- Who are we (Introduction)?
- What is the purpose of this notice?
- Whom is this notice directed to (Scope)?
- What other rules or notices apply?
- What are the categories/types of personal data we collect about you?
- How do we collect your personal data (Source)?
- Why do we collect your personal data?
- Purpose(s) of processing
- Lawful (legal) basis for processing
- Legitimate interest as the lawful (legal) basis for processing – additional information
- Performance of a contract as the lawful (legal) basis for processing – additional information
- Consent as the lawful (legal) basis for processing – additional information
- With whom do we share your personal data (Disclosure)?
- International (cross-border) transfer of personal data
- How long do we retain your personal data?
- How do we protect your personal data (Data Security)?
- What are your rights with respect to your personal data?
- Contact us.
- Definitions.
- Annexure-1
Who are we (Introduction)?
Emeritus (together with its relevant subsidiaries, associates, and affiliated companies as listed in Annexure-1 of this Notice, collectively referred to as “Emeritus”, “us”, “we”, or “the Company”) is committed to protecting and securing the confidentiality of, and to lawfully handling and effectively managing the personal data we collect from our students and program applicants.
Our Vision and Mission Statement
(Global Data Protection Office at) Emeritus is committed to maintaining trust, meeting expectations, and upholding the rights of the individuals whose personal data we collect by efficiently protecting their personal data, diligently complying with the applicable privacy laws, persistently adhering to the privacy principles, and conscientiously following the privacy best practices. We understand the value of personal data and the significance of its processing in running our business, and we reinforce our pledge to remain bound to our obligations of fairness and transparency while handling personal data and related operations.
What is the purpose of this notice?
This Students’ and Program Applicants’ Privacy Notice (“Notice”) outlines and describes how personal data or information of students and program applicants is collected, managed, and processed by Emeritus. Emeritus is committed to handling the personal data of its students and program applicants with fairness and transparency, and in a lawful manner. This Notice covers the minimum controls and obligations that Emeritus is committed towards for ensuring that the personal data of our students and program applicants is collected, used, retained, and disclosed in a secure, lawful, transparent, and compliant manner.
Whom is this notice directed to (Scope)?
This Notice applies to enrolled students or program applicants of the educational course(s) offered by Emeritus(collectively “you”, “your”) and is designed to inform you of the personal data that we collect, our purposes of processing that data and your rights in connection with it.
This Notice applies to all our courses and educational services, including whenever we collect and process your personal data in that context for the purposes identified below. Please note however that there may be cases from time to time where we need to update this Notice, for example to reflect changing legal requirements or processing activities, and in the event, we make any material changes to this Notice then we will let you know.
This Notice does not apply to personal data belonging to other categories of individuals like our marketing leads, vendors, employees, job applicants, or clients engaged with or by Emeritus. See our Prospective Students’ Privacy Notice; Employees’, Consultants’, and Employment Candidates’ Privacy Notice; and Emeritus Privacy Notice for more information. However, as more than one of the above notices may apply to you depending upon the context in which your personal data is collected and processed (e.g., an employee may also be a student), be sure to carefully read each applicable notice that we provide to you so that you are fully informed.
What other rules or notices apply?
In some cases, local laws and regulations that apply to the processing of your personal data may be more restrictive than this Notice. Those more restrictive requirements will apply in that case. Emeritus will provide you with additional privacy notices or information where applicable law(s) so require. Residents of the Unites States (U.S.) should see our U.S. Privacy Notice which supplements this and our other privacy notices for them. In addition, this Notice may be supplemented from time to time with more specific privacy information or notices, for example when you use a particular Emeritus app or portal.
What are the categories/types of personal data we collect about you?
The personal data that we collect, and process may vary depending upon the course/program you
select, the requirements of the university partner offering that course, and obligations arising under applicable laws. The personal data that we collect from you is stored within the electronic records/database stored on servers (including cloud servers) located in Singapore, Japan, Canada, U.S., India or in another country (including third countries that are not covered by an adequacy decision of the European Commission), as well as within physical records/database.
