EAB and Our Commitment to Your Privacy
Who Is EAB? EAB Global, Inc. (together with its subsidiaries, and its affiliates, “EAB”, “us,” “we,” and “our”) is a data driven research, technology, and services organization partnering with education leaders, practitioners, and staff to accelerate progress and drive results in the most pressing and complex issues facing colleges, universities, community colleges, K-12 school districts, independent schools, and graduate programs in the country.
EAB’s Commitment to Privacy. EAB is deeply committed to maintaining the privacy and security of confidential and sensitive information we may collect, retain, process, or transfer or which is provided to us directly by our clients.
We collect and use personal information to provide our products and services to our clients and our clients’ end users. In many cases, we do this at the direction of our clients. We do not and will not sell or rent personally identifiable data to third parties.
Information That We Collect
EAB maintains a website that is generally accessible by the public. Our website provides general information about our company and its products and services. Our website also may contain information concerning employment opportunities and provides the opportunity for individuals to submit applications for open roles. We may do this directly or through third party vendors.
You can generally visit our website without having to register or otherwise identify yourself. You may need to log in to make use of all the functionalities and be able to communicate with us or other EAB clients. For example, our website allows our clients’ registered users that subscribe to our research forums to access reports and other data. Our research forums may also provide additional functionality that registered users can access through our website.
We collect personal information in the following manner:
Directly from you : Certain functionality on our website requires you to register for an account (e.g., apply for a job, subscribe to blog alerts, sign up for events or access certain reports). We also collect information you provide by completing forms on our website. If you provide additional content through user forums, for example, we may link this information with your personal information if you are logged in.
We collect personal information in the following manner:
Received directly from your institution : Depending on the products or services that EAB provides to your institution, we may collect the following types of identifiable information:
Your name, email address, student ID, account credentials, course enrollment data, grades, and directory information.
Application, enrollment and financial aid information.
Other information directly from your institution or other third parties related to your enrollment or application status at your institution, or other institutions, or related to your success at your institution.
Received directly from you : Depending on the EAB products and services you use or your institution uses, we may collect the following types of identifiable information:
Your name, email address, and similar contact data when you provide or update this information in our products.
Application and enrollment information.Your credentials for your institution’s systems account(s) to the extent our products integrate with such systems.
Content that you enter directly into our products, including results of surveys or polls, notes and summaries, academic and career preferences.
Indirectly from you : We collect information on your use of our products and services. Depending on the products and services you access or use, we may collect the following data categories indirectly from you:
How We Use the Information That We Collect
EAB collects, retains, processes, uses, and transfers your information for the following purposes:
- Service Providers : We use service providers to help us provide our products and services to our clients and you or to perform work on our behalf. Where this requires access to personal information, we are responsible for the data privacy practices of the service providers. Our service providers are not allowed to use personal information they access or receive from us for any other purposes than as needed to carry out their work for us. Examples of our service providers include data storage providers, analytics platform providers, survey providers, third party payment providers, print shops.
- On behalf of your institution : For end users of institutions that use our products, we use your information on behalf of and under the instruction of your institution, which is the data controller. We share the information that we collect in accordance with our agreement with your institution. Your institution determines how your information is used.
- Product enhancements and research : To the extent permitted by applicable law or by our agreement with your institution, we may also use:
- Your personal information to evaluate and improve our products and services to develop new products and services; and/or
- De-identified information for research or business purposes like providing similarly-situated institutions a benchmarking data report on completion rates or class size.
- Client engagement and marketing : EAB uses your information for client engagement and marketing purposes in limited circumstances, including:
- To manage the client relationship, including for invoicing, notification of product updates and maintenance, and similar purposes.
- To promote EAB’s products and services.
- To share with EAB’s subsidiaries or affiliates. For example, information from a participant in a research webinar may be shared with our advancement affiliate to send services and other promotional communications to you.
We do not disclose personally identifiable information about students that we collect through the provision of our educational products and services to third parties for behavioral targeting of advertisements to students.
Our marketing emails will include a link so that you can opt-out of receiving marketing communications from us. You can do this by clicking on the “Unsubscribe” link in the email footer.
