OpenApply Schools Directory at search.openapply.com is a website made available by ManageBac LLC.
ManageBac LLC 548 Market St. #40438, San Francisco, CA 94104 USA and its subsidiaries, affiliates, successors or assigns “OpenApply”. “we,” “us,” or “our,” the operators of the Website.
“Parent Member” or “Parent Membership” means an individual who has created an account to use the Service, and their licence to access this Service and associated login information (such as a login email and password).
“Membership” means an individual’s licence to access our service and associated login information (such as a login e-mail and password), as authorised.
“Parent” means a parent or legal guardian of a Student, as the case may be. “Parental” shall be interpreted accordingly.
“Service” refers to the services provided through the Website.
“School” refers to a school, school district, or institution, which are primary account subscribers to the Service.
“Student” means a student or potential applicant to a School invited to use the Service by a Parent Member.
“Website” means our website school.openapply.com.
“OpenApply Platform” means other sites at openapply.com and all other subdomains of openapply.com with the exception of directory.openapply.com.
1.2 Terms. These Terms of Service should be read as a whole with the other Terms and Policies, and provide the exclusive terms of the relationship between OpenApply and you as a (1) Parent Member, or (2) any other users of the Website who do not have an account (“Visitor”). With the exception of a valid signed written agreement between a Member and OpenApply, nothing outside the terms published in our Terms and Policies shall constitute part of any agreement between OpenApply and you relating to your use of the Service. Any previous version of these Terms and Policies is superseded by these Terms and Policies. These Terms and Policies do not apply to Schools, School’s relationship with OpenApply is governed by the Terms & Policies at openapply.com/terms and any Scope of Services Agreement signed between the School and OpenApply.
1.3 Subject to Change. We reserve the right to update and change our Terms of Service on 14 days’ notice. Any new features that augment, enhance, or change the current Service, including the release of new tools and resources, shall be subject to our Terms of Service. Continued use of the Service after any such changes shall constitute consent to such changes. Our current version of the Terms of Service is available at the Terms and Policies page of the Website.
1.4 Violations. Violation of any of these terms by you may result in the termination of (1) your account and/or denial of your ability to access the Website without notice. OpenApply reserves the right to bar use of the Service by any person or entity that has violated the Terms of Service at any time.
1.5 Disclaimers. To the full extent permitted by law, you agree to use the Service on an “as is” basis and understand that OpenApply is not responsible for prohibiting or regulating in any way any information or data provided or transmitted by the Website (“Content“), or provided or transmitted by you or any other person. You confirm and agree that OpenApply shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data or other intangible losses. This is regardless of whether OpenApply has been advised of the possibility of such damages, whether or not resulting from: (i) the use or the inability to use the Service; (ii) the unauthorized access to or alteration of your transmissions or data; (iii) statements or conduct of any third party on the Service; (iv) termination of your account; and/or (v) any other matter relating to the Service.
1.6 OpenApply does not warrant that the Service will meet your specific requirements or that the Service will be uninterrupted or error-free. We shall not be liable for and make no warranties in relation to the Website or its functionality, Content or capabilities of the Website, to the fullest extent that such liabilities can be excluded by law.
1.7 Content. We provide all information on our Website free of any access charge other than our charges to Schools. The information provided on our Website is provided on the basis that we accept no liability for any of the information published.
1.8 Parent Members shall:
i. Ensure that information contained in anything sent to OpenApply is accurate and does not breach any third parties’ rights including trade mark, database right, copyright or other intellectual property rights nor is libelous, obscene, menacing, threatening, bullying, offensive, abusive, fraudulent, pornographic, criminal nor infringes the rights of other people such as privacy rights or is in any way illegal or unlawful;
ii. Verify the accuracy of any information before sending it to us; and
iii. Ensure that information provided on the Website complies with all applicable laws and, by posting information, agrees to indemnify us in full on request and continue to indemnify us on request against any claim or liability arising in connection therewith.
1.9 OpenApply reserves the right to reject any information published to the Website without notice.
1.10 Any views expressed in messaging facilities after you login are not those of OpenApply.
1.11 We make no statement and provide no warranty that Content is accurate, up to date or complete and we accept no liability for any loss or damage caused by anything inaccurate or misleading which without limitation, may contain statistical data which may have inaccuracies or errors. If you find that information on the Website is not accurate, please inform your School in the first instance to have information corrected.
1.12 Nothing in these terms and conditions shall exclude or limit our liability for fraud, personal injury or death caused by our negligence, or for any other liability which cannot be excluded or limited under the laws of State of Delaware or under English law (as per clause 9.5 below). Other than the foregoing, all warranties, guarantees or benefits implied or provided by law are excluded to the fullest extent possible and with an absolute limitation of liability capped at the value of the School’s annual subscription fees.
1.13 If any agreements or arrangements are made by you with any third party as a result of your use of the Website, they are and remain entirely at your own risk.
1.14 Security. You will ensure at all times that (1) you do not share your designated password with any other person, (2) you maintain active and effective security measures to protect the integrity and security of your and our computer systems. You will be responsible for loss and damage suffered by us where any third party abuses the services using your login details and/or computing environment, including hardware and software.
1.16 All disputes between the parties arising out of or relating to these terms or the breach, termination or validity thereof shall be referred by either party in writing, first to each party’s representative. The representatives shall meet and attempt to resolve the dispute within a period of thirty (30) working days from the date of referral of the dispute to them.
2.1 The Website describes the Services which are available. For more information please refer to the Website for details of the services available.
