IIE Privacy Statement
IIE is committed to the preservation of privacy and the integrity of personal data of people engaging with IIE. IIE strives to comply with applicable data protection laws and is continuously improving its data protection policies and procedures. IIE welcomes your feedback through the Data Subject Request Portal.
In addition to the English language, this Statement is offered in Spanish, Portuguese, French, Arabic, Mandarin Chinese, and Japanese for global convenience.
IIE’s Privacy Statement is designed to provide transparency into our privacy practices and principles in a way that people can navigate, read, and understand.
Please read the IIE Privacy Statement carefully as it details the ways in which IIE may process your personal data. Please note that what data IIE processes and how that data is processed may vary by program and/or by your engagement with IIE. This statement does not apply to how third parties define personal data or how they process it. IIE encourages you to read third-party privacy statements and know your privacy rights before interacting with them.
Effective Date
October 1, 2024
Note on Changes to This Statement
IIE reserves the right to change this Statement and relevant policies or procedures at any time without notice to you. If you continue to engage with IIE including accessing or using IIE Websites after this Statement has changed, IIE considers you to have accepted any changes made. IIE keeps this Statement up to date on this website, where it is available and accessible to the public. IIE recommends revisiting and reviewing this Statement regularly to ensure that you understand how IIE may be processing your personal data.
Definitions
- IIE refers to the Institute of International Education, Inc.
- IIE Websites refers to websites managed by IIE on behalf of its own operations or sponsors.
- Data Controller refers to the entity that determines the purposes and means of processing personal data.
- Data Processor refers to the entity that processes personal data on behalf of the Data Controller.
- Minor refers to people under the age of 18.
- Parent means a minor’s parent, legal guardian, or caregiver.
- People means identifiable, natural persons.
- Personal Data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- PII, also known as Personally Identifiable Information, refers to any information that can be used to identify a distinct person’s identity.
- To Process or Processing means receiving, sending, storing, referencing, accessing, or otherwise using Personal Data in any way that falls under the scope of applicable data protection laws and regulations, including any relevant international, state, or local laws.
What is the basis upon which IIE processes personal data?
IIE processes personal data based on consent and contractual agreements. IIE also processes personal data based on pursuing IIE’s legitimate interests or the legitimate interests of others. Provided that the legitimate interests below are not overridden by the data protection rights of people who are engaging with IIE, personal data may be processed:
- when applying for an IIE-managed program,
- when entering or carrying out a contract with you and/or a program sponsor to administer a program,
- when entering or carrying out a contract with you to provide a service to IIE or for IIE to provide a service to you,
- when entering or carrying out an employment relationship with you,
- when investigating any complaints received from you or from others, about us, or our service providers, or
- in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
Confidentiality and Data Access Controls
Your personal data processed under this Statement is shared with respective personnel on a need-to-know basis and/or as necessary to provide the services you requested.
Data Security and Incident Response
IIE has designed security procedures to ensure the security, integrity, and privacy of your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. IIE uses reasonable security controls for handling all categories of personal data, including sensitive personal data. IIE updates and tests systems and processes on a routine basis. These measures and requirements are compliant with the guidelines set forth under applicable laws.
If IIE discovers a security incident that impacts personal data, IIE has dedicated people, processes, and technology in place to investigate, analyze and execute appropriate response actions and remediation. IIE analyzes these facts – in the context of applicable laws, regulations, contractual obligations, and IIE’s commitment to data protection – to determine whether incident notification is required for affected individuals, or other relevant parties such as sponsors or regulators. IIE will comply with all applicable laws that require security incident notification without undue delay.
While IIE undertakes reasonable efforts to prevent unauthorized access, alteration, disclosure, or destruction to personal data, IIE cannot ensure or warrant the security of data you transmit to IIE, data provided online, or data stored by IIE or our service providers. Personal data is submitted at your own risk. IIE is not liable for disclosures of your personal data due to errors in transmission or the acts of our service providers or other third parties, which means that you accept all risks associated with any data transmission and Internet usage, including the risk that your personal data may be intercepted in-transit.
Data Storage and Retention
Your personal data is stored by IIE on its servers and on the servers of cloud-based, third-party hosting and service providers with whom IIE engages.
