EFA Business Privacy Statement
This EFA Business Privacy Statement was updated on September 6, 2021.
In the course of providing EFA Business (“EFAB”) services and related services to its corporate, non-profit organization and governmental customers (“Customers”), EFA will receive and have access to personal data of individual users to whom customers grant access (“Users”). For the purposes of this privacy statement, Customers are data controllers and EFA is a data processor. EFA’s processing of User data and the security measures implemented to protect such data are detailed in and governed by a written agreement between EFA and each of its Customers.
As a data processor, EFA will access, store and use the personal data of individual Users solely for the purpose of providing the EFAB services to its Customers and will process the data as instructed by its Customers.
As data controllers, Customers decide which of their employees or other authorized personnel are given access to the EFAB services. They do this by designating one or more EFAB account administrators or group administrators (“Administrator”) who act on behalf of the Customer and have the ability to customize the Customer account, manage individual User accounts, access the EFAB Insights tool and related reporting features, access the EFAB Administrator tools, and populate the Customer account with Customer-provided content. Customers are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, relating to the collection of personal information relating to individual Users selected by Customers for accessing the EFAB services. EFA has no direct relationship with individual Users, who should contact Customers (their employer) for assistance with any requests or questions relating to the processing of their personal information.
For avoidance of doubt, this Privacy Statement does not apply to:
- any processing of data for the purpose of marketing the EFAB service to enterprise and corporate prospects;
- any other offerings available at EFA.com separate from the EFAB services, for which the EFA Privacy Policy is applicable. A User may already have an account with EFA to access EFA’s marketplace educational content, and data processed as a result of the use of the EFA marketplace from a User account is governed by the EFA Privacy Policy.
In the event where EFA makes any material changes to the manner in which it processes User data to provide its services to Customers, it will notify Customers.
EFA Business Privacy Statement
- Information about Users collected and stored by EFA
- Purpose of User Data Processing and Retention Period
- Cookies and other Tracking Technologies
- Sharing User Information
- Processing of User Data outside of the EEA
- General
1. Information about Users collected and stored by EFA
- When a User is given access to the EFAB services by the Administrator, a User may set up an individual User account and EFA will collect information provided by the User or the Administrator. The Customer can customize the type of data requested to create an account, which may include the following:
- first name, last name, and email address required
- photo, areas of interest, job skills, goals, and role (optionally provided by User or Customer)
- other personal data, as allowed by the Customer
A unique identifying number is assigned by EFA upon the creation of a User account.
- Individual User account information may be set to private or public, as selected by Users. If set to public, the information is searchable via search engines and viewable by anyone, including by other Users and the Customer.
- Administrators may assign a User to a group membership.
- Customers may select to integrate with EFAB a Single Sign On (SSO) identity provider to enable Users to log in to EFAB User accounts without the need to disclose passwords to EFA. Users may log in by providing their individual SSO credentials to the SSO identity provider, which will authenticate them and allow or deny access to the Customer account. SSO identity providers share with EFA a unique cookie ID and authentication “token” information to recognize the User as an authorized user of Customer.
- At the option of the Customer, the EFAB service may enable Administrators and Users to interact with others, including with instructors, teaching assistants, other students, and the Customer, by posting reviews about educational content, sending messages to or chatting with others, posting questions or answers, or posting other content. Posted content is stored by EFA and may be publicly available or viewable by others, including Administrators, Users, or instructors and teaching assistants, depending on where the content is posted.
- At the option of the Customer, Administrators may enable the ability to “Share to Slack.” This optional feature allows Users to manually or automatically post a message to the Customer’s own instance of the Slack messaging service. To enable this optional functionality, Customer's Slack administrators must grant EFA the ability to read the full list of public channels, private channels, and users in the Customer’s Slack instance. These lists may include individuals in Customer’s Slack instance who are not EFAB Users. Slack user lists and channels are briefly cached before being automatically purged from EFA's systems.
- EFA stores information relating to the activities of Users as they use and interact with the EFAB services, such as content viewed or accessed (and information relating to that content); interactions with instructors, teaching assistants, Administrators, and other Users; as well as answers, essays, and other items submitted by Users to satisfy the educational content requirements. This information is linked to a User’s unique account ID and is shared with Customers via the Customer Account reporting tools or upon request of the Customer.
