Privacy Policy

Overview

This Privacy Policy addresses the following questions and areas:

1. Does this Privacy Policy apply to you?
2. What Personal Data does ExecOnline collect?
3. Does ExecOnline use cookies?
4. Why does ExecOnline process Personal Data?
5. Who has access to your Personal Data?
6. How long will ExecOnline process your Personal Data?
7. What measures does ExecOnline take to protect your Personal Data?
8. Where does ExecOnline transfer and process your Personal Data?
9. What rights can you exercise in relation to your Personal Data?
10. What are the rights of California Residents?
11. What if you have questions, requests or complaints?
12. Will there be updates to this Privacy Policy?

1. Does this Privacy Policy apply to you?

• Application. This Privacy Policy applies to you if (i) you are a client of ExecOnline (“Client”) or an  employee of a Client (“Client Employees”), (ii) you access, use or interact with any current or future Products of Communities (iii) you apply for employment with ExecOnline or (iv) you contact ExecOnline or receive contact from ExecOnline by email or another digital method. References to “you” or “your” in this Privacy Policy will be a reference to all of the above categories.
• No one under 18.   We do not knowingly process Personal Data from anyone under the age of 18. If we learn that Personal Data has been collected from a person under 18 years of age on or through the Products, we will take the appropriate steps to cause this information to be deleted.
• No obligation to provide Personal Data. The granting of any consent and the provision of any Personal Data by you to ExecOnline is entirely voluntary by you. However, there are circumstances where ExecOnline cannot act without certain Personal Data (e.g., because Personal Data is required to provide the Products you or your employer has purchased or provide).

2. What Personal Data does ExecOnline collect?

ExecOnline collects the minimum amount of information required to provide our Products to you or for you to access our Communities. When you choose to share the below Personal Data with us, we process it to provide you with access to the relevant Products or Communities. The Personal Data that you provide directly or indirectly to ExecOnline when accessing or using our Products or Communities may include:

• Products Account Information. Your name, work title, e-mail address, phone number and other registration information required or that you chose to provide to us when accessing the online Products you or your employer has purchased . Other users of the ExecOnline Products (“Users”) may provide information about you when they submit content to us for the Products. For example, your employer may provide Personal Data about you in order for you to register for our Products that it has purchased for your use.
• Voluntary Information. This may include information you voluntarily elect to provide while accessing or interacting with the ExecOnline Products or Communities, such as comments, posts, videos, photos, likes, platform contributions, program project deliverables, troubleshooting, assignments, projects  and support data. If permitted by you, we may also capture your visual image, likeness and voice recording (e.g., via photographs and/or video) if you elect to participate in certain components of the Products and Communities, if activated by you. In participating in a cohort in certain of our Products, your posts may be visible to others. When you comment on or ‘like’ another’s content in our Communities or Products, others will be able to view these actions and associate them with you (e.g., your name, profile and photo, if you have provided it).
• Use Information. When you interact with us through our Communities and Products, subject to your settings, we may collect information such as usage statistics, crash logs, your screen resolution, geolocation, and other analytical information. Downloading, accessing, or otherwise using the ExecOnline Communities, Products or  indicates that you have read this Privacy Policy and consent to its terms. If you do not consent to the terms of this Privacy Policy, do not proceed to download, access, use or otherwise interact with the Communities or Products.
• Automatically Generated Information. We receive information when you view content on or otherwise interact with our Products or Communities, which we refer to as “Service Usage Data,” even if you have not created an account. For example, when you visit our Communities, request Products information, sign into our Products that require a login, use our mobile application, interact with our email campaigns and pitches or use your account to authenticate to a third-party service, we may receive information about you. This Service Usage Data also may include information such as your IP address, browser type, operating system, log data, the referring web page, pages visited, location, your interaction with collateral pages or emails, your mobile carrier and device information, authentication information for SSO purposes and cookie information. We use Service Usage Data to operate and improve our Products and Communities, to ensure their secure and reliable performance and to improve the Products.
• Recruiting, Applicant or Employment Information. Employment-related information includes your indicated job interests, preferences, work history and information provided on or relayed through one of our Communities.
• Other Data. “Other Data” is data that generally does not reveal your specific identity or does not directly relate to an individual. We may use and disclose Other Data for any purpose where permitted under applicable laws, regulations and sector specific guidelines, including all relevant data protection laws and regulations (“Applicable Laws”). To the extent Other Data reveals your specific identity or relates to an individual, we will treat Other Data as Personal Data. Other Data includes:
  • Data collected through cookies, pixel tags and other technologies
  • Demographic data and other data provided by you
  • Aggregated or anonymized data

