×

Privacy Policy

Effective as of February 9, 2024

This “Privacy Policy” describes the privacy practices of the Western Interstate Commission for Higher Education (“WICHE”, “we”, “us”, or “our”) in connection with information obtained through the www.wiche.edu website and any other website that we and our units own or control and which posts or links to this Privacy Policy (the “Sites”).

WICHE may provide additional or supplemental privacy policies to individuals for specific services that we offer at the time we collect personal information. These supplemental privacy policies will govern how we may process the information in the context of the specific service.

We value the privacy of our students, policymakers, stakeholders, and research partners and we take certain organizational and operational steps designed to protect this privacy.

As a non-profit, tax-exempt state agency, WICHE does not operate as a “business” or other similar defined term or concept that would be subject to the defined scope of many state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act (together, “CCPA”), the Virginia Consumer Data Protection Act (“VCDPA”), the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Utah Consumer Privacy Act (“UCPA”), and therefore the specific rights and obligations identified in these laws do not currently apply to WICHE; however, California, Virginia, Colorado, Connecticut, and Utah residents may refer to the below Privacy Policy provisions regarding our current data practices and may contact us regarding data inquiries or further information requests via the Contact Us section below. We also recognize that privacy laws continue to evolve rapidly, so we are undertaking reasonable means to monitor developments in these laws and update our polices accordingly.

This Privacy Policy does not apply to personal information obtained or processed by WICHE or WICHE’s educational services, units, organization, and special interest networks/cooperatives from other organizations through separate business relationships such as interagency agreements.

Personal Information We Collect

We may collect your personal information (i) automatically, when you use the Sites; and (ii) when you provide personal information to us directly, such as when you complete a form provided on the Sites or contact us for more information.

Personal information you provide to us through the Sites may include:

  • Membership application information, including organizational and personal contact information, such as your first and last name, phone number, email and mailing addresses, professional title, institutional/organizational name and digital signature.
  • Contact Us information, including email address, and content you choose to include in the message. Please refrain from sending us Protected Health Information or sensitive personal information.
  • Account information, such as username and access credentials for an online account to access the Sites.
  • Newsletter registration information, including name, organization, title, and email.
  • Registration information, such as information that may be related to a service, an account or an event for which you register.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online.
  • Testimonial information, such as information you provide when you submit a testimonial regarding your experience with our services.
  • Marketing information, such as your preferences for receiving communications about our activities, events, and publications, and details about how you engage with our communications staff.
  • Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.
  • Information we obtain from social media platforms. We may maintain pages for WICHE on social media platforms, such as Facebook, LinkedIn, Twitter, Google, YouTube, Instagram, and other third-party platforms. When you visit or interact with our pages on those platforms, the platform provider’s Privacy Policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Cookies and Other Information Collected by Automated Means

We, our service providers, and our partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Sites, including but not limited, your computer or mobile device operating system type and version number, manufacturer and model, device identifier (such as the Google Advertising ID or Apple ID for Advertising), browser type, screen resolution, IP address, the website you visited before browsing to our website, general location information such as city, state or geographic area; information about your use of and actions on the Sites, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access; and other personal information. Our service providers and partners may collect this type of information over time and across third-party websites and mobile applications.

On our webpages, this information is collected using cookies, browser web storage (also known as locally stored objects, or “LSOs”), web beacons, and similar technologies, and our emails may also contain web beacons.

A “cookie” is a text file that websites send to a website visitor‘s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Browser web storage, or LSOs, are used for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. A “web beacon,” also known as a pixel tag or clear GIF, is typically used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of our websites.

Web browsers may offer users of our websites or mobile apps the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites may not function correctly. Please see the “Targeted online advertising” section for information about how to exercise choice regarding the use of browsing behavior for purposes of targeted advertising.

Google Analytics. Visitors to the Sites may be tracked using Google Analytics. The data personal information collected by Google Analytics is primarily used to optimize the Sites for users; however, we may also use this data for marketing purposes. The personal information we automatically collect using Google Analytics is shared with Google. For more information on Google’s Privacy Policies, visit: https://policies.google.com/privacy. You can also opt-out of having your personal information used by Google Analytics by following the instructions located at https://tools.google.com/dlpage/gaoptout/.

Third Parties, Including Referrals

Sites users may have the opportunity to refer family members, professional contacts, colleagues, fellow students, or other contacts to us. If you are an existing user, you may only submit a referral if you have permission to provide the referral’s contact information to us so that we may contact them.