Emeritus collects the personal data only to the extent it requires it for a particular purpose(s), and it may collect the following types of personal data from you:
Categories of personal data | Examples of personal data attributes within each category |
---|---|
Identification/Identity data | Full name, alias, gender, title, country of residence, nationality, citizenship, location, online identifier, IP address, date of birth, age, photograph, biometric data (as part of any governmentissued ID), race |
Contact details | Home address, work address, personal and/or official phone number(s), personal and/or official email address(es), emergency contact details |
Financial data | Tokenized data received from the payment gateways, bank account information, social security number, tax identification number (including PAN) |
Educational and employment data | Educational qualification, number of years of work experience, job function, industry, job title, recent compensation, name of the employer |
Electronic identification data | Login ID, password, IP data, website visit logs, browser details |
User generated data | Attendance, absence records, projects and assignments submitted, evaluation remarks, peer and faculty feedback, grades, performance data, audio and video recordings during online/offline sessions and webinars, photographs/digital images/drawings in connection with the course(s) that you have enrolled for, posts you make on public forums, course platforms and mobile learning apps, content of your communication with us, responses to surveys, focus groups and quizzes, credential generated (certificate/diploma/degree), feedback and suggestions, comments and testimonials |
Government-issued ID (including copy thereof) | National ID (including Aadhaar/UID and NRIC), passport, any other acceptable government document |
Health information | Disabilities and special accommodation needed by you |
Other personal details | Personal references, language(s) proficiency, introduction videos, general/random information (not necessary for the program delivery or management) like mother’s maiden name or pet’s name for verifying your identity for resetting your login credentials in case of lost/forgotten particulars including your username and password |
Emeritus does not handle your credit or debit card number for processing of payment. Such data is collected and processed by third-party payment gateway service providers on our behalf as per our agreements with them and any other rules and regulations applicable to them.
Sensitive personal data
Sensitive personal data or special categories of personal data (“SPD”) are personal data which are particularly sensitive in nature and merit specific protection as the context of their processing could create greater risks to the fundamental rights and freedoms of the individuals. SPD, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. The examples of SPD may vary depending upon the context and the laws of the respective countries from where the SPD originates and may include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, sex life or sexual orientation, or data concerning health.
Emeritus does not require collecting or processing any sensitive personal data or special categories of personal data for delivering the course(s). If any SPD forms part of any national or government-issued ID that you have submitted with Emeritus, you are advised to inform Emeritus of that fact to allow us to take steps towards lawful processing of such SPD.
Should we require SPD for delivering the courses or for any other related purpose(s), we will obtain your explicit consent towards such collection and processing in terms of this Notice at the point where the SPD will be disclosed by you.
Where the applicable law(s) provide other legal bases for processing SPD (as an exception to obtaining explicit consent), we may rely upon such legal basis as may be available to us in a particular situation. In the event you voluntarily disclose/share/upload/post/make public your SPD on our website, or any other public forum owned or controlled by us, you understand that the said SPD may be processed by us in accordance with the applicable law(s) and this Notice.
Personal data of others provided by you
In certain situations, you may provide to us the personal data of others (for example, your friends, colleagues, family members, etc.) such as in the context of providing emergency contact details, or personal references towards your application, or as a referral towards our programs and courses, etc.
How do we collect your personal data (Source)?
Personal data collected directly from you for course registration, enrollment, and onboarding
Emeritus collects your personal data that we require in order to register you for an account and subsequently to enrol and onboard you to the course(s) of your choice, directly from you at the time of registration on the course application page on our website. You may either provide the required personal data by creating a fresh account on our website, or authorize third party platforms like Google, Facebook, or LinkedIn to share with us the data available with them. The remaining personal data attributes (that have not been updated on your chosen third-party platform) shall be additionally collected from you.
It is your responsibility and obligation to ensure that all personal data submitted to us is accurate, correct, complete, and up to date at the time of submission. Failure on your part to do so may result in our inability to provide you with courses and educational services that you have applied for. Please keep us informed of any changes to your personal data.
Personal data collected during the course delivery
Some or all the attributes listed under ‘User generated data’ category of personal data will be
generated during the process of delivering the course(s) till its completion. We may store and maintain this data in our student records (about you) or in any other relevant database. This data can be generated when you interact with us, such as in one or more of the following ways:
- When you submit an assignment or appear for examination and/or assessments in connection with your course(s).
- When you register for seminars or webinars related to your course(s).
- When you respond to surveys and feedback questionnaire(s) generated by us.