2.2 Generally speaking, our services revolve around providing Parent Members with an online system to facilitate and streamline the admissions, and enrolment process by providing access to School information such as admissions procedures, forms, deadline dates, and other information relevant to the admissions & enrolment process, as well as acting as a communications medium to facilitate the admissions, enrolment and re-enrolment process between Admissions Directors, Staff and Members.
2.3 Administrators, Admissions Directors and Staff employed by Schools determine the scope and nature of the information to make available to Students and Parents.
3. Account Terms: Child Online Privacy Protection Act Compliance
3.1 Before a Student of 13 years of age or less may use the Service or a School facilitates access to a Student (separately to a Parent), the Parent MUST provide a signed copy of the Form of Written Parental Consent (“Parental Consent“) to the school.
3.2 The School is responsible at all times for obtaining Parental Consent, and is wholly responsible for verifying that a parent or legal guardian is properly identified, that the Parent has properly authorised a Student’s access, and has in fact signed the Parental Consent, before signing up or causing to sign up any Student for an account.
3.3 The School must provide a copy of the signed Parental Consent to OpenApply within 7 days of a request made in writing.
3.4 To the maximum extent permitted by law, and in addition to any other indemnification mentioned in these Terms of Service, the School agrees to fully indemnify OpenApply on request and keep OpenApply indemnified on request with regard to any claim, if the suit involves claims arising directly or indirectly from failures to comply with this paragraph. The fact that a cause other than a failure to comply with the foregoing paragraph may have contributed to the harm alleged in such suit or proceeding will not in any way diminish the scope or force of this indemnification, even if such other cause is OpenApply’s own failure or negligence.
4. Payment Terms
4.1 Parent Members are not required to pay for access to the Website.
5. Cancellation and Termination
5.1 A Parent Member may cancel their Parent Membership of the Website at any time by clicking “Deactivate My Account” or ask OpenApply to do so by e-mailing us at firstname.lastname@example.org with the subject line “Cancellation Request”.
5.2 All Content stored in the Parent Member account will be unavailable to Parent Members from the time they confirm to “Deactivate My Account” or instruct us to process the cancellation request. As a convenience, we can revoke a cancellation within one month of the deactivation or cancellation processing. The Content of a cancelled Parent Member account will be irrecoverably deleted within 18 months of notification of cancellation. Any Content which has been submitted to a School will not be deleted upon a Parent Member cancelling their account, this data is under the control of the School and subject to the policies of that School. OpenApply shall not be required to delete all or part of the content, data, etc that it is legally permitted to retain.
5.3 OpenApply reserves the right to terminate a Parent Membership account of the Website which has not been accessed for an extended period. An email notification will be sent to the Parent Member in advance of the termination, to ask a Parent Member to login before a specified date, if they do not want their account to be terminated. Parent Memberships terminated per this clause 5.3, will have Content deleted per 5.2 above.
5.4 Once a Parent Member has used the Service to submit an application or enquiry to a School which uses the OpenApply Platform, they will become a Member under Terms & Policies of the OpenApply Platform at openapply.com/term.
5.4 We may terminate the Service upon 180 days’ notice in writing for our own convenience.
5.5 Misuse of the Service, by a Parent Member, may result in permanent and/or temporary suspension or termination of the their account (at OpenApply’s sole discretion) without notice if problems are not addressed to the satisfaction of OpenApply.
5.6 OpenApply reserves the right to refuse the Service to anyone at its own unfettered discretion.
6. Modifications to the Service
6.1 OpenApply shall not be liable to you or to any third party as a result of any modification, suspension or discontinuance of the Service, loss of data, or any consequence thereof whatsoever.
7. Copyright and Content Ownership
7.1 Unless otherwise stated below, OpenApply owns all intellectual property rights vesting in the Website.
7.2 OpenApply claims no intellectual property rights to Content published and/or loaded to the Service by Parent Members or Schools.
7.3 Subject to the consent of the relevant School, Parent Members may download material from the Website for their sole purpose of retaining copies for your own personal use alone, subject to rights granted by others to you. The Service is made available to Schools and Parent Members for school administration, admissions, and marketing functions, not for any other purpose, and you shall not access the Service for any other purpose without the written permission of OpenApply.
7.4 You may not modify, adapt or hack the Service or Website. You may not link to the Website from an external site so as to falsely imply that it is associated.
7.5 Any hypertext links to other sites, which appear on the Website are operated by third parties and use of such a link means you are leaving the Website. We are not responsible for, and give no warranties, guarantees or representations in respect of linked sites or information upon them.
7.6 “OpenApply Schools Directory”, “ManageBac”, “OpenApply”, “Atlas”, “AtlasNext”, “SchoolsBuddy”, “ClubsBuddy”, “CommsBuddy”, “SummerStart”, “BookJetty” and our logos are trade names of Faria Education Group Ltd. You may not use these names or similar variants without our written consent.
8.1 To the maximum extent permitted by law, the Parent Members agree to hold harmless and indemnify OpenApply, and its subsidiaries, affiliates, officers, agents, and employees from and against any third party claims arising from or in any way related to use of the Service or Website, including any liability or expense arising from all claims, losses, damages (actual and consequential), suits, judgments, litigation costs and attorneys’ fees, of every kind and nature. In such a case, OpenApply will provide the Parent Members with written notice of such claim, suit or action.
8.2 Additionally, and to the maximum extent permitted by law, the School agrees to fully indemnify OpenApply with regard to any suit or proceeding for damages, if the suit involves claims arising directly or indirectly from your failure to comply with its obligations under the Child Online Privacy Protection Act Compliance paragraphs of these Terms of Service. The fact that a cause other than your failure to comply with such obligations may have contributed to the harm alleged in such suit or proceeding will not in any way diminish the scope or force of this indemnification, even if such other cause is OpenApply’s own failure or negligence.
