Introduction

Greensheet USA LLC cares about the privacy and data security of its Users. This Privacy Policy shall describe how Greensheet USA LLC collects, uses, processes, stores, disseminates, treats, and otherwise handles User Data, and the rights thereof of the User. This Privacy Policy shall apply to the User and is not intended to override the terms of any contract the User has with Greensheet USA LLC nor the rights that they are entitled to under applicable data privacy and data protection law.

We do not sell User Data, or any other data, to third-parties.

Before using the Service, the User shall read this Privacy Policy and ensure that they fully understand our practices noted herein. If the User is ultimately opposed to the practices in this Privacy Policy, they must either refrain from subscribing to the Service or, if they have already subscribed, terminate their subscription.

 

Abbreviations and definitions

Herein, unless explicitly used or stated otherwise and regardless of capitalization, font, style, and look:

• Greensheet USA LLC, which includes its officers, employees, representatives, affiliates, agents, and members, may be collectively referred to as “we,” “us,” and “our”;

• the subscription-based scholarship application service (further described in The Service section herein) that we provide may be collectively referred to as “Service”;

• greensheet.org may be referred to as “Website”;

• any “Greensheet” logo marks, trademarks, names, designs, appearances, graphics, colors, color schemes, slogans, and service names presented through the Service, on the Website, or on associated Service Provider websites may be collectively referred to as “Greensheet USA LLC’s Intellectual Property”;

• a company we contract to provide us services that facilitate our Service may be referred to as a “Service Provider” (and “Service Providers,” in the plural form);

• an individual that visits greensheet.org, is subscribed to the Service, or contacts us shall be referred to as a “User” (and as “Users,” in the plural form);

• the information and metadata thereof, provided (or that may be provided, in the future) to us by the User shall be referred to as “User Data”;

• a document that sets out the terms and conditions of whatever an entity offers, a notice of an entity’s data-related and privacy practices, and any document or representation that provides statements, and is agreed to or relied upon by the involved parties, may be referred to as a “Legal Document” (and as “Legal Documents,” in the plural form);

• an identified or identifiable individual to which User Data applies to shall be referred to as a “Data Subject” (and as “Data Subjects” in the plural form); and

• an individual under the age of eighteen (18) (or under a different age, as decided by the laws of their residence or the appropriate, competent jurisdiction) shall be referred to as a “Minor” (and as “Minors,” in the plural form).

 

Data we collect

• User Data;

• payment information;

• information discoverable through publicly available sources;

• geolocation data; and

• any other data we are legally required to collect.

 

How User Data is collected

• The subscription process;

  • the User fills out form(s), wherein information is requested by us and may be submitted by the User. In this process, the User may transmit information through our Service Providers, from which User Data may become accessible to them. Regarding our Service Providers that can access User Data, their use and storage of User Data is restricted by applicable Legal Documents.

• Contact between us and the User;

  • the User sends us a message by any acceptable means set out in the Contacting us section herein and we are able to identify the source of the communication with the information provided by the User’s communication method and the contents of the User’s communication. For example, if the User emails us, due to the common way that email communication works, we will be notified of the sender (i.e., the email address used by the User), the date and time at which the communication was sent, and possibly other information, and made able to read the contents of the User’s message; from there, we shall be able to collect necessary information.

• Publicly available information;

  • specific information of the User may be extractable from publicly available sources, like government records.

 

How we use User Data

We share User Data:

• as is needed to provide the Service (within Greensheet USA LLC, to our Service Providers, and to the entities hosting, offering, or managing the scholarships we submit User Data to), provide relevant customer service, and enforce our Terms of Use;

• for legal reasons (consisting of, but not limited to, responding to legal process, legal requests, subpoenas, establishing and exercising our legal rights, and defending us from legal claims);

• as is necessary to maintain the rights, safety, and property of ours and our Users;

• if ownership or control (of all or part) of Greensheet USA LLC or the Service changes due to a merger, consolidation, acquisition, or sale of assets, to the newly involved entity (or entities) — the new entity (or entities) shall be governed by this Privacy Policy until they replace or revise it, upon which that one shall prevail; or

• for other reasons, with the User’s consent.

