Privacy Policy

EAB and Our Commitment to Your Privacy

Who Is EAB? EAB Global, Inc. (together with its subsidiaries, and its affiliates, “EAB”, “us,” “we,” and “our”) is a data driven research, technology, and services organization partnering with education leaders, practitioners, and staff to accelerate progress and drive results in the most pressing and complex issues facing colleges, universities, community colleges, K-12 school districts, independent schools, and graduate programs in the country.

EAB’s Commitment to Privacy. EAB is deeply committed to maintaining the privacy and security of confidential and sensitive information we may collect, retain, process, or transfer or which is provided to us directly by our clients.

We collect and use personal information to provide our products and services to our clients and our clients’ end users. In many cases, we do this at the direction of our clients. We do not and will not sell or rent personally identifiable data to third parties.

Scope of this Privacy Policy. This Privacy Policy governs all services we provide directly to you and applies to personal data which generally to personal information that can be associated with an identified or identifiable person. This Privacy Policy does not relate to anonymized, disaggregated, or de-identified data. Whether you are accessing our public website, exploring employment opportunities through our job portal, participating in a research membership forum, or using one of our products via a software application, this Privacy Policy governs our use of personal information for all our products and services that we provide directly to you. When we collect personal information directly from you in connection with our interactions with you, we are a data controller.

Scope of your institution’s privacy policies.  If you are an employee, student, prospective student, or other end user of our client, and we are collecting your personal information in connection with the products and services we provide to our clients, we are a data processor. In this case, our use of your personal information is governed by the privacy policy of the institution from which we have received, or on whose behalf we collected or use, your personal information (“your institution”). Our Privacy Statement does not supersede the terms of any agreements between us and your institution, nor does it affect the terms of any agreements between you and your institution, including any prior consent you have provided concerning the use and distribution of your personal information.

Updates to this Privacy Policy.  From time to time, this Privacy Policy may be updated to reflect changes to our products and services, the way we operate, or to meet new legal and regulatory requirements. You will find the latest version of this Privacy Policy at https://eab.com/privacy-policy.

Information That We Collect

The type of personal information we collect about you depends upon your relationship with us. Please click on the plus symbol to collapse or expand the relevant section below to learn more. The other sections in our Privacy Policy apply to all our activities.

EAB maintains a website that is generally accessible by the public. Our website provides general information about our company and its products and services. Our website also may contain information concerning employment opportunities and provides the opportunity for individuals to submit applications for open roles. We may do this directly or through third party vendors. 

You can generally visit our website without having to register or otherwise identify yourself. You may need to log in to make use of all the functionalities and be able to communicate with us or other EAB clients. For example, our website allows our clients’ registered users that subscribe to our research forums to access reports and other data. Our research forums may also provide additional functionality that registered users can access through our website.

We collect personal information in the following manner:

Directly from you : Certain functionality on our website requires you to register for an account (e.g., apply for a job, subscribe to blog alerts, sign up for events or access certain reports). We also collect information you provide by completing forms on our website. If you provide additional content through user forums, for example, we may link this information with your personal information if you are logged in.

Indirectly from you : We collect information about the pages you visit and how you access and use our website using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser and cookies. Depending on your device settings, we may also collect information about your geographical location. Learn more about our use of cookies, plugins, analytics or similar tool in our Cookie Notice.

Your institution decides how your personal information is used. We provide nearly all of our products and services to end users of an institution as a “data processor” on behalf of our clients (e.g., colleges, universities, and school districts). This means that the main responsibility for data privacy compliance lies with your institution as a “data controller.” It also means that your institution’s privacy policy governs the use of your personal information (rather than ours). Your institution determines what information we collect through our products and services and how it is used, and we process your information according to your institution’s explicit instructions.

The following section is primarily for informational purposes and describes how your information is generally collected when we provide products and services to you on behalf of a client. How your personal information is used depends on your institution, so you should read your institution’s privacy policy carefully.

We collect personal information in the following manner:

Received directly from your institution : Depending on the products or services that EAB provides to your institution, we may collect the following types of identifiable information:

Your name, email address, student ID, account credentials, course enrollment data, grades, and directory information.

Application, enrollment and financial aid information.

Other information directly from your institution or other third parties related to your enrollment or application status at your institution, or other institutions, or related to your success at your institution.

Received directly from you : Depending on the EAB products and services you use or your institution uses, we may collect the following types of identifiable information:

Your name, email address, and similar contact data when you provide or update this information in our products.

Application and enrollment information.Your credentials for your institution’s systems account(s) to the extent our products integrate with such systems.

Content that you enter directly into our products, including results of surveys or polls, notes and summaries, academic and career preferences.

Your credentials to third party accounts to the extent our products integrate with such systems (e.g., Google Calendar and Microsoft Calendar Sync).

Indirectly from you : We collect information on your use of our products and services. Depending on the products and services you access or use, we may collect the following data categories indirectly from you:

Usage: We collect information about the pages you visit and how you access and use our products using cookies and third-party analytics tools. This information includes information about the device(s) you use to access the websites including unique device identifiers, IP address, operating system, browser and cookies. Depending on your device settings, we may also collect information about your geographical location. Learn more about our use of cookies in our Cookie Notice.

