IIE Privacy Statement

IIE is committed to the preservation of privacy and the integrity of personal data of people engaging with IIE. IIE strives to comply with applicable data protection laws and is continuously improving its data protection policies and procedures. IIE welcomes your feedback through the Data Subject Request Portal.

In addition to the English language, this Statement is offered in Spanish, Portuguese, French, Arabic, Mandarin Chinese, and Japanese for global convenience.

IIE’s Privacy Statement is designed to provide transparency into our privacy practices and principles in a way that people can navigate, read, and understand.

Please read the IIE Privacy Statement carefully as it details the ways in which IIE may process your personal data. Please note that what data IIE processes and how that data is processed may vary by program and/or by your engagement with IIE. This statement does not apply to how third parties define personal data or how they process it. IIE encourages you to read third-party privacy statements and know your privacy rights before interacting with them.

Effective Date

July 1, 2024

Note on Changes to This Statement

IIE reserves the right to change this Statement and relevant policies or procedures at any time without notice to you. If you continue to engage with IIE including accessing or using IIE Websites after this Statement has changed, IIE considers you to have accepted any changes made. IIE keeps this Statement up to date on this website, where it is available and accessible to the public. IIE recommends revisiting and reviewing this Statement regularly to ensure that you understand how IIE may be processing your personal data.

Definitions
  • IIE refers to the Institute of International Education, Inc.
  • IIE Websites refers to websites managed by IIE on behalf of its own operations or sponsors.
  • Data Controller refers to the entity that determines the purposes and means of processing personal data.
  • Data Processor refers to the entity that processes personal data on behalf of the Data Controller.
  • Minor refers to people under the age of 18.
  • Parent means a minor’s parent, legal guardian, or caregiver.
  • People means identifiable, natural persons.
  • Personal Data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • PII, also known as Personally Identifiable Information, refers to any information that can be used to identify a distinct person’s identity.
  • To Process or Processing means receiving, sending, storing, referencing, accessing, or otherwise using Personal Data in any way that falls under the scope of applicable data protection laws and regulations, including any relevant international, state, or local laws.
What is the basis upon which IIE processes personal data?

IIE processes personal data based on consent and contractual agreements. IIE also processes personal data based on pursuing IIE’s legitimate interests or the legitimate interests of others. Provided that the legitimate interests below are not overridden by the data protection rights of people who are engaging with IIE, personal data may be processed:

  • when applying for an IIE-managed program,
  • when entering or carrying out a contract with you and/or a program sponsor to administer a program,
  • when entering or carrying out a contract with you to provide a service to IIE or for IIE to provide a service to you,
  • when entering or carrying out an employment relationship with you,
  • when investigating any complaints received from you or from others, about us, or our service providers, or
  • in connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with legal process or litigation).
Confidentiality and Data Access Controls

Your personal data processed under this Statement is shared with respective personnel on a need-to-know basis and/or as necessary to provide the services you requested.

Data Security and Incident Response

IIE has designed security procedures to ensure the security, integrity, and privacy of your personal data against unauthorized access or unauthorized alteration, disclosure, or destruction. IIE uses reasonable security controls for handling all categories of personal data, including sensitive personal data. IIE updates and tests systems and processes on a routine basis. These measures and requirements are compliant with the guidelines set forth under applicable laws.

If IIE discovers a security incident that impacts personal data, IIE has dedicated people, processes, and technology in place to investigate, analyze and execute appropriate response actions and remediation. IIE analyzes these facts – in the context of applicable laws, regulations, contractual obligations, and IIE’s commitment to data protection – to determine whether incident notification is required for affected individuals, or other relevant parties such as sponsors or regulators. IIE will comply with all applicable laws that require security incident notification without undue delay.