 

We store, retain, or delete User Data:

• within Greensheet USA LLC and our Service Providers, as is needed to provide the Service, provide relevant User support, and enforce our Terms of Use;

• to fulfill an account termination request from the User;

• for legal reasons (including, but not limited to, responding to legal process, legal requests, subpoenas, establishing and exercising our legal rights, and defending us from legal claims — we may even retain or store certain User Data after the termination of the User’s account, as law permits and/or requires);

• as is necessary to maintain the rights, safety, and property of ours and our Users;

• to protect against fraudulent or illegal activity;

• to detect data security incidents; or

• for other reasons, with consent from us and the User.

 

Our retention of User Data may extend beyond the termination of our relationship with the applicable User.

 

All employees of Greensheet USA LLC involved in our use of User Data are subject to confidentiality obligations concerning their knowledge of and work with identifiable User Data.

 

If the User subscribes to the Service, their sensitive payment card data is processed through our payment Service Providers (Stripe Inc., or Adyen N.V., and Wix.com Ltd.), of which we only have access to the payment card's provider (i.e., Mastercard), the last four digits of the payment card, the date and time of the payment, the billing name, the billing address, and the email associated with the User’s payment of our subscription fee, which we collect and use for sales tax collection (if applicable), accounting, and record-keeping purposes. Stripe Inc., Adyen N.V., and Wix.com Ltd. are PCI DSS (payment card industry data security standard) compliant.

 

After the end of applicable data retention periods, User Data will be deleted. If there is any User Data that we cannot delete from our systems and/or data storage(s) for technical or legal reasons, we shall implement appropriate measures to prevent any further use of such User Data and/or anonymize it.

We may aid governments, law enforcement officials, other public authorities, and other governmental authorities enforce and comply with laws; this may include parties and jurisdictions outside of where the User is located. Our dissemination of User Data to these parties is done when mandated by applicable law, a contract, or to protect the safety of the public, us, our property, or our Users. If allowed, we may make a reasonable effort to notify the applicable User that their User Data has been requested or will be disseminated.

​​

We shall provide and maintain a Warrant Canary on our Website, to be updated on the first calendar day of every calendar month.

 

If we reasonably suspect the User to be using our Service or Website in any unauthorized or illegal way, or if the User does use our Service or Website in any unauthorized or illegal way, the User hereby grants us the right to share any information related to such use with the applicable law enforcement and/or regulatory agencies.

 

Security

All of our Service Providers incorporate encryption into their processing practices of User Data (for more information, see the International data transfers and our Service Providers section herein and its constituent hyperlinks). Encryption of data transmissions, although done in an attempt to provide transmission security, does not guarantee privacy nor security. WE CANNOT AND DO NOT WARRANT THAT THE STORAGE AND TRANSMISSION OF USER DATA BY US AND OUR SERVICE PROVIDERS WILL NOT BE MONITORED, READ, OR INTERCEPTED BY UNAUTHORIZED ENTITIES, BUT WE WILL MAKE REASONABLE EFFORTS TO AVOID SUCH EVENTS.

​

We will enact commercially reasonable effort in practicing generally accepted data security protocol, using data security measures that comply with the laws of the United States of America and, insofar as such law shall not apply, the State of New York, achieving security in our systems and data stores, and updating our security measures as we determine (or applicable law determines) is appropriate. However, the User shall ultimately acknowledge that NO DATA STORAGE SYSTEM OR DATA TRANSMISSION PROCESS CAN BE GUARANTEED TO BE COMPLETELY SECURE. Our data security measures include physical, technical, and administrative measures that aim to provide confidentiality of, data integrity to, and ease of access to the User Data for the User.

