Privacy Policy

Last updated: as of September 9, 2020

Your trust matters to us. That is why ExecOnline protects and uses responsibly your personal information, while continuing to deliver the excellent programs and services expected of us. We are committed to protecting the security of information that can directly or indirectly be used to identify a natural person (“Personal Information”). This Privacy Policy explains how we collect, use, share and protect Personal Information in our programs, services, websites, mobile applications, forums, social and professional media sites, and all future online and offline offerings (collectively, “Offerings”). Please read this Privacy Policy carefully.

The words “our”, “us”, “we” and “ExecOnline” refer to ExecOnline, Inc. and our affiliates.  For purposes of this policy, “processing” or “process” mean any activity that involves the use of Personal Information, including collecting, organizing, using, transferring, disclosing, erasing or destroying, storing or carrying out any other operation or set of operations on the data.

Contact Information

If you have any inquiries about this Privacy Policy, or if you would like to exercise any of your rights with respect to your Personal Information, you may contact us by sending an email to privacy@execonline.com or by sending regular mail to the following address:

ExecOnline, Inc.
132 W. 31st Street 17th Floor
New York, New York 10001

Overview

This Privacy Policy addresses the following questions and areas:

1. Does this Privacy Policy apply to you?
2. What Personal Information does ExecOnline collect?
3. Does ExecOnline use cookies?
4. Why does ExecOnline process Personal Information?
5. Who has access to your Personal Information?
6. How long will ExecOnline process your Personal Information?
7. What measures does ExecOnline take to protect your Personal Information?
8. Where does ExecOnline transfer and process your Personal Information?
9. What rights can you exercise in relation to your Personal Information?
10. What are the rights of California Residents?
11. What if you have questions, requests or complaints?
12. Will there be updates to this Privacy Policy?

1. Does this Privacy Policy apply to you?

• Application. This Privacy Policy applies to you if (i) you are a client of ExecOnline (“Client”) or an employee of a Client (“Client Employees”), (ii) you access or interact with any current or future Offerings, (iii) you apply for employment with ExecOnline accessing any of the Offerings or (iv) you contact ExecOnline or receive contact from it by email or another digital method. References to “you” or “your” in this Privacy Policy will be a reference to all of the above categories.
• No one under 18. We do not knowingly process Personal Information from anyone under the age of 18. If we learn that Personal Information has been collected from a person under 18 years of age on or through the Offerings, we will take the appropriate steps to cause this information to be deleted.
• No obligation to provide Personal Information. The granting of any consent and the provision of any Personal Information by you to ExecOnline is entirely voluntary by you. However, there are circumstances where ExecOnline cannot take action without certain Personal Information (e.g., because Personal Information is required to provide the Offerings you or your employer has purchased or provide).

2. What Personal Information does ExecOnline collect?

ExecOnline collects the minimum amount of information required to provide our Offerings to you. For example, you must have an account in order to access certain of our Offerings purchased by you or your employer. When you choose to share the Personal Information below with us, we process it to provide the programs to you that you or your employer has purchased. The Personal Information that you provide directly or indirectly to ExecOnline when accessing or using our Offerings may include:

• Account and Contact Information. Your name, work title, e-mail address, phone number and other registration information required or that you chose to provide to us. Other users of the ExecOnline Offerings (“Users”) may provide information about you when they submit content to us for the Offerings. For example, your employer may provide Personal Information about you in order for you to register for our Offerings that it has purchased for your use.
• Offerings Use Information. This may include information you voluntarily elect to provide while using the ExecOnline Offerings, such as comments, posts, videos, photos, likes, platform contributions, program project deliverables, troubleshooting and support data. If permitted by you, we may also capture your visual image, likeness and voice recording (e.g., via photographs and/or video) if you elect to participate in certain components of the Offerings and if activated by you. In participating in a cohort in certain of our Offerings, your posts may be visible to others. When you comment on or ‘like’ another’s content in our Offerings, others will be able to view these actions and associate them with you (e.g., your name, profile and photo, if you have provided it).
• Mobile Application Information. When you interact with us through our mobile applications, in addition to the Account and Contact Information and Offerings Use Information above, subject to your settings, we may collect information such as usage statistics, crash logs, your screen resolution, geolocation, and other analytical information about how you use your mobile device. Downloading, accessing, or otherwise using the ExecOnline mobile applications indicates that you have read this Privacy Policy and consent to its terms. If you do not consent to the terms of this Privacy Policy, do not proceed to download, access, or otherwise use the mobile applications. You may opt-out of all collection of information by ExecOnline by uninstalling the mobile application from your mobile device.
• Automatically Generated Information. We receive information when you view content on or otherwise interact with our Offerings, which we refer to as “Service Usage Data,” even if you have not created an account. For example, when you visit our websites or social and professional media sites, sign into our Offerings that require a login, use our mobile application, interact with our email notifications or use your account to authenticate to a third-party service, we may receive information about you. This Service Usage Data also may include information such as your IP address, browser type, operating system, log data, the referring web page, pages visited, location, your mobile carrier and device information, authentication information for SSO purposes and cookie information. We use Service Usage Data to operate our Offerings, to ensure their secure and reliable performance and to improve the Offerings.
• Recruiting, Applicant or Employment Information. Employment-related information includes your indicated job interests, preferences, work history and information provided on or relayed through one of our Offerings.
• Other Data. “Other Data” is data that generally does not reveal your specific identity or does not directly relate to an individual. We may use and disclose Other Data for any purpose where permitted under applicable laws, regulations and sector specific guidelines, including all relevant data protection laws and regulations (“Applicable Laws”). To the extent Other Data reveals your specific identity or relates to an individual, we will treat Other Data as Personal Information. Other Data includes:

• Data collected through cookies, pixel tags and other technologies
• Demographic data and other data provided by you through surveys and other submissions.
• Aggregated or anonymized data

3. Does ExecOnline use cookies?

• ExecOnline uses cookies and similar technologies on its Offerings. Through these cookies and other commonly used information-gathering and analytic tools, ExecOnline automatically obtains Personal Information as listed above when you visit any of our Offerings. To learn more about the cookies and similar technologies, please consult our Cookie Policy.
• Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers and is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not currently respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

4. Why does ExecOnline process Personal Information?

ExecOnline will only collect and process Personal Information about you where we have lawful bases. Lawful bases include to manage a contractual relationship with you, to comply with legal grounds and/or because we have a legitimate business purpose to do so.

• Contract with you.

The processing is necessary to perform our obligations under a Client agreement between you or your employer and ExecOnline for provision of our Offerings, including:

• creation and management of Client Employee User accounts, provisioning of the Offerings, and providing Offerings technical and program support;
• providing identity verification and enabling you to avoid having to re-enter Personal Information on future visits to or subsequent use of our Offerings;
• tracking attendance, progress and completion of an Offering program;
• sharing your Personal Information and your performance with an Offering with school partners, content providers, program instructors and/or coaches (“Partners”);
• providing post-Offering analysis, receiving feedback from you on the Offering and sending notices and other disclosures as required by the Client contract; and
• during possible dispute resolution.
• Legal Grounds.

The processing is necessary for ExecOnline to comply with our obligations under any and all Applicable Laws, including:

• to comply with subpoenas or similar court orders and financial reporting obligations;
• to protect your vital interests or of those of other individuals (e.g. matching names of Clients and service providers against denied parties’ lists, or for fraud);
• to defend against threatened or actual claims;
• to establish or exercise our legal rights or to protect our or our Partners’ property, including intellectual property;
• to investigate, prevent, or take action regarding illegal or suspected illegal activities; and
• that necessary for the legitimate interests of ExecOnline, except where such interests are overridden by your interests or fundamental rights and freedoms.
• Where otherwise appropriate or required, we will ask for your consent.
• Business Purposes.