While IIE undertakes reasonable efforts to prevent unauthorized access, alteration, disclosure, or destruction to personal data, IIE cannot ensure or warrant the security of data you transmit to IIE, data provided online, or data stored by IIE or our service providers. Personal data is submitted at your own risk. IIE is not liable for disclosures of your personal data due to errors in transmission or the acts of our service providers or other third parties, which means that you accept all risks associated with any data transmission and Internet usage, including the risk that your personal data may be intercepted in-transit.

Data Storage and Retention

Your personal data is stored by IIE on its servers and on the servers of cloud-based, third-party hosting and service providers with whom IIE engages.

IIE retains personal data for as long as necessary for the purposes described in this Statement. The period for which IIE retains personal data is determined by the type of data, the data subject type to whom the data relates, and the purposes for which the data was processed.

The length for which IIE retains personal data is further determined by applicable legal and regulatory requirements, contractual obligations, purposes of safety, security, and fraud prevention, or by issues relating to an unresolved claim or dispute.

IIE will save your personal data under the following circumstances:

  • for as long as it is necessary and relevant to perform the purposes for which the data was processed, depending on the legal basis for which that data was processed,
  • until IIE has no further legitimate interest in the data and/or a claim may be made in relation to IIE’s professional relationship with you,
  • until you withdraw your consent OR
  • where legal/regulatory obligations mandate that IIE retain your personal data.

IIE may retain some or all personal data for purposes of business analytics, record-keeping, contractual obligations or legal purposes, to enforce IIE Websites Terms and Conditions, or as a result of such information being stored on IIE systems through routine backup or archival processes.

Please note that IIE is not responsible for removing your personal data from the lists or systems of any third-party not connected to IIE who have previously been provided with your data in accordance with this Statement.

Note on International Transfers of Personal Data

IIE is a global organization and may transfer personal data across national borders to other countries, in compliance with the laws that apply to that data, to perform processing activities such as those described in this Statement. Where required by law, IIE has put into place appropriate mechanisms to adequately protect personal data that are transferred across borders.

Note to Parents and Children

IIE considers any person under the age 18 to be a minor, regardless of jurisdiction or domicile.  IIE services are generally not targeted towards minors. However, personal data associated with minors may be processed if they engage with IIE to apply or participate in IIE programs.

IIE processes personal data of minors for the purposes of providing benefits or visas for people who are dependents of people engaging with IIE as employees or program participants.

Please refer to the “Who are the Data Subjects and What Personal Data is Processed by IIE” section of this Privacy Statement to better understand which Data Subjects might be minors.

If you are a minor, you may request that IIE remove any content you have posted to IIE Websites that can be accessed by another user.

If you are a parent, legal guardian, or caretaker and believe that IIE may have collected personal data from a minor without your permission and this is not acceptable to you, please submit a request via the Data Subject Request Portal, and IIE will promptly address the issue.

Personal Data Categories

Please note that these categories may overlap in some cases.

Personal Data CategoryPersonal Data Category Examples/Description
Identifiers, Online Identifiers, Personally Identifiable Information (PII)Name, Email Address, Contact Details, Passport Number, Government Issued Identification, Date of Birth, Bank Account Number, Credit Account Number
Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health DataGender, Sexual Orientation, Racial/Ethnic Origin, Family Structure data, Health, Criminal Convictions or Offenses, Political, Religious or Philosophical Beliefs, Trade Union Membership, Preferences, Opinions, Intentions, Interests, Bank Account data, Income
Internet or Other Electronic ActivityInternet Browsing/Search History, Cookies, Application/Website Access Location and Interaction, Employee Time and Geolocation Related to use of Internet Website, Application or Physical Access to IIE Office
SensoryPhotographs, Audio, Electronic, Visual Recordings – usually during program engagement or employment
Professional, Employment, Education related informationWork History, Job Titles, Salary, Evaluations, References, Interviews, Certifications, Education Records, Transcripts, School Attended
InferencesAny data drawn from the categories referenced above to create a profile about a person reflecting the person’s characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes
Who Are the Data Subjects and What Personal Data is Processed by IIE

Please note that these categories may overlap in some cases.