Additionally, we may receive Personal Information from third parties, such as our payment processors to facilitate transactions and services.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

We use your personal information:

  • to provide, operate and improve the Sites and related services;
  • to provide information about our services;
  • to establish and maintain your user profile or membership;
  • to communicate with you about our services, including by sending you announcements, updates, security alerts, and support and administrative messages;
  • to communicate with you about events in which you participate;
  • to enable security features of the Sites, such as by sending you security codes via email or SMS or other means and remembering the devices from which you have previously logged into the Sites;
  • to facilitate your ability to interact with others who use the Sites such as by identifying and suggesting individuals with whom you should connect;
  • to understand your needs and interests, and personalize your experience with the Sites and related services and our communications;
  • to provide support and maintenance for the Sites;
  • to respond to your requests, questions and feedback;
  • to send you marketing and promotional communications. You will have the ability to opt-out of our marketing and promotional communications as described in the Opt out of marketing communicationssection below.
  • to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
  • to maintain compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Sites and related services; and (c) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
  • to create anonymous, aggregated or de-identified data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous, aggregated or de-identified data by removing information that makes the data personally identifiable to you. We may use this anonymous, aggregated or de-identified data and share it with third parties for our lawful business purposes, including to analyze and improve the Sites and related services and promote our functions.
  • as otherwise directed with your consent to collect, use or share your personal information.

How We Share Your Personal Information

Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate the Sites (such as customer support, hosting, analytics, payment processing, event registration, email delivery, marketing, and database management services). For privacy practices of our payment processors, upon redirection to the payment processor’s website, please refer to the payment processors privacy policy.

Partners. We may share your personal information with partners. For example, if you attend an event that we host, we may share your information with other event sponsors. You should review the Privacy Policy of any such partner as we do not control how these partners may use your personal information. You may opt out from having your personal information shared.

Educational institutions. For students interested or participating in our programs, we may share your personal information with your originating educational institution or the educational institutions in which you are interested in enrolling. We may allow these educational institutions to collect information directly via our Sites and related services. We do not control how these institutions may use your personal information. For information on how these institutions may use your personal information, please review the relevant institution’s Privacy Policy.

State and territorial agencies. We may share your personal information with state educational agencies in your state/territory of residence or the state/territory in which you are interested in enrolling in an educational institution. We do not control how these state/territorial agencies may use your personal information. For information on how these agencies may use your personal information, please refer to the specific agency to whom your personal information is disclosed.

Other users of the Sites and the public. We may provide functionality that enables you to disclose personal information to other users of the Sites and its related services or the public. For instance, you may submit a testimonial or other content to the Sites (such as comments, reviews, surveys, blogs, photos, and videos), and we will display your information such as your name and educational information along with the content you submit. With permission, we may also display your information in association with events that we host. We do not control how other users or third parties use any personal information that you make available to such users or the public.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, web developers, SEO consultants, and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Organizational change. We may transfer or otherwise share some or all of our organizational assets, including your personal information, in connection with an organizational change (or potential organizational change) such as a merger, consolidation, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all Sites users.

Access or Update Your Information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into the account.

Opt out of marketing communications. You may opt out of marketing-related emails by following the opt-out or unsubscribe instructions here. If you do not see an option for opting out of a particular type of communication, contact us at privacy@wiche.edu. You may continue to receive service-related and other non-marketing emails. 

Cookies and browser web storage. We may allow service providers and other third parties to use cookies and similar technologies to track your browsing activity over time and across the Sites and third-party websites. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly. Similarly, your browser settings may allow you to clear your browser web storage.

Do not track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information in order to provide our services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services. We will tell you what information you must provide to receive the services by designating it as required at the time of collection or through other appropriate means.

Other Sites, Mobile Applications and Services

The Sites may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites, mobile applications and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications and online services you use.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies. We cannot guarantee the security of your personal information.

International Data Transfers

We are headquartered in the United States and may have service providers in other countries, and your personal information may be transferred to the United States or other locations outside of your state, province, or country where privacy laws may not be as protective as those in your state, territory, province, or country.

WICHE Cooperative for Educational Technologies (“WCET”) and International Members

WCET may attract members from outside the United States, including but not limited to the European Economic Area (“EEA”) and Canada. If you are from the EEA or Canada and applying to be a member or requesting information on WCET, please see our below additional privacy practices and rights.

EEA Members and Sites Users

For this section, Personal Data means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.

  • Personal Data Collected. When WCET contracts with third parties outside of the United States, Personal Data transferred to WCET with regard to these is governed by those agreements. However, WCET may obtain Personal Data directly from you by signing up for our newsletters, browsing our Sites, or registering for events, inquiring about membership, or by supplying personal data as part of your institutional/organizational membership.
  • Consumer Rights. Data Subjects may have the following rights under the GDPR:
    • Right of Access: You have the right to obtain confirmation from WCET as to whether or not we process Personal Data from you, and you also have the right to at any time obtain access to your Personal Data stored by WCET.
    • Right to Rectification: If WCET processes your Personal Data, WCET uses reasonable measures to ensure that your Personal Data is accurate and up-to-date for the purposes for which your Personal Data was collected. If your Personal Data is inaccurate or incomplete, you have the right to require WCET to correct it.
    • Right to Erasure: You may have the right to require WCET to delete your Personal Data.
    • Right to Restrict Processing: You may have the right to request the restriction or suppression of Personal Data.
    • Right to Withdraw Consent: If you have given your consent to the processing of your Personal Data, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on the consent before the withdrawal.
    • Right to Data Portability: You may have the right to receive the Personal Data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format or to transmit this data to another controller.
    • Right to Object: You may have the right to object to the processing of your Personal Data as further specified in this Privacy Policy and you may have the right to object to decisions being made with your Personal Data based solely on automated decision making or profiling.
    • Right to Lodge a Complaint with Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority located in the European Union or UK. Further information about how to contact your local data protection authority is available on the European Commission’s website.