9. General Conditions
9.1 You may not assign or transfer your rights or licences granted under this Agreement. OpenApply may assign, sub-contract or sub-let this Agreement or any part thereof.
9.2 In the event that any (or any part) of these terms, conditions or provisions shall be declared invalid, unlawful or unenforceable such terms (or parts), conditions or provisions shall be severed. The remaining terms (or parts), conditions or provisions shall continue to be valid and enforceable to the fullest extent permitted by law.
9.3 You understand that the technical processing and transmission of the Service, including Content, may occur in an unencrypted form if SSL is not enabled on your computer, and result in transmissions over the Internet, which may be intercepted by others. Loss of SSL may also result from changes in transmissions between networks to conform and adapt to technical requirements of connecting networks or devices. Please look for the SSL notification in the address bar of your browser to ensure that SSL is active during your session.
9.5 These Terms of Service will be governed by and construed in accordance with (i) the laws of the State of Delaware, without giving effect to its conflict of laws provisions if you are resident in USA or Canada, or (ii) English law if you are resident in the European Economic Area or elsewhere. Non-contractual claims shall be governed by the same system of law. Any claims, legal proceedings or litigation arising in connection with the Service will be brought solely (i) in Wilmington, Delaware, if you are resident in USA or Canada, or (ii) England if you are resident in the European Economic Area or elsewhere, and you irrevocably submit to the jurisdiction of these Courts.
10. Questions & Contact Information
Any questions about this Terms of Service agreement should be addressed to email@example.com; or by mail to:
548 Market St. #40438,
CA 94104 USA
+1 (415) 670-9038
Use of this website search.openapply.com and all authorized services and facilities provided through it or in relation to it by any School or other institution shall be according to our Terms and Policies.
1.2 To use the Service you must:
a. be at least 13 years of age;
b. have the written consent of your School, if you are a School Member.
c. Provide your legal full name, a valid email address, and any other information requested in order to complete the account registration process, and keep them up to date if your circumstances change.
d. Maintain the security of your account and password;
e. Observe proper security practices on your local computer and/or devices used to access the Service, including using up to date virus protection and a firewall, and other reasonable security measures as may be reasonable in the circumstances which you access the Service. We are not liable for any loss or damage resulting from your failure to comply with your security obligations.
f. Be a human, please. Accounts registered by “bots” or screen scrapers and/or other automated means are not permitted and access will be terminated without notice.
1.3 We not do not create the Content published to the Website; we simply publish it for your School and you in order to facilitate and streamline your admissions and enrolment process online. Your School are jointly and severally liable for all use, Content and activity on this Website which relates to you and your account, and thus take full responsibility for all actions by others accessing the Service and/or the Website using your details whether you have authorised them to do so or not and indemnify us accordingly.
1.4 One person may not have more than one Parent Member membership or Schools Member membership.
1.5 You may not use the Service for any illegal or unauthorized purpose. See our Terms of Service for more information.
2. Cancellation and Termination
2.1 Parent Members may at any time cancel their access to this Website. Schools may at any time cancel School Member access to this Website. When your access is cancelled, all of your Content and personal information will be deleted from our Service within 18 months.
2.2 A School may at any time cancel its account with us, and we may cancel a School’s account with 180 days’ notice. In the event your School’s account is cancelled for any reason, School Member content will be deleted without notice to you. Please make sure you keep copies of all of the information published to the Website relating to you, whether or not you upload it yourself.
3. Questions & Contact Information
548 Market St. #40438,
CA 94104 USA.
+1 (415) 670-9038
Global Privacy Notice for OASD
As a leading provider of integrated education systems, the privacy and security of individuals about whom we process personal data is critical to us. Unless otherwise defined in this notice, any capitalised terms used has the meaning given in the Terms of Service for Schools or Parents, as appropriate. This Global Privacy Notice (“notice”) explains how we manage and protect your personal data (referred to as “data”) when you visit our Website (a “Visitor”) or as a Parent Member. This notice applies to Visitors, Parent Members and School Members. Per the Terms of Service, once a Parent Member submits an application to a School their account will automatically convert to a Membership under the OpenApply Website which is governed by the Terms & Policies https://www.openapply.com/terms including the Global Privacy Notice available at https://www.openapply.com/terms/privacy-policy
This notice tells you who we are, what data about you we collect in connection with our website and services, and what we do with it.
To learn more about our approach to privacy law compliance and data security more broadly, please visit our GDPR page here.
Who are we?
ManageBac LLC (“OpenApply”, “we, “us”) is part of Faria Education Group. OpenApply Schools Directory is a modern online admissions office supporting every stage of the applicant journey from enquiry to enrolment. Our cloud-based interface works seamlessly across devices for both families and staff, streamlining the process and reducing stress. Today OpenApply supports over 350 schools in over 70 countries. We are responsible for managing your data in connection with our services.
Details of how to contact us can be found below at Who should you contact with questions?
What data about you do we collect?
We use various types of data about you for purposes connected with the management of our website or the delivery of our learning platform services.
We may collect and process the following information about you in order to provide you with our website or services:
- We will collect and process the information you provide to us if you register for a demonstration, trial account, blog or webinar, which includes your name, email address, phone number, and other information collected to provide the website or services. We will also process your name and email address to send you email messages about our newsletters, product updates and other marketing materials. We will only send you such email messages as permitted under applicable law and in line with your marketing preferences which you can update at any time as described below.