IIE retains personal data for as long as necessary for the purposes described in this Statement. The period for which IIE retains personal data is determined by the type of data, the data subject type to whom the data relates, and the purposes for which the data was processed.
The length for which IIE retains personal data is further determined by applicable legal and regulatory requirements, contractual obligations, purposes of safety, security, and fraud prevention, or by issues relating to an unresolved claim or dispute.
IIE will save your personal data under the following circumstances:
- for as long as it is necessary and relevant to perform the purposes for which the data was processed, depending on the legal basis for which that data was processed,
- until IIE has no further legitimate interest in the data and/or a claim may be made in relation to IIE’s professional relationship with you,
- until you withdraw your consent OR
- where legal/regulatory obligations mandate that IIE retain your personal data.
IIE may retain some or all personal data for purposes of business analytics, record-keeping, contractual obligations or legal purposes, to enforce IIE Websites Terms and Conditions, or as a result of such information being stored on IIE systems through routine backup or archival processes.
Please note that IIE is not responsible for removing your personal data from the lists or systems of any third-party not connected to IIE who have previously been provided with your data in accordance with this Statement.
Note on International Transfers of Personal Data
IIE is a global organization and may transfer personal data across national borders to other countries, in compliance with the laws that apply to that data, to perform processing activities such as those described in this Statement. Where required by law, IIE has put into place appropriate mechanisms to adequately protect personal data that are transferred across borders.
Note to Parents and Children
IIE considers any person under the age 18 to be a minor, regardless of jurisdiction or domicile. IIE services are generally not targeted towards minors. However, personal data associated with minors may be processed if they engage with IIE to apply or participate in IIE programs.
IIE processes personal data of minors for the purposes of providing benefits or visas for people who are dependents of people engaging with IIE as employees or program participants.
Please refer to the “Who are the Data Subjects and What Personal Data is Processed by IIE” section of this Privacy Statement to better understand which Data Subjects might be minors.
If you are a minor, you may request that IIE remove any content you have posted to IIE Websites that can be accessed by another user.
If you are a parent, legal guardian, or caregiver and believe that IIE may have collected personal data from a minor without your permission and this is not acceptable to you, please submit a request via the Data Subject Request Portal, and IIE will promptly address the issue.
Personal Data Categories
Please note that these categories may overlap in some cases.
Personal Data Category | Personal Data Category Examples/Description |
Identifiers, Online Identifiers, Personally Identifiable Information (PII) | Name, Email Address, Contact Details, Passport Number, Government Issued Identification, Date of Birth, Bank Account Number, Credit Account Number |
Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health Data | Gender, Sexual Orientation, Racial/Ethnic Origin, Family Structure data, Health, Criminal Convictions or Offenses, Political, Religious or Philosophical Beliefs, Trade Union Membership, Preferences, Opinions, Intentions, Interests, Bank Account data, Income |
Internet or Other Electronic Activity | Internet Browsing/Search History, Cookies, Application/Website Access Location and Interaction, Employee Time and Geolocation Related to use of Internet Website, Application or Physical Access to IIE Office |
Sensory | Photographs, Audio, Electronic, Visual Recordings – usually during program engagement or employment |
Professional, Employment, Education related information | Work History, Job Titles, Salary, Evaluations, References, Interviews, Certifications, Education Records, Transcripts, School Attended |
Inferences | Any data drawn from the categories referenced above to create a profile about a person reflecting the person’s characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes |
Who Are the Data Subjects and What Personal Data is Processed by IIE
Please note that these categories may overlap in some cases.