Personal data provided by others
Our corporate clients (the B2B/enterprise clients who engage us for delivering one or more courses to their sponsored candidates), our university partners, and even individuals (like, our present or past students, prospective students, etc.) may also refer students to us for enrolment to different course(s). In order to identify and in some cases to register and onboard the students referred to us by our clients, or university partners, or other individuals, we may initially receive some personal data from the following categories from them:
- Identification/Identity data
- Contact details
- Educational and employment data
If you have been referred to us by our corporate clients, or our university partners, or by another individual, you may still be required to register yourself through our course application page for completing the enrolment and onboarding process. You may be asked to again provide the personal data initially provided to us by your referrer, along with the additional information (personal data) required for the course registration.
Personal data that others provide about you may also include data provided by the third-party
platforms like Google, Facebook, or LinkedIn, who have been authorized by you to share such data available with them with us, for the purpose of registering your account, and enrolling and onboarding you to the course(s) of your choice.
Personal data of others provided by you
In certain situations, such as in the context of providing emergency contact details or personal references towards your application or as a referral, you may provide to us the personal data of others (for example, your friends, colleagues, family members, etc.). In such a situation, it becomes your responsibility to inform the individual concerned about the processing of their personal data for the relevant purposes and to confirm to us that you have been authorized to submit such details with us for processing for our legitimate interests
Personal data collected via tracking technologies
When you visit our website or use our service, we and third parties may use cookies and other tracking technologies to collect personal data from you. This may include tracking your activities across time and third-party sites or services. For more information about this processing and your choices regarding it, see our Cookie Notice.
Why do we collect your personal data?
Purpose(s) of processing
Emeritus uses your personal data for sharing with you the relevant details and information about its course offerings, programs, topics, subjects, specialities, and universities that you may be interested in, through multiple channels of communication. We may process your personal data for sending you the details about a particular program of your interest as well as other related programs, or generic or non-specific information about the courses/programs we offer.
Lawful (legal) basis for processing
Privacy law of certain jurisdictions require that one of the available lawful bases of processing, as prescribed by such privacy law, must be relied upon (satisfied) by Emeritus before processing your personal data for each of the purposes listed earlier. The lawful basis that Emeritus relies upon for a particular processing activity may differ from the lawful basis relied upon for another processing activity i.e., different lawful bases may be relied upon to lawfully conduct different processing activities.
All or some of the following lawful bases of processing may be available under the privacy law of a particular jurisdiction (country):
- Consent: You have given consent (explicit/express or deemed/implied, depending upon the privacy law applicable) to the processing of your personal data for one or more specific purposes.
- Performance of a contract: Processing of your personal data is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
- Compliance with legal obligation: Processing is necessary for compliance with a legal obligation to which Emeritus is subject.
- Protection of vital interests: Processing is necessary in order to protect your vital interests or of another natural person.
- Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- Legitimate interest: Processing is necessary for the purposes of the legitimate interests pursued by Emeritus or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms under applicable data protection laws.
Processing of sensitive personal data or special categories of personal data (‘SPD’) has been covered earlier under the section ‘What are the categories/types of personal data we collect about you?’.
The most common processing activities under each purpose that we use (process) your personal data for, along with the respective legal basis for our processing activities, are listed below:
Purpose of processing (along with respective processing activities) | Lawful (legal) basis for processing |
---|---|
Screening | |
Assessing/evaluating your eligibility for admission to a course basis the parameters defined by the concerned university partner. | Performance of a contract |
Verifying documentation related to your identity, educational qualification, and work experience. | Performance of a contract |
Sanction checks/screening in compliance with applicable sanction laws across geographies, and similar programs of the university partners (for example, sanctions list of the Office of Foreign Assets Control). | Compliance with legal obligation |
Enrollment | |
Verifying your identity. | Performance of a contract |
Onboarding | |
Creating your account and generating login details including username and password. | Performance of a contract |
Delivery | |
Conducting online and/or face-to-face classes. | Performance of a contract |
Sending course material. | Performance of a contract |
Sending assignments and quizzes | Performance of a contract |
Responding to your doubts, queries, and requests | Legitimate interest |
