Last updated: as of March 10, 2022
The words “our”, “us”, “we” and “ExecOnline” refer to ExecOnline, Inc. and our affiliates. For purposes of this policy, “processing” or “process” mean any activity that involves the use of Personal Information, including collecting, organizing, using, transferring, disclosing, erasing or destroying, storing or carrying out any other operation or set of operations on the data.
132 W. 31st Street 17th Floor
New York, New York 10001
- What Personal Information does ExecOnline collect?
- Why does ExecOnline process Personal Information?
- Who has access to your Personal Information?
- How long will ExecOnline process your Personal Information?
- What measures does ExecOnline take to protect your Personal Information?
- Where does ExecOnline transfer and process your Personal Information?
- What rights can you exercise in relation to your Personal Information?
- What are the rights of California Residents?
- What if you have questions, requests or complaints?
- No one under 18. We do not knowingly process Personal Information from anyone under the age of 18. If we learn that Personal Information has been collected from a person under 18 years of age on or through the Offerings, we will take the appropriate steps to cause this information to be deleted.
- No obligation to provide Personal Information. The granting of any consent and the provision of any Personal Information by you to ExecOnline is entirely voluntary by you. However, there are circumstances where ExecOnline cannot take action without certain Personal Information (e.g., because Personal Information is required to provide the Offerings you or your employer has purchased or provide).
What Personal Information does ExecOnline collect?
ExecOnline collects the minimum amount of information required to provide our Offerings to you or for you to access our Communities. When you choose to share the below Personal Information with us, we process it to provide you with access to the relevant Offerings or Communities. The Personal Information that you provide directly or indirectly to ExecOnline when accessing or using our Offerings or Communities may include:
- Offerings Account Information. Your name, work title, e-mail address, phone number and other registration information required or that you chose to provide to us when accessing the online Offerings you or your employer has purchased . Other users of the ExecOnline Offerings (“Users”) may provide information about you when they submit content to us for the Offerings. For example, your employer may provide Personal Information about you in order for you to register for our Offerings that it has purchased for your use.
- Voluntary Information. This may include information you voluntarily elect to provide while accessing or interacting with the ExecOnline Offerings or Communities, such as comments, posts, videos, photos, likes, platform contributions, program project deliverables, troubleshooting, assignments, projects and support data. If permitted by you, we may also capture your visual image, likeness and voice recording (e.g., via photographs and/or video) if you elect to participate in certain components of the Offerings and Communities, if activated by you. In participating in a cohort in certain of our Offerings, your posts may be visible to others. When you comment on or ‘like’ another’s content in our Communities or Offerings, others will be able to view these actions and associate them with you (e.g., your name, profile and photo, if you have provided it).
- Automatically Generated Information. We receive information when you view content on or otherwise interact with our Offerings or Communities, which we refer to as “Service Usage Data,” even if you have not created an account. For example, when you visit our Communities, request Offerings information, sign into our Offerings that require a login, use our mobile application, interact with our email campaigns and pitches or use your account to authenticate to a third-party service, we may receive information about you. This Service Usage Data also may include information such as your IP address, browser type, operating system, log data, the referring web page, pages visited, location, your interaction with collateral pages or emails, your mobile carrier and device information, authentication information for SSO purposes and cookie information. We use Service Usage Data to operate and improve our Offerings and Communities, to ensure their secure and reliable performance and to improve the Offerings.
- Recruiting, Applicant or Employment Information. Employment-related information includes your indicated job interests, preferences, work history and information provided on or relayed through one of our Communities.
- Other Data. “Other Data” is data that generally does not reveal your specific identity or does not directly relate to an individual. We may use and disclose Other Data for any purpose where permitted under applicable laws, regulations and sector specific guidelines, including all relevant data protection laws and regulations (“Applicable Laws”). To the extent Other Data reveals your specific identity or relates to an individual, we will treat Other Data as Personal Information. Other Data includes:
- Data collected through cookies, pixel tags and other technologies
- Demographic data and other data provided by you
- Aggregated or anonymized data
- Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers and is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not currently respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
Why does ExecOnline process Personal Information?
ExecOnline will only collect and process Personal Information about you where we have lawful bases. Lawful bases include to manage a contractual relationship with you, to comply with legal grounds and/or because we have a legitimate business purpose to do so.
- Contract with you.
The processing is necessary to perform our obligations under a Client agreement between you and ExecOnline and/or your employer and ExecOnline for provision of access to our Offerings, including:
- creation and management of Client Employee User accounts, provisioning of the Offerings, and providing Offerings technical and program support;
- providing identity verification and enabling you to avoid having to re-enter Personal Information on future visits to or subsequent use of our Offerings;
- tracking attendance, progress and completion of an Offering program;
- sharing your Personal Information and your performance with an Offering with school partners, content providers, program instructors and/or coaches (“Partners”);
- providing post-Offering analysis, receiving feedback from you on the Offering and sending notices and other disclosures as required by the Client contract; and
- during possible dispute resolution.