Data Subject | Data Subject Description | Personal Data Category | Source of the Personal Data |
People who Visit IIE Websites | People, including minors, who access or provide data to or engage in any way with IIE Websites |
| People who visit IIE Websites |
People who Receive Marketing Communications from IIE | People who provide their data or whose data was collected for the purposes of receiving promotional and marketing materials from IIE |
| People who visit IIE Websites, attend IIE events, whose publicly available information has been processed and who might be interested in IIE services, and/or who provide their personal data to IIE |
People who Represent Business Partners | IIE processes personal data of individuals and representatives of organizations who do business with IIE such as sponsors, donors, members, vendors, service providers, other partners, and potential partners |
| People who Represent Business Partners |
People who Engage with IIE Programs | People, including minors, who engage with any program administered by IIE |
| Refer to: With whom does IIE receive or share personal data associated with the program lifecycle? |
People who are Dependents of People who Engage with IIE Programs | People, including minors, whose legal guardian, family member or spouse is engaging with IIE programs |
| People who are Engaged with IIE Programs and/or People who are Dependents of People who Engage with IIE programs |
People who are Job Applicants and or Internal to IIE | Job applicants, employees, including temporary employees and interns, volunteers, members of the Board of Trustees, and Officers |
| Refer to: With whom does IIE receive or share personal data of People who are Job Applicants and Internal to IIE? |
People who are Dependents of People who are Internal to IIE | People, including minors, whose legal guardian, family member or spouse is internal to IIE |
| People who are Internal to IIE, People who are Dependents of People who are Internal to IIE, Background check providers |
People who are Research Participants in IIE Managed Studies | People whose personal data is represented in IIE managed studies |
| People who are Research Participants in IIE Managed Studies |
Please refer to the appropriate data subject notice, based on how you are engaging with IIE, to understand the purposes and types of personal data IIE processes, how IIE shares your personal data and your privacy rights.
People Who Visit IIE Websites
IIE Websites includes this website and any other websites that IIE maintains on behalf of program sponsors. Please refer to IIE Websites Terms and Conditions.
Personal Data and Its Purposes of Processing on IIE Websites
Website Interaction Logs
IIE Websites automatically collect certain information and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of the IIE Websites, including a history of the pages you view. IIE may use this information to help design the sites to better suit your needs. IIE may also use your IP address to help diagnose problems with our server and to administer IIE Websites, analyze trends, track visitor movements, and gather broad demographic information that assists in identifying your preferences.
IIE has a legitimate interest in understanding how people engage with IIE Websites. This assists IIE with providing more relevant content, communicating value to our participants, sponsors, and corporate members, and providing appropriate staffing to meet stakeholder needs.
Cookies
When you visit an IIE Website, the site may ask your browser to store a small piece of data (text file) called a cookie on your device to remember information about you, such as your login information or user preferences.
IIE may also use cookies to determine the popularity of content and analyze site traffic and trends. Those cookies are set by IIE and called first-party cookies.
IIE Websites may also use third-party cookies, which are cookies from a domain different than the domain of the website you are visiting, for advertising and marketing efforts, to deliver and measure the effectiveness of advertising campaigns, and generally understand the online behaviors and interests of people. These third-party entities may use cookies and other technologies to identify the devices used by visitors to IIE Websites, as well as when they visit other online sites and services.
You may see IIE advertisements on other websites because IIE uses third-party advertisement services. Through use of such services, IIE can tailor messaging to people, considering demographic data, the target audience’s inferred interests, and browsing context. Advertisement services use this information to show advertisements that may be tailored to their users’ individual interests. The information these services may collect includes data about your visits to websites that serve IIE advertisements, such as the pages or advertisements you view and the actions you take on the websites.
How to Control and Delete Cookies
Consent Tool
IIE has constructed the Cookie Policy that describes the cookies used on this website and provides information on how users can accept or reject them. Please refer to the cookie policy of any other IIE Website you are visiting for more information specific to that website.
Using Your Browser
Many of the cookies used on IIE Websites can be enabled or disabled via the consent tool or by disabling the cookies through your browser. To disable cookies through your browser, follow the instructions located within browser menus. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.
Other Personal Data Processed
You may visit IIE Websites without being required to provide your name, email address or other personal data. Some features of IIE Websites may include features or services that permit you to enter personal data.
When you communicate your personal data to IIE through IIE Websites, IIE will inform you at each collection point what data is required and the purpose of its collection. You can choose not to enter some or all personal data, but if you do so, IIE may not be able to adequately respond to your inquiry, communicate further with you and/or provide requested services.
Depending on why and how you communicate with IIE via IIE Websites, IIE will use your personal data in the following way(s):
- To answer your questions and/or provide requested information if you inquire about IIE programs or services,
- To advise when IIE needs your personal data to execute an agreement with you or your organization or to comply with a legal obligation or if you inquire how your organization could support or work with IIE,
- To respond to your inquiry if you are a member of the public with questions about IIE employment and/or general inquiries,
- To verify your identity, organization and/or role if IIE is not yet familiar with you or your organization, or
- To share information about our programs, services, news, and events if you opt-in to receive marketing communications. When you share your contact details for this reason, you will have consented that IIE may contact you for these purposes.
