1. PERSONAL INFORMATION COLLECTION.
Through providing the Services, we may collect information that, alone or in combination with other reasonably available information, can reasonably identify or relate to a specific individual or household (“Personal Information”) as follows:
1.1 Information You Provide: We collect Personal Information you provide when you interact with Services to communicate with a Partner, such as by chatting with a bot provided on a Partner’s website or sending text messages to a Partner using our Services. This Personal Information includes information you provide during these interactions, such as your name, email address, phone number, physical address or zip code, demographic information (such as your school, gender, age or birthdate), and information about your interests and preferences.
1.2 Information Provided By Our Partners: Our Partners enter your Personal Information into the Services so that they may communicate with you via the Services. This Personal Information includes, but is not limited to, your name, email address, phone number, and any other Personal Information our Partners may choose to provide.
1.3 Third Party Services: Our Services may be made available on the web sites of our Partners or other third parties, such as Facebook. Our Services may also include links to web sites or services hosted by third parties, such as chat rooms or group counseling sessions, through which you may communicate directly with third parties and/or other Users. We only collect information regarding your interaction with the Services and do not gather information from the third party sites regarding your interactions with the third parties or other Users on those services.
1.5 Information Collected Automatically: Depending on the Service used, we and certain service providers may automatically collect “Usage Information” when you access and use the Services online. To do so, we automatically assign and collect a unique identifier (“Device Identifier”) for any computer, mobile phone or other device (any, a “Device”) you may use to access the Services online so that our servers can recognize your Device. The Usage Information we automatically collect based on your Device Identifier include details of your online interaction with the Services, such as when and what messages you send and receive via the Services online. Usage Information is generally non-identifying, but if we associate it with you as a specific and identifiable person, we treat it as Personal Information.
Usage Information is automatically collected via tracking technologies, including:
Cookies: Cookies are small text files stored on your Device that allow us to recognize your Device and personalize the content of our Services. For more details on cookies please visit All About Cookies. Our Services may utilize Cookies to store your Device Identifier to improve your current and future experience by allowing us to understand your usage of our Services and recognize you if you return to our Services. Cookies can be turned off via your browser settings if you so choose. However, if you turn your cookies off, some features of our Services may not function properly.
An Embedded Script: We and service providers may use an embedded script, which is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code is temporarily downloaded onto your Device from our server or that of a service provider, and is deactivated or deleted when you disconnect from the Services.
HTML5: We use Local Storage Objects (“LSOs”) such as HTML5 to store content, information and preferences, such as the messages you exchanged with the Services, to optimize the performance of the Services and provide certain features. Various browsers may offer their own management tools for removing HTML5 LSOs.
2 OUR USE OF YOUR INFORMATION.
Unless you have explicitly agreed to interact directly with us, such as to receive additional information or services that may be of interest to you, we only use the Personal Information collected via the Services as described above to provide the Services to our Partners.
3. INFORMATION SHARING.
Mainstay does not share your Personal Information with third parties for their marketing purposes without your consent and in compliance with all applicable laws. Mainstay may share non-Personal Information, such as aggregate or de-identified user statistics, demographic information, Usage Information, and related insights with our Partners and third parties, such as other schools and universities, for our marketing purposes.
4. THIRD PARTY ANALYTICS.
Depending on the Service used, we may use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to provide us with information regarding traffic on the Services, including the pages viewed and the actions Users take when visiting the Services. For more information on how Google uses this data, go to www.google.com/policies/privacy/partners/.
Please note that your browser setting may allow you to automatically transmit a “Do Not Track” (DNT) signal to websites and online service you visit. DNT is a privacy preference that users can set in certain web browsers to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. However, we do not recognize or respond to browser-initiated DNT signals, as the internet industry is still working to determine what DNT means, how to comply with DNT, and how to create a common approach to responding to DNT. To find out more about “Do Not Track”, please visit http://www.allaboutdnt.com.
5. MOBILE USE.
6. YOUR RIGHTS.
For additional information applicable to California residents, please see here.
7. THIRD PARTY CONTENT AND SERVICES.
Certain content provided through the Services may be hosted and served by third parties, including our Partners. In addition, the Services may link to third party web sites or content over which Mainstay has no control and which are governed by the privacy policies and business practices of those third parties. Please also note that Mainstay content and widgets may be included on web pages and web sites that are not associated with us and over which we have no control. These third parties may independently collect data. Mainstay is not responsible or liable for the privacy practices or business practices of any third party.
Mainstay take data security very seriously. Mainstay takes commercially reasonable technical, physical, and administrative security measures to protect the Personal Information submitted to us, both during transmission and once we receive it. Such measures vary depending on the sensitivity of the information at issue. Please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially reasonable means to protect your Personal Information, we cannot guarantee its absolute security. In the event that Mainstay becomes aware of a data breach impacting your Personal Information, we will provide notification in compliance with all applicable laws. If you have any questions about security on our Services, you can email us by clicking here.
9. INTERNATIONAL USERS.
10. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
In accordance with the California Consumer Privacy Act (“CCPA”), this section is intended to inform California residents of (1) the Personal Information that we collect and how we disclose that information, and (2) the privacy rights California residents may have relating to their Personal Information and how those rights can be exercised.
Personal Information Collection and Disclosure
California Privacy Rights
To the extent provided for by the CCPA and subject to applicable exceptions and exclusions, California residents have the following privacy rights in relation to the Personal Information we collect:
Verification: In order to protect your Personal Information from unauthorized access or deletion, we may ask you to provide additional Personal Information for verification. If we cannot verify your identity, we will not provide or delete your Personal Information.
Authorized Agents: You may submit a request to know or a request to delete your Personal Information through an authorized agent. If you do so, we may require the agent to present signed written permission to act on your behalf and you may also be required to independently verify your identity with us and confirm that you have provided the agent permission to submit the request.
12. QUESTIONS OR COMMENTS.