Concourse and the GDPR


What is the GDPR?

On May 25, 2018 the European Union (EU) enacted the General Data Protection Regulation (GDPR) to strengthen individual rights over personal data. The GDPR is a wide reaching set of privacy laws that establishes specific requirements that businesses must follow when processing the personal data of EU residents, regardless of where the business is located.

Concourse and GDPR

The GDPR applies to Concourse because we provide post-secondary recommendations, marketing, and enrollment services to students, families and institutions in EU Member states. Concourse complies with the GDPR and adheres to the industry’s highest standards in safeguarding the data of our users.

Data Processing and Protection

This page, together with our privacy policy, terms of service, and frequently asked questions provide you with information to help you understand our data processing and protection policies and processes. If you have additional questions, please contact us at

Concourse and the Processing of Your Data

Concourse is committed to transparency about what kinds of data we collect, why we collect it and how we will use the data we collect. For a complete overview of our data collection and processing activities please review our privacy policy

The Concourse software makes use of cookies, which are small files that are downloaded to your web browser when you visit our platform. To change your cookie settings, please follow these steps.

Your Data, Our Processing

The Concourse platform provides high school students with post-secondary education counseling services. The data that Concourse stores about students comes from the students themselves, and from their counselors and/or high schools.

Concourse does not obtain personal data from any other source.

Concourse processes your personal data for the following reasons:

  • To help you create an account on the Concourse platform.
  • To help provide you with best-fit university recommendations.
  • To allow you to showcase yourself to university partners interested in recruiting you and talking to you about their post-secondary education program offerings and give other information about their institutions.
  • To market and advertise our services and promotions.
  • To perform usage, maintenance and other analytics, as well as to maintain network infrastructure security.
Data Details and Justification

We have summarized the type of personal data that we process below, along with the reason for each.

Type of Data Processed Justification
IP address of your web browser. This is so Concourse knows who is visiting our website.
All of the information you have provided to us by creating an account and filling out your profile. This is information you have willingly given to us.
If you are a student, whatever information that your high school has provided to us. This is information your counselor has provided to us about you in order for us to provide you with personalized services.
All of the information of high schools, post-secondary institutions and other educational bodies provided to us by the institution’s representatives. This is information that institutions provide to us in order for us to provide them with personalized services.
Conversations on the platform, and other communications
including third party API integrations.
This is information that you exchange with other Concourse platform participants in order for you to obtain personalized services.

Concourse does not process any special personal data as defined by the GDPR Article 9.

If you have questions, please contact us at

Your Rights to Your Data

The GDPR provides the following rights to individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

How to enforce your rights to your data

Concourse respects the rights of our users. If you would like to access, download, delete, and/or otherwise enforce your rights to your data, please contact us at

How We Manage Third Party Access to Your Data

Since Concourse is a software platform, we work with many different third parties who may elect to join our community. These third parties include student service providers, post-secondary institutions and other organizations who provide services to students. Concourse rigorously vets and carefully selects third parties and all third parties must adhere to the Concourse Terms of Service.

Your data is always anonymized. You have the power to release your identifying information to third parties or to keep it anonymized.

The Technical Nitty Gritty

Secure by Design

Concourse is secure by design. The privacy and security of data are considered through all stages of the product and development lifecycle. Concourse incorporates regular security reviews in our development, quality assurance testing, and operational deployment.

Separation of Environments

Concourse maintains a strict separation of development and production environments and ensures that access to environments are controlled and audited based on functional roles.

Access Controls

All access to Concourse systems is limited based on functional roles. Access to Concourse systems is audited and monitored for compliance and validity.

Monitoring and Logging

The Concourse Platform implements real-time monitoring and logging for the purposes of detection and analysis of security threats.

Security Management

Concourse has implemented a system, integrated into our software build pipeline, that scans our software and infrastructure and alerts us to potential vulnerabilities. Concourse maintains internal security policies for the management of security issues and incidents.


For Data Subjects in the European Union

International Data Transfers

In order to comply with the rules on international transfers of data, Concourse self-certifies under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. The Privacy Shield is a legal framework approved by the E.U., Swiss and American governments that provides a mechanism allowing companies to comply with data transfer requirements. For more information please visit the Privacy Shield website.

Data Protection Representative

We have appointed as our representative according to Article 27 of the GDPR. If you want to make use of your GDPR data privacy rights, please visit

Contact for correspondence:
Maetzler Rechtsanwalts GmbH & Co KG
Attorneys at Law
c/o Concourse Global Enrollment, Inc.
Schellinggasse 3/10, 1010 Vienna, Austria

Please add the following subject to all correspondence:

GDPR-REP ID: 11022746