We may collect and process the following information in order to provide your school with our services:
- your name, title, business telephone number, details about the school you represent, details about your position at the school (e.g., subjects you teach or how long you have worked at the school) and e-mail address used during our registration process in order to communicate with you in relation to the provision of learning platform services to your school.
- responses to our surveys you choose to take.
- your e-mail address to send email marketing to you, including our newsletters and updates as permitted under applicable law and in line with your preferences.
- details of your interactions with us when you contact us with enquiries through our online customer support, or via telephone or email.
We may collect and process the following information:
- information captured in your account, provided by you on behalf of yourself and your Student, including information such as name, email address, nationality, date and place of birth, gender, language, national ID, in order to provide services to you.
- email address in order to request survey responses or feedback from you in relation to future product developments and educational plans.
- feedback and responses to our surveys you choose to take.
- details of your interactions with us when you contact us with enquiries through our customer support system online, or via telephone or email.
For what purposes do we use data about you, and on what legal basis?
Throughout your use of our website and/or our provision of services to you or a school, we use data about you for various purposes.
The purposes for which we use data about you, with corresponding legal basis for use, are set out below:
|Purpose||Legal basis for processing|
Management of our website
e.g. site maintenance and analytics of website usage (which will include the sharing of data with Google Analytics).
|It is our legitimate business interest to manage and develop our website.|
Fulfilment of online services
e.g. registering for a demonstration, webinar, blog or trial account.
|We process your data in order to provide you with the online service which you have requested. Our processing is based on your consent.|
e.g. to send you marketing emails relating to product updates and other services we think you may be interested in
|We either rely on your consent or our legitimate business interest to send email marketing to you depending on how we collected your personal data and the nature of our relationship. Any email marketing will only be sent to you as permitted by applicable law and in accordance with your preferences which you can update at any time as described below.|
|Legal & regulatory compliance and compliance with law enforcement requests||In some instances, we will be required by law to process your personal data and share it with law enforcement or other government or regulatory bodies. We may also choose to do so in other circumstances, in accordance with our legitimate interests.|
|Purpose||Legal basis for processing|
Customer support activities
e.g. interacting with you via our online customer support or by phone, e-mail
It is our legitimate business interest to provide customer support to School Users in order to provide the learning platform services to schools.
Provision and management of learning platform services to school
e.g. managing requests, curriculum standards, managing user accounts, submitting a PO, handling invoices, etc.
It ib our legitimate business interest to provide and manage the learning platform services we provide to schools.
e.g. to send you marketing emails relating to product updates other services we think you may be interested in
We either rely on your consent or our legitimate business interest to send email marketing to you depending on how we collected your personal data and the nature of our relationship. Any email marketing will only be sent to you as permitted by applicable law and in accordance with your preferences which you can update at any time as described below.
Sharing data with other third parties
Please see “Who do we share data with and for what purpose?” below.
It is our legitimate business interest to share data with third parties to assist with the purposes described below.
Legal and regulatory compliance and compliance with law enforcement requests
In some instances, we will be required by law to process your personal data and share it with law enforcement or other government or regulatory bodies. We may also choose to do so in other circumstances, in accordance with our legitimate interests.
|Purpose||Legal basis for processing|
Providing our services
e.g. enabling you to save a draft application form
As part of creating an account to access the services users consent to the processing data and this may be withdrawn at any time.
Conducting statistical analyses for reporting
e.g. to conduct data analyses that enables us to improve and develop our services
It is our legitimate business interest to improve our learning platform services through the use of statistical analyses and reporting.
Customer support activities
e.g. interacting with you via our online customer support or by phone or e-mail
It is our legitimate business interest to provide customer support.
Feedback and surveys
e.g. to request survey responses or feedback from you in relation to future product developments and educational plans
It is our legitimate business interest to gather feedback and survey results to improve user experience and develop improved services. We store this data in anonymised form.
Sharing data with other third parties
Please see “Who do we share data with and for what purpose?” below.
It is our legitimate business interest to share data with third parties to assist with the purposes described above
In the case of sharing data to a School, this only done with your specific consent.
|Legal & regulatory compliance and compliance with law enforcement requests||
In some instances, we will be required by law to process your personal data and share it with law enforcement or other government or regulatory bodies. We may also choose to do so in other circumstances, in accordance with our legitimate interests.
Please note that we do not process any special category data about you (e.g., information of race or ethnicity) for our own purposes. You may be requested to provide such information by your school which may be passed to us for processing but we do not use it for any other purpose.
In some instances, we may use personal data about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such us and consent if required. You should read any supplemental notice in conjunction with this notice.
Who do we share your data with, and for what purposes?
We share data across our Group for various purposes such as:
- Customer support activities (e.g. our online support or contacting us via our e-mail or telephone) may be undertaken by our offices in China, Taiwan, UK, Canada or the US depending on your school’s location and the time of the day of your inquiry.
- Management of learning platform services (e.g. bulk process requests, importing curriculum standards, importing users) will be processed in China, Taiwan or Ukraine.
- Billing inquiries (e.g. submitting a PO, handling invoices, etc.) will be processed by our offices in Hong Kong and Taiwan.
- System usage and platform hosting is provided from our offices in Canada.
Sharing data with third parties
- If you are a School Member or Parent Member, we may share data with education partners as instructed to do so by you or your School, such as other schools system providers who are our integration partners.
- If you are a Parent Member, we will share data with Schools as instructed to do so by you in the process of submitting an application or enquiry.
- We may share data about you with our third-party service providers, such as IT providers or customer support services. A list of our Subprocessors can be found here
- We may share anonymised data, feedback and survey results with third-party service providers, such as other school systems for research purposes.