3. Does ExecOnline use cookies?

• ExecOnline uses cookies and similar technologies in its Communities and Products. Through these cookies and other commonly used information-gathering and analytic tools, ExecOnline automatically obtains Personal Data as listed above when you visit any of our Products. To learn more about the cookies and similar technologies, please consult our Cookie Policy.
• Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers and is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Please note that we do not currently respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

4. Why does ExecOnline process Personal Data?

ExecOnline will only collect and process Personal Data about you where we have lawful bases. Lawful bases include to manage a contractual relationship with you, to comply with legal grounds and/or because we have a legitimate business purpose to do so.

• Contract with you.
  The processing is necessary to perform our obligations under a Client agreement between you and ExecOnline and/or your employer and ExecOnline for provision of access to our Products, including:
  • creation and management of Client Employee User accounts, provisioning of the Products, and providing Products technical and program support;
  • providing identity verification and enabling you to avoid having to re-enter Personal Data on future visits to or subsequent use of our Products;
  • tracking attendance, progress and completion of an Offering program;
  • sharing your Personal Data and your performance with an Offering with school partners, content providers, program instructors and/or coaches (“Partners”);
  • providing post-Offering analysis, receiving feedback from you on the Offering and sending notices and other disclosures as required by the Client contract; and
  • during possible dispute resolution.
• Legal Grounds.
  The processing is necessary for ExecOnline to comply with our obligations under any and all Applicable Laws, including:
  • to comply with subpoenas or similar court orders and financial reporting obligations;
  • to protect your vital interests or of those of other individuals (e.g. matching names of Clients and service providers against denied parties’ lists, or for fraud);
  • to defend against threatened or actual claims;
  • to establish or exercise our legal rights or to protect our or our Partners’ property, including intellectual property;
  • to investigate, prevent, or take action regarding illegal or suspected illegal activities; and
  • that necessary for the legitimate interests of ExecOnline, except where such interests are overridden by your interests or fundamental rights and freedoms.
  • Where otherwise appropriate or required, we will ask for your consent.
• Business Purposes.
  Where not strictly required or permitted by contractual or legal grounds, ExecOnline will only process Personal Data if the processing falls within the scope of one (or more) of the legitimate business purposes listed below:
  • Response to your requests. This includes your subscription to email communication, blogs and newsletters, requests for Products information, and event registrations for webcasts or conferences. When you send us an email or otherwise contact us, we may use the Personal Data provided by you to respond to your communication and/or as described in this Privacy Policy. We may also archive this information and use it for future communications with you where we are legally entitled to do so. Where we send you emails, we may track the way that you interact with these emails (such as when you open an email or click on a link inside an email) for the purposes of optimizing and better tailoring our communications to you.
  • Surveys and Reviews. From time to time, we or third parties acting on our behalf may contact you to participate in research, surveys or beta testing or to provide reviews and testimonials on our Products. If you decide to participate, you may be asked to provide certain information, which may include Personal Data. All information collected from your participation in our research, surveys, reviews or testimonial process, or beta testing is provided by you voluntarily. We may use such information to improve or add to our current or future Products and Communities, and in any manner consistent with this Privacy Policy
  • Improvement of ExecOnline Products. This includes the analysis, development and improvement of ExecOnline Products, solicitation of your feedback and performance of data analytics.
  • Relationship management and marketing. This includes the management of a relationship with a prospective or current Client, performing of targeted marketing activities in order to promote Products, special events and promotions to a Client.
  • Your use of ExecOnline Communities. This includes your posting of any Personal Data or other information of a personal or sensitive nature, whether relating to you or another person, within any ExecOnline Communities. If you choose to access or use our Communities, you are agreeing to be subject to ExecOnline’s Communities Guidelines and Terms.
  • Business process execution and internal management. This includes the management of ExecOnline’s assets and resources, working with ExecOnline’s Partners,  third-party contractors, licensors and service providers (collectively, “Providers”), the conduct of internal audits and investigations, finance and accounting, implementing business controls and management reporting and analysis.
  • Safety and security. This includes the processing of Personal Data for activities such as those involving safety, the protection of ExecOnline, Clients or Partners (e.g. for fraud prevention and protection).
  • Protecting the vital interests of individuals. This includes processing of Personal Data when necessary to protect your vital interests or of other individuals (e.g. for urgent medical reasons).
  • Aggregate information and non-identifying information. This includes ExecOnline’s creation and use of data sets of anonymized Personal Data to create insights that do not identify you and to improve ExecOnline Products and for any other legally-permissible purposes. We may share anonymized Personal Data with Clients, prospective Clients, Partners or in other formats in order to demonstrate usage of the Products or Communities, identify industry trends and to generate publicity for the ExecOnline Products or Communities. If we directly combine anonymized information with non-anonymized Personal Data, we will treat the combined information as Personal Data and handle it in accordance with this Privacy Policy for as long as it remains combined.
  • Application for employment. This includes our use of your Personal Data to evaluate your candidacy and to communicate with you in a recruiting or application process. If you become a candidate, you will receive more information about how ExecOnline handles candidate Personal Data at the time of application.

