your personal information and direct any service provider to delete your personal information.
• Right to Opt-Out: You have the right to opt out of the sale and sharing of your personal information, including for purposes of cross-context behavioral advertising, also known as targeted advertising. 
• Right to Non-Retaliation: You have the right not to be subject to retaliatory treatment for exercising any of the rights described above.
• Right to Correct Inaccurate Personal Information: You have the right to request corrections to inaccurate personal information that we may hold about you.
• Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information—like precise geolocation, biometrics, race, religious beliefs, and health data—beyond core business purposes.

California residents may exercise any privacy rights to which you are entitled by contacting us at privacy@covista.com or calling us at 1-866-653-5656. You may make up to two “right to know” requests within a 12-month period.

To exercise your right to opt out of sales and sharing, you may use our cookie banner or click on the “Cookies Settings ” or “Do Not Sell or Share My Personal Information” link located in the footer of our web page and manage your preferences. In addition, if we detect that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or (“GPC”) signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our Site or use our Services from a different device or from a different browser on the same device, you will need to opt-out, or use an opt-out preference signal, for that browser and/or device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

Verification. We will need to verify you identify before processing your request. In order to verify your identity, we will generally either require you to login to your account or we must be able to match certain information you provide us to the information we maintain about you. Certain requests may require us to obtain additional personal information from you. In certain circumstances, we may decline a request to exercise the right to know and/or right to deletion, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

Requests Submitted by Authorized Agents. You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

Do Not Track
Our entire site currently does not respond to “Do Not Track” signals. However, our site responds to other opt-out preference signals as required by law. 
 

EEA and UK notice

Purposes of collection, use, and disclosure

As more fully described in the How We Use the Personal Information Collected section above, generally, we may collect, use, disclose and otherwise process personal information for the following purposes and in reliance on the legal bases described:

• Services and Support.
• Legal bases: necessary for the performance of our contract with you or otherwise in our legitimate interests to provide you with the relevant information, products, or services.
• Financial Operations.
• Legal bases: necessary for the performance of our contract with you or otherwise in our legitimate interests to provide you with the relevant information, products, or services.
• Marketing and Advertising.
• Legal bases: our legitimate interest in promoting our educational opportunities to the broadest possible audience, and, where appropriate, your consent; and your consent (where applicable law requires us to obtain your consent for marketing to you) or our or our affiliates’ legitimate interests in promoting our or their products and services and growing our business.
• AI Training and Improvement.
• Legal basis: our legitimate interests in developing and improving our products, maintaining quality and security, and preventing misuse.
• Student Admissions and Management.
• Legal bases: our legitimate interests in understanding more about student performance in order to operate our business and improve our Services, and necessary in order for us to enter into and manage a contract with you.
• Customization and Personalization.
• Legal bases: our legitimate interests in operating our website and keeping it updated and relevant, and, where appropriate, your consent.
• Contests and Promotions.
• Legal bases: either your consent where we request this or our legitimate interests in running such activities in order to promote our business.
• Research and Surveys.
• Legal basis: our legitimate interests in developing our business and product lines.
• Security, Protection of Rights, and Fraud Mitigation.
• Legal bases: necessary to perform or enforce a contract with you, necessary for compliance with our legal obligations, or necessary for our legitimate interests in detecting and mitigating fraud or unauthorized activities and ensuring our business is run fairly.
• Compliance and Legal Process.
• Legal basis: necessary for compliance with our legal obligations.
• General Business and Operational Support.
• Legal bases: necessary for our legitimate interests in operating, managing, and protecting our business, or for compliance with our legal obligations such as tax, audit, and other compliance requirements.
• As Otherwise Described.
• Legal basis: as described at the point of data collection.

We collect sensitive (special category) personal data for the following purposes and on the applicable legal bases:

• Racial/ethnic origin: When you make an application for admission to one of our institutions or programs, an application form asks you about your racial/ethnic origin. You are not required to give us this information but if you choose to do so we only use it for equal opportunities monitoring and share it with appropriate government agencies for this purpose.
  • Legal basis: explicit consent.
• Health data; biometric information:
  • All applicants deemed academically eligible by a Covista institution may need to initiate drug, background and fingerprint screenings and either clear all screenings within 120 days of the session start date or sign a self-attestation and disclosure indicating their ability to clear all screenings within 120 days of the session start date before the applicant is granted acceptance. Through these checks, we may potentially process health data, criminal convictions and offences data, and your biometric fingerprint information from a third-party background check provider. If such a background check is necessary, we, or one of our institutions, will ask you whether we can do this. We only use this data for the purposes of conducting a fraud and security check and clearing your application for certain pre-licensure programs. We retain this data while you are active in the program and for six years after you leave the program.
    • Legal basis: explicit consent.
  • Once your application to one of our courses or programs has been accepted, we collect details of any medical conditions you may have, your health insurance information and we may be able to infer information about your racial or ethnic origin from your nationality or from your passport. We only use this information for assisting students with any conditions you may tell us about so that we can arrange any additional support or make any necessary arrangements for you.
    • Legal bases: explicit consent; protection of vital interests.
• Religious or health data: When attending events, you may be asked for this information so that Covista may arrange the appropriate accommodation for you.
  • Legal basis: explicit consent.

If you are an individual located in the EEA or UK, you have the following rights:

• The right to request access to your personal information,
• The right to edit, correct, and update your personal information,
• The right to request erasure of your personal information,
• The right to restrict processing of your personal information,
• The right to object to the processing of your personal information,
• The right to data portability,
• The right to withdraw your consent, to the extent that we have collected your personal information based on your affirmative informed consent, and/or
• The right to request access to any inferences we have drawn about you based on your personal data.

These may include preferences, characteristics, behaviors, or trends that we use to personalize your experience or evaluate eligibility for programs or services. 
If you wish to contact us in connection with the exercise of your rights listed above, contact us at privacy@covista.com. Unless we notify you at the time of your request, we will not charge any fee in connection with the exercise of your rights.

You also have the right to complain to or seek advice from a supervisory authority for data protection issues and/or bring a claim against us in any court of competent jurisdiction.
 

India privacy notice

This section applies to individuals in India in which Covista acts as a Data Fiduciary under the law. We process digital personal data of individuals in India in accordance with India’s Digital Personal Data Protection Act and its rules. In addition to the rights and practices described in this Privacy Policy, we provide the following India-specific information:

• Consent and withdrawal: We obtain valid consent before processing your personal data, in which you may withdrawal your consent.
• Privacy rights: You have the right to access, correct, or erase your personal information.
• Breach notification: In the event of a personal-data breach, we will notify the Data Protection Board of India and affected individuals as required.
• Cross-border transfer: Transfers of personal data outside India will comply with restrictions set by the Government of India.
• Children’s data: We require verifiable parental consent before processing personal data of children, as defined under applicable law.
• Grievance redressal: You may contact our Grievance Officer at privacy@covista.com for any complaints or to exercise your privacy rights. We will acknowledge and respond within timelines prescribed by law.