​

Some of our data security measures include, but are not limited to:

• limiting access to certain User Data to our employees and Service Providers that need it to provide and facilitate our Service to the User;

• employee confidentiality agreements;

• use of an HTTPS (i.e., Hypertext Transfer Protocol Secure, an encrypted primary protocol through which data is sent from a web browser to a website) connection for communication between us and the User and User Data submission(s);

• internal security reviews of our Service Providers and our systems; and

• only storing payment information with our PCI DSS compliant payment Service Providers.

However, NO DATA STORAGE SYSTEM OR DATA TRANSMISSION PROCESS CAN BE GUARANTEED TO BE COMPLETELY SECURE and WE DO NOT PROMISE THAT OUR DATA SECURITY MEASURES PROVIDE COMPLETE SECURITY OF USER DATA.

​

The User cannot edit their forms for data security reasons; in the event that an unauthorized intrusion of the User’s account occurs, the User Data form would not be in an easily readable format (e.g., plain text). Instead, the User must resubmit User Data forms when they want to change any fields therein, with the form containing the newly submitted User Data replacing that of the older ones (in terms of what we use during Service fulfillment and our other operational duties (e.g., User support)).

​

Security-related feedback is welcome and shall be directed to us via the contact method(s) that we set forth in the Contacting us section herein.

​

International data transfers and our Service Providers

All User Data stored, processed, transmitted, or transferred solely by and within Greensheet USA LLC (including, but not limited to, its officers, employees, representatives, affiliates, agents, and members) is done within the United States of America.

 

All of our Service Providers apply reasonable data security measures in their processing, transmitting, transferring, and storing of User Data. We only provide them with the relevant User Data to provide us the services that facilitate our provision of the Service.

 

Some User Data may be stored in, processed in, transmitted to, or transferred to jurisdictions outside of the United States of America, due to the practices of our Service Providers and that of their contracted entities or the international payment method(s) or financial partner service(s) that the User uses to pay for their subscription to the Service. If User Data is stored, processed, transferred, or transmitted by an entity providing an international payment method or financial partner service because of the User’s use of their service/product on our Service, the data practices of said provider may not be noted herein and WE SHALL NOT BE HELD LIABLE FOR ANY CORRESPONDING CONSEQUENCES OR DAMAGES THAT RESULT FROM THE USER’S DESIGNATION.

 

User Data processed, stored, transmitted, or transferred by our email Service Provider (Tutao GmbH) shall be done in accordance with their Legal Documents (Privacy Policy).

 

User Data processed, stored, transmitted, or transferred by our subscription management Service Providers shall be done in accordance with their respective Legal Documents:

• Wix.com Ltd.:

  • Privacy Policy;

  • Data Processing Addendum - Users; and

  • Wix's list of sub-processors (a data destination jurisdiction list).

• Stripe Inc.:

  • Privacy Policy;

  • Data Processing Agreement; and

  • Stripe Sub-Processors and Service Providers List.

• Adyen N.V.:

  • Privacy Statement and​

  • Adyen's group of companies' locations (a data destination jurisdiction list).

 

The User may send us feedback or questions regarding our Service Providers and their data security practices using the Contacting us section herein. The User may also send such feedback or questions directly to the applicable Service Provider(s). The websites and some Legal Documents of our Service Providers are hyperlinked earlier in this section for convenience; THESE RESOURCES MAY NOT REPRESENT AND SHALL NOT BE CONSTRUED TO BE THE ENTIRETY OF THE APPLICABLE LEGAL DOCUMENTS OF OUR SERVICE PROVIDERS. WE SHALL NOT BE HELD LIABLE FOR ANY CORRESPONDING CONSEQUENCES OR DAMAGES THAT RESULT FROM US NOT HAVING HYPERLINKED ANY POSSIBLY APPLICABLE LEGAL DOCUMENT OF ANY OF OUR SERVICE PROVIDERS.