5. Who has access to your Personal Data?

ExecOnline may share your Personal Data with:

• ExecOnline’s affiliates and Providers. ExecOnline may provide access to your Personal Data to its affiliates and Providers it engages to assist in provision of the Products and Communities only if and to the extent necessary for the purposes described above. Any such parties provided with Personal Data will be bound by obligations of confidentiality and compliance with this Privacy Policy and all Applicable Laws.
• ExecOnline’s employees and representatives. ExecOnline may provide access to your Personal Data to ExecOnline employees and representatives (“Personnel”) to the extent necessary for the purposes described above. Any ExecOnline Personnel provided with Personal Data will be bound by confidentiality obligations, and obligations to comply with this Privacy Policy and all Applicable Laws.
• Your employer. If your employer offers you access to our Products, we will provide your employer access to your Personal Data so that your employer can review and manage your use of such Products.
• Law enforcement or other governmental agencies. If and when required to do so by law or other legal process (such as a court order or subpoena), we will provide information to such agencies and authorities. We will attempt to notify data subjects about legal demands for their Personal Data when appropriate in our judgment, unless prohibited by Applicable Laws, court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge any or every demand.
• Third-party entities in the event of a change of control. We may disclose and transfer information about you to a third party as part of, or in preparation for, a change of control, restructuring, corporate change, or sale or transfer of assets. Any other entity which purchases all or  a part of our business will have the right to continue to use your Personal Data, in compliance with this Privacy Policy. If such a business transfer results in a material change in the treatment of your Personal Data, you will be notified by e-mail (using the primary email address on your account) or by a prominent notice on our site.

6. How long will ExecOnline process your Personal Data?

ExecOnline will retain your Personal Data as long as you use or access our Products or Communities, or as necessary to fulfill the purposes for which it was collected, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, satisfy Partner rights and comply with Applicable Laws. When we are no longer required to retain your Personal Data as described above, we will destroy, erase, or de-identify it in accordance with our data retention policies and Applicable Laws. Legal requirements, however, may require us to retain some or all of the Personal Data we hold for a period of time that is longer than that for which we might otherwise hold it.

7. What measures does ExecOnline take to protect your Personal Data?

• Technical and organizational measures.
  ExecOnline takes and maintains appropriate technical and organizational measures to protect your Personal Data:
  • Against unauthorized access;
  • To assure its confidentiality;
  • To maintain its integrity and availability;
  • By training ExecOnline Personnel in information security requirements; and
  • By reporting actual or suspected data breaches in accordance with Applicable Laws.
• Compliance with ISO/IEC 27001:2013.
  ExecOnline is certified by a third party reviewer for compliance with ISO/IEC 27001:2013. Even with such technical and organizational measures, no data transmission or storage system can be guaranteed to be 100% secure. There is no guarantee that data may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards. If you have reason to believe that your interaction with us is no longer secure or has been compromised, please immediately notify us at security@execonline.com.
• Third-Party sites.
  ExecOnline uses social and professional media widgets and sites as dynamic information sharing tools in certain of our Communities (such as Twitter, LinkedIn, YouTube) to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these Communities is governed also by the security and privacy policies of the respective third-party site owner or provider. ExecOnline does not control, moderate or endorse the comments or opinions provided by visitors to these sites, even if on or linked to our own Communities. You should review the privacy policies and information security of all sites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party site to match your preferences.
• Links to third-party sites and integrations.
  ExecOnline Products or Communities may provide links to unaffiliated, third-party sites or integrations or affiliated offerings for your convenience and information. This includes links in emails we send you and links that appear on certain of our Communities such as Twitter or LinkedIn.  Our inclusion of those links does not constitute ExecOnline’s endorsement or control over such sites and services. ExecOnline has no control over these  third-party sites and is not responsible or liable for the policies and practices followed by third parties. The Personal Data you choose to provide to or that is collected by these third party links, sites or offerings is not covered by this Privacy Policy. If you click on an external link appearing in any of our Products or Communities, that third-party site operator might determine that you came from one of our Products or Communities, along with other information associated with the link you clicked such as characteristics of the audience it was intended to reach.
• Potential candidate for employment.
  If you are a potential candidate for employment with ExecOnline, we may have received your Personal Data from third parties such as recruiters or external websites. We will use the Personal Data we receive to contact you about a potential opportunity or in evaluating your candidacy for ExecOnline employment. If you did not provide us your Personal Data directly, we will inform you of the source when we first contact you regarding your candidacy.