Where not strictly required or permitted by contractual or legal grounds, ExecOnline will only process Personal Information if the processing falls within the scope of one (or more) of the legitimate business purposes listed below:

• Response to your requests. This includes your subscription to email communication, blogs and newsletters, and event registrations for webcasts or conferences. When you send us an email or otherwise contact us, we may use the Personal Information provided by you to respond to your communication and/or as described in this Privacy Policy. We may also archive this information and use it for future communications with you where we are legally entitled to do so. Where we send you emails, we may track the way that you interact with these emails (such as when you open an email or click on a link inside an email) for the purposes of optimizing and better tailoring our communications to you.
• Surveys and Reviews. From time to time, we or third parties acting on our behalf may contact you to participate in research, surveys or beta testing or to provide reviews and testimonials on our Offerings. If you decide to participate, you may be asked to provide certain information, which may include Personal Information. All information collected from your participation in our research, surveys, reviews or testimonial process, or beta testing is provided by you voluntarily. We may use such information to improve or add to our current or future Offerings, and in any manner consistent with this Privacy Policy.
• Improvement of ExecOnline Offerings. This includes the analysis, development and improvement of ExecOnline Offerings, solicitation of your feedback and performance of data analytics.
• Relationship management and marketing. This includes the management of a relationship with a prospective or current Client, performing of targeted marketing activities in order to promote Offerings, special events and promotions to a Client.
• Your use of ExecOnline Communities. This includes your posting of any Personal Information or other information of a personal or sensitive nature, whether relating to you or another person, within any ExecOnline platforms, forums, communities, messaging services, websites, programs, professional and social media sites (collectively, “Communities”). If you choose to access or use our Communities, you are agreeing to be subject to ExecOnline’s Communities Guidelines and Terms.
• Business process execution and internal management. This includes the management of ExecOnline’s assets and resources, working with ExecOnline’s Partners, third-party contractors, licensors and service providers (collectively, “Providers”), the conduct of internal audits and investigations, finance and accounting, implementing business controls and management reporting and analysis.
• Safety and security. This includes the processing of Personal Information for activities such as those involving safety, the protection of ExecOnline, Clients or Partners (e.g. for fraud prevention and protection).
• Protecting the vital interests of individuals. This includes processing of Personal Information when necessary to protect your vital interests or of other individuals (e.g. for urgent medical reasons).
• Aggregate information and non-identifying information. This includes ExecOnline’s creation and use of data sets of anonymized Personal Information to create insights that do not identify you and to improve ExecOnline Offerings and for any other legally-permissible purposes. We may share anonymized Personal Information with Clients, prospective Clients, Partners or in other formats in order to demonstrate usage of the Offerings, identify industry trends and to generate publicity for the ExecOnline Offerings. If we directly combine anonymized information with non-anonymized Personal Information, we will treat the combined information as Personal Information and handle it in accordance with this Privacy Policy for as long as it remains combined.
• Application for employment. This includes our use of your Personal Information to evaluate your candidacy and to communicate with you in a recruiting or application process. If you become a candidate, you will receive more information about how ExecOnline handles candidate Personal Information at the time of application.

5. Who has access to your Personal Information?

ExecOnline may share your Personal Information with:

• ExecOnline’s affiliates and Providers. ExecOnline may provide access to your Personal Information to its affiliates and Providers it engages to assist in provision of the Offerings only if and to the extent necessary for the purposes described above. Any such parties provided with Personal Information will be bound by obligations of confidentiality and compliance with this Privacy Policy and all Applicable Laws.
• ExecOnline’s employees and representatives. ExecOnline may provide access to your Personal Information to ExecOnline employees and representatives (“Personnel”) to the extent necessary for the purposes described above. Any ExecOnline Personnel provided with Personal Information will be bound by confidentiality obligations, and obligations to comply with this Privacy Policy and all Applicable Laws.
• Your employer. If your employer offers you access to our Offerings such as to our leadership development programs, we will provide access to your Personal Information so that your employer can review and manage your use of such Offerings.
• Law enforcement or other governmental agencies. If and when required to do so by law or other legal process (such as a court order or subpoena), we will provide information to such agencies and authorities. We will attempt to notify data subjects about legal demands for their Personal Information when appropriate in our judgment, unless prohibited by Applicable Laws, court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge any or every demand.
• Third-party entities in the event of a change of control. We may disclose and transfer information about you to a third party as part of, or in preparation for, a change of control, restructuring, corporate change, or sale or transfer of assets. Any other entity which purchases all or a part of our business will have the right to continue to use your Personal Information, in compliance with this Privacy Policy. If such a business transfer results in a material change in the treatment of your Personal Information, you will be notified by e-mail (using the primary email address on your account) or by a prominent notice on our site.