Data SubjectData Subject DescriptionPersonal Data CategorySource of the Personal Data
People who Visit IIE WebsitesPeople, including minors, who access or provide data to or engage in any way with IIE Websites  
  • Identifiers, Online Identifiers, PII
  • Internet or Other Electronic Activity
  • Sensory
People who visit IIE Websites
People who Receive Marketing Communications from IIEPeople who provide their data or whose data was collected for the purposes of receiving promotional and marketing materials from IIE
  • Identifiers, Online Identifiers, PII
People who visit IIE Websites, attend IIE events, whose publicly available information has been processed and who might be interested in IIE services, and/or who provide their personal data to IIE
People who Represent Business PartnersIIE processes personal data of individuals and representatives of organizations who do business with IIE such as sponsors, donors, members, vendors, service providers, other partners, and potential partners
  • Identifiers, Online Identifiers, PII
  • Internet or Other Electronic Activity (if accessing IIE systems, networks, or applications)
People who Represent Business Partners
People who Engage with IIE ProgramsPeople, including minors, who engage with any program administered by IIE  
  • Identifiers, Online Identifiers, PII
  • Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health Data
  • Sensory
  • Professional, Employment, Education
  • Inferences
Refer to: With whom does IIE receive or share personal data associated with the program lifecycle?
People who are Dependents of People who Engage with IIE ProgramsPeople, including minors, whose legal guardian, family member or spouse is engaging with IIE programs  
  • Identifiers, Online Identifiers, PII
  • Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health Data
People who are Engaged with IIE Programs and/or People who are Dependents of People who Engage with IIE programs
People who are Job Applicants and or Internal to IIEJob applicants, employees, including temporary employees and interns, volunteers, members of the Board of Trustees, and Officers
  • Identifiers, Online Identifiers, PII
  • Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health Data
  • Internet or Other Electronic Activity
  • Sensory
  • Professional, Employment, Education
  • Inferences
Refer to: With whom does IIE receive or share personal data of People who are Job Applicants and Internal to IIE?
People who are Dependents of People who are Internal to IIEPeople, including minors, whose legal guardian, family member or spouse is internal to IIE  
  • Identifiers, Online Identifiers, PII
  • Professional, Employment, Education
People who are Internal to IIE, People who are Dependents of People who are Internal to IIE, Background check providers
People who are Research Participants in IIE Managed StudiesPeople whose personal data is represented in IIE managed studies
  • Identifiers, Online Identifiers, PII
  • Protected Classifications, Special Categories of Personal Data, Sensitive Personal Information/Data, Health Data
  • Sensory
  • Professional, Employment, Education
People who are Research Participants in IIE Managed Studies

Please refer to the appropriate data subject notice, based on how you are engaging with IIE, to understand the purposes and types of personal data IIE processes, how IIE shares your personal data and your privacy rights.

People Who Visit IIE Websites

IIE Websites includes this website and any other websites that IIE maintains on behalf of program sponsors. Please refer to IIE Websites Terms and Conditions.

Personal Data and Its Purposes of Processing on IIE Websites
Website Interaction Logs

IIE Websites automatically collect certain information and store it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of the IIE Websites, including a history of the pages you view. IIE may use this information to help design the sites to better suit your needs. IIE may also use your IP address to help diagnose problems with our server and to administer IIE Websites, analyze trends, track visitor movements, and gather broad demographic information that assists in identifying your preferences.

IIE has a legitimate interest in understanding how people engage with IIE Websites. This assists IIE with providing more relevant content, communicating value to our participants, sponsors, and corporate members, and providing appropriate staffing to meet stakeholder needs.

Cookies

When you visit an IIE Website, the site may ask your browser to store a small piece of data (text file) called a cookie on your device to remember information about you, such as your login information or user preferences.

IIE may also use cookies to determine the popularity of content and analyze site traffic and trends. Those cookies are set by IIE and called first-party cookies.