8. Where does ExecOnline transfer and process your Personal Data?

• Cross-border transfers.
  ExecOnline’s Products and Communities are provided and managed in the United States. By using, interacting with or accessing any of our Products or Communities or otherwise providing your Personal Data to us, you expressly consent to ExecOnline’s transfer, processing and storage  of your Personal Data to and in the United States, where data protection and privacy regulations may not offer the same level of protection as in the country of origin of your Personal Data.  ExecOnline will undertake this processing in accordance with this Privacy Policy and all Applicable Laws. If you do not agree to the transfer or processing of your information to and in the United States, please do not use or access the Products or Communities.
• Transfers of Personal Data.
  ExecOnline makes available the transfer mechanisms listed below, which shall apply to any transfers of Personal Data (“Transfers”) from the EU, the EEA and/or their respective member states, Switzerland and the United Kingdom, to the extent such Transfers are subject to privacy and data protection Applicable Laws (“Restricted Transfers”):
  • Transfers to countries providing adequate data protection. Some countries are recognized by the European Commission, United Kingdom Information Commissioner’s Office (“UK ICO”) or the Swiss Federal Data Protection and Information Commissioner (“FDPIC”), as applicable, as providing an adequate level of data protection.
  • SCCs. Where a transfer to a country recognized as providing an adequate level of protection is not possible, then we implement appropriate safeguards in accordance with Applicable Laws.  These may include using the International Data Transfer Addendum or International Data Transfer Agreement issued by the UK ICO and the EU Standard Contractual Clauses (“SCCs”), adopted by the European Commission and by the Swiss FDPIC.
• Privacy Shield
  ExecOnline complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data (as defined below) from the European Union member countries (including EEA member countries) and the United Kingdom as well as Switzerland, respectively and as applicable to the United States, in reliance on Privacy Shield and our Privacy Shield certification is found here. ExecOnline has certified to the U.S. Department of Commerce that that it adheres to the Privacy Shield Principles with respect to such Personal Data, including without limitation, Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this ExecOnline Privacy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit: https://www.privacyshield.gov/. ExecOnline remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process Personal Data on its behalf do so in a manner inconsistent with the Principles, unless ExecOnline proves that it is not responsible for the event giving rise to the damage.
  
  If you have an inquiry regarding our privacy practices in relation to our Privacy Shield certification, we encourage you to contact us. ExecOnline is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. You may also refer a complaint to your local data protection authority and we will work with them to resolve your concern. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.
  
  Following the Court of Justice of the European Union decision in July 2020 invalidating the EU-U.S. Privacy Shield as a mechanism for the transfer of Personal Data from the European Union to the United States, ExecOnline no longer relies on Privacy Shield for cross-border Personal Data transfers that originated in the EEA, the United Kingdom or Switzerland to the United States.  ExecOnline relies on alternative data transfer mechanisms deemed appropriate by the relevant authorities, such as the SCCs, for cross-border Personal Data transfers from the EEA, Switzerland, and the United Kingdom to the United States.

9. What rights can you exercise in relation to your Personal Data?

Based on Applicable Laws, you may have rights that you can exercise in relation to your Personal Data. Note that in some cases we are not required to fully comply with your request, as such rights may be conditional or because we have to balance your rights against our rights and obligations to process your Personal Data and to protect the rights and freedoms of others. A number of the rights you may have in relation to your Personal Data are as follows:

