Privacy Policy

Welcome to “MEFA Pathway YourPlanForTheFuture,” the Web portal of the Massachusetts Educational Financing Authority (“MEFA”)(referred to as “MEFA Pathway”). MEFA provides this service to you subject to this Privacy Policy relating to the collection and use of personal information. By visiting this website and using the MEFA Pathway services, you agree to be bound by the terms of our Privacy Policy and our Terms of Use.

INTRODUCTIONThe Massachusetts Educational Financing Authority (“MEFA” or “we”) uses industry standard practices to safeguard the confidentiality of your personal information. MEFA recognizes and respects the privacy interests of MEFA users and is committed to protecting that privacy and keeping users informed about our privacy policy.

UPDATES AND CHANGES TO THIS POLICYWe may update this privacy policy from time to time to reflect changes in the manner in which we deal with personal information, whether to comply with then applicable regulations and self‐regulatory standards or otherwise. The privacy policy posted here will always be current. Unless stated otherwise, our current privacy policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of personal information collected in the past without the consent of affected users.

WHAT THIS PRIVACY POLICY COVERS

THE INFORMATION WE COLLECTMEFA Pathway automatically collects certain types of data from all visitors to the web portal, for example, the name of the domain and host from which you accessed the Internet, the Internet Protocol (IP) address, computers and browser software used to access the web portal.   When you log on to  www.mefapathway.org your browser will automatically transmit to our server the IP address of your computer and type of browser you are using. (An IP address is a number that is automatically assigned to your computer whenever you are surfing the Internet). Although your browser transmits the IP address of your computer, we do not associate this IP address with any personally identifiable information. We may collect aggregate and anonymized information about you and your use of our website whenever you visit us online. For instance, we may collect various forms of “click stream” information such as entry and exit points for our website (i.e. referring URLs or domains), site traffic statistics, page views, impressions, and operating system and browser type. In addition, when users request pages on our website, our servers may automatically log their IP addresses. This aggregate information will not personally identify you or be correlated to you individually for external purposes.

MEFA Pathway also collects personally identifiable information about you when you create your plan for college and career readiness and post-secondary success.  Such information includes name, date of birth, address, e-mail address, telephone number, grade level, and such additional information as you may be required to provide by the college and financial aid applications that you choose to complete.

Our agreement with your school also permits the school to upload “student records” to MEFA Pathway.  “Student records” include (as provided by the school) names, student identification numbers, date of birth, e-mail addresses, GPA, grades, courses taken, standardized test scores, demographic information, and related information on college application plans and acceptance.  The schools have designated MEFA as an agent or contractor to help collect and process such information for the purpose of facilitating guidance counseling relating to post-secondary success, including the college selection process.

In sum, MEFA Pathway does not collect any personally identifiable information about users other than what users submit and their browsers transmit, and student records obtained from middle and high schools. No personal information will be released without your prior approval and only for a designated purpose, subject to the exceptions noted below under “Ways in Which Information May Be Used and Disclosed”.

MANAGEMENT AND PROTECTION OF STUDENT INFORMATIONMEFA Pathway and MEFA handles student information received from participating educational institutions and operates, on behalf of contracting schools, in compliance with federal and state school privacy laws, including The Family Educational Rights and Privacy Act of 1974 (FERPA) and the Children’s Online Privacy Protection Act (COPPA). FERPA is a federal law that protects the privacy of student educational records, and applies to all schools receiving federal funding. With certain exceptions, this law prohibits schools from releasing personally identifying information of students under the age of 18 without parental consent. By designating MEFA as a “school official” and/or a designated contractor to facilitate guidance and counseling in connection with college selection, institutions are permitted to share data with MEFA without express, parental consent under the exception provided by 34 CFR § 99.31 (a)(1).

More information about classifications as a “school official” and contracted companies with “legitimate educational interest” can be found at http://www.ed.gov/policy/gen/guid/fpco/index.html and http://www.ed.gov/policy/gen/guid/fpco/ferpa/lea‐officials.html.