IIE Websites may also use third-party cookies, which are cookies from a domain different than the domain of the website you are visiting, for advertising and marketing efforts, to deliver and measure the effectiveness of advertising campaigns, and generally understand the online behaviors and interests of people. These third-party entities may use cookies and other technologies to identify the devices used by visitors to IIE Websites, as well as when they visit other online sites and services.

You may see IIE advertisements on other websites because IIE uses third-party advertisement services. Through use of such services, IIE can tailor messaging to people, considering demographic data, the target audience’s inferred interests, and browsing context. Advertisement services use this information to show advertisements that may be tailored to their users’ individual interests. The information these services may collect includes data about your visits to websites that serve IIE advertisements, such as the pages or advertisements you view and the actions you take on the websites.

How to Control and Delete Cookies
Consent Tool

IIE has constructed the Cookie Policy that describes the cookies used on this website and provides information on how users can accept or reject them. Please refer to the cookie policy of any other IIE Website you are visiting for more information specific to that website.

Using Your Browser

Many of the cookies used on IIE Websites can be enabled or disabled via the consent tool or by disabling the cookies through your browser. To disable cookies through your browser, follow the instructions located within browser menus. Please note that disabling a cookie or category of cookies does not delete the cookie from your browser unless manually completed through your browser function.

Other Personal Data Processed

You may visit IIE Websites without being required to provide your name, email address or other personal data. Some features of IIE Websites may include features or services that permit you to enter personal data.

When you communicate your personal data to IIE through IIE Websites, IIE will inform you at each collection point what data is required and the purpose of its collection. You can choose not to enter some or all personal data, but if you do so, IIE may not be able to adequately respond to your inquiry, communicate further with you and/or provide requested services.

Depending on why and how you communicate with IIE via IIE Websites, IIE will use your personal data in the following way(s):

  • To answer your questions and/or provide requested information if you inquire about IIE programs or services,
  • To advise when IIE needs your personal data to execute an agreement with you or your organization or to comply with a legal obligation or if you inquire how your organization could support or work with IIE,
  • To respond to your inquiry if you are a member of the public with questions about IIE employment and/or general inquiries,
  • To verify your identity, organization and/or role if IIE is not yet familiar with you or your organization, or
  • To share information about our programs, services, news, and events if you opt-in to receive marketing communications. When you share your contact details for this reason, you will have consented that IIE may contact you for these purposes.
Note on Public Forums

People who visit IIE Websites are solely responsible for the content they post online in public forums. Public forums may include, but are not limited to, social media applications, chat rooms, bulletin boards, blogs or other publicly accessible forums that may be viewed and used by anyone with available access. Please be aware that when you voluntarily disclose and transmit personal data within a public forum, your personal data may be collected and used by others. IIE cannot control such uses of your personal data and by using such services, you assume the risk that whatever personal data you provide may be viewed and used by third parties.

You may withdraw your consent for IIE to use your personal data on Public Forums administered by IIE by amending or deleting your comment or by submitting a request via the Data Subject Request Portal. If you withdraw your consent, it will not change how IIE processed your personal data before you withdrew consent, but the comment will not be displayed in the future.

With whom does IIE share your personal data?

IIE may share your personal data with:

  • Data controllers related to specific program websites which are sponsored by the controller;
  • IIE offices and affiliates,
  • IIE service providers and other third parties that make IIE Websites available, enhance its functionality or otherwise provide services to IIE or its service providers,
  • any other person or entity that IIE mentions when you provide your personal data, or
  • any other person or entity necessary for protecting the rights or safety of IIE or others.

IIE will not share or otherwise distribute your personal data to others in ways different from what is disclosed in this Statement. IIE will not sell, market, or rent your personal data unless IIE has received your specific consent. Except as otherwise expressly stated in this Statement, IIE will release personal data to another person or company only with your consent or if required or permitted by law. If your personal data is disclosed to any other recipients than are stated in this Statement, IIE will inform you at the time your personal data is collected and will obtain your consent.