• Right of access
  You are entitled to a copy of the Personal Data we hold about you and to learn details about how we use it by contacting privacy@execonline.com. Your Personal Data will usually be provided to you digitally. We may require you to prove your identity before providing the requested information.
• Right to rectification
  We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you believe this is not the case, you have the right to request that any incomplete or inaccurate Personal Data that we process about you is amended.
• Right to erasure
  You have the right to ask us to erase all or some of your Personal Data, for example where the Personal Data we collected is no longer necessary for the original purpose, where Personal Data has become obsolete or where you withdraw your consent. However, this will need to be balanced against other factors, such as certain legal or regulatory obligations.
• Right to restriction of processing
  You are entitled to ask us to temporarily stop using your Personal Data, for example where you think that the Personal Data we hold about you may be inaccurate or where you think that we no longer need to use your Personal Data.
• Right to object to processing
  You have the right to object to processing which is based on our legitimate interests. For purposes based on our legitimate interests, we will no longer process the Personal Data on that basis when you file an objection based on your grounds relating to your particular situation, unless we have a compelling legitimate ground for the processing. Note, however, that we may not be able to provide certain Products, Communities, programs or benefits to you if we are unable to process the necessary Personal Data for that purpose.
  
  You may unsubscribe from marketing and promotional emails that we send to you by following the opt-out instructions contained in such emails. Even if you do opt-out of marketing emails, we reserve the right to send you transactional and administrative emails including those related to the Products, Communities, service announcements, notices of changes to this Privacy Policy, and to contact you regarding any ExecOnline Products you or your employer have purchased.
• Rights relating to automated decision-making
  You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect.
• Right to withdraw consent
  We may ask for your consent to process your Personal Data in specific cases. When we do this, you have the right to withdraw your consent at any time. ExecOnline will stop the further processing as soon as possible after the withdrawal of your consent. However, this does not affect the lawfulness of the processing before consent was withdrawn. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.

10. What are the rights of California Residents?

The California Consumer Privacy Act (“CCPA”) provides California residents with certain rights regarding their Personal Data. If the CCPA is applicable to your Personal Data, to exercise these rights, see the “Exercising Your CCPA Privacy Rights.”

• Right to Know. You may have the right to know and see what data we have collected about you over the past 12 months, including:
  • The categories of Personal Data we have collected about you;
  • The categories of sources from which the Personal Data is collected;
  • The business or commercial purpose for collecting your Personal Data;
  • The categories of Providers with whom we have shared your Personal Data; and
  • The specific pieces of Personal Data we have collected about you.
• Right to Delete. Under the CCPA, you may have the right to request that we delete the Personal Data we have collected from you (and direct our Providers to do the same). There are a number of exceptions, however, including when the information is necessary for us or a third party to do any of the following:
  • Provide you the Products;
  • Perform a contract between us and you;
  • Protect your security and prosecute those responsible for breaching it;
  • Fix our system in the case of a malicious element;
  • Protect the free speech rights of you or other Users;
  • Comply with a legal obligation; or
    • Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
• No Sale of Personal Data. ExecOnline does not sell your Personal Data and will not do so in the future without providing you with notice and an opportunity to opt-out of such sale as required by Applicable Laws. Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your Personal Data.
• Exercising Your CCPA Privacy Rights. To request access to or deletion of your Personal Data, or to exercise any other data rights which is applicable to your Personal Data, please contact us via email at privacy@execonline.com. Please include (i) your full name, email address, and phone number associated with your use of our Products and (ii) the reason you are writing, so that we can process your request in an efficient manner.
• Response Timing and Format. If applicable, we aim to respond to a request for access or deletion within 45 days of receiving that request. If we require more time, we will inform you of the reason and extension period in writing.

11. What if you have questions, requests or complaints?

• Contact us. You may send questions, requests and complaints regarding the processing of your Personal Data to ExecOnline by using the Contact Information provided at the top of this Privacy Policy. We are committed to working with you to address any question, complaint or concern about privacy.
• Data Protection Officer. You also may contact our Data Protection Officer at  privacy@execonline.com.
• Data Protection Authority. You also have the right to lodge a complaint with the competent local Data Protection Authority in the jurisdiction where you work, where you live or where an alleged infringement takes place. A listing of the European Data Protection Authorities can be found here. For the Swiss FDPIC, please refer here. For the UK ICO, please refer here.

12. Will there be updates to this Privacy Policy?

As we implement new technologies and functionality, introduce new Products and Communities, otherwise change our privacy practices, or respond to changes in Applicable Laws, ExecOnline may amend this Privacy Policy from time to time and provide notice to you by posting updates on this page.  Please check back periodically to view any updates. Changes to our Privacy Policy will become effective when posted. The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Your continued access or use of any of the Products or Communities after those amendments constitute your agreement with the amended Privacy Policy; if you do not agree with any part of or changes to the Privacy Policy, you should immediately cease using and accessing the Products and Communities.