What is the GDPR?
On May 25, 2018 the European Union (EU) enacted the General Data Protection Regulation (GDPR) to strengthen individual rights over personal data. The GDPR is a wide reaching set of privacy laws that establishes specific requirements that businesses must follow when processing the personal data of EU residents, regardless of where the business is located.
Concourse and GDPR
The GDPR applies to Concourse because we provide post-secondary recommendations, marketing, and enrollment services to students, families and institutions in EU Member states. Concourse complies with the GDPR and adheres to the industry’s highest standards in safeguarding the data of our users.
Data Processing and Protection
Concourse and the Processing of Your Data
Your Data, Our Processing
The Concourse platform provides high school students with post-secondary education counseling services. The data that Concourse stores about students comes from the students themselves, and from their counselors and/or high schools.
Concourse does not obtain personal data from any other source.
Concourse processes your personal data for the following reasons:
- To help you create an account on the Concourse platform.
- To help provide you with best-fit university recommendations.
- To allow you to showcase yourself to university partners interested in recruiting you and talking to you about their post-secondary education program offerings and give other information about their institutions.
- To market and advertise our services and promotions.
- To perform usage, maintenance and other analytics, as well as to maintain network infrastructure security.
Data Details and Justification
We have summarized the type of personal data that we process below, along with the reason for each.
|Type of Data Processed||Justification|
|IP address of your web browser.||This is so Concourse knows who is visiting our website.|
|All of the information you have provided to us by creating an account and filling out your profile.||This is information you have willingly given to us.|
|If you are a student, whatever information that your high school has provided to us.||This is information your counselor has provided to us about you in order for us to provide you with personalized services.|
|All of the information of high schools, post-secondary institutions and other educational bodies provided to us by the institution’s representatives.||This is information that institutions provide to us in order for us to provide them with personalized services.|
|Conversations on the platform, and other communications
including third party API integrations.
|This is information that you exchange with other Concourse platform participants in order for you to obtain personalized services.|
Concourse does not process any special personal data as defined by the GDPR Article 9.
If you have questions, please contact us at email@example.com.
Your Rights to Your Data
The GDPR provides the following rights to individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
How to enforce your rights to your data
Concourse respects the rights of our users. If you would like to access, download, delete, and/or otherwise enforce your rights to your data, please contact us at firstname.lastname@example.org.
How We Manage Third Party Access to Your Data
Since Concourse is a software platform, we work with many different third parties who may elect to join our community. These third parties include student service providers, post-secondary institutions and other organizations who provide services to students. Concourse rigorously vets and carefully selects third parties and all third parties must adhere to the Concourse Terms of Service.
Your data is always anonymized. You have the power to release your identifying information to third parties or to keep it anonymized.
The Technical Nitty Gritty
Secure by Design
Concourse is secure by design. The privacy and security of data are considered through all stages of the product and development lifecycle. Concourse incorporates regular security reviews in our development, quality assurance testing, and operational deployment.
Separation of Environments
Concourse maintains a strict separation of development and production environments and ensures that access to environments are controlled and audited based on functional roles.
All access to Concourse systems is limited based on functional roles. Access to Concourse systems is audited and monitored for compliance and validity.
Monitoring and Logging
The Concourse Platform implements real-time monitoring and logging for the purposes of detection and analysis of security threats.
Concourse has implemented a system, integrated into our software build pipeline, that scans our software and infrastructure and alerts us to potential vulnerabilities. Concourse maintains internal security policies for the management of security issues and incidents.
For Data Subjects in the European Union
International Data Transfers
In order to comply with the rules on international transfers of data, Concourse self-certifies under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. The Privacy Shield is a legal framework approved by the E.U., Swiss and American governments that provides a mechanism allowing companies to comply with data transfer requirements. For more information please visit the Privacy Shield website.
Data Protection Representative
Contact for correspondence:
Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
c/o Concourse Global Enrollment, Inc.
Schellinggasse 3/10, 1010 Vienna, Austria
Please add the following subject to all correspondence:
GDPR-REP ID: 11022746