Thank you for choosing to be part of our community at CIEE, Inc. doing business as CIEE (“CIEE”, “we”, “us” or “our”). We are committed to protecting your right to personal information and your right to privacy. If you have any questions or concerns about our Participant Privacy Notice, or our practices about your personal information, please contact us at firstname.lastname@example.org. We will update this Privacy Notice from time to time as we adopt new data privacy policies or change our personal data privacy practices.
This Privacy Notice outlines our policies and practices regarding our collection, use, processing and disclosure of personal information provided by you. It applies to any personal information that you voluntarily provide to us when you:
- Register to use or use our services including, but not limited to, our website and provide information required to use our services.
- Apply for jobs through one of our programs
- Fill out application forms on our website to participate in our programs or promotional programs
- Register or subscribe to our newsletters or conferences
- Create blog posts
- Ask us to authenticate you as an authorized user and provide you with a password
- Ask us to communication with you and answer your questions. Request information or services from us
- Complete our surveys for our statistical, demographic and marketing analyses
- Submit your payment
- When CIEE administers or improves our website
- When CIEE prevents and detects fraud
- When CIEE protects and enforces our legal rights
Personal information that we collect, depends on the context of your interactions with us, on CIEE's family of websites – www.ciee.org, www.haesf.org and www.balticamericanfreedomfoundation.org (the “Sites”) and the services that you choose.
- Lawful Basis For Collecting And Processing Personal Data
- Types Of Personal Data We Collect
- Why We Collect Personal Data
- How We Collect Personal Data
- When And How We Share Personal Data With Others
- Protection Of Personal Data
- Data Subject’s Rights
- Transferring Personal Data To The United States
- How We Handle Personal Data From International Visitors
- Data Storage And Retention
- Children's Privacy
- Notification Of Changes
Lawful Basis for Collecting and Processing Personal Data
CIEE's lawful basis for collecting and processing your personal information includes any of the following:
- Legitimate Business Purpose: necessary for the legitimate interests pursued by CIEE or third parties in providing programs and services.
- Contractual Necessity: for the performance of an agreement and/or contract to which you are a party, or to take steps at your request prior to entering into an agreement or contract.
- Protection of Vital Interest: necessary to protect your vital interests or the vital interests of another person.
- Public Interest: necessary for the performance of a task carried out in the public interest.
- Legal Obligation: necessary for compliance for legal obligations required by applicable law.
- Consent: you have given consent for the processing of your personal data for one or more specific purposes. In the case of a data subject is under 16 years of age, consent must be given or authorized by the data subject’s natural parent or legal guardian.
TYPES OF PERSONAL DATA WE COLLECT
The personal information we collect and or process takes different forms – it may be factual, images or other recorded information that identifies or relates to you.
- Contact information or directory information such as, first and last name, email address, physical address, phone numbers, and other location information
- Government or other official Identification Numbers
- Personal documents in support of visa applications
- Photographs, audio and video recordings
- Health and safety information
- Social identification (e.g. citizenship, nationality, racial/ethnic origin)
- Personal information arising out of Health & Safety incidents while on CIEE programs. (e.g. police reports, hospital reports)
- Any other information that you voluntarily choose to provide to CIEE that would help us improve our services
- Financial payment information to process applications. (e.g. visas, application fees)
Sensitive personal information
CIEE recognizes that certain jurisdictions have enacted laws that require higher protection of certain sensitive personal information. “Sensitive personal information” includes categories of personal data identified by European and other data privacy laws as requiring special treatment. This may include personal identity numbers; racial or ethnic origin; political opinions; religious, philosophical, or other similar beliefs; membership of a trade union or profession or trade association; physical or mental health; biometric or genetic data; sexual life; or criminal record (including suspected criminal activities).
As a rule, CIEE does not require such sensitive personal information from you. In the limited cases where we do seek to collect such information, we will seek to do so in accordance with applicable data privacy law requirements. If you choose to provide us with unsolicited sensitive personal information, you consent to us using the information, subject to applicable law as described in this Privacy Notice.
WHY WE COLLECT PERSONAL DATA
HOW WE COLLECT PERSONAL DATA
CIEE receives personal data from multiple sources. Most often, CIEE receives this data directly from you through our website or when you directly contact us.
Information you provide to us: When you submit a contact form, create an account, or enter a search query on the Sites, you may choose to disclose information about you, including your name, physical address, email address, phone number, and date of birth, along with information regarding your interests, educational background, and interests relating to our programs. We collect information from you when you enroll our programs, when you contact or communicate with us (including through the website, by email or otherwise). We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff or registering for our programs.