- The EFAB service enables Users to contact the EFA Support Team for assistance or to report a problem, concern, potential abuse or other issues regarding the EFAB services or other users. EFA may collect and store the User’s name, email address, location, operating system, IP address as well as the User’s activity on the EFA platform and communications with the EFA help desk team. EFA may request additional information from Users in order to resolve any issue reported by a User or by another user.
- When a User uses the EFAB services, EFA collects and stores certain information by automated means: (a) technical information about the User’s computer or wireless device, such as IP address, operating system type and version, unique device ID, browser, browser language, domain, and other operating systems or platform information. This information is collected through the use of server log files and tracking technologies, such as: (i) cookies, which are small files that websites send to a computer or wireless device to uniquely identify a browser or mobile device or to store information in a browser setting; and (ii) other tracking technologies (see below for more detailed information).
- IP addresses received from browsers or devices of Users may be used to determine the approximate location of Users.
- If a Customer makes purchases via credit card, EFA collects certain data about the purchase (such as name and ZIP code) as necessary to process the order. Customers must provide certain payment and billing data directly to EFA’s payment processing partners, including name, credit card information, billing address, and ZIP code. EFA may also receive limited information, like the fact that Customers have a new card and the last four digits of that card, from payment service providers to facilitate payments. For security, EFA does not collect or store sensitive cardholder data, such as full credit card numbers or card authentication data.
2. Purpose of User Data Processing and Retention Period
EFA processes the information collected about Users and Administrators for the purpose of providing the EFAB services to its Customers, specifically:
- Providing, administering, and facilitating access to the EFAB services, for Customers and Users, and managing Customer or User account preferences
- Fulfilling Customer’s instructions with respect to personal data of Users
- Displaying and sending via email notifications to Users for:
- Responding to User questions or concerns
- Making notifications to Users at the request of the Customer
- Sending Users administrative messages and information, including confirmation of account creation, enrollment and progress in courses and related content, and notifications of responses from instructions to User questions
- Providing information to Users about available content, new EFAB service features, and personalized content recommendations, which Users can opt out of at any time
- Sending push notifications to User wireless devices to provide updates and other relevant messages, which can be managed from the “options” or “settings” page in the mobile application.
- Enabling communications among Users and instructors or teaching assistants
- Incorporating feedback into and improving the EFAB services
- Resolving User support requests or claims
Email Preferences
Users can individually opt out of receiving non-transactional emails by: (i) following the unsubscribe instructions provided in the email communication; or (ii) managing User account email preferences. A Customer can also instruct EFA to configure email preference settings for all Users of a Customer.
Retention of Personal Data
EFA will retain the data of Users for as long as instructed by the Customer and no longer than required to serve the purposes of processing. EFA will delete certain or all personal data relating to Users upon request of the Customer. EFA may retain aggregated or anonymized data as set forth below.
Use of aggregated data
In addition, User data is aggregated with other EFA marketplace user data to enable EFA to improve its products and services and develop new products and services, including:
- Reviewing and analyzing User browser and wireless device technical information
- Reviewing user activity across EFAB and the EFA marketplace (for example, EFA analyzes trends and User traffic and usage information to identify popular content)
- Facilitating the technical functioning of the EFAB services and EFA marketplace, including to troubleshoot and resolve issues, secure the EFAB services, and prevent fraud and abuse
- Developing a personalized content recommendation engine
When User data is used for the above purposes, it is aggregated and/or anonymized so that no personal data of Users is processed.
3. Cookies and other Tracking Technologies
Like many online platforms, EFA and its analytics vendors use server log files and automated data collection tools, such as browser cookies, pixel tags, scripts, and web beacons. These tools are used for analytics purposes to enable EFA to understand how Users interact with the EFAB services. EFA and its analytics vendors may tie the information gathered by these means to the unique account ID of Users.
Cookies are small text files placed onto a computer or device while browsing the Internet. Cookies are used to collect, store, and share bits of information about User activities. EFA uses both session cookies and persistent cookies.
- A session cookie is used to identify a particular visit to the EFAB services and collect information about interaction with the EFAB service. These cookies expire after a short time, or when the User closes their web browser after using the EFAB service. EFA uses these cookies to identify a User during a single browsing session, such as when you log into the EFAB services. This helps EFA improve the EFAB service as well as improve the Users’ browsing experience.