- Legal Grounds.
The processing is necessary for ExecOnline to comply with our obligations under any and all Applicable Laws, including:
- to comply with subpoenas or similar court orders and financial reporting obligations;
- to protect your vital interests or of those of other individuals (e.g. matching names of Clients and service providers against denied parties’ lists, or for fraud);
- to defend against threatened or actual claims;
- to establish or exercise our legal rights or to protect our or our Partners’ property, including intellectual property;
- to investigate, prevent, or take action regarding illegal or suspected illegal activities; and
- that necessary for the legitimate interests of ExecOnline, except where such interests are overridden by your interests or fundamental rights and freedoms.
- Where otherwise appropriate or required, we will ask for your consent.
- Business Purposes.
Where not strictly required or permitted by contractual or legal grounds, ExecOnline will only process Personal Information if the processing falls within the scope of one (or more) of the legitimate business purposes listed below:
- Improvement of ExecOnline Offerings. This includes the analysis, development and improvement of ExecOnline Offerings, solicitation of your feedback and performance of data analytics.
- Relationship management and marketing. This includes the management of a relationship with a prospective or current Client, performing of targeted marketing activities in order to promote Offerings, special events and promotions to a Client.
- Your use of ExecOnline Communities. This includes your posting of any Personal Information or other information of a personal or sensitive nature, whether relating to you or another person, within any ExecOnline “Communities”. If you choose to access or use our Communities, you are agreeing to be subject to ExecOnline’s Communities Guidelines and Terms.
- Business process execution and internal management. This includes the management of ExecOnline’s assets and resources, working with ExecOnline’s Partners, third-party contractors, licensors and service providers (collectively, “Providers”), the conduct of internal audits and investigations, finance and accounting, implementing business controls and management reporting and analysis.
- Safety and security. This includes the processing of Personal Information for activities such as those involving safety, the protection of ExecOnline, Clients or Partners (e.g. for fraud prevention and protection).
- Protecting the vital interests of individuals. This includes processing of Personal Information when necessary to protect your vital interests or of other individuals (e.g. for urgent medical reasons).
- Application for employment. This includes our use of your Personal Information to evaluate your candidacy and to communicate with you in a recruiting or application process. If you become a candidate, you will receive more information about how ExecOnline handles candidate Personal Information at the time of application.
Who has access to your Personal Information?
ExecOnline may share your Personal Information with:
- Your employer. If your employer offers you access to our Offerings, we will provide access to your employer access to your Personal Information so that your employer can review and manage your use of such Offerings.
- Law enforcement or other governmental agencies. If and when required to do so by law or other legal process (such as a court order or subpoena), we will provide information to such agencies and authorities. We will attempt to notify data subjects about legal demands for their Personal Information when appropriate in our judgment, unless prohibited by Applicable Laws, court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge any or every demand.
How long will ExecOnline process your Personal Information?
ExecOnline will retain your Personal Information as long as you use or access our Offerings or Communities, or as necessary to fulfill the purposes for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, satisfy Partner rights and comply with Applicable Laws. When we are no longer required to retain your Personal Information as described above, we will destroy, erase, or de-identify it in accordance with our data retention policies and Applicable Laws. Legal requirements, however, may require us to retain some or all of the Personal Information we hold for a period of time that is longer than that for which we might otherwise hold it.
What measures does ExecOnline take to protect your Personal Information?
- Technical and organisational measures.
ExecOnline takes and maintains appropriate technical and organisational measures to protect your Personal Information:
- Against unauthorised access;
- To assure its confidentiality;
- To maintain its integrity and availability;
- By training ExecOnline Personnel in information security requirements; and
- By reporting actual or suspected data breaches in accordance with Applicable Laws.
- Compliance with ISO/IEC 27001:2013.
ExecOnline is certified by a third party reviewer for compliance with ISO/IEC 27001:2013. Even with such technical and organizational measures, no data transmission or storage system can be guaranteed to be 100% secure. There is no guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards. If you have reason to believe that your interaction with us is no longer secure or has been compromised, please immediately notify us at email@example.com.
- Third-Party sites.
ExecOnline uses social and professional media widgets and sites as dynamic information sharing tools in certain of our Communities (such as Twitter, LinkedIn, YouTube) to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these Communities is governed also by the security and privacy policies of the respective third-party site owner or provider. ExecOnline does not control, moderate or endorse the comments or opinions provided by visitors to these sites, even if on or linked to our own Communities. You should review the privacy policies and information security of all sites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party site to match your preferences.
- Links to third-party sites and integrations.
- Potential candidate for employment.