- We may share data about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials;
- We may share data when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal purpose; and
- We may share data in the context of organisational restructuring
If you would like to learn more about the parties with which we share data, please contact us using the details below at Who should you contact with questions.
Where might your data be processed?
As with any multinational organisation, and as a result of the global nature of our services, we are often required to transfer data internationally as described above. Accordingly, data about you may be transferred both within our Group and to third parties internationally.
These countries may not have the equivalent data protection standards to the country in which you provided your data. We will ensure that we implement appropriate data transfer mechanisms to protect your personal data. If data is transferred outside the EU, we will only transfer such data on the basis of a European Commission adequacy decision, the EU Model Clauses, or the US-EU Privacy Shield (where data is transferred to the United States).
OpenApply in the US is certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield which provides the relevant transfer mechanism for any transfers to our entities in the US.
If you would like to receive a copy of the information relating to the safeguards we put in place, please contact us using the details below at Who should you contact with questions.
How do we protect your data?
Faria Education Group is certified to the ISO27001:2013 standard and implement appropriate technical and organisational measures to protect personal data that we hold from unauthorised disclosure, use, alteration or destruction. Our standard protocols include:
Application security: traffic encryption, strongly hashed passwords, safeguards against vulnerabilities such as cross site scripting, SQL injections, phishing and others.
Network security: firewalls and systems to detect suspicious behaviour, stop malicious attempts to gain access, or compromise the resilience of the service (e.g. DDOS attacks).
Organisational security: access policies, audit logs and confidentiality agreements.
Physical security: preventing unauthorized access to infrastructure processing personal data.
Procedural security: IT management processes to minimize the risk of human errors, or testing regimes to identify software weaknesses before releasing new features to our cloud services, or policies to ensure data is only processed on instruction from our customers.
How long will data about you be kept?
The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested the deletion of the data, and whether any legal obligations require the retention of the data (for example, for regulatory compliance).
We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected.
What rights do you have over your data?
Depending on where you are resident, you may have some or all of the following rights under applicable law in respect of data about you which we hold:
- request us to give you access to it, and have us provide you with a copy of any data we hold about you
- request us to rectify or update it
- request us to erase it in certain circumstances
- request us to restrict our using it, under certain circumstances
- object to our using it, in certain circumstances
- withdraw your consent to our using it, where our processing is based on consent
- data portability, in certain circumstances
- opt out from our using it for email marketing. You may opt out by clicking on the unsubscribe link in the email marketing messages we send you or by contacting us as set out below and we will always comply with this request; and
- lodge a complaint with the supervisory authority in your country (if there is one).
You can exercise these rights, or learn more about them, by contacting us using the details below at Who should you contact with questions?
We may be required to confirm your identity before we action any request from you in connection with your data. This may involve asking you to provide identification documents.
Who should you contact with questions?
If you have any questions, or wish to exercise any of your rights, then you can contact our Data Protection Officer at firstname.lastname@example.org.
If your country has a supervisory authority, you have a right to contact it with any questions or concerns. If we cannot resolve your questions or concerns, you also have the right to seek judicial remedy before a national court.
Changes to this notice
We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.
Last modified on July 1, 2020
548 Market St. #40438
San Francisco, CA 94104 USA
Telephone: +1 (866) 297-7022 Fax: +1 (866) 393-2876
We respect the privacy of children, and do not collect any more personal information than reasonably necessary to enable them to participate in the activities we offer at our Website.
With respect to our online information collection practices from children under 13 years of age: We collect the following types of personal information directly from children online:
- E-mail address
- First and last name
- Identifiers such as information held in a cookie
- A cookie is a small amount of data, which often includes an anonymous unique identifier, that is sent to your browser from a web site’s computers and stored on your computer’s hard drive.
- Cookies are required to use the Service.
Please note that parents may consent to the collection and use, discussed below, of the information listed above without necessarily consenting to the disclosure of personal information to third parties.
With respect to the collection by other organizations of personal information from children at our site, we do not have any agreements with outside organizations to collect personal information at our site.
Use and Sharing of Information
The information we collect from children is used:
- For record keeping
- To enable them to participate in certain functions of our site, such as use of chat and messaging functions between students and between teachers and students.
We do not have any agreements with outside organizations to collect personal information at our site, and we do not share children’s personal information with anyone other than those who provide support for the internal operations of the Web site and our agents (e.g., contractors who provide fulfillment services or technical support to the Web site). All third parties with whom we share information have agreed to maintain security and integrity of personal information, and have agreed not to use the personal information.
In order for a child under the age of 13 to use the Website, we must obtain verifiable parental consent to the information collection practices disclosed in this COPPA Compliance Policy. Such consent is generally to be collected by the School which provides access to the Website for its students. We may not condition a child’s participation in a service or activity on more disclosure than is reasonably necessary.
Parents can (1) review the information that we have collected from their children online, (2) prevent the further use or maintenance of such information, and (3) direct the deletion of their children’s personal information by:
- Calling us at the telephone number provided above
- E-mailing us at the above email address
- Writing to us at the above address, or
- Contacting the School
Service Level Agreement
What is the Service Level Agreement?
The Service Level Agreement is our commitment to customers using OpenApply regarding the service we will provide. Please get in touch using the contact details below if you have any questions about this agreement.
- Bug Fixes
- 99% system uptime
- A 24-hour max response time for all support requests
- A pledge to protect privacy and safeguard data with daily local backups
- SSL-encryption for all sub-domains
We do not support:
- Network issues (e.g. Internet access failure)
- E-mail Administration
- Administrative Tasks (e.g. Approving your student’s CAS activities)
Planned maintenance (down-time) related to the Services will be communicated to the School on prior written notice. The School acknowledges that in certain circumstances, such as security threats, or where emergency or otherwise unplanned maintenance is required, OpenApply may only be able to provide the School with very short notice periods, or no notice being given by OpenApply at all.