Note on Public Forums
People who visit IIE Websites are solely responsible for the content they post online in public forums. Public forums may include, but are not limited to, social media applications, chat rooms, bulletin boards, blogs or other publicly accessible forums that may be viewed and used by anyone with available access. Please be aware that when you voluntarily disclose and transmit personal data within a public forum, your personal data may be collected and used by others. IIE cannot control such uses of your personal data and by using such services, you assume the risk that whatever personal data you provide may be viewed and used by third parties.
You may withdraw your consent for IIE to use your personal data on Public Forums administered by IIE by amending or deleting your comment or by submitting a request via the Data Subject Request Portal. If you withdraw your consent, it will not change how IIE processed your personal data before you withdrew consent, but the comment will not be displayed in the future.
With whom does IIE share your personal data?
IIE may share your personal data with:
- Data controllers related to specific program websites which are sponsored by the controller;
- IIE offices and affiliates,
- IIE service providers and other third parties that make IIE Websites available, enhance its functionality or otherwise provide services to IIE or its service providers,
- any other person or entity that IIE mentions when you provide your personal data, or
- any other person or entity necessary for protecting the rights or safety of IIE or others.
IIE will not share or otherwise distribute your personal data to others in ways different from what is disclosed in this Statement. IIE will not sell, market, or rent your personal data unless IIE has received your specific consent. Except as otherwise expressly stated in this Statement, IIE will release personal data to another person or company only with your consent or if required or permitted by law. If your personal data is disclosed to any other recipients than are stated in this Statement, IIE will inform you at the time your personal data is collected and will obtain your consent.
People Who Receive Marketing Communications from IIE
When you opt-in to receive marketing communications from us, you are granting consent for your personal data to be used to contact you by email, direct mail and/or phone to deliver personalized IIE Website experiences and to share information about relevant products, services, best practice information, industry news and events, funding needs, and/or send surveys or other information about products or services developed or provided by us or our business partners.
IIE will not give your personal data to another party to promote products or services directly to you without your specific consent.
If you opted-in to receive marketing emails, and you later decide you do not want to receive this correspondence from us, simply click the “Unsubscribe” link provided in that email message or reach out directly to the email sender and request that no more communications be sent to you.
Withdrawing your consent will not affect IIE’s use of the personal data prior to your withdrawal, but it signifies that IIE will not contact you in the future. There may be a brief delay between when you submit your request to “opt-out” and when it is processed and reflected in IIE systems, so you may continue to receive certain communications from IIE for a limited time after you unsubscribe. IIE apologizes for any inconvenience and appreciates your patience.
Please note that IIE may continue sending non-marketing emails related to any account you have, any application you have submitted, or any transaction or contractual agreement you have with IIE.
Except for personal data submitted as part of an application, purchase or donation, any communication or material you transmit to us by email or otherwise, including any data, questions, comments, suggestions, or the like, is, and will be treated as, non-confidential.
If you are not satisfied with the “Opt-Out” options, please submit a request via the Data Subject Request Portal, and IIE will promptly address the issue.
People who Represent Business Partners (Individuals & Representatives of Organizations)
IIIE values its business relationships and processes personal data of Business Partners for legitimate business and contractual reasons. If you feel that this is not reflected in IIE’s business practices or wish to exercise your Data Subject rights, please submit a request via the Data Subject Request Portal, and IIE will promptly address the matter.
IIE may use your data to comply with the law or in the good faith belief that such action is necessary to conform to the requirements of law or comply with legal process served.
If you access IIE devices, systems, and networks throughout the business relationship with IIE, the IIE External Acceptable Use Policy applies to you. IIE systems users should have no expectation of privacy on IIE-managed devices, systems, and networks. Non-business use of IIE assets is strongly discouraged to maximize data protection by separating business data from personal data that is not needed to carry out the business relationship.
What are the purposes for processing personal data associated with Business Partners?
IIE will only process personal data when it is necessary and required for the purposes listed, other legitimate business purposes, or if you choose to provide it to us voluntarily.