COPPA requires that providers of online websites that collect personally identifiable information from children 13 and under obtain parental consent prior to collecting and storing such information.  Your school has an agreement with MEFA to permit your school to grant such “parental consent” to MEFA to provide access to the MEFA Pathway and collect and store personally identifiable information as set out in this Privacy Policy.

REASONS WE COLLECT YOUR PERSONALLY IDENTIFYING INFORMATIONMEFA, through MEFA Pathway, collects personal information from you for three reasons. The first reason is to enable us to respond to your questions or contact you when necessary in connection with the functioning of the web portal. The second reason is to perform a task, such as helping guide you through educational planning as well as planning for your career and college aspirations . Finally, as described earlier, we collect additional information about users to help us better facilitate the use of our service.

WAYS IN WHICH YOUR INFORMATION MAY BE USED AND DISCLOSEDExcept as set forth below, the personally identifiable data you submit to the web portal (or that MEFA Pathway obtains from your school) is not made available or distributed to third parties, except with your express consent (or that of your parents) and at your direction. In particular, unless otherwise specified below, neither MEFA nor MEFA Pathway will give, sell or provide access to your personal information to any company, individual, or organization for its use in marketing or commercial solicitation or for any other purpose, except as is necessary for the operation of this site.  The remarketing and advertising features within Google Analytics are disabled in MEFA Pathway, so that your actions are not tracked for the purposes of marketing products or services.

WAYS IN WHICH INFORMATION MAY BE USED

  1. Forms and Surveys. The web portal will use your personally identifiable information to automatically fill out the forms and surveys noted below upon your instructions to do so.
    • Applications for college admission
    • Financial aid applications
    • Course planners, which can assist you in selecting courses and otherwise planning to meet graduation requirements and your post-secondary goals.
    • Requests for information or material from colleges or other institutions you specify
    • Completion of a resume
    • Completion of an Individualized Learning Plan

    Unless expressly instructed or authorized by you (or your parents), these forms and surveys are not disclosed to third parties.

  2. Internal Analysis. We may use your information, including your personally identifiable information, to help diagnose problems with MEFA’s servers and to administer the web portal. We may aggregate your information with the information of other users for our own internal statistical, design, or operational purposes such as to estimate our audience size; measure aggregate traffic patterns; and understand demographic, customer interest, and other trends among our guests and customers.
  3. Use and Disclosure of Aggregated Data. As described earlier, we may collect aggregate and anonymized information about you and your use of MEFA Pathway whenever you visit us online. This aggregate information will not personally identify you or be correlated to you individually for external purposes. We may collect, compile, store, publish, promote, report, sell, or otherwise disclose or use any and all aggregate information, provided that such information does not personally identify you. When we share such information with other companies, or with contracting schools, it is not traceable to any particular user, and will not be used to contact you. If we do correlate any aggregate information to you, such information will be treated like any other personally identifying information under this policy.
  4. Compliance with the Law and Other Special Circumstances. When required by law to comply with any valid legal process such as a search warrant, subpoena, statute, regulation or court order, MEFA will supply such information contained in your MEFA Pathway account that MEFA may be legally required to supply. In addition, MEFA may release specific information relevant to special cases, such as a physical threat to you or others or an attempted breach of security on the web portal.
  5. Permission‐Based Support Services. From time to time, users will be offered resources and support services related to their use of the site. For example, users who select colleges for their college list often elect to receive additional information from and/or have online interaction with those colleges. Whether or not information is received by users from interested parties is permission‐based. Users will affirmatively choose to receive such information and have such interactions at their sole discretion. Users may receive reminders of these opportunities or invitations to participate in certain activities (such as an online chat) in order to maximize their college search and application process but will make individual decisions regarding participation.
  6. Legal Rights to Protect and Defend. We may disclose personal information if required to do so by law or if we in good faith believe that such action is necessary to protect and/or defend our rights or property.