People Who Receive Marketing Communications from IIE

When you opt-in to receive marketing communications from us, you are granting consent for your personal data to be used to contact you by email, direct mail and/or phone to deliver personalized IIE Website experiences and to share information about relevant products, services, best practice information, industry news and events, funding needs, and/or send surveys or other information about products or services developed or provided by us or our business partners.

IIE will not give your personal data to another party to promote products or services directly to you without your specific consent.

If you opted-in to receive marketing emails, and you later decide you do not want to receive this correspondence from us, simply click the “Unsubscribe” link provided in that email message or reach out directly to the email sender and request that no more communications be sent to you.

Withdrawing your consent will not affect IIE’s use of the personal data prior to your withdrawal, but it signifies that IIE will not contact you in the future. There may be a brief delay between when you submit your request to “opt-out” and when it is processed and reflected in IIE systems, so you may continue to receive certain communications from IIE for a limited time after you unsubscribe. IIE apologizes for any inconvenience and appreciates your patience.

Please note that IIE may continue sending non-marketing emails related to any account you have, any application you have submitted, or any transaction or contractual agreement you have with IIE.

Except for personal data submitted as part of an application, purchase or donation, any communication or material you transmit to us by email or otherwise, including any data, questions, comments, suggestions, or the like, is, and will be treated as, non-confidential.

If you are not satisfied with the “Opt-Out” options, please submit a request via the Data Subject Request Portal, and IIE will promptly address the issue.

People who Represent Business Partners (Individuals & Representatives of Organizations)

IIE values its business relationships and processes personal data of Business Partners for contractual reasons. If any IIE business partner feels that this is not reflected in our business practices, please submit a request via the Data Subject Request Portal, and IIE will promptly address the issue.

IIE will not sell, market, or rent your personal data unless your specific consent is received. IIE will not send you mailings on behalf of other organizations unless requested.

IIE may collect professional contact details, payment information, billing address and other information necessary to process a gift, event registration, send payment or receive payment. IIE may share reports about progress, activities, and other program-related information.

IIE may use your data to comply with the law or in the good faith belief that such action is necessary to conform to the requirements of law or comply with legal process served.

If you access IIE devices, systems, and networks throughout the business relationship with IIE, the IIE Acceptable Use Policy applies to you. IIE systems users should have no expectation of privacy on IIE-managed devices, systems, and networks. Non-business use of IIE assets is strongly discouraged to maximize data protection by separating business data from personal data that is not needed to carry out the business relationship.

People Who Engage with IIE Programs

IIE is contracted by sponsoring organizations, acting as data controllers, to carry out the administration of programs. The data controller funds and sets the high-level directive, goals, and purpose of the program. IIE manages some or all administrative operations of the program under the general direction of the data controller, acting as the data processor. The data controller may also carry out its own data processing.

IIE also sponsors its own initiatives and is the data controller for these IIE sponsored programs.

People, including minors, who engage with IIE programs are classified as one of the following Data Subject Types due to different data retention requirements according to the level of program engagement:

  • Program Applicants with an Unsubmitted Application
  • Program Applicants with Submitted Application but Not Selected to a Program
  • Program Participants and Alumni

Except for background checks, IIE does not use automated means when participating in application selection or to make any other decisions that may have a legal or other significant effect on you. All selection decisions require substantive human input.

If you have questions or concerns, please use our Data Subject Request Portal.

What are the purposes for processing personal data associated with the lifecycle of a program?

IIE will only process personal data when it is necessary and required for the purposes listed or if you choose to provide it to us voluntarily.

Please note that the most common scenarios for IIE processing special categories of personal data are when medical data is collected in order to review your medical history to determine eligibility to participate in a program; your criminal history when IIE is required to run a background check; and information concerning minors, if you are bringing dependents with you and we are required to process their data for visa sponsorship or other purposes. In most cases IIE only processes other types of sensitive information if you voluntarily provide it, such as referring to religious or political views in an application essay.