​

The User shall agree to the processing, transmitting, storing, and transferring of User Data by us and our Service Providers. If the User objects to our use of the aforementioned Service Providers, or any other practice noted herein, the User shall terminate the User’s subscription to the Service.

​

Do Not Track signals

A Do Not Track signal is a mechanism used to allow Internet users to control the online, cross-website tracking of their usage patterns through their browser settings. Because no industry standard, or legally mandated protocol, exists for such, we currently do not acknowledge, respond to, process, nor comply with any browser’s Do Not Track signals (or any similar mechanism).

​

Cookies and similar technologies

We use cookies to personalize the User's experience on our Website and using our Service. If the User’s web browser is set up to not allow any cookies, their experience with our Website or use of our Service may be hindered. Through our cookie preferences/consent banner, the User may be able to provide or withhold consent to certain cookies (excluding the essential cookies). The types of cookies we use are:

• essential cookies (cookies that enable the core functionality of our Website);

• marketing cookies (cookies that help us track the effectiveness of our advertising schemes and provide a more relevant Service to the User);

• functional cookies (cookies that store the choices that the User makes, helping us better personalize the experience they have with our Website and Service); and

• analytics cookies (cookies that help us comprehend how the User interacts with, and allow us to detect errors on, our Website).

​

Moreover, our Service Providers and any third-party website that we link or hyperlink on our Website may use cookies, web beacons, and similar technologies. The use of such technologies by our Service Providers and any third-party website or entity is not covered by nor applicable to this Privacy Policy (as set forth by the Applicability of this Privacy Policy section herein) and shall therefore not be associated with us, our operations, nor the Service.

​

IP addresses

“IP” hereafter stands for “internet protocol.” An IP address is an identifier for a computer network that uses the Internet Protocol.

 

The User shall understand that whenever they connect to a website, their IP address may be available and reveal a general location.

 

We log the IP address of the User upon visiting our Website. We do this solely for analytical and legally obligated purposes. An example of how we use logged IP addresses for analytics is determining the general geolocation data of all of our Users to devise appropriate marketing schemes and measure the results and effectiveness of our marketing efforts. An example of us using logged IP addresses for legally obligated reasons is to satisfy the requests we receive from a subpoena.

 

Applicability of this Privacy Policy

This Privacy Policy only applies to us, our Service, and our Website. This Privacy Policy does not apply to the Service Providers that we contract to help in our provision of the Service nor to any entity that owns, operates, sponsors, or otherwise associates with any third-party website (even if its link or hyperlink is provided on our Website).

 

This Privacy Policy shall be effective as of the “Effective date” found below its title, at the top of this Privacy Policy.

 

When we contact the User

We may contact the User:

• to update them on our provision of the Service;

• for any other reason related to our provision of the Service;

• in response to an appropriate communication that we receive from them;

• to notify them of User Data requested by, or already disseminated to, a third-party (in accordance with the How we use User Data section herein);

• to notify them of changes in our Legal Documents; and

• for any other, legally obligated reason.

 

When the User contacts us

The User may send us questions they have concerning our privacy practices and their User Data, provide feedback to us, and any other communication, to which we will try to respond in a reasonable time (according to the Response timing section herein), as long as it is sent in a reasonable way.

 

The User shall have the right to make a complaint to us regarding our collection, use, or disclosure of their User Data, in accordance with this Privacy Policy, or if the User believes that we have not complied with this Privacy Policy. We take every complaint seriously and will make reasonable efforts to resolve the complaint promptly and according to applicable law; we may not take action, or make changes, in response to every complaint, however. The User may also file a complaint against us with their local data protection supervisory authority whenever they wish; however, we recommend that the User contacts us first, only complaining to their local data protection supervisory authority as a last resort.