- A persistent cookie will remain on a User’s device for a set period of time specified in the cookie. EFA uses these cookies to identify and recognize a specific User over a longer period of time. They allow EFA to:
- analyze the usage of the EFAB services (e.g. what links Users click on) in order to improve our EFAB offering,
- test different versions of the EFAB services to see which particular features or content Users prefer to optimize the EFAB services
- provide a more personalized experience to Users with more relevant and recommended content and
- allow Users to more easily log in to use the EFAB services. Persistent cookies include:
- preferences cookies to remember information about a User’s browser and settings preferences, such as preferred language. Preference cookies make User experience more functional and customized
- authentication and security cookies to enable a User to log in or stay logged in and access the EFAB service, to protect User accounts against fraudulent log-ins by others, and help detect, fight, and protect against abuse or unauthorized usage of User accounts.
- functional cookies to make the experience of using the EFAB service better, like remembering the sound volume level selected by the User.
EFA uses tracking technology to: (i) determine if a certain page was visited (e.g. the landing page of an advertisement for EFAB services that is displayed on third party sites) or whether an email sent by EFA was opened or clicked on by a User; and (ii) to customize the learning experience of individual Users by recommending specific courses and other content.
Cookie list
EFA will retain the data of Users for as long as instructed by the Customer. EFA will delete certain or all personal data relating to Users upon request of the Customer. EFA may retain aggregated or anonymized data as set forth below.
User Preferences with respect to cookies and other tracking technologies
Users can set their web browser to notify them about the placement of new cookies, limit the type of cookies or reject cookies altogether; if enabled, a User may not be able to use some or all of the features of the EFAB services (for example, may not be able to log in). General information about cookies and how to disable them can be found at https://cookiepedia.co.uk/all-about-cookies.
Various browsers may offer their own management tools for removing HTML5 LSOs.
Most modern web browsers give you the option to send a Do Not Track signal to the websites you visit, indicating that you do not wish to be tracked. However, there is no accepted standard for how a website should respond to this signal, and we do not take any action in response to this signal. Instead, in addition to publicly available third-party tools, we offer you the choices described in this policy to manage the collection and use of information about you.
4. Sharing User Information
In order to provide the EFAB services to its Customers, EFA shares data regarding Users with a number of third-party service providers. These third parties are contractually required to use User data solely as directed by EFA for the purpose of providing services to EFA. Administrators of existing Customers are able to access our list of current sub-processors on the left sidebar of this page while logged in to EFAB.
- Instructors who upload content on the EFA platform, as well as their teaching assistants, may receive names and account profile information of Users (excluding email addresses), to enable them to respond to user questions and feedback.
- Other service providers of Customer may receive information as instructed by Customer.
- To perform its services, EFA leases servers from data centers and uses cloud hosting services on which certain content and User data relating to EFAB is hosted.
- EFA’s help center platform vendor hosts and stores all communications between Administrators or Users and the EFA support team. The help center vendor is contractually required to store and process User related data solely as directed by EFA for the purpose of providing services to EFA. EFA also partners with a chat messaging vendor to provide support to Users and Administrators, to collect feedback, and to display in-app messages for feature announcements or onboarding new users.
- EFA shares User information with third-party companies that perform email services to enable EFA to send email communications to Users and to manage email preference settings of Users.
- EFA shares User information with third-party companies that perform data analysis services to enable EFA to better understand how Users use the EFAB service. These companies include Chartio, Google Analytics and Mixpanel. To prevent Google Analytics from collecting information for analytics, a User may install the Google Analytics Opt-Out Browser by clicking here, and may also use Mixpanel’s opt out by clicking here.
Any other sharing of User data is subject to the consent and instructions of Customer.
5. Processing of User Data outside of the EEA
If personal data processed by EFA originates from a User or Administrator in the EEA, EFA will ensure that such processing will only take place if: (a) the non-EEA country in question ensures an adequate level of data protection; (b) the transfer is made pursuant to a Data Processing Agreement (“DPA”) executed between EFA and the Customer and subject to the standard contractual clauses designed to facilitate transfers of personal data from the EEA to all third countries that have been adopted by the European Commission (known as the, “Model Clauses”), which have been incorporated into the DPA.
6. General
Translation for Convenience Purposes Only. In the event that Customer has been provided a translated version of the EFA Business Privacy Statement in a language other than English, that translation is provided for convenience purposes only. The English version of the EFAB Privacy Statement provided at https://www.EFA.com/terms/EFAB-privacy/ is controlling, and in the event of a conflict between the English version of this Privacy Statement and any translated version, the English version will prevail.