Sending updates about the course(s) you have enrolled for. | Performance of a contract |
Facilitating your participation /attendance to seminars, webinars events, and other programs, related to the course(s) you have enrolled for. | Performance of a contract |
Providing chatrooms and discussion forums for facilitating collaboration with other students. | Performance of a contract |
Providing access to learning management system (LMS) for delivering the course(s) you have enrolled for. | Performance of a contract |
Enabling your access to video streaming platform that host the library of videos related to the course(s) you have enrolled for. | Performance of a contract |
Facilitating the formation of study groups and connecting you with coaches. | Performance of a contract |
Creating and inviting you to join WhatsApp (or similar mediums) groups as discussion forums and study groups. | |
Using personal data in connection with legal claims or litigation. | Consent |
Facilitating your enrolment to ancillary/supplementary programs, courses, trainings, and certifications related to the course/program you have enrolled for, as an optional part of the curriculum. | Consent |
Facilitating your enrolment to ancillary/supplementary programs, courses, trainings, and certifications related to the course/program you have enrolled for, as a mandatory part of the curriculum. | Performance of a contract |
Assessment | |
Assigning projects, presentations, assignments. | Performance of a contract |
Conducting periodic review of your performance during the course. | Performance of a contract |
Conducting tests and examinations. | Performance of a contract |
Administration and management | |
Assigning you to a study/project group within your cohort. | Performance of a contract |
Tracking your attendance. | Performance of a contract |
Sending information on other courses related to the course(s) you have enrolled for/completed (you will have an option to unsubscribe to such communication anytime). | Consent |
Sending surveys for receiving feedback and suggestion for enhancing overall quality of the program. | Legitimate interest |
Verifying your contact information like phone number and email ID using OTP or other mechanism. | Legitimate interest |
Verifying your identity for resetting your login credentials in case of lost/forgotten particulars including your username and password. | Legitimate interest |
Recording and tracking of financials including processing of fees and refunds. | Performance of a contract |
Responding to your general questions and queries. | Performance of a contract |
Investigating and addressing your complaints and issues. | Performance of a contract |
Submitting records and reports required by the concerned university partner(s). | Performance of a contract |
Submitting records and reports required by the regulatory authorities. | Compliance with legal obligation |
Responding to requests by government or law enforcement authorities conducting any investigation. | Compliance with legal obligation |
Using personal data in connection with legal claims or litigation. | Legitimate interest |
Complying with directions, orders including subpoenas or other legal process(es) of competent courts, legal or regulatory bodies (including but not limited to disclosures to such regulatory bodies). | Compliance with legal obligation |
Investigating, preventing, or taking suitable action regarding illegal activities, suspected fraud, security issues, enforcing our terms and conditions, or this Notice, or to protect rights, property, or safety, and those of others. | Legitimate interest |
Processing personal data for audit checks and other regulatory purposes, including but not limited to, Emeritus re-certification and accreditation purposes. | Legitimate interest |
Implementing whistleblower program (or other complaint mechanism) and setting-up of hotline and web-portal for collecting whistleblower reports (anonymous or identified). | Compliance with legal obligation |
Monitoring and ensuring network and information security, including preventing unauthorized access to our systems and preventing attacks through virus, malicious software etc., and ensuring business continuity. | Legitimate interest |
Validating your credential(s) as part of any background verification (BGV) process authorized by you. | Legitimate interest |
Processing of payment/fee, applicable taxes, and refund towards the course(s) that you have enrolled for. | Performance of a contract |
Ensuring compliance with applicable terms and conditions and/or applicable policies and procedures. | Legitimate interest |
Internal reporting and/or accounting purposes. | Legitimate interest |
Successors in the event of a merger, acquisition, or reorganization. | Legitimate interest |
Administration and management | |
Issuing and maintenance of credential(s) on successful completion. | Performance of a contract |
Assisting you with your career development and job search initiatives. | Performance of a contract |
Creating and managing your ePortfolio (place where you can display and discuss the significant submissions and experiences that are happening during your learning process).
You can use an ePortfolio to:
|
Consent |
Creating and hosting your profile that is viewable by other students within and outside your cohort and assisting you to network and establish connection with them.
Please note that the objective here is to facilitate networking and collaboration among students and your participation is voluntary. However, once your profile becomes public (at your option and by your consent), Emeritus has practically no control over usage of your personal data and information contained in your profile by those who have access to your profile. |
Consent |
Including your profile (including contact details) in students’ directory that is viewable by and available to other students within and outside your cohort to assist you to network and establish connection with them.