Agents and or Independent Contractors: CIEE works with several third-party service providers who promote our programs to you. When you submit your personal data to them for the purpose of enrolling or receiving information about our programs, they will forward your personal information to us for the purpose of offering you CIEE services. You should check the Agents or Independent Contractors for additional information on their privacy notices. We are not responsible for their privacy policies.
Website Usage Information: We collect information while monitoring our CIEE websites, when you provide it to us, such as when you use our website(s) or otherwise communicate with us (such as by email or via our social media pages). The CIEE websites are: www.ciee.org, www.haesf.org and www.balticamericanfreedomfoundation.org (the “Sites”). CIEE collects certain information automatically when you use the website, such as the IP addresses and domain names of visitors, browser type, history of pages viewed and other usage information about your use of the website. We collect this information for site administration purposes, such as to analyze this data for trends and statistics. We may share statistical or aggregated non-personal information about our users with advertisers, business partners, sponsors and other third parties. This data is used to customize our website content and advertising to deliver a better experience to our users. Please see the section below on cookies for more information.
Information that is automatically collected: Like many websites, we use web analytics tools that rely on cookies, web beacons, and other automated tracking technologies (“Tracking Tools”) to help us analyze how users interact with and use the Sites, improve the Sites, personalize your Sites experience, provide you with information we believe may be of interest to you, and identify others like you who may be interested in our programs and services.
The information we collect automatically includes information about your computer and internet connection (including your IP address, operating system, and browser type) and details regarding your visits to our Sites (including your browsing actions and patterns and information about any referring website, search engine, social media platform, or link). We do not use Tracking Tools to collect personally identifiable information (except to the extent you have provided such information to third parties, such as social media platforms – see section below titled “Information from Third Parties”), but we tie information that we gather using Tracking Tools to your personally identifiable information.
Third-Party Tracking Tools; Google Analytics
The Tracking Tools we use include services we obtain from third parties. The information generated by these analytics services will be transmitted to and stored by the third parties and will be subject to their privacy policies. We do not control these third parties’ tracking technologies, how they may be used, or the information they may collect, and we are not responsible for these third parties’ privacy policies.
One of the third-party Tracking Tools we use is Google Analytics. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. Learn more about Google’s partner services and how to opt out of tracking of analytics by Google.
Cookies and Web Beacons
The Tracking Tools we use rely on cookies and web beacons:
- Cookies. A cookie is a small data file that can be placed on your hard drive when you visit certain websites. Cookies are used to collect and store information, such as the type of computer you are using and how often you log on to a site. Our Sites uses both “session cookies,” to improve your navigation across the Sites and to remember you over the course of a single visit, and “persistent cookies,” which are stored on your computer until they expire or are deleted and help us provide better service to you over multiple visits to the Sites. You can always delete or disable cookies through your browser. If you disable cookies, you may not be able to sign in or take advantage of certain features of the Sites that require cookies.
- Web Beacons. In addition to cookies, we deliver “web beacons” through our Sites and through emails we send you. Web beacons are small graphic images that may not be visible to Sites visitors that collect information about Sites usage on an anonymous basis. In some cases, anonymous data may be transmitted to third-party advertising networks. We use web beacons for our own internal analytics, to better understand the ways users interact with our website, and to determine whether a particular email was received and opened. We also use web beacons in connection with our marketing efforts. For example, web beacons allow third-party advertising networks to detect when a user has visited CIEE’s website, and then serve them ads for CIEE’s programs when they browse to another site.
Information from third-parties and other sources: We supplement the information we collect through the Sites with information from third parties (including our advertising partners and other service providers) and information we collect through other means, such as offline or through other websites. This information includes social media profile information, depending on the settings you have established for your social media accounts.
WHEN AND HOW WE SHARE PERSONAL DATA WITH OTHERS
CEE may disclose or share personal information with its international affiliates for various purposes, as permitted by law, including in order for its affiliates to provide services.
CIEE may share some personal data with certain local and foreign third parties service providers who have a need to know and require your personal information within the scope of your agreement with CIEE, for example, we may share your personal data with local and foreign government officials, agencies, consulate or embassies to process and facilitate your visa, host families, accommodation or transportation providers to arrange for program stay and logistics, universities to enroll you in programs, or potential local or foreign employers to facilitate internships or jobs.
We can disclose or share your personal data with lawful basis.
PROTECTION OF PERSONAL DATA
We use security measures, in compliance with applicable law, to protect personal information from unauthorized access or use.