 

At any time, the User may edit, inquire upon, request a copy of, restrict, object to, delete, or opt-out of our collection and use of their User Data; the User can also request copies of their past scholarship application-related User Data forms, so long as they were submitted within the last two (2) calendar years. For these communications, we may attempt to verify the User’s identity for security purposes and only exercise such request(s) when we decide that the verification is complete and ample. We may not charge the User more for exercising any of the aforementioned data rights, but, if the User’s request or exercising of their right(s) is excessive or unreasonable, we may, at our sole discretion, charge the User according to a fee scheme that we determine is suitable or is determined after a compromise between us and the User is formed. If the User opts out of our collection and use of their User Data or deletes their User Data to a point that renders our provision of the Service impracticable, the User thereby terminates their subscription and may, if applicable, become entitled to a refund (in accordance with the Refund policy in our Terms of Use).

​

Response timing

We shall attempt to respond to, or act on, any contact we receive, if answerable, practicable, and reasonably sent, within a reasonable time after receipt, but not more than seven (7) calendar days after our receipt of the contact. If we require additional time to form a response, act on a request, or verify anything thereof, we shall notify the User of our need for additional time, how much additional time is needed, and our reason for such.

​

The User shall not expect a response to, or action on, questions or requests that are unconscionable, impracticable, not answerable, or not sent in a reasonable manner.

 

Minors

The Service and the User’s subscription to the Service are not intended for, and shall not be used by, Minors. We do not knowingly collect, process, use data from, nor provide the Service to Minors; if it comes to our attention that we have done any of the aforementioned, unless otherwise required by applicable law, we shall cease our collection of the data and provision of the Service and delete said data without notice to anyone, to which our Refund policy (in our Terms of Use) shall still apply.

​

If any individual (e.g., the parent or legal guardian of the Minor whose data we have collected, processed, used for Service provision, and/or used for other purposes mentioned in our Terms of Use) has reason to believe that we have done so, they shall contact us about such.

​

Governing law

This Privacy Policy and the User’s rights and obligations shall be construed according to and governed by the laws of the United States of America and (insofar as such law shall not apply) the State of New York, without regard to its conflict of law provisions.

 

California provisions

The provisions and rights noted in this subsection shall only apply to the User if they are located in the State of California.

If the User is located in the State of California, we process their User Data in accordance with the California Consumer Privacy Act, California Privacy Rights Act, or California Online Privacy Protection Act, whenever the Governing law section shall not apply. The User shall have the right to receive a notice of our practices at, or before, the collection of their User Data.

 

If the User exercises their rights under the California Consumer Privacy Act, California Privacy Rights Act, or California Online Privacy Protection Act, we will not provide discriminatory treatment to the User.

 

For any requests the User makes under this section, the provisions in the Response timing section shall apply. The User may also designate an authorized agent to make a request on their behalf, for which the User must provide us with either written permission of the agent to act on the User’s behalf or a signed power of attorney. In this process, we must also verify valid government-issued identification of the User and the agent.

 

Notice to the User that is located outside of the United States of America

If the User is located outside of the United States of America, they shall be aware that whatever information we receive from their use may be transferred to the United States of America, or some other country with plausibly different laws from wherever the User is located, and shall thereby consent to our and our Service Providers’ data and privacy practices, upon using our Website, Service (if applicable), and/or communication channel(s).

 

Severability

If a provision of this Privacy Policy is determined invalid, illegal, or unenforceable by a court of competent and applicable jurisdiction, such provision shall be severed and the validity, legality, and enforceability of the rest of its provisions shall not be affected.

 

Contacting us

If the User shall have any questions about this Privacy Policy, any other matter, or want to exercise any of their rights, they shall contact us by:

• email, at support@greensheet.org.

 

Changes to this Privacy Policy

We may update this Privacy Policy. When we make changes to this Privacy Policy, we may provide the User with a notice of the changes before said changes become effective.

 

The User’s continued use of the Service constitutes the User’s agreement to the updated Privacy Policy.