Privacy Policy

Last updated: March 15th, 2018

Embark Corp (“Company,” “we,” “us”) is dedicated to ensuring data privacy and security for our users. We are fully committed to adhering to all global security and privacy frameworks governing the usage of our service by applicants and other types of users, including:

You agree to this Privacy Policy, in its entirety, when you access or use our Website (embark.com) or share personal information with us. We reserve the right to modify this privacy statement with immediate effect.

1. Information We Collect

A. What you share with us

We collect information about you when you voluntarily provide us with information through school, fellowship, financial aid, or other Website forms. The information you may be requested to submit by our school and fellowship clients may include (but is not limited to): (1) Name, (2) Address, (3) Email Address, (4) Telephone Number, (5) Social Security Number [for US applicants], and (6) Date of Birth. We also might receive information from your communications with us through our Website, email or telephone. Should you explicitly indicate interest in a third-party product or service featured on our site, we will track your interest in this service.

B. What is automatically collected

For the purposes of improving our system performance, we may collect non-personally identifiable information such as your IP address (think of it as your address on the Internet so we can assess volume by country/region), cookies ( a small text file that Web sites can place on your hard drive to help remember your Username, as an example), computer settings (for example, what browser you are using), or analytics stats gathered by web tracking software.

C. Information provided by a Third Party Provider

As a benefit to our users, we integrate with third-party sites that provide information. An example would be an integration with Facebook so users can choose to log in via existing Facebook credentials instead of creating Embark credentials.

2. Use of information

We may share some or all of the information we collect, as described above, with affiliated organizations and companies and with third parties (i.e. non-affiliated companies).

Examples include sharing your data with the following:

  • the institution or organization to which you are applying
  • third-party service providers that can perform a service on your behalf, e.g. test score verification or our support ticketing platform for tracking applicant questions
  • third-party service providers where you have indicated an explicit interest in their services
  • third-party service providers as required by law, for example in response to a regulatory inquiry

Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms.  In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.

3. Your Privacy Choices

Embark currently operates on a strict “opt-in” basis prior to sharing information with unaffiliated third parties not central to completing the application process. We consider this unlikely to change but, should we ever find a valid user benefit to shifting away from this model, we would provide the opportunity for users to “opt-out” via an unsubscribe link or contacting the support team.

4. Security

Embark takes your security seriously. While perfect security on the Internet is impossible to promise, we maintain physical, electronic, and procedural safeguards to protect the information you provide to us. We restrict access to this information to employees with a need to know this information to provide you with the benefit, assistance or service you request or would like to obtain, and to those employees that need the information to do their jobs.

5. Minors

Embark responds responsibly to site visitors who are minors and its application generally target an older audience. We adhere to US federal and state laws regarding visitors under 18 years of age (COPPA).

6. Data Access, Correction, and Removal

Individuals may access their data through the Embark portal using their unique login. If your personally identifiable information changes, or if you no longer desire our service, you can correct, update, or delete the information you have provided to us by contacting us at support at embark.com.

7. Contacting the Website

If you have any questions or comments, please don’t hesitate to contact us directly at privacypolicy@embark.com.

European GDPR Addendum

 

GDPR Requirement

Embark Policy

The identity and the contact details of the
controller and data protection officer (where applicable

Embark’s controller and data
protection officer is Michael Turbé, Embark’s engineering lead, who can be reached at support
at embark.com.

The purposes of the processing for which the
personal data are intended as well as the legal basis for the processing,
including the legitimate interests pursued by the controller

Embark’s typically processes personal
data of applicants (often students) on behalf of institutions for the
purposes of allowing these institutions to recruit, accept applications,
evaluate, and enroll applicant
s. See section above on “Use of Information” for other
categories of use.

The recipients or categories of recipients of the
personal data, if any

Where applicable, the fact that the controller
intends to transfer personal data to a third country or international organisation and how the transfer ensure adequacy of
protection (i.e. which of the approved transfer mechanisms are used)

Embark uses Amazon’s global web hosting
capabilities and personal data is currently stored in the United States.

The period for which the personal data will be
stored, or if that is not possible, the criteria used to determine that
period

The storage period will be determined based on
how helpful past data is for the current admissions cycle – for example, some
clients like to compare year over year data or allow applicants who are
re-applying to reference prior years’ applications.

The existence of the right to request from the
controller access to and rectification or erasure of personal data or
restriction of processing concerning the data subject or to object to
processing as well as the right to data portability

Embark users may request through their
institution the update or deletion of their personal data as well as an
extract of the data they have provided.

Where the processing is based on consent, the
existence of the right to withdraw consent at any time, without affecting the
lawfulness of processing based on consent before its withdrawal

Embark users may request through their
institution the withdrawal of their consent, which would result in the
deletion of their data, including any application, recommendation or
associated documents shared with Embark via the cited institution.

Whether the provision of personal data is a
statutory or contractual requirement, or a requirement necessary to enter
into a contract, as well as whether the data subject is obliged to provide
the personal data and of the possible consequences of failure to provide such
data

Each client institution of Embark will note
which elements of data, personal or otherwise, are required components of
their application or other forms.

The existence of automated decision-making,
including profiling, meaningful information about the logic involved, as well
as the significance and the envisaged consequences of such processing for the
data subject

Each client institution of Embark will post on
its own web site the eligibility requirements for its application, which may
include age and other factors.