To safeguard against unauthorized access to personal information by third parties, all electronic personal information held by CIEE is maintained on systems protected by secure network architectures that contain firewalls and intrusion-detection devices. The servers holding personal information are “backed up” (i.e., recorded) on a regular basis in an effort to avoid any inadvertent erasure or destruction of such personal information and are stored in facilities with appropriate security and fire-detection and response systems.
Unfortunately, the transmission of information via the internet is not completely secure. Although we take measures to protect your personal data, we cannot guarantee its security. Any transmission of personal information while using any of our online applications is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained online. The safety and security of information also depends on you. If we have provided you with (or you have chosen) a username and password for access to any of our online applications or websites, you are responsible for keeping such information confidential. Please do not share your username and password with anyone.
DATA SUBJECT’S RIGHTS
As a person who provides CIEE with personal information, you may inquire as to the nature of the personal information stored at and/or processed by CIEE. You will be provided reasonable access to your personal information held by CIEE and, where appropriate, with the ability to review and correct inaccuracies. CIEE will cooperate in providing such access. All such requests for access may be made by submitting your personal data access request to our Data Protection Officer at email@example.com.
To help protect your privacy and provide security, CIEE takes reasonable steps to verify your identity before granting access to information. CIEE shall respond to such reasonable requests made by you within such time period as required under applicable law after your identity has been confirmed and you have clarified the specific personal information that you require. If you demonstrate that the purpose for which the personal information is being processed is no longer legal or appropriate, the personal information will be deleted, unless the law or applicable data-retention requirements require otherwise.
In some regions like the European Economic Area (“EAA”), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure, (iii) to restrict the processing of your personal information, and (iv) if applicable, to data portability. In certain circumstances, you may have the right to object to the processing of your personal information.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
If you are a resident in the EAA and you believe we are unlawfully processing your information, you can also have the right to complain to your local data protection supervisory authority. You can find the contact details here: Data Protection Authorities
TRANSFERRING PERSONAL DATA TO THE UNITED STATES
CIEE’s headquarter is in the United States. Please be aware that any information you provide to us will be processed in the United States and is subject to United States laws. The privacy and data protection laws in the United States may not be equivalent to the laws in your country of residence. If you are accessing our website from outside the United States be aware that your information will be transferred to, stored and processed by us in our facilities and by those third parties with whom we may share your personal information.
CIEE collects and transfers personal data to the United States only under the above listed lawful basis. CIEE endeavors to apply reasonable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with CIEE and the practices described in this Privacy Notice.
HOW WE HANDLE PERSONAL DATA FROM INTERNATIONAL VISITORS
Any personal data that is provided to CIEE will be hosted on United States servers. By submitting your personal information on our website and registering or participating in any CIEE programs or services, you consent to the transfer to and the processing of your personal data in the United States.
DATA STORAGE AND RETENTION
CIEE is a global organization; personal data we collect may be transferred internationally throughout the world to countries where CIEE does business, which may not have the same data protection laws as the country in which you reside. We have internal policies and procedures in place in an effort to achieve an equivalent level of protection across our organization. The transfer of personal data to other countries is based on a business need or to comply with applicable laws. Personal data stored or processed in a foreign jurisdiction may be accessed under a lawful order made in that jurisdiction.
By providing your information to CIEE in the course of your access and use of our website or the services that CIEE provides, you agree that your personal data, for the purposes explained in this Privacy Notice, may be transferred to and stored in other countries where CIEE does business, which may not have the same data protection laws as the country in which you reside.
Your personal data is stored by CIEE on its servers, and on the servers of the cloud-based database management services CIEE engages, located in the United States CIEE keeps our personal information for as long as it is necessary for the purpose set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).
For more information on where and how long personal data is stored, and for more information on rights of erasure and portability, please contact CIEE’s data protection officer at firstname.lastname@example.org.
The programs that we offer are not intended for children under the age of 13, and we do not knowingly collect personal data from children under the age of 13. Parental consent is required before collecting or processing personal data of children who are under the age of 16.
NOTIFICATION OF CHANGES
We may update this privacy notice from time to time. The updated version will be indicated “Revised” date and the updated version will be effective as soon as it is accessible on our website www.ciee.org. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
For further information or comments on our Privacy Notice, please contact our data protection officer at email@example.com, or contact CIEE at the following address:
Council on International Educational Exchange
600 Southborough Drive, Suite 104
South Portland, Maine 04106
EFFECTIVE: 26 February 2019