SECURITY MEASURES TO PREVENT MISUSE OF INFORMATION ENTRUSTED TO USWe use technical, administrative, and physical safeguards to maintain the security of your information. We enable the data you input to be encrypted when in transit between your browser and the web portal server and when in transit between the web portal server and some other browser or server. This practice helps prevent unauthorized third parties from intercepting and gaining access to your private data during transmission over the Internet. We use industry‐standard encryption supported by all popular web browsers.

Data residing on the web portal server is password protected, and access is provided only to those employees of MEFA or our service provider who require such access to administer and maintain our system or to provide requested customer support to users of the web portal. Each MEFA employee who has access to the data residing on the web portal server has agreed in writing to respect the privacy of all such personal data.

MEFA has contractual provisions in place with our service provider to protect the privacy and security of your personal data.

ISSUANCE OF PASSWORDS; MUTUAL OBLIGATION TO PROTECT PRIVACYYou will be asked to establish a password before you will be permitted to access the web portal. These passwords are the property of MEFA and for security reasons must not be disclosed to any other party. Passwords identify the user as a member of the MEFA Pathway web portal. Members acknowledge that disclosing passwords to others could result in the termination of their rights to use the web portal and that the misuse of passwords or misrepresentation of identity by use of another’s password may compromise our security, causing irreparable harm to MEFA and allowing MEFA to enforce its rights under the Terms of Use. If you lose control of your password, you may lose substantial control of your personally identifiable information and may be subject to legally binding actions taken on your behalf. MEFA will not disclose a member’s password to any third party, except as may be required by law or as otherwise described in the Terms of Use and in the “WAYS IN WHICH YOUR INFORMATION MAY BE USED AND DISCLOSED” section above.

MEFA shall not be responsible for any damages incurred as a result of unauthorized use of your password and hereby expressly disclaims all responsibility for any such damages.

COOKIESA cookie is a small file that a website transfers to a user’s computer, which may then be stored on its hard drive. The web portal uses cookies to remember you and personalize your web‐viewing experience by keeping track of your session when logged on to MEFA Pathway. Cookies enable you to maintain continuity as you move from page to page on the web portal and to avoid the nuisance of being asked to provide the same information repeatedly. Cookies also allow us to make sure that only your browser can exchange information regarding your account with our servers. Cookies cannot be used to steal personal information or to gain access to information that you did not directly provide. The cookies we use are set when you log on to www.mefapathway.org and are erased when you log off the web portal or completely close your browser.

DON’T WANT COOKIES?Most browsers are initially set to accept cookies. If you don’t want cookies, you can set your browser to disable or refuse cookies or to alert you when cookies are being used. You should note, however, that functionality on the web portal may be compromised.

MODIFYING, CORRECTING, OR DELETING YOUR INFORMATIONYou may update, otherwise modify or delete from the data stored on the web portal any personal information you previously provided. To modify personal information, (i) log on to www.mefapathway.org, (ii) access either your user profile or an application containing the information you want to change, and (iii) modify that information using standard word‐processing techniques. To delete personal information, (i) log on to www.mefapathway.org, (ii) access your user profile, and (iii) delete the information you want to remove from your web portal account using standard word processing techniques. Please recognize that if you delete information, it will no longer be available through your account.

If you are unable to change your profile using the standard web portal service features, or wish to delete or modify your student records provided to MEFA by your school, or delete your account from the MEFA system, you may:

Also, please note that in the event your school discontinues its relationship with MEFA Pathway, they have
the option to notify MEFA, in writing, and request that MEFA destroy and remove all of the personally
identifiable data provided to MEFA Pathway by the school, and MEFA will do so within 15 days.

ENFORCEMENTMEFA is committed to ensuring the integrity and security of user information. MEFA intends to pursue all legal remedies available to it in the event that its security measures and/or this Policy is breached, including but not limited to pursuit of all criminal and civil law enforcement proceedings available as of the occurrence of any breach. Should you believe that your data has been released or used in a way that is contrary to your rights or this policy you should contact k12support@mefa.org or call  800-449 MEFA (6332).