Last updated: August 18th, 2022
We reserve the right to modify this privacy statement with immediate effect.
Embark Corp (“Company,” “we,” “us”) is dedicated to ensuring data privacy and security for our users. We are fully committed to adhering to all global security and privacy frameworks governing the usage of our service by applicants and other types of users, including:
- European General Data Protection Regulation (see addendum)
- EU-U.S. Privacy Shield Principles
- US Federal and State regulations
You agree to this Privacy Policy, in its entirety, when you access or use our Website (embark.com) or share personal information with us.
1. Information We Collect
A. What you share with us
We collect information about you when you voluntarily provide us with information through school, fellowship, financial aid, or other Website forms. The information you may be requested to submit by our school and fellowship clients may include (but is not limited to): (1) Name, (2) Address, (3) Email Address, (4) Telephone Number, (5) Social Security Number [for US applicants], and (6) Date of Birth. We also might receive information from your communications with us through our Website, email or telephone. Should you explicitly indicate interest in a third-party product or service featured on our site, we will track your interest in this service.
B. What is automatically collected
For the purposes of improving our system performance, we may collect non-personally identifiable information such as your IP address (think of it as your address on the Internet so we can assess volume by country/region), cookies ( a small text file that Web sites can place on your hard drive to help remember your Username, as an example), computer settings (for example, what browser you are using), or analytics stats gathered by web tracking software.
C. Information provided by a Third Party Provider
As a benefit to our users, we integrate with third-party sites that provide information. An example would be an integration with Facebook so users can choose to log in via existing Facebook credentials instead of creating Embark credentials.
2. Use of information
We may share some or all of the information we collect, as described above, with affiliated organizations and companies and with third parties (i.e. non-affiliated companies).
Examples include sharing your data with the following:
- the institution or organization to which you are applying
- third-party service providers that can perform a service on your behalf, e.g. test score verification or our support ticketing platform for tracking applicant questions
- third-party service providers where you have indicated an explicit interest in their services
- third-party service providers as required by law, for example in response to a regulatory inquiry
Note that third-party web sites will operate under their own privacy policy, and users must choose whether to accept those terms. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield, Embark is potentially liable. Embark’s liability under this agreement will be governed by the contract in place between Embark and the third party, and the event giving rise to the damage.
3. Your Privacy Choices
Embark currently operates on a strict “opt-in” basis prior to sharing information with unaffiliated third parties not central to completing the application process. We consider this unlikely to change but, should we ever find a valid user benefit to shifting away from this model, we would provide the opportunity for users to “opt-out” via an unsubscribe link or contacting the support team.
4. Security
Embark takes your security seriously. While perfect security on the Internet is impossible to promise, we maintain physical, electronic, and procedural safeguards to protect the information you provide to us. We restrict access to this information to employees with a need to know this information to provide you with the benefit, assistance or service you request or would like to obtain, and to those employees that need the information to do their jobs.
5. Minors
Embark responds responsibly to site visitors who are minors and its application generally target an older audience. We adhere to US federal and state laws regarding visitors under 18 years of age (COPPA).
6. Data Access, Correction, and Removal
Individuals may access their data through the Embark portal using their unique login. If your personally identifiable information changes, or if you no longer desire our service, you can correct, update, or delete the information you have provided to us by contacting us at support at embark.com.
7. Contacting the Website
If you have any questions or comments, please don’t hesitate to contact us directly at privacypolicy@embark.com.
European GDPR and Privacy Shield Addendums
Embark complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union members countries and the United Kingdom. Embark has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, Embark commits to resolve complaints about your privacy and our collection or use of your personal information. Individuals from the European Union or United Kingdom with inquiries or complaints regarding this privacy policy should first contact Michael Turbe at: support@embark.com.
Embark has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.
Please note that if your complaint is not resolved through the aforementioned channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Embark is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Embark is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
GDPR Requirement | Embark Policy |
The identity and the contact details of the controller and data protection officer (where applicable | Embark’s controller and data protection officer is Michael Turbé, Embark’