6. How long will ExecOnline process your Personal Information?

ExecOnline will retain your Personal Information as long as you use our Offerings, or as necessary to fulfill the purposes for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with Applicable Laws. When we are no longer required to retain your Personal Information as described above, we will destroy, erase, or de-identify it in accordance with our data retention policies and Applicable Laws. Legal requirements, however, may require us to retain some or all of the Personal Information we hold for a period of time that is longer than that for which we might otherwise hold it.

7. What measures does ExecOnline take to protect your Personal Information?

• Technical and organisational measures.

ExecOnline takes and maintains appropriate technical and organisational measures to protect your Personal Information:

• Against unauthorised access;
• To assure its confidentiality;
• To maintain its integrity and availability;
• By training ExecOnline Personnel in information security requirements; and
• By reporting actual or suspected data breaches in accordance with Applicable Laws.
• Compliance with ISO/IEC 27001:2013.

ExecOnline is certified by a third party reviewer for compliance with ISO/IEC 27001:2013. Even with such technical and organisational measures, no data transmission or storage system can be guaranteed to be 100% secure. There is no guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards. If you have reason to believe that your interaction with us is no longer secure or has been compromised, please immediately notify us at privacy@execonline.com.

• Social and professional media sites.

ExecOnline uses social and professional media widgets and sites as dynamic information sharing tools in certain of our Offerings (such as Twitter, LinkedIn, YouTube) to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these Offerings is governed also by the security and privacy policies of the respective third-party site owner or provider. ExecOnline does not control, moderate or endorse the comments or opinions provided by visitors to these sites, even if on or linked to our own Offerings. You should review the privacy policies and information security of all sites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party site to match your preferences.

• Links to third-party sites and integrations.

ExecOnline Offerings may provide links to unaffiliated, third-party sites or integrations or affiliated offerings for your convenience and information. This includes links in emails we send you and links that appear on certain of our social and professional sites such as Twitter or LinkedIn.  Our inclusion of those links does not constitute ExecOnline’s endorsement or control over such sites and services. ExecOnline has no control over these  third-party sites and is not responsible or liable for the policies and practices followed by third parties. The Personal Information you choose to provide to or that is collected by these third party links, sites or offerings is not covered by this Privacy Policy. If you click on an external link appearing in any of our Offerings, that third-party site operator might determine that you came from one of our Offerings, along with other information associated with the link you clicked such as characteristics of the audience it was intended to reach.

• Potential candidate for employment.

If you are a potential candidate for employment with ExecOnline, we may have received your Personal Information from third parties such as recruiters or external websites. We will use the Personal Information we receive to contact you about a potential opportunity or in evaluating your candidacy for ExecOnline employment. If you did not provide us your Personal Information directly, we will inform you of the source when we first contact you regarding your candidacy.

8. Where does ExecOnline transfer and process your Personal Information?

• Cross-border transfers.

ExecOnline’s Offerings are provided and managed in the United States (“U.S.”). By using, interacting with or accessing any of our Offerings or otherwise providing your Personal Information to us, you expressly consent to ExecOnline’s transfer, processing and storage  of your Personal Information to and in the U.S., where data protection and privacy regulations may not offer the same level of protection as in the country of origin of your Personal Information.  ExecOnline will undertake this processing in accordance with this Privacy Policy. If you do not agree to the transfer or processing of your information to and in the United States, please do not use the Offerings.

• Transfers of Personal Information.

ExecOnline makes available the transfer mechanisms listed below, which shall apply to any transfers of Personal Information (“Transfers”) from the EU, the EEA and/or their respective member states, Switzerland and the United Kingdom, to the extent such Transfers are subject to privacy and data protection Applicable Laws (“Restricted Transfers”):

• Transfers to countries providing adequate data protection. Some countries are recognized by the European Commission or the Swiss Office of the Information and Data Protection Commissioner (“Swiss IDPC”), as applicable, as providing an adequate level of data protection. For further details, see European Commission: Adequacy of the protection of Personal Information in non-EU countries and Swiss IDPC: Countries having Data Protection Adequacy, as both lists may change from time to time.
• Standard Contractual Clauses. In many cases, we will use Standard Contractual Clauses, as approved by the European Commission and by the Swiss IDPC, as a legal mechanism for Personal Information transfers from the EEA, Switzerland or United Kingdom, respectively. These Standard Contractual Clauses are contractual commitments between companies transferring Personal Information (for example, from a Client in the EEA or Switzerland to ExecOnline in the U.S.), binding them to protect the privacy and security of the data. For further details, see: Standard contractual clauses for the transfer of Personal Information to third countries.