Online and interest-based advertising. We use third-party advertising tools to collect information about your visits to our websites to serve you targeted advertisements based on your browsing history and interests on other websites and online services or on other devices you may use. In some instances, we may share a common account identifier (such as an email address or user ID) with our third-party advertising partners to help identify and contact you across devices. We and our third-party partners use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.
Google Analytics and Advertising. We may also utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, the DoubleClick Campaign Manager Integration, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the Doubleclick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to our websites. You may control your advertising preferences or opt-out of certain Google advertising products by visiting the Google Ads Preferences Manager, currently available at https://adssettings.google.com.
You can opt-out of third-party cookies from Google Analytics using the Google Analytics opt-out browser setting add-on or third-party ad management tools.
Other types of disclosures
We will also share your information to the extent required in the following circumstances:
- To comply with legal or regulatory requirements and to respond to lawful requests, court orders, and legal processes.
- To protect and defend the rights, property, or safety of us, our clients, or third parties, including enforcing contracts or policies or in connection with investigating and preventing fraud.
- To process transactions when you use our services to make a deposit to one of our clients, we will share your payment and transaction data with third party payment processors.
- To carry out operational tasks for legitimate business purposes.
EAB’s products and services are not intended for children under the age of 13, and we do not knowingly collect any information from children. If we learn that we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information upon request. Please contact us at firstname.lastname@example.org if you believe we have inadvertently collected personal information from a child under 13 without proper consent.
In order to protect personal information, EAB has established a data privacy program based on the ‘privacy by design’ framework which proactively embeds privacy protection into the design of our IT systems, networked infrastructure, business practices, and software applications. We employ a variety of physical, administrative, and technological safeguards designed to protect personal information against loss, misuse, and unauthorized access or disclosure. We have dedicated information security programs and work hard to continuously enhance our technical and operational security measures.
Specifically, EAB aligns its policies with the ISO 27001 framework. We maintain a comprehensive list of policies and procedures that are readily accessible by all workforce clients via an internal portal. Information is encrypted at rest on laptops, removable devices, and at the data centers we partner with for our technology products and services. EAB requires the secure transmission of personal information to and from our network; we work with clients to discourage transmission that is otherwise not secure. This is accomplished through a combination of secure technologies like SSH File Transfer Protocol (SFTP) for in-transit encryption of bulk file transfers and SSL/TLS encryption in transit for web traffic.
Datacenter controls include the use of SOC-audited data centers with physical controls including multi-factor authentication for access, 24×7 monitoring, video monitoring, and locked cages. We also have active detection (IDS monitoring, log consolidation, alerting) and prevention (IPS, firewall, security zones) programs to protect personal information, and vetted third party providers for centralized audit logging capabilities.
All of our products and services that use payment data maintain the applicable Payment Card Industry (PCI) compliance levels.
Specific Regional & Country Information
EAB is not established in the European Union (“EU”); however, in certain limited circumstances, we may be subject to the General Data Protection Regulation (“GDPR”).
In the EU, you have the right to control how your personal information is used. Namely, you may have the right to request access to, rectification of, or erasure of personal information we hold about you. In the EU, you also may have the right to object to or restrict certain types of use of your personal information and request to receive a machine-readable copy of the personal information you have provided to us. If you would like to access, correct, or delete the required information yourself, please email us at email@example.com or contact us using the address below if you want to exercise any of these rights.
Depending on the services that we are providing to our clients, we may be considered a data processor. If you are a user of our products and services that we provide on behalf of your institution, contact your institution to exercise your rights . They need to manage your request even if it relates to information that we store on behalf of your institution. We will support your institution with your request.
Please remember that many of these rights are not absolute. In some circumstances, we (or your institution) are not legally required to comply with your request because of relevant legal exemptions.
Learn more about our GDPR compliance at GDPR FAQs.
If you are a California resident, California Civil Code Section 1798.83 allows you to request information on how we disclose personal information to third parties for their direct marketing purposes during the immediately preceding calendar year. You may make one request each year by emailing us at firstname.lastname@example.org or writing to us (see address below in Section 7).
EAB Global, Inc.
Attn: General Counsel
2445 M Street, NW
Washington, DC 20037
Last updated on May 6, 2019