ProcessProcess Description
Alumni ManagementManaging data of participants whose programs have ended, including the production of statistical reports, alumni correspondence and organizing alumni events
Application/SelectionCollecting and reviewing applications for the purpose of selecting potential program participants and/or notification of their selection for a program. Please note that IIE programs do not use automatic data processing for this process
Background CheckAutomated screening of government watch lists and background information for regulatory compliance purposes
Emergency ManagementAssisting, corresponding, and handling emergencies during program participation
Event ManagementPlanning and/or executing events including registration, scheduling of participants, or any other event-related activities for purposes including program enrichment or external engagements by IIE
Financial VerificationVerifying availability of funds or income to cover program-related costs/expenses, financial need, or other financial requirements of a program
Insurance/Health Benefit Enrollment and or ManagementEnrolling a participant in a health benefit plan to ensure coverage for medical issues or emergencies while on program
Medical ReviewReviewing medical data for the purpose of determining visa eligibility, identifying any issues that could affect participation in a program or activity, or would require additional accommodations to be arranged
Participant AgreementsDrafting, sending, or receiving an agreement document such as Terms of Agreement, Terms of Appointment, Program Contracts, or any other type of agreement document with program participants
Participant Advising and Progress ManagementCollecting and analyzing any academic, employment or other data to ensure a participant is meeting the requirements of a program or on track for successful completion of an award
Payment ProcessingProcessing payment transactions to or from participants, vendors or other payees using a bank transfer such as ACH, EFT, wire payments, checks or other methods
Program EvaluationReporting, exporting, or compiling of data for the purposes of understanding or evaluating the state of the program/participants, impact, or any other legitimate interest related to administering the program
Program Promotion and OutreachPromoting IIE and/or IIE programs, including soliciting applications to programs or email marketing
Program ReportingProducing and sharing reports about progress, activities, and other program-related information
Record Creation/ManagementCreating and maintaining a record in IIE’s systems, electronic or otherwise, to administer IIE programs
Social Media ManagementEngaging with people via social media
TaxesIf applicable, withhold taxes and issue tax forms to participants
Travel ManagementPlanning or booking of domestic or international travel by IIE or vendors on behalf of IIE
Visa SponsorshipCreating, monitoring and/or maintaining a SEVIS/Visa Sponsorship record
With whom does IIE receive or share personal data associated with the program lifecycle?

IIE may send your personal data to or receive it from third parties to carry out the processes listed above. These third parties may include:

  • Academic credential evaluation companies
  • Educational testing services
  • Academic and research institutions
  • Employers
  • Insurance and health providers
  • Program and award sponsors
  • Commissions and posts
  • External interview panelists and award selection committees
  • Travel management companies
  • Background check and watchlist providers
  • Translation services
  • Governmental agencies

Additional third parties may include legal counsel representing IIE, courts, tribunals, regulators, government authorities and law enforcement officials if required by law or for IIE’s legitimate interest in compliance with applicable laws/regulations.

How does IIE respond to requests for deletion of program lifecycle personal data?
Data Subject TypeData Retention CommentsResponse to Request for Deletion
Program Applicants with an Unsubmitted Application Personal data and associated data are deleted
Program Applicants with Submitted Application but Not Selected to a ProgramThe duration of processing is determined by the sponsor and follows the U.S. government guidelines on data retentionPersonal data are anonymized Demographic information is retained for analytics and/or research purposes
IIE will retain and use anonymized data only in that format and will not attempt to re-identify Data Subjects associated with anonymized data
Participants and AlumniThe duration of processing is determined by the sponsor and follows the U.S. government guidelines on data retention. Additionally, IIE must retain all records related to the Inbound participants’ exchange visitor program for at least three years per U.S. Federal regulationsRetain according to retention period
People who are Dependents of People who Engage with IIE Programs

IIE processes personal data of Data Subjects, which includes minors in some cases, described by this category, related to background check, visa sponsorship and to provide health insurance benefits.