9. What rights can you exercise in relation to your Personal Information?

Based on Applicable Laws, you may have rights that you can exercise in relation to your Personal Information. Note that in some cases we are not required to fully comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Information and to protect the rights and freedoms of others. A number of the rights you may have in relation to your Personal Information are as follows:

• Right of access

You are entitled to a copy of the Personal Information we hold about you and to learn details about how we use it by contacting privacy@execonline.com. Your Personal Information will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.

• Right to rectification

We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate Personal Information that we process about you is amended.

• Right to erasure

You have the right to ask us to erase all or some of your Personal Information, for example where the Personal Information we collected is no longer necessary for the original purpose, where Personal Information has become obsolete or where you withdraw your consent. However, this will need to be balanced against other factors, such as certain legal or regulatory obligations.

• Right to restriction of processing

You are entitled to ask us to temporarily stop using your Personal Information, for example where you think that the Personal Information we hold about you may be inaccurate or where you think that we no longer need to use your Personal Information. 

• Right to object to processing

You have the right to object to processing which is based on our legitimate interests. For purposes based on our legitimate interests, we will no longer process the Personal Information on that basis when you file an objection based on your grounds relating to your particular situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain Offerings, programs or benefits to you if we are unable to process the necessary Personal Information for that purpose. 

You may unsubscribe from marketing and promotional emails that we send to you by following the opt-out instructions contained in such emails. Even if you do opt-out of marketing emails, we reserve the right to send you transactional and administrative emails including those related to the Offerings, service announcements, notices of changes to this Privacy Policy, and to contact you regarding any ExecOnline Offerings you or your employer have purchased.

• Rights relating to automated decision-making

You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect.

• Right to withdraw consent

We may ask for your consent to process your Personal Information in specific cases. When we do this, you have the right to withdraw your consent at any time. ExecOnline will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.

10. What are the rights of California Residents?

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights regarding their Personal Information. If the CCPA is applicable to your Personal Information, to exercise these rights, see the “Exercising Your CCPA Privacy Rights.”

• Right to Know. You may have the right to know and see what data we have collected about you over the past 12 months, including:

• The categories of Personal Information we have collected about you;
• The categories of sources from which the Personal Information is collected;
• The business or commercial purpose for collecting your Personal Information;
• The categories of Providers with whom we have shared your Personal Information; and
• The specific pieces of Personal Information we have collected about you.

• Provide you the Offerings;
• Perform a contract between us and you;
• Protect your security and prosecute those responsible for breaching it;
• Fix our system in the case of a malicious element;
• Protect the free speech rights of you or other Users;
• Comply with a legal obligation; or
• Make other internal and lawful uses of the information that are compatible with the context in which you provided it.

11. What if you have questions, requests or complaints?

• Contact us. You may send questions, requests and complaints regarding the processing of your Personal Information to ExecOnline by using the Contact Information provided at the top of this Privacy Policy. We are committed to working with you to address any question, complaint or concern about privacy.
• Data Protection Officer. You also may contact our Data Protection Officer via DPO@execonline.com.
• Data Protection Authority. You also have the right to lodge a complaint with the competent local Data Protection Authority in the jurisdiction where you work, where you live or where an alleged infringement takes place. A listing of the European Data Protection Authorities can be found here. For the Swiss IDPC, please refer here. For the UK ICO, please refer here.

12. Will there be updates to this Privacy Policy?

As we implement new technologies and introduce new Offerings, otherwise change our privacy practices, or in response to changes in Applicable Laws, ExecOnline may amend this Privacy Policy from time to time and provide notice to you by posting updates on this page.  Please check back periodically to view any updates. Changes to our Privacy Policy will become effective when posted. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Your continued access or use of any of the Offerings after those amendments constitutes your agreement with the amended Privacy Policy; if you do not agree with any part of or changes to the Privacy Policy, you should immediately cease using the Offerings.