How We Use the Information That We Collect

EAB collects, retains, processes, uses, and transfers your information for the following purposes:

  • Service Providers : We use service providers to help us provide our products and services to our clients and you or to perform work on our behalf. Where this requires access to personal information, we are responsible for the data privacy practices of the service providers. Our service providers are not allowed to use personal information they access or receive from us for any other purposes than as needed to carry out their work for us. Examples of our service providers include data storage providers, analytics platform providers, survey providers, third party payment providers, print shops.
  • Analytics and Marketing : We analyze usage information for marketing purposes and for trends about our visitors’ demographics and use of our website. This analysis is necessary to further our legitimate interest in understanding our users and how they interact with us and our website, improving our website and communicating with you. You can learn more about our use of cookies in our Cookie Notice.
  • On behalf of your institution : For end users of institutions that use our products, we use your information on behalf of and under the instruction of your institution, which is the data controller. We share the information that we collect in accordance with our agreement with your institution. Your institution determines how your information is used.
  • Product enhancements and research : To the extent permitted by applicable law or by our agreement with your institution, we may also use:
    • Your personal information to evaluate and improve our products and services to develop new products and services; and/or
    • De-identified information for research or business purposes like providing similarly-situated institutions a benchmarking data report on completion rates or class size.
  • Client engagement and marketing : EAB uses your information for client engagement and marketing purposes in limited circumstances, including:
    • To manage the client relationship, including for invoicing, notification of product updates and maintenance, and similar purposes.
    • To promote EAB’s products and services.
    • To share with EAB’s subsidiaries or affiliates. For example, information from a participant in a research webinar may be shared with our advancement affiliate to send services and other promotional communications to you.

We do not disclose personally identifiable information about students that we collect through the provision of our educational products and services to third parties for behavioral targeting of advertisements to students.

Our marketing emails will include a link so that you can opt-out of receiving marketing communications from us. You can do this by clicking on the “Unsubscribe” link in the email footer.

Online and interest-based advertising. We use third-party advertising tools to collect information about your visits to our websites to serve you targeted advertisements based on your browsing history and interests on other websites and online services or on other devices you may use. In some instances, we may share a common account identifier (such as an email address or user ID) with our third-party advertising partners to help identify and contact you across devices. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.

Google Analytics and Advertising.  We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to our websites. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at  https://adssettings.google.com.

You can opt-out of third-party cookies from Google Analytics using the Google Analytics opt-out browser setting add-on or third-party ad management tools.

You can learn more about our use of cookies in our  Cookie Notice.

Other types of disclosures

We will also share your information to the extent required in the following circumstances:

  • To comply with legal or regulatory requirements and to respond to lawful requests, court orders, and legal processes.
  • To protect and defend the rights, property, or safety of us, our clients, or third parties, including enforcing contracts or policies or in connection with investigating and preventing fraud.
  • To process transactions when you use our services to make a deposit to one of our clients, we will share your payment and transaction data with third party payment processors.
  • To carry out operational tasks for legitimate business purposes.

Children’s Privacy

EAB’s products and services are not intended for children under the age of 13, and we do not knowingly collect any information from children. If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information upon request. Please contact us at  privacy@eab.com if you believe we have inadvertently collected personal information from a child under 13 without proper consent.

Security

In order to protect personal information, EAB has established a data privacy program based on the ‘privacy by design’ framework which proactively embeds privacy protection into the design of our IT systems, networked infrastructure, business practices, and software applications. We employ a variety of physical, administrative, and technological safeguards designed to protect personal information against loss, misuse, and unauthorized access or disclosure. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures.

Specifically, EAB aligns its policies with the ISO 27001 framework. We maintain a comprehensive list of policies and procedures that are readily accessible by all workforce clients via an internal portal. Information is encrypted at rest on laptops, removable devices, and at the data centers we partner with for our technology products and services. EAB requires the secure transmission of personal information to and from our network; we work with clients to discourage transmission that is otherwise not secure. This is accomplished through a combination of secure technologies like SSH File Transfer Protocol (SFTP) for in-transit encryption of bulk file transfers and SSL/TLS encryption in transit for web traffic.

Datacenter controls include the use of SOC-audited data centers with physical controls including multi-factor authentication for access, 24×7 monitoring, video monitoring, and locked cages. We also have active detection (IDS monitoring, log consolidation, alerting) and prevention (IPS, firewall, security zones) programs to protect personal information, and vetted third party providers for centralized audit logging capabilities.

All of our products and services that use payment data maintain the applicable Payment Card Industry (PCI) compliance levels.

Specific Regional & Country Information

EAB is not established in the European Union (“EU”); however, in certain limited circumstances, we may be subject to the General Data Protection Regulation (“GDPR”).

In the EU, you have the right to control how your personal information is used. Namely, you may have the right to request access to, rectification of, or erasure of personal information we hold about you. In the EU, you also may have the right to object to or restrict certain types of use of your personal information and request to receive a machine-readable copy of the personal information you have provided to us. If you would like to access, correct, or delete the required information yourself, please email us at  privacy@eab.com or contact us using the address below if you want to exercise any of these rights.

Depending on the services that we are providing to our clients, we may be considered a data processor. If you are a user of our products and services that we provide on behalf of your institution,  contact your institution to exercise your rights . They need to manage your request even if it relates to information that we store on behalf of your institution. We will support your institution with your request.

Please remember that many of these rights are not absolute. In some circumstances, we (or your institution) are not legally required to comply with your request because of relevant legal exemptions.

Learn more about our GDPR compliance at GDPR FAQs.

If you are a California resident, California Civil Code Section 1798.83 allows you to request information on how we disclose personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may make one request each year by emailing us at  privacy@eab.com  or writing to us (see address below in Section 7).

Contact Us

If you have any questions or concerns about our Privacy Policy or data privacy practices, contact us at privacy@eab.com  or write to us at the following address.

EAB Global, Inc.  
Attn: General Counsel

2445 M Street, NW 
Washington, DC 20037

Last updated on May 6, 2019