Relevant information is shared with government agencies for background check and visa sponsorship-related matters and health insurance companies for the purpose of administering benefits.

People who are Job Applicants or Internal to IIE

People who are Job Applicants or Internal to IIE consent to personal data processing as a part of their application and/or employment agreement. Employees, including temporary employees, interns, and volunteers, consent to personal data processing when acknowledging the IIE Acceptable Use Policy.

People who use IIE devices, systems and networks should have no expectation of privacy on IIE-managed assets. Non-business use of IIE assets is discouraged to maximize data protection. IIE strongly recommends that business data be segregated from personal data to further protect employee personal data.

Please reach out to your HR Business Partner or submit a request on our Data Subject Request Portal if you have any questions or concerns.

What are the purposes for processing personal data of People Who Are Job Applicants or Internal to IIE?

IIE will only process personal data when it is necessary and required for the purposes listed or if you choose to provide it voluntarily.

HR Personal Data CategoryProcessProcess Description
Benefits
  • Benefit Administration
  • Pay/Reimburse Expenses
  • Medical, dental, vision, commuter, retirement, student benefits, including processing eligibility of dependents, absence and leave monitoring, insurance and accident management and provision of online total reward information and statements
  • Salary administration, payroll management, payment of expenses, to administer other compensation related payments, including assigning amounts of bonus payments to individuals, administration, or departmental bonus pools
Compliance
  • Monitor Eligibility to Work
  • Monitoring and ensuring compliance of ability to work in a certain location
Compliance Family, Medical
  • Process Health-care Related Data
  • Comply with Applicable Law or Regulatory Requirements
  • Claim management support with vendors, family or medical leave eligibility and compliance, fitness for duty/return to work after leave
  • May collect vaccine or other medical history when requiredLegal (local, state, and Federal) and internal company reporting obligations, including headcount, management information, demographic, and health, safety, security, and privacy reporting
Personnel
  • Administer International Assignments
  • Assist in Case of Emergency
  • Conduct Performance Reviews
  • Facilitate Better Working Environment
  • Maintain Contact Details
  • Provide employees with Human Resource Management, Financial and Travel Services
  • Relocation services, documenting assignment terms and conditions, obtaining relevant integration documentation, initiating vendor services, fulfilling home/host country tax administration, and filing obligations, and addressing health requirements
  • Maintenance of contact details for dependents in case of personal or business emergency
  • Performance appraisals, career planning, skills monitoring, internal mobility, promotions, and staff restructuring
  • Conducting staff surveys, providing senior management data about employees, and conducting training
  • Ensuring contact information is current in IIE systems
  • Employee data maintenance and support services, administration of separation of employment, approvals and authorizations procedures, administration and handling of employee claims, and travel administration
Recruitment
  • Recruitment
  • Employment-related background screening and checks along with federally mandated Affirmative Action Program reporting
Systems
  • Maintain security on IIE Websites and Network Connected Assets
  • Monitor Work-Related Licenses and Credentials
  • Hosting and maintenance of computer systems and infrastructure, management of IIE software and hardware assets, systems testing, such as development of new systems and end-user testing of computer systems, training, and monitoring of email and Internet access
  • Software license provisioning for use related to an employee’s work responsibilities, ensuring compliance, training, examinations, and other requirements are met with regulatory bodies
Workplace Facilities
  • Provide Physical Workplace Facilities
  • Manage access to business offices, physical security monitoring and services, measure attendance and usage of facilities
With whom does IIE receive or share personal data of Job Applicants and People Who are Internal to IIE?

IIE may send your personal data to or receive it from third parties to carry out the processes listed above. These third parties may include:

  • Employers
  • Insurance and health providers
  • Travel management companies
  • Background check and watchlist providers
  • Governmental agencies
  • Employee file hosting provider
  • Payroll provider
  • Retirement provider
  • Compliance and reporting consultants
  • Employee engagement providers
  • Workplace facilities providers

Additional third parties may include legal counsel representing IIE, courts, tribunals, regulators, government authorities and law enforcement officials if required by law or for IIE’s compliance with applicable laws/regulations.