If you are a potential candidate for employment with ExecOnline, we may have received your Personal Information from third parties such as recruiters or external websites. We will use the Personal Information we receive to contact you about a potential opportunity or in evaluating your candidacy for ExecOnline employment. If you did not provide us your Personal Information directly, we will inform you of the source when we first contact you regarding your candidacy.
Where does ExecOnline transfer and process your Personal Information?
- Cross-border transfers.
- Transfers of Personal Information.
ExecOnline makes available the transfer mechanisms listed below, which shall apply to any transfers of Personal Information (“Transfers”) from the EU, the EEA and/or their respective member states, Switzerland and the United Kingdom, to the extent such Transfers are subject to privacy and data protection Applicable Laws (“Restricted Transfers”):
- Transfers to countries providing adequate data protection. Some countries are recognized by the European Commission or the Swiss Office of the Information and Data Protection Commissioner (“Swiss IDPC”), as applicable, as providing an adequate level of data protection.
- Standard Contractual Clauses. In many cases, we will use standard contractual clauses, as respectively approved by the European Commission , UK Information Commissioner’s Office and by the Swiss IDPC, as a legal mechanism for Personal Information transfers from the EEA, United Kingdom or Switzerland, respectively. These standard contractual clauses are contractual commitments between companies transferring Personal Information (for example, from a Client in the EEA or Switzerland to ExecOnline in the U.S.), binding them to protect the privacy and security of the data. For further details, see: Standard contractual clauses for the transfer of Personal Information to third countries.
What rights can you exercise in relation to your Personal Information?
Based on Applicable Laws, you may have rights that you can exercise in relation to your Personal Information. Note that in some cases we are not required to fully comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Information and to protect the rights and freedoms of others. A number of the rights you may have in relation to your Personal Information are as follows:
- Right of access
You are entitled to a copy of the Personal Information we hold about you and to learn details about how we use it by contacting firstname.lastname@example.org. Your Personal Information will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.
- Right to rectification
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate Personal Information that we process about you is amended.
- Right to erasure
You have the right to ask us to erase all or some of your Personal Information, for example where the Personal Information we collected is no longer necessary for the original purpose, where Personal Information has become obsolete or where you withdraw your consent. However, this will need to be balanced against other factors, such as certain legal or regulatory obligations.
- Right to restriction of processing
You are entitled to ask us to temporarily stop using your Personal Information, for example where you think that the Personal Information we hold about you may be inaccurate or where you think that we no longer need to use your Personal Information.
- Right to object to processing
You have the right to object to processing which is based on our legitimate interests. For purposes based on our legitimate interests, we will no longer process the Personal Information on that basis when you file an objection based on your grounds relating to your particular situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain Offerings, Communities, programs or benefits to you if we are unable to process the necessary Personal Information for that purpose.
- Rights relating to automated decision-making
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect.
- Right to withdraw consent
We may ask for your consent to process your Personal Information in specific cases. When we do this, you have the right to withdraw your consent at any time. ExecOnline will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.
What are the rights of California Residents?
The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights regarding their Personal Information. If the CCPA is applicable to your Personal Information, to exercise these rights, see the “Exercising Your CCPA Privacy Rights.”
- Right to Know. You may have the right to know and see what data we have collected about you over the past 12 months, including:
- The categories of Personal Information we have collected about you;
- The categories of sources from which the Personal Information is collected;
- The business or commercial purpose for collecting your Personal Information;
- The categories of Providers with whom we have shared your Personal Information; and
- The specific pieces of Personal Information we have collected about you.
- Right to Delete. Under the CCPA, you may have the right to request that we delete the Personal Information we have collected from you (and direct our Providers to do the same). There are a number of exceptions, however, including when the information is necessary for us or a third party to do any of the following:
- Provide you the Offerings;
- Perform a contract between us and you;
- Protect your security and prosecute those responsible for breaching it;
- Fix our system in the case of a malicious element;
- Protect the free speech rights of you or other Users;
- Comply with a legal obligation; or
- Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
- No Sale of Personal Information. ExecOnline does not sell your Personal Information and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by Applicable Laws. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your Personal Information.
- Exercising Your CCPA Privacy Rights. To request access to or deletion of your Personal Information, or to exercise any other data rights which is applicable to your Personal Information, please contact us via email at email@example.com. Please include (i) your full name, email address, and phone number associated with your use of our Offerings and (ii) the reason you are writing, so that we can process your request in an efficient manner.
- Response Timing and Format If applicable, we aim to respond to a request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.
What if you have questions, requests or complaints?
- Data Protection Officer. You also may contact our Data Protection Officer via DPO@execonline.com.
- Data Protection Authority. You also have the right to lodge a complaint with the competent local Data Protection Authority in the jurisdiction where you work, where you live or where an alleged infringement takes place. A listing of the European Data Protection Authorities can be found here. For the Swiss IDPC, please refer here. For the UK ICO, please refer here.