Process | Process Description |
Background Check | Automated screening of government watch lists and background information for regulatory compliance purposes |
Agreements | Drafting, sending, or receiving agreement documents such as gift agreements, contracts and awards |
Evaluation | Reporting, exporting, or compiling of data for the purposes of understanding or evaluating partner engagement, impact, or any other relevant legitimate interest |
Event Management | Processing personal data in relation to planning and/or executing events including registration, audio and visual recording, or any other event-related activities for purposes including program enrichment, marketing, online participation or other external engagements by IIE |
Financial Verification | Verifying availability of funds or income to cover agreement-related costs/expenses, or other financial requirements |
Partner Relationship Management | Processing personal data of prospective or current partners acting as sponsors, donors, vendors, or in other legitimate business capacities, who have previously engaged or might wish to engage with IIE. This includes IIE’s engagement with third-party data service providers for data quality and enrichment purposes as well as research of publicly available data sources. |
Payment Processing | Processing payment transactions to or from partners using a bank transfer such as ACH, EFT, wire payments, checks or other methods |
Promotion and Outreach | Promoting IIE and/or IIE programs, including soliciting donations and email marketing |
Providing Accommodations | Processing personal data for the purpose of providing accommodations to participate in an event, communicate or otherwise engage with IIE. May include limited processing of special categories of personal data. |
Record Creation/Management | Creating and maintaining a record in IIE’s systems, electronic or otherwise, to administer IIE programs |
Social Media Management | Engaging with people via social media |
Taxes | Processing tax forms as necessary |
With whom does IIE receive or share personal data associated with Business Partners?
IIE will not sell or market your personal data unless your specific consent is received. IIE will not send you mailings on behalf of other organizations unless requested.
IIE may send your personal data to or receive it from third parties to carry out the processes listed above. These third parties may include:
- Background check and watchlist providers
- Data quality and enrichment service providers
- Governmental agencies
- Technology service providers
Additional third parties may include legal counsel representing IIE, courts, tribunals, regulators, government authorities and law enforcement officials if required by law or for IIE’s legitimate interest in compliance with applicable laws/regulations.
People Who Engage with IIE Programs
IIE is contracted by sponsoring organizations, acting as data controllers, to carry out the administration of programs. The data controller funds and sets the high-level directive, goals, and purpose of the program. IIE manages some or all administrative operations of the program under the general direction of the data controller, acting as the data processor. The data controller may also carry out its own data processing.
IIE also sponsors its own initiatives and is the data controller for these IIE sponsored programs.
People, including minors, who engage with IIE programs are classified as one of the following Data Subject Types due to different data retention requirements according to the level of program engagement:
- Program Applicants with an Unsubmitted Application
- Program Applicants with Submitted Application but Not Selected to a Program
- Program Participants and Alumni
Except for background checks, IIE does not use automated means when participating in application selection or to make any other decisions that may have a legal or other significant effect on you. All selection decisions require substantive human input.
If you have questions or concerns, please use our Data Subject Request Portal.
What are the purposes for processing personal data associated with the lifecycle of a program?
IIE will only process personal data when it is necessary and required for the purposes listed or if you choose to provide it to us voluntarily.
Please note that the most common scenarios for IIE processing special categories of personal data are when medical data is collected in order to review your medical history to determine eligibility to participate in a program; your criminal history when IIE is required to run a background check; and information concerning minors, if you are bringing dependents with you and we are required to process their data for visa sponsorship or other purposes. In most cases IIE only processes other types of sensitive information if you voluntarily provide it, such as referring to religious or political views in an application essay.