How does IIE respond to requests for deletion of data of Job Applicants and People Who are Internal to IIE?

Please note that acknowledgement of the Acceptable Use Policy and employment-related personal data processing is a condition of employment.

Data Subject TypeData Retention CommentsResponse to Requests for Deletion
Job ApplicantsRecruitment data shall be retained in an electronic format by IIE for three years. If the person is hired by IIE, the applicable retention event is the date of termination of the employment relationship. For all other data, the applicable retention event is the date of the personnel action involved or the date that the data was created or received by IIE, whichever is later.Retain according to retention period
People Who Are Internal to IIEThe applicable Retention Event is the date of termination of the employment relationship.
  • Personnel, Benefits, Systems, and other HR data is retained in an electronic format for six years.
  • Family, Medical, Compliance data is maintained for three years, for 18 years in cases of worker compensation and 30 years in cases of exposure to toxic substances.
  • U.S. Citizenship and Immigration Services Employment Eligibility to Work I-9 forms are retained by IIE for three years from the date of hire or one year from the date of termination of the employee, whichever is later.
Retain according to retention period
People who are Dependents of People Internal to IIE

Personal data of dependents, including minors, may be processed to provide benefits, such as health insurance. This data is shared with health insurance companies for the purpose of administering benefits.

Dependent data may also be processed in relation to the Children of Employees IIE Scholarship Program only if the employee and/or dependent provide this information. A standard background check is performed for all applicants.

Please reach out to your HR Business Partner or submit a request on our Data Subject Request Portal if you have any questions or concerns.

People who are Research Participants of IIE Managed Studies

IIE is contracted by sponsoring organizations, acting as data controllers, to carry out research in international education. The data controller funds and sets the high-level directive, goals, and purpose of the research. IIE, acting as a data processor, manages some or all administrative operations of the research under the general direction of the controller. The data controller may also carry out its own data processing.

IIE also sponsors its own initiatives and is the data controller for this IIE-sponsored research.

After the research participants provide their consent, these research studies are conducted directly from research participants using third-party survey tools and/or through interviews.

What are Your Data Subject Rights
Data Subject RightYou have the right to:
Accessaccess personal data that IIE processes about you and obtain information about how IIE processes it
Erasureask IIE to erase personal data where you have withdrawn your consent or where there is no other reason for IIE to process your personal data
Object to Processingobject to IIE processing your personal data
Portabilityrequest that IIE provide a copy of your personal data to you
Rectificationcorrect personal data that IIE processes about you
Restrict Processingrequest that IIE limit processing of your personal data
Withdraw Consentwithdraw consent you have previously given to IIE to process your personal data

If fulfilling your request would reveal personal data about another person, or if you ask IIE to delete information that IIE is required by law to maintain, IIE may not be able to fulfill your request. IIE may retain a record of the existence of a professional relationship with you, to the extent that and for so long as it is legally required. For example, IIE will retain a record of your personal data erasure request.

Please note that restrictions you impose on the use, disclosure or processing of your personal data may result in losing eligibility for certain services where processing that personal data is needed for your participation.

How to Exercise Your Data Subject Rights

Please submit your request using IIE’s Data Subject Request Portal. Once you have confirmed your email address, IIE will verify your identity and then process your request as soon as possible.

How IIE Processes Data Subject Requests

After you submit your Data Subject Request, you will receive an email to the email address provided asking you to confirm your email address. If your email is not confirmed, IIE will not process your Data Subject Request.

Once the email address is confirmed, IIE will route the request to the appropriate team to perform Identity Verification and confirm that IIE is processing your personal data.

IIE will then address your request appropriately. You will receive all notifications and communication through the Data Subject Request Portal.

Contact Us

IIE Data Protection Officer/Grievance Officer
Institute of International Education, Inc.
One World Trade Center, 36th Floor
New York, NY 10007
Privacy@iie.org