Please note that the objective here is to facilitate networking and collaboration among students and your participation is voluntary. However, once your profile becomes public as part of the directory (at your option and by your consent), Emeritus has practically no control over usage of your personal data and information contained in your profile by those who have access to the directory |
Consent |
Reaching out to you for corporate and individual referrals. | Legitimate interest |
Training our workforce/employees on different processes that may involve processing of your personal data. | Legitimate interest |
Social media marketing (for example, Facebook lookalike): We may use your name, email address or other contact information to identify groups of individuals with similar interests or characteristics on social media, which we would target for advertisement. Your data would not be used for any other purpose by the social media platform. This processing would be based on our legitimate interest to increase the audience of persons likely to be interested in our services. You have a right to object to this use of your information that can be exercised as explained in ‘What are your rights with respect to your personal data?’ section of this Notice. | Legitimate interest |
Conducting business analytics, marketing research, and data analysis. | Legitimate interest |
For business planning purposes, marketing, advertising, and sales efforts. | Legitimate interest |
For inviting, registering, and, onboarding you for general seminars, webinars, and events (that may not be related to the course or program you have enrolled for). | Legitimate interest |
Alumni engagement communications. | Legitimate interest |
For any other purpose as disclosed to you at the point of collection or pursuant to your consent. | Consent |
Making appropriate arrangements in the event of an emergency. | Protection of vital interests |
Where Emeritus wishes to use your personal data for a new purpose that has not been included in the table above, Emeritus will process your personal data, for such new purpose, as per the provisions of the applicable privacy law(s). Where required, Emeritus will notify you of the new purpose in accordance with the applicable law(s) and obtain your consent (or rely on any another lawful basis available with us) before processing your personal data for the new purpose.
Legitimate interest as the lawful (legal) basis for processing – additional information
You have the right to object at any time, on grounds relating to your situation, to processing of your personal data carried out for our legitimate interests or of a third party.
Please refer to the section ‘What are your rights with respect to your personal data?’ for more details.
Performance of a contract as the lawful (legal) basis for processing – additional information
Please note that if you fail to provide certain information when requested then we may be unable to take steps towards entering into a contract with you at your request, or where we have an existing agreement with you to perform our contractual obligations under that agreement.
Consent as the lawful (legal) basis for processing – additional information
Where the collection and use of your personal data is based on your consent, you are entitled to withdraw that consent at any time by contacting us (please refer to the ‘Contact Us’ section of this Notice), or by clicking the ‘unsubscribe’ link in our marketing emails. Please note that your withdrawal of consent could have an adverse impact on our ability to engage with you and would not affect the lawfulness of processing that has already occurred based on your consent.
With whom do we share your personal data (Disclosure)?
Disclosure within the Emeritus group of companies (affiliates)
Emeritus is a global company, and we may share your personal data or provide such access to other companies within the Emeritus group as affiliate service providers, or as data controllers for the performance of contract with you and for providing you with the services (educational course/s) that you have enrolled for. This Notice also applies to the processing activities of our affiliates on your personal data in such contexts and is provided for and on behalf of those affiliates where they also act as controllers of your personal data, including those listed under Annexure-1 of this Notice.
Disclosure to third party service providers
Emeritus may share your personal data with the following third-party service providers. These thirdparty service providers will require access to your personal data to perform certain limited functions for Emeritus however, they may not generally use, for their own purposes, your personal data that they process:
- Technology service providers like network and IT security, internet services, video
communications, customer support and communication, telecom services for running the business operation and protecting it from external and internal threats. - Service providers for business continuity management and contingency planning in the event of business disruptions.
- Platforms (service providers) for hosting the videos and course material for the course(s) that you have enrolled for.
- Platforms (service providers) offering the learning management system (LMS).
- Platforms (service providers) that are designed for public communications where you
submit/post your comments, coursework, or other information or content for viewing by
other members of an Emeritus class of which you are a member. These postings may be
available to the students who later enroll in the same classes as yours, within the context
of the forums, the courseware, or otherwise. - Platforms (service providers) for creating and hosting discussion forums and study groups.
- Platforms (service providers) for hosting interactive webinars that can be attended live or
later (on-demand). - Platforms (service providers) for creating and hosting your profile that is viewable by other students within and outside your cohort and assisting you to network and establish
connection with them. - Third-party assessors hosting and conducting admission/entrance tests.
- Educational training tools and simulators.