Process | Process Description |
Alumni Management | Managing data of participants whose programs have ended, including the production of statistical reports, alumni correspondence and organizing alumni events |
Application/Selection | Collecting and reviewing applications for the purpose of selecting potential program participants and/or notification of their selection for a program. Please note that IIE programs do not use automatic data processing for this process |
Background Check | Automated screening of government watch lists and background information for regulatory compliance purposes |
Emergency Management | Assisting, corresponding, and handling emergencies during program participation |
Event Management | Processing personal data in relation to planning and/or executing events including registration, audio and visual recording, or any other event-related activities for purposes including program enrichment, marketing, online participation or other external engagements by IIE |
Financial Verification | Verifying availability of funds or income to cover program-related costs/expenses, financial need, or other financial requirements of a program |
Insurance/Health Benefit Enrollment and or Management | Enrolling a participant in a health benefit plan to ensure coverage for medical issues or emergencies while on program |
Medical Review | Reviewing medical data for the purpose of determining visa eligibility, identifying any issues that could affect participation in a program or activity, or would require additional accommodations to be arranged |
Participant Agreements | Drafting, sending, or receiving an agreement document such as Terms of Agreement, Terms of Appointment, Program Contracts, or any other type of agreement document with program participants |
Participant Advising and Progress Management | Collecting and analyzing any academic, employment or other data to ensure a participant is meeting the requirements of a program or on track for successful completion of an award |
Payment Processing | Processing payment transactions to or from participants, vendors or other payees using a bank transfer such as ACH, EFT, wire payments, checks or other methods |
Program Evaluation | Reporting, exporting, or compiling of data for the purposes of understanding or evaluating the state of the program/participants, impact, or any other legitimate interest related to administering the program |
Program Promotion and Outreach | Promoting IIE and/or IIE programs, including soliciting applications to programs or email marketing |
Program Reporting | Producing and sharing reports about progress, activities, and other program-related information |
Providing Accommodations | Processing personal data for the purpose of providing accommodations to participate in an event, communicate or otherwise engage with IIE. May include limited processing of special categories of personal data. |
Record Creation/Management | Creating and maintaining a record in IIE’s systems, electronic or otherwise, to administer IIE programs |
Social Media Management | Engaging with people via social media |
Taxes | If applicable, withhold taxes and issue tax forms to participants |
Travel Management | Planning or booking of domestic or international travel by IIE or vendors on behalf of IIE |
Visa Sponsorship | Creating, monitoring and/or maintaining a SEVIS/Visa Sponsorship record |
With whom does IIE receive or share personal data associated with the program lifecycle?
IIE may send your personal data to or receive it from third parties to carry out the processes listed above. These third parties may include:
- Academic credential evaluation companies
- Educational testing services
- Academic and research institutions
- Employers
- Insurance and health providers
- Program and award sponsors
- Commissions and posts
- External interview panelists and award selection committees
- Travel management companies
- Background check and watchlist providers
- Translation services
- Governmental agencies
Additional third parties may include legal counsel representing IIE, courts, tribunals, regulators, government authorities and law enforcement officials if required by law or for IIE’s legitimate interest in compliance with applicable laws/regulations.
How does IIE respond to requests for deletion of program lifecycle personal data?
Data Subject Type | Data Retention Comments | Response to Request for Deletion |
Program Applicants with an Unsubmitted Application | Personal data and associated data are deleted | |
Program Applicants with Submitted Application but Not Selected to a Program | The duration of processing is determined by the sponsor and follows the U.S. government guidelines on data retention | Personal data are anonymized Demographic information is retained for analytics and/or research purposes IIE will retain and use anonymized data only in that format and will not attempt to re-identify Data Subjects associated with anonymized data |
Participants and Alumni | The duration of processing is determined by the sponsor and follows the U.S. government guidelines on data retention. Additionally, IIE must retain all records related to the Inbound participants’ exchange visitor program for at least three years per U.S. Federal regulations | Retain according to retention period |
People who are Dependents of People who Engage with IIE Programs
IIE processes personal data of Data Subjects, which includes minors in some cases, described by this category, related to background check, visa sponsorship and to provide health insurance benefits.
Relevant information is shared with government agencies for background check and visa sponsorship-related matters and health insurance companies for the purpose of administering benefits.
People who are Job Applicants or Internal to IIE
People who are Job Applicants or Internal to IIE consent to personal data processing as a part of their application and/or employment agreement. Employees, including temporary employees, interns, and volunteers, consent to personal data processing when acknowledging the IIE Acceptable Use Policy.
People who use IIE devices, systems and networks should have no expectation of privacy on IIE-managed assets. Non-business use of IIE assets is discouraged to maximize data protection. IIE strongly recommends that business data be segregated from personal data to further protect employee personal data.
Please reach out to your HR Business Partner or submit a request on our Data Subject Request Portal if you have any questions or concerns.
What are the purposes for processing personal data of People Who Are Job Applicants or Internal to IIE?
IIE will only process personal data when it is necessary and required for the purposes listed or if you choose to provide it voluntarily.
