LAST UPDATED: 5.18.2018
At International Education Programs (IEP), we understand that privacy is an important issue for our customers and take our role in protecting your privacy seriously: the following paragraphs outline our policies for doing so. Our Policy covers the treatment of all personal information that the company collects when you interact with our website and customer database, submit information through our forms, and/or participate in our programs. This Policy is further subject to the company’s Terms and Conditions, available by request.
The Information We Collect
We collect two types of information: personal information that you provide to us and non-personal information automatically collected through automated means.
Generally and wherever possible, personal information is collected directly from the customer, although there may be occasions when information is collected from third parties, such as host or partner universities or a publically maintained record. If you are registered with us, you can access content and services that we offer only to registered users. Registered users also have the option of changing or deleting the data specified during registration at any time. We are also able to provide you with information about the personal data we hold about you at any time. If you do not want to provide us with your Personal Information, you are not required to do so; however, while you may still access the Website, certain services may not be available to you. By providing your Personal Information to us via the Website, you consent to receive information and updates from us, our representatives or our authorized third party service providers (except where prohibited by law).
Personal information that we might collect includes:
- Your contact details to communicate with you. Things like your email address, mailing address, and phone number.
- Your academic information, such as your transcript and educational background to forward to our affiliated institutions so that you may further your education.
- Your health and medical information to ensure your specific needs are addressed (e.g. allergies, prescriptions, disabilities, etc).
- Your national identification information (i.e. social security number), passport and related data to fulfil international immigration regulations, register you with the proper local institutions and authorities, and organize logistics essential to your program.
When you access our website, information of a general nature is automatically recorded. We use web analytics tools that rely on cookies, web beacons, and other automated tracking technologies to help us analyze how users interact with our website, how we can improve our website, how we can personalize your website experience and provide you with information we believe may be of interest to you. This information does not individually identify you as a person. Anonymous information of this kind is statistically evaluated by us to optimize our Internet presence and the underlying technology.
Non-personal information that we might collect automatically includes:
- The type of web browser you are using
- The operating system you are using
- The domain name of your Internet service provider
Our website uses third party tracking technologies like Google Analytics and Google Conversion Tracking. In both cases these technologies rely on the use of “cookies” and “web beacons.” A cookie is a small amount of data which is sent to your browser from a web site’s computers and stored on your computer’s hard drive. Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. However, if a browser is set not to accept cookies or if a user rejects a cookie, some portions of the website and services may not function properly. A web beacon is an electronic image, also called a “gif,” that may be used on our web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon.
To better understand how Google may use the information collected through Google Analytics to evaluate Users’ and Visitors’ activity on our Site see Google Analytics Privacy and Data Sharing. You can obtain more information about cookies by visiting http://www.allaboutcookies.org.
How We Collect Your Information
As stated above (What Information We Collect), we collect your information for:
- Operations: To operate, maintain, enhance and provide all features of our programming to provide the services and information that you request
- Improvements: We use the information, other than customer Data, to understand and analyze the usage trends and preferences of our visitors and users, to improve our products, services, website, and to develop new products, services, features, and functionality.
- Communications: For administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations, or defamation issues related to the customer Data or Personal Data posted on the Service or to provide updates on promotions and events, relating to products and services offered by us and by third parties we work with.
We do not sell, rent, trade or share any information gathered with any other companies or third parties who are not directly involved in the delivery of your program. This information is used only internally by company administrators and administrators of any company partners in the locations where you sign up so that they may better understand your needs and provide a better service.
Sharing Your Information
We at the company abide by the requirements laid out by GDPR, and Privacy Shield which outline the situations in which an organization may disclose personal information to a third party. We may share your Personal Information with our offices, technical consultants, host universities and institutions, other third parties who help to deliver required components of your program. As a rule, the company will not use or disclose personal information unless it is reasonably necessary and/or the person about whom the information relates is aware of and has consented to, the use or disclosure of their information. Personal information may be disclosed where an individual has consented to the disclosure, or when the disclosure is done in the best interest of the individual such as the case of a medical emergency, a serious and imminent threat to a person’s life, health or safety, a requirement under law, or authorized by law, or a requirement for an enforcement body. The company establishes contracts with all third party organizations affirming that they will also uphold and abide by the same regulations and principles.
Keeping Your Information Secure
In alignment with GDPR Article 32, and Privacy Shields 4th principle the company takes all reasonable and appropriate measures to protect your data from unauthorised access, disclosure, loss, use, modification, or other misuse. Moreover, the company also consistently destroys hard copies of personal information that is no longer required, this destruction is undertaken by secured means. Your personal information is contained behind secured networks (i.e. HTTPS) and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology by a third party.
GDPR Information Rights and Practices
As of May 25th, 2018, all European Union residents and citizens are granted personal privacy as a fundamental human right. This also applies to our participants while they are residing in Europe during our various programs. As such, under these regulations, the company will not hold onto participant data for longer than is legally necessary and only for as short as possible to protect individual privacy as well as business interests. Individuals also have the right to rectify any mistakes or incomplete information that may have been provided in order to ensure accurate and complete records. In addition to this is the right to object to the processing of data relating to him or her except in the cases of a specific legal obligation. The company agrees to not collect more personal data than necessary for its legitimate business interest of providing safe and rewarding international programs. All customers have the right to revoke consent to the onward transfer of their PII, or to be forgotten so long as there is no conflicting legitimate business or individual interest. In addition customers may request to have a copy of their personal data sent to them. All of these rights are afforded free of charge. However, we are not responsible for removing your Personal Information from the lists or systems of any third party who has previously been provided your information in accordance with this Policy. Once data is no longer relevant to our legitimate business purposes, it is pseudonymized or anonymized based on the kind and calibre of information. What information is kept exists strictly for analytical purposes to better serve the interests future customers.
Your Access to Your Data
The company will take reasonable steps to ensure that personal information is accurate. To aid this, you may request to see and correct any mistakes present in your record. Additionally, provided there is no legitimate business interest relating to the purpose for which they were collected or otherwise processed or legal requirement you have the right to request that your personal details are removed from our records (aka, Opt Out).
Such requests need to be made in writing to our Data Protection Representative, who then will investigate the validity of the request and shall proceed to take all reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Requests for removal will not be honored in the cases of the following:
- The removal impinges on the “right of freedom and expression”
- There is a corresponding legal obligation which requires processing or holding of financial or medical records
- Reasons of public interest in the area of public health
- For archiving purposes in the public interest, scientific, historical research, or statistical purposes
- For the establishment, exercise or defense of legal claims
You may opt out of receiving promotional emails or text messages from us at any time by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as messages about your account or our ongoing business relations, as well as emergency communications regarding our programs abroad.
Questions or Grievance Procedures
If an individual believes that their personal information has not been dealt with in accordance with the company’s policies or applicable laws and regulations, they may lodge a complaint to the Data Protection Authority in writing via email listed below. Acknowledgement will be made within 7 working days of receiving the complaint and a response provided within 30 days.
For any questions regarding the company’s compliance of personal information privacy requirements, or to request removal of personal data, please contact our Data Protection Representative by email to DPR Group at firstname.lastname@example.org or by contacting them on our online webform at www.dpr.eu.com/ge
Our Data Protection Authority is the Spanish Agency of Data Protection
+34 901 100 099
Spanish Agency for Data Protection
C/ Jorge Juan, 6
Open from Monday to Friday 9am to 5:30pm CEST