Questions & Contact Information
Any questions about this Service Level Agreement should be addressed to email@example.com or by mail to: ManageBac, LLC. 548 Market St. #40438, San Francisco, CA 94104 USA.
EU – US Privacy Shield and Swiss – US Privacy Shield
ManageBac LLC (“OpenApply”) respects individual privacy and values the confidence of its customers, employees, consumers, business partners and others.
OpenApply strives to collect, use and disclose personal information in a manner consistent with the laws of the countries in which it does business, and prides itself on upholding the highest ethical standards in its business practices. This EU-US Privacy Shield and Swiss – US Privacy Shield Policy (the “Policy”) sets forth the privacy principles that OpenApply follows with respect to personal information transferred from the European Union (EU), the United Kingdom (UK) and / or Switzerland to the United States.
The United States Department of Commerce and the European Commission and the Swiss Administration, respectively, have agreed on a set of data protection principles and frequently asked questions (the “Privacy Shield Framework”) to enable U.S. Companies to satisfy the requirement under European Union and Swiss law that adequate protection be given to personal information transferred from the EU and Switzerland to the United States. Consistent with its commitment to protect personal privacy, OpenApply adheres to the Privacy Shield Principles.
This Privacy Shield Policy (the “Policy”) applies to all personal information received by OpenApply in the United States from the European Economic Area and the United Kingdom, and Switzerland, respectively, in any format including electronic, paper or verbal.
For purposes of this Policy, the following definitions shall apply:
OpenApply is owned and operated by ManageBac LLC, a Delaware limited liability company in the USA.
“Personal information” means any information or set of information that identifies or is used by or on behalf of OpenApply to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
“Sensitive” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns an individual’s health. In addition, OpenApply will treat as sensitive personal information any information received from a third party where that third party treats and identifies the information as sensitive.
Notice and Choice
For Parent Members: our Global Privacy Notice describes the categories of personal data we may receive, as well as the purposes for which we use that personal data. It also provides information on third parties with which we may share data.
We will only process personal data in ways that are compatible with the purpose we collected it for, or for the purposes you later consent to. Before we use your personal data for a purpose that is materially different than the purpose we collected it for or that you later consented to, we will provide you with the opportunity to opt-out. Any transfer of Parent Member data to a school will only be done with the express consent of a Parent Member. We maintain reasonable procedures to help ensure that personal data we collect and use is reliable for its intended use, accurate, complete, and current, including allowing Parent Members to update their own personal data.
For School Members: OpenApply enters into Service Agreements with its Clients in the European Union and the United Kingdom, and Switzerland which may include the processing and/or storage of information relating to their Clients’ staff. In these agreements, the Client agrees and recognizes that it is the ‘data controller’ for the purposes of data protection legislation. This means that our EU, UK and Swiss Clients are responsible for complying with the data protection legislation in the relevant Member State, UK and Switzerland national law before it sends its customer data to OpenApply for processing and/or storage. This includes informing individuals about the choices and means they offer individuals for limiting the use and disclosure of their personal data. In order to exercise their rights under this principle, the individual must reach out to their School (our Client), as data controller Any data processed or stored by OpenApply is only disclosed to third parties at the request and direction of its European, UK and Swiss Client as the data controller, in accordance with the choices made by the individuals to whom such personal information relates, or when required by law. Any information that our EU, UK and Swiss Clients identify as sensitive will be treated as such.
OpenApply has a Compliance Manager who is responsible for the internal supervision of OpenApply privacy policies. OpenApply also has technicians to handle data security. OpenApply continuously educates its employees about compliance with the Privacy Shield Principles and has self-assessment procedures in place to ensure its compliance. OpenApply participates in the EU – US Privacy Shield Framework and Swiss – US Privacy Shield Framework as set forth by the United States Department of Commerce.
Information Gathering and Usage:
OpenApply will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
We use the information provided and that we collect to improve the content and quality of the Service, error correction, improving our marketing, and for administrative purposes.
Your use of the Service results in collection of audit log records, which are collected through third party solutions. These facilitate providing the Service, through web hosting companies or by using analytics providers. This allows us to monitor system and application performance, to track usage activity and to enable our support team to provide you with a professional standard of service when you have any issue.
In the course of providing the Service, we use the information provided to:
a. Process account registration;
b. Monitor system performance and collect aggregate analytics;
c. Compile a Parent Member profile and the data provided into an application form;
d. Submit the application form to a School, when instructed to do so by a Parent Member;
Access Personal Data
If your personal information changes, you are able to login to keep it up to date by changing your profile. If you no longer wish to receive the Service or if you find that information on the Website is not accurate and you cannot update it, if you are a Schools User please inform your School in the first instance, if you are a Parent user please contact firstname.lastname@example.org. You may email us at email@example.com if you continue to have concerns. If you do not receive a response to your email to us within 7 days please call us or write to:
Postal Mail: 548 Market St. #40438, San Francisco, CA 94104
OpenApply shall bear liability in cases of onward transfer.
OpenApply will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that OpenApply determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel. OpenApply is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Contact information for the European Data Protection Authorities (DPAs) in your member state is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Contact information for the Swiss Federal Data Protection and Information Commissioner is available here: https://www.edoeb.admin.ch/?lang=en
Client Data Storage:
OpenApply complies with the EU – US Privacy Shield Framework and the Swiss – EU Privacy Shield Framework as set forth by the Department of Commerce regarding the collection, use, and retention of data from the European Union, United Kingdom, and Switzerland.