HR Personal Data Category | Process | Process Description |
Benefits |
|
|
Compliance |
|
|
Compliance Family, Medical |
|
|
Personnel |
|
|
Recruitment |
|
|
Systems |
|
|
Workplace Facilities |
|
|
With whom does IIE receive or share personal data of Job Applicants and People Who are Internal to IIE?
IIE may send your personal data to or receive it from third parties to carry out the processes listed above. These third parties may include:
- Employers
- Insurance and health providers
- Travel management companies
- Background check and watchlist providers
- Governmental agencies
- Employee file hosting provider
- Payroll provider
- Retirement provider
- Compliance and reporting consultants
- Employee engagement providers
- Workplace facilities providers
Additional third parties may include legal counsel representing IIE, courts, tribunals, regulators, government authorities and law enforcement officials if required by law or for IIE’s compliance with applicable laws/regulations.
How does IIE respond to requests for deletion of data of Job Applicants and People Who are Internal to IIE?
Please note that acknowledgement of the Acceptable Use Policy and employment-related personal data processing is a condition of employment.
Data Subject Type | Data Retention Comments | Response to Requests for Deletion |
Job Applicants | Recruitment data shall be retained in an electronic format by IIE for three years. If the person is hired by IIE, the applicable retention event is the date of termination of the employment relationship. For all other data, the applicable retention event is the date of the personnel action involved or the date that the data was created or received by IIE, whichever is later. | Retain according to retention period |
People Who Are Internal to IIE | The applicable Retention Event is the date of termination of the employment relationship.
| Retain according to retention period |
People who are Dependents of People Internal to IIE
Personal data of dependents, including minors, may be processed to provide benefits, such as health insurance. This data is shared with health insurance companies for the purpose of administering benefits.
Dependent data may also be processed in relation to the Children of Employees IIE Scholarship Program only if the employee and/or dependent provide this information. A standard background check is performed for all applicants.
Please reach out to your HR Business Partner or submit a request on our Data Subject Request Portal if you have any questions or concerns.
People who are Research Participants of IIE Managed Studies
IIE is contracted by sponsoring organizations, acting as data controllers, to carry out research in international education. The data controller funds and sets the high-level directive, goals, and purpose of the research. IIE, acting as a data processor, manages some or all administrative operations of the research under the general direction of the controller. The data controller may also carry out its own data processing.
IIE also sponsors its own initiatives and is the data controller for this IIE-sponsored research.
After the research participants provide their consent, these research studies are conducted directly from research participants using third-party survey tools and/or through interviews.
What are Your Data Subject Rights
Data Subject Right | You have the right to: |
Access | access personal data that IIE processes about you and obtain information about how IIE processes it |
Erasure | ask IIE to erase personal data where you have withdrawn your consent or where there is no other reason for IIE to process your personal data |
Object to Processing | object to IIE processing your personal data |
Portability | request that IIE provide a copy of your personal data to you |
Rectification | correct personal data that IIE processes about you |
Restrict Processing | request that IIE limit processing of your personal data |
Withdraw Consent | withdraw consent you have previously given to IIE to process your personal data |
If fulfilling your request would reveal personal data about another person, or if you ask IIE to delete information that IIE is required by law to maintain, IIE may not be able to fulfill your request. IIE may retain a record of the existence of a professional relationship with you, to the extent that and for so long as it is legally required. For example, IIE will retain a record of your personal data erasure request.
Please note that restrictions you impose on the use, disclosure or processing of your personal data may result in losing eligibility for certain services where processing that personal data is needed for your participation.
How to Exercise Your Data Subject Rights
Please submit your request using IIE’s Data Subject Request Portal. Once you have confirmed your email address, IIE will verify your identity and then process your request as soon as possible.
How IIE Processes Data Subject Requests
After you submit your Data Subject Request, you will receive an email to the email address provided asking you to confirm your email address. If your email is not confirmed, IIE will not process your Data Subject Request.
Once the email address is confirmed, IIE will route the request to the appropriate team to perform Identity Verification and confirm that IIE is processing your personal data.
IIE will then address your request appropriately. You will receive all notifications and communication through the Data Subject Request Portal.
Contact Us
IIE Data Protection Officer/Grievance Officer
Institute of International Education, Inc.
One World Trade Center, 36th Floor
New York, NY 10007
Privacy@iie.org