- Service providers for supplementary/additional course content, specific modules, and
other related materials. - Service providers and platforms supporting our outreach initiatives and assisting us in
establishing communication (with you) through various channels like email, text (SMS),
WhatsApp, voice call, etc. - Service providers providing the following services:
- Test proctoring
- Mentoring
- Business analytics
- Marketing research
- Data collection forms (e.g., Google Forms)
- Focus groups, surveys, and data analysis
- Cloud services and data storage
- Credit facilities and payment processing
- Couriers
- Vendors providing verification services towards your contact information like
email ID and phone number
- Social media platforms (for example, Facebook, LinkedIn) for assisting us with our social
media marketing initiatives. - Recruitment consultants/service providers to assist you with your career development and
job search initiatives. - Service providers conducting sanction checks and screening.
- Third-party service providers for establishing and implementing whistleblower program by
setting-up and independently managing hotline and web-portal for collecting
whistleblower reports (anonymous or identified).
We take reasonable steps, such as obtaining contractual commitments from our third-party service providers, to limit and protect the use of your personal data by our service providers.
Disclosure to other third parties
Emeritus my share your personal data with the following (non-agent) third parties (list not exhaustive):
- Professional advisors and consultants including law firms, tax consultants,
business/management consultants, auditors etc. for running the operations efficiently and in a compliant manner. - Regulators, government bodies, supervisory authorities, and law enforcement agencies in
order to comply with applicable laws, rules and regulations including those related to audit and assessment of educational programs, licensing and approvals, and revenue and
taxation. - Prospective (and actual) sellers or buyers and their advisers in connection with any
financing, merger, acquisition or sale of any of our business or assets. - Third-party business partners (including our university partners) that offer courses,
programs, or services similar to those you have enrolled for or that may otherwise be of interest to you. We shall rely upon your consent (separately obtained as and when
required), or any other lawful basis available at the time, before sharing your personal data for the stated purpose. - Providers of ancillary/supplementary programs, courses, trainings, and certifications
related to the course/program you have enrolled for. - Data collection forms (e.g., Google Forms) where Emeritus shall provide only your contact detail (generally only the email address) to trigger the notification and the link to the form. Personal data provided via the said form may be also available to the third-party providing the service and you are advised to read the privacy notice (policy) and terms & conditions of the third-party before entering any personal data into the form.
- At your selection (you can control and change the setting between public and private at
any time), your ePortfolio will be made public for everyone in your cohort to see. Once
made public, Emeritus may use your ePortfolio as a sample with future cohorts or in its
marketing materials for its legitimate interest.
In addition to the above, Emeritus also shares your personal data, more specifically as stated, with the following third parties:
Recipients | Categories of personal data | Why we share (Purpose) |
---|---|---|
University partners | ||
Universities that offer the course(s) that you have enrolled for including the assessors, mentors, graders etc. that represent the university partners. Please note that University Partner’s privacy policy shall apply in their processing of your personal data. |
|
|
Employers and course sponsors | ||
Organizations or individuals that have, fully or partially, sponsored or paid for the course that you have enrolled for. |
|
|
We share your personal data with the (non-agent) third parties primarily for the performance of contract between you and Emeritus but may also rely upon one of the other lawful bases, listed under the section ‘Lawful (legal) basis for processing’, that may be legally available to us. Where required by the applicable privacy law(s), we will seek your consent before sharing your personal data with the third parties. Third parties with whom your personal data has been shared may, in some cases, independently determine the purposes and uses of your personal data; in such cases, that third party recipient’s own privacy policy (notice) will govern their use of your personal data.
Disclosure without notification
In some cases, or circumstances, we may disclose your personal information to third parties without notifying you. These circumstances could include:
- Where Emeritus is required to do so as per applicable laws/rules/regulations, or by order of a court, tribunal, or any other regulatory authority, or other legal process or compulsion.
- Where Emeritus, in good faith, believes that such disclosure is reasonably necessary to comply with a legal obligation, process, order, or request.
- Where Emeritus is legally required to or believes in good faith that such disclosure is reasonably necessary to safeguard the rights, property or other interests of Emeritus, its employees, vendors, clients, customers of clients, third parties or the public as required and permitted by the applicable law(s).
- Where provision of the information would be disproportionate or would result in the impossibility or serious impairment of achieving the objectives of processing.
International (cross-border) transfer of personal data
Due to the global nature of our business which comprises of partnership with various universities across the globe with international student enrolments to the courses and programs offered, presence of several Emeritus group companies (affiliates) worldwide, vendors/service providers (processors) that are present in and operating out of different countries and facilitate and support our services, and other third parties (esp. those listed in the earlier section) established in an overseas location, your personal data may be shared, disclosed, or transferred to these parties in other countries where the privacy and data protection law(s) may differ from those in your country. The cross-border transfer may include transfer to third countries (including onward transfers) that are not covered by the adequacy decision of the European Commission (Secretary of State in case of UK).