Postal Mail: 548 Market St. #40438, San Francisco, CA 94104
Changes To This Privacy Shield Policy
This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. A notice will be posted on OpenApply’s web page: https://www.openapply.com/terms/privacy-shield/
Effective Date: July 1, 2020
To learn more about the EU – US Privacy Shield Framework and Swiss – US Privacy Shield Framework, and to view the certification of ManageBac LLC, ManageBac Inc. and Rubicon West LLC, please visit: https://www.privacyshield.gov/
General Data Protection Regulation (GDPR)
The General Data Protection Regulation, known as GDPR, went into effect on May 25, 2018. It is the most sweeping legislation in the last two decades focused on data security and privacy, and significantly updates, extends, and harmonises data protection legislation across the EU/EEA.
To read more about GDPR, please click here.
OpenApply is committed to data privacy and welcomes the new regulation. OpenApply Schools Directory (OASD)has been built to meet the requirements for GDPR compliance
Who is subject to GDPR?
Individuals, organisations and companies that control or process personal data are subject to GDPR. In broad terms, there are three different actors:
- Data subjects (students, families, school employees)
- Data controllers (the school, and in some instances OpenApply through OASD)
- Data processors (systems like OpenApply Schools Directory)
As a data processor for Schools, we do not decide the purpose or lawfulness of the data we process and store. We are trustees acting on our customers’ behalf. As data controllers, schools remain ultimately responsible for documenting and deciding how data enters our systems. However, GDPR regulations do impose new and stricter regulations on processors. We will fully comply with these requirements for all of our services, including ManageBac OpenApply Atlas, and Integration partners.
As a controller for some data in OASD, OpenApply are responsible for documenting and deciding how that data enters our systems.
How is GDPR different from current data protection laws?
Key areas of difference center on increased accountability for companies, greater access to personal data for individuals, and higher penalties for non-compliance.
GDPR explicitly lays out key rights of data subjects:
- right to be informed
- right of rectification
- right of erasure
- right to restrict processing
- right of data portability
- right to object
- right of access
These rights form the framework for interactions between the data subject, controller, and processor. While the controller (school) remains responsible for respecting these rights, the processor (us) may assist in accomplishing these tasks.
The penalties for non-compliance are not insubstantial. A school found in violation of GDPR may be assessed fines worth up to 4% of total annual revenue. The Information Commissioner’s Office (ICO) is responsible for enforcing GDPR and has a broad range of powers to do so.
What kind of data is covered, and what information are schools allowed to collect?
All personal data concerning an individual (data subject) is included under GDPR. Specifically, personal data that allows an individual to be identified — for example name, address, phone number, photo, etc. — is included under GDPR.
Even if personal data has been encrypted, pseudonymised, or anonymized, it may still fall under the scope of GDPR if the data can still be used to identify a specific individual.
Examples of personal data that OASD or Schools collect and store includes:
- E-mail Addresses
- Phone Numbers
- ID Numbers (passport, national ID, SSN)
GDPR specifies six lawful bases for collecting personal data:
- Written contract
- Legal obligation
- Vital interests
- Public tasks
- Legitimate interests
For most Schools, the legal basis for data collection relates to either legal obligations as learning institutions, or to legitimate interests.
In instances where it is a controller OASD, the legal basis for data collection will be consent of the data subject, or legitimate interest.
Most of the bases require that the data processing is necessary, i.e. if you can reasonably achieve the same results and purpose without processing data, then you do not have a lawful basis.
Is OpenApply Schools Directory GDPR-compliant?
Yes. OASD has been designed from the start with personal data protection in mind, and we pride ourselves on offering schools, students, and parents the highest level of security.
How does my school become GDPR-compliant?
We cannot directly advise our schools on GDPR compliance, aside from recommending that you seek legal advice, and appoint a team to review your current data processing practices. Most of our schools in Europe will be required to appoint a Data Protection Officer (DPO), who oversees your compliance requirements and reports directly to senior management.
In general, GDPR requires you to explicitly record and evaluate how personal data is processed and used. At a minimum, you will need to fully review user data end-to-end, justify why you hold it (using one of the legal bases), for how long you will retain it, and conduct a security review. The purpose of every data point you hold must be defined.
When adopting new technology platforms that involve personal data, you will need to perform a Data Protection Impact Assessment (DPIA). You are expected to monitor and ensure that the systems you use are GDPR compliant.
Lastly, because individual rights have been strengthened under GDPR, we strongly recommend making your users aware of their rights, and establishing clear procedures for responding when users exercise those rights.
I have heard that OpenApply is not secure enough under GDPR! Is this true?
GDPR does not specify precise security requirements for cloud-based services. As a data processor, we have a shared responsibility with our schools (controllers) to provide appropriate organisational and technical security, and be able to demonstrate it. GDPR strengthens the liabilities and penalties for companies that are unable to demonstrate those security protocols.
For over a decade, OpenApply has successfully protected data from millions of users. We continue to invest in organisational security, network and infrastructure security, and application security to ensure we can offer world-class security beyond standard requirements. We regularly allow third parties to audit our security measures, and we invite customers to perform their own audits.
We are careful not to provide explicit detail about our security measures but our standard protocols include:
- Application security: traffic encryption, strongly hashed passwords, safeguards against vulnerabilities such as cross site scripting, SQL injections, phishing and others.
- Network security: firewalls and systems to detect suspicious behaviour, stop malicious attempts to gain access, or compromise the resilience of the service (e.g. DDOS attacks).