If you would like to exercise any of these rights, please contact us as set forth in the Contact Us section below. WCET will process such requests in accordance with applicable law.

  • Choices under GDPR. Data Subjects have the right to opt out of (a) disclosures of their Personal Data to third parties not identified at the time of collection or subsequently authorized, and (b) uses of Personal Data for purposes materially different from those disclosed at the time of collection or subsequently authorized. Data Subjects who wish to limit the use or disclosure of their Personal Data should please contact us as set forth in the Contact Us section below. We will cooperate with Data Subjects’ instructions regarding Data Subjects’ choices.
  • Legal Basis for Processing Data. WCET process Personal Data for the purposes set out in this Privacy Policy, as described above. WCET’s legal basis to process Personal Data includes processing that is: necessary for the performance of the contract between you and WCET (for example, to provide you with the membership and services you request); necessary to comply with legal requirements (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement); necessary for WCET‘s legitimate interests (for example, to manage our relationship with you and to improve the Sites); and based on consent by WCET customers (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. In some instances, you may be required to provide WCET with Personal Data for processing as described above, in order for WCET to be able to provide you to use all the features of the Sites.
  • International and onward transfers. If you are located outside the United States and choose to provide Personal Data to WCET, please be aware that WCET transfers your Personal Data to the United States and processes and stores it there. Subject to the applicable laws, WCET will use reasonable efforts to ensure that appropriate protections are in place to maintain protections on the Personal Data. By submitting your Personal Data, you consent to having your Personal Data transferred to, processed, and stored in the United States. WCET sharing your Personal Data in accordance with this Privacy Policy, may involve transferring your data outside the European Economic Area (EEA). Whenever WCET transfers your personal data out of the EEA, and in compliance with the Accountability for Onward Transfer Principles of the GDPR, WCET ensures a similar degree of protection is afforded to your data by ensuring, where required by law, appropriate safeguards are implemented, including using specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. WCET may disclose Personal Data to subcontractors and third-party agents. Before disclosing Personal Data to a subcontractor or third-party agent, WCET will obtain assurances by contractual agreement from the recipient that it will: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the subcontractor or third-party agent is obligated to provide at least the same level of privacy protection as is required by the GDPR; (iii) take reasonable and appropriate steps to ensure that subcontractors and third-party agents effectively process the Personal Data transferred in a manner consistent with the organization’s obligations under the GDPR; (iv) require subcontractors and third-party agents to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the GDPR; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with subcontractors and third-party agents to the Supervisory Authorities upon request. WCET also may be required to disclose, and may disclose, Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements, or in the event of a merger or acquisition.
  • Security Measures To Protect Your Personal Data. WCET uses industry standard data protection protocols to protect your data.

Canadian Members and Site Users

  • Commercial Electronic Messages (“CEM”) in Canada. Canada’s Anti-Spam Law requires that the WCET obtain the express consent of Canadian citizens before sending an electronic message such as an email that contains a promotion about our products. We will ask you for your explicit consent when you provide us with your email address or other personal information through which we intend to encourage your participation in a commercial activity, such as a promotion for our products. If you explicitly consent to receiving CEM, each communication sent to you will contain an option to unsubscribe to the communications or to revoke your consent to receive CEM. Alternatively, you can contact us at the address or email provided in the “Contact and Electronic Communications” section to be removed from our mailing lists.

Children

As a general rule, children are not allowed to use the Sites, and we do not collect personal information from them. We define “children” as anyone under 16 years old. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.

Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Sites. We may, and if required by law will, also provide notification of changes in another way that we believe is reasonably likely to reach you, such as via e-mail (if you have an account where we have your contact information) or another manner through the services.

Any modifications to this Privacy Policy will be effective upon our posting the new terms and/or upon implementation of the new changes on the Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites and related services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

How to Contact Us

Please direct any questions or comments about this Privacy Policy or privacy practices to privacy@wiche.edu. You may also write to us via postal mail at:

Western Interstate Commission for Higher Education

Attn: Legal – Privacy

3035 Center Green Drive, Suite 200

Boulder, CO 80301