The cross-border transfer of your personal data shall be done in compliance with the concerned
provisions and requirements of the privacy law(s) applicable on your personal data that may inter-alia include:
- In the case of personal data within scope of the privacy law(s) of the European Economic Area (EEA) or United Kingdom (UK), your personal data may be transferred cross-border on one of the following bases:
- When such transfer is being done to a country or a territory that is covered by an
adequacy decision issued by the European Commission (Secretary of State in case of
UK). - When such transfer (to a non-adequate third country) is necessary for the
performance of contract between you and Emeritus. - When we have provided for appropriate safeguards in the form of Standard
Contractual Clauses (SCCs), adopted by the European Commission (Information
Commissioner in case of UK), signed with the recipient of your personal data in the
non-adequate third country. - When we have obtained explicit consent from you after informing you of any possible risks of such transfer to a third country for you as an individual due to the absence of an adequacy decision and appropriate safeguards.
- When such transfer is being done to a country or a territory that is covered by an
- In the case of personal data within scope of the privacy law(s) of countries other than the European Economic Area and United Kingdom, your personal data may be transferred cross-border on one of the following bases:
- Emeritus has signed appropriate data transfer and/or processing agreement with the recipient of your personal data in the other country.
- Under any other provisions and/or conditions enabling such transfer as provided by
the privacy law(s) applicable on your personal data.
How long do we retain your personal data?
Emeritus will retain your personal data for as long as necessary for the purpose(s) for which it has been collected, in accordance with the applicable law(s), and as set out in our retention policy and/or schedule. The duration for which we retain your personal data may differ depending upon the purpose(s) it’s being processed for.
We will retain and use your personal data to the extent necessary to comply with our legal obligations, for example, to comply with statutory audits, resolve disputes, comply with orders or requests issued by competent court(s), and enforce our legal agreements and policies.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
How do we protect your personal data (Data Security)?
Emeritus implements appropriate technical and organizational measures to ensure security of your personal data and to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. These measures are designed to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed by us.
We make every reasonable effort to ensure safety and security of your personal data in accordance with the applicable law(s) and industry standards while considering the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Despite all our efforts, risk of personal data breach persists as no method of internet transmission or storage guarantees complete security. In an unlikely event of a personal data breach, we will assess and investigate the event and take necessary actions, including those related to notification to the relevant supervisory authority and to the individuals impacted, in compliance with the applicable law(s) within the timelines prescribed.
What are your rights with respect to your personal data?
You may check and update certain personal data within our systems either by logging to your
password-protected account (in some cases) or by contacting us at privacy@emeritus.org. It is your responsibility to ensure that your personal data, that you have shared with us, is accurate, correct, complete, and up to date in our records.
Privacy laws in some jurisdictions, especially those in the European Economic Area (EEA) and the United Kingdom (UK), and in some U.S. states, provide individuals with certain rights in relation to the processing of their personal data (subject to conditions and exceptions provided in such laws). These rights are jurisdiction-specific and may not be available to all. For example, in case you are located in the European Union (EU) (or UK) or our affiliate that you interact with (that collects and processes your personal data) is located in the EU (or UK), all of the rights listed below may be available to you. Some or all these rights (and even some additional rights) may be available to you under the privacy law(s) of other jurisdictions as well but that depends upon the scope of privacy law(s) applicable on your personal data. U.S. data subjects should see our U.S. Privacy Notice for more details related to their rights.
- Right of access: to obtain from us a confirmation as to whether or not personal data concerning you are being processed.
- Right to rectification: to get your inaccurate personal data corrected or rectified, and incomplete personal data completed.
- Right to erasure: to have your data deleted (this is not an absolute right and is subject to exemptions available under the applicable privacy law).
- Right to restriction of processing: to obtain restriction of processing.
- Right to data portability: to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have it transmitted to another controller.
- Right to object : on grounds relating to your particular situation especially where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground..
- Right to object to automated decision making and profiling: to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
We will process your request to exercise the above rights in accordance with the law(s) applicable in relation to the rights exercised by you. As permitted by applicable law, we may refuse requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, may compromise an ongoing investigation, or are impractical. We do not discriminate against you for exercising any of your rights in a manner that would violate applicable law.
As a policy, Emeritus allows you to access your personal data, verify and challenge the accuracy and completeness of your personal data, and have it corrected, amended, or deleted if inaccurate and, in limited circumstances, object to processing of your personal data even if the law in your jurisdiction does not accord you those rights, but we will apply our discretion in how we process such requests except as otherwise required by applicable law. We may require you to establish your identity and provide evidence to justify the amendment of your personal data held by us. You can exercise these rights by contacting us per the Contact Us section below, or in the case of U.S. data subjects as set forth in our U.S. Privacy Notice.
In addition, we enable you to exercise certain choices regarding cookies and certain other tracking technologies, as explained in our Cookie Notice.
To exercise a data subject right or make an inquiry about your personal data, please write to us at privacy@emeritus.org. We may need to verify and confirm your identity before we process and fulfil your request. This is another appropriate security measure to protect your personal data.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) unless, and subject to applicable law, your request for access is clearly unfounded, excessive, or repetitive. Alternatively, we may refuse to comply with the request in such circumstances in accordance with the applicable laws.
Right to complain: You may have the right to lodge a complaint with your local data protection authority about our processing of your personal data. For more information, please contact your local data protection authority. We would, however, welcome the opportunity to discuss, address, and resolve your concerns before you reach out to your local data protection authority. So, please contact us in the first instance at privacy@emeritus.org
Contact us.
Any questions, concerns, or complaints about the operation of this Notice can be addressed to the Data Protection Officer at privacy@emeritus.org. In addition, you may submit your concerns or complaints about our privacy practices to our Data Protection Officer at privacy@emeritus.org or at the following address:
Emeritus Institute of Management
78 Shenton Way,
#20-02 Singapore-079120
Whenever we receive a formal complaint, we attempt to contact the complainant individually and resolve his/her grievances and/or concerns truthfully and with utmost transparency.
In addition to contacting us, in certain countries you have the right to lodge a complaint with your local data protection authority if you so choose.
In case you are located in the European Union (EU) or United Kingdom (UK), you may contact our representative in the EU or UK:
Global Alumni (for the EU)
- by emailing: EURep@Emeritus.org
- by writing to Global Alumni at Calle Acanto, 11, 28045, Madrid, Spain
EIM Learning UK Ltd. (for UK)
- by emailing: UKRep@Emeritus.org
- by writing to EIM Learning UK Ltd. at WeWork, 10 York Road, London, England, SE1 7ND
Definitions.
Personal data means any data related to an identified or identifiable living natural person, provided, however, that if an applicable law has a different definition of personal data (or a similar term referring to information relating to an individual), such definition shall be applied to the extent applicable.
Sensitive personal data (SPD) means Personal Data which is more significantly related to the notion of a reasonable expectation of privacy. However, data may be considered more or less sensitive depending on context or jurisdiction.
Process and Processing means (1) any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, accessing, consultation, interpretation, assessment, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction; and (2) any other action that may be taken with respect to Personal Data.
(Data) Controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
(Data) Processor means a natural or legal person (other than an employee of the controller), public authority, agency or other body which processes personal data on behalf of the controller.
Adequacy decision means a formal decision made by the European Union (EU) which recognises that another country, territory, sector or international organisation provides an equivalent level of protection for personal data as the EU does.
Onward transfer means a transfer of personal data to a fourth party or beyond. For instance, the first party is the data subject (you), the second party is the controller (Emeritus), the third party is the processor, and the fourth party is a sub-contractor of the processor.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
University partners mean the universities on whose behalf we deliver and manage the respective educational courses.
Annexure-1
List of Affiliates
Name | Jurisdiction | Organizational ID |
---|---|---|
Eruditus Learning Solutions Pte Ltd | Singapore | 201230726W |
Eruditus Executive Education FZ-LLC | UAE | 91917 |
EIM Learning S.C. | Mexico | ELE2103084DA |
Emeritus Institute of Management, Inc. | USA | 6959273 |
Emeritus Institute of Management Pte.Ltd. | Singapore | 201510637C |
Erulearning Solutions Pvt. Ltd. | India | U80904MH2016PTC288248 |
Emeritus Enterprise, Inc. | USA | 6595607 |
Emeritus Institute of Management DO Brasil Ltda | Brazil | 46.284.205/0001-47 |
EIM Learning UK Ltd. | UK | 11617490 |