- Organisational security: access policies, audit logs and confidentiality agreements.
- Physical security: preventing unauthorized access to infrastructure processing personal data.
- Procedural security: IT management processes to minimize the risk of human errors, or testing regimes to identify software weaknesses before releasing new features to our cloud services, or policies to ensure data is only processed on instruction from our customers.
How does OpenApply obtain personal data about users, and how is it used?
User data is submitted to our platforms in three ways:
- directly by the users
- by representatives authorised by the users (e.g. the school technology director obtains data and then uploads it to our platform)
- via an integration with a third-party system
As a processor, we use personal data under our protection only when we receive direct instructions from the School. We import data from third-party systems only under direct instruction from the School. The data stored on our systems belongs directly our Schools, and only a handful of OpenApply staff have access to personal data under strict confidentiality and security. We process personal data independently only if it is vital to the integrity or security of the service, or to analyze or evaluate the quality of the service provided.
As a controller, we use personal data under our protection only when we receive direct instructions from the Parent Member.
Can any of our users request data deletion under the “right to be forgotten”?
Likely not for School Users. A data deletion request is valid only if the lawful basis of the processing is Consent (see above), or if the original purpose is no longer valid.
We strongly recommend that our schools implement clear processes for evaluating these kinds of requests. If a data subject is granted the right to be deleted, OpenApply will, either through our software or our support services, help execute these rights and confirm the deletion.
A Parent Member may request data deletion under the “ right to be forgotten” and OpenApply will, either through our software or our support services, help execute these rights and confirm the deletion.
When does OpenApply delete personal data?
OpenApply deletes personal data when instructed by our Schools or by a Parent Member, or if the contract between us and the School is terminated.
An instruction to delete a School Member can either be manually performed in the platform by a customer representative of the School or upon request to our support team.
When users are deleted in our systems, there are safeguards in place to prevent errors leading to an irreplaceable loss of data. In many cases customers will have to manually confirm the deletion of customer data, including personal data.
Are we required to provide the personal data that we store on a user when requested?
To a limited degree, yes. Users have strong rights to transparency, information, and data access. Any data subject can request a copy of all personal data stored, provided that it does not adversely impact other users, or if the data is not already directly available.
Please note this is not an absolute right. There are other laws in place that require you to protect the data subject and others from accessing certain kinds of information. Again, we strongly recommend that you implement a clear process for evaluating this kind of request.. If you grant a data subject the right of access, we will, either through our software or our support services, help execute these rights.
Our systems were built for transparency across all stakeholder groups, so the majority of data stored about a user is directly accessible via the individual user profile.
Can a user contact OpenApply directly (e.g. student, parent, teacher) to exercise his rights under GDPR?
Yes, Parent Members can.
No, Schools Members cannot. Under GDPR, the data subject (user) rights is between him and the controller (our Schools). Any data subject requests from School Members to OpenApply will be handed over to the customer. OpenApply will cooperate in good faith with customers to ensure they can exercise the rights of the data subjects in a prompt manner.
Does OpenApply send data to third parties?
No, unless we receive instruction / confirmation from a School, Parent Member, or have a legal obligation to do so.
Schools often request that we integrate with a third-party tool or service, or setup this integration directly themselves using our publicly available APIs. We take steps to prevent customers from sending data to 3rd parties without complying with data protection regulations. However, it is important that our customers themselves implement safeguards to ensure that data transfer occurs in adherence with regulation.
Will OpenApply notify users if a data breach has occurred?
Depending on the nature of the data breach, our customers might be required to promptly notify both the users affected and the supervising authorities. OpenApply is required to notify its customers when becoming aware of a data breach, and to help them in fulfill obligations in notifying users. OpenApply will notify Parent Members directly, if required.
Can I require a cloud service provider, like OpenApply, to only host personal data in my country?
One of the GDPR’s primary objectives is the free flow of personal data inside the European Economic Area (EEA), under one common regulation. In most cases, restricting vendors in processing data across the EEA would not be permitted under GDPR.
Does OpenApply process data outside the EEA? Is it allowed to process data outside the EEA?
GDPR does not forbid personal data to flow outside the EEA, but expects that any data processing outside the EEA is done following the same principles.
In addition, controllers or processors that process data outside the EEA must provide detailed information about the nature of the processing. In some cases, they must also allow customers or users to object to the processing.
Note that the European Commission has recognized Canada as a jurisdiction with ‘adequate’ data protection. To learn more, click here.
Does GDPR impact customers outside the EU?
Not legally. The EU, obviously, has no legislative power over other jurisdictions. GDPR does not offer any rights or freedoms to data subjects located outside the EU, and does not put obligations on non-EU customers that do not process data on EU/EEA data subjects.
However, OpenApply offers, for the most part, the same services and same level of security to all our customers. In other words, no matter where your school is located, you will benefit from our approach to security of personal data under GDPR.
Who do I contact with further questions?
For general questions related to OpenApply you can always contact our support team at firstname.lastname@example.org.
For specific GDPR-related questions from our customers, please contact our Data Protection Officer Oleh Khomey. In addition to monitoring our own compliance and providing advice and training to our own staff, our DPO will be available to our customers and their DPOs to discuss data privacy issues.
He can be reached at email@example.com. Please note that any communication with our DPO must be in English.
A cookie is a small file consisting of letters and numbers that we store on your browser or device if you agree. Cookies contain information that is transferred to your device.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into your school’s OpenApply platform.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
You may block cookies by updating the relevant settings on your device or browser to allow you to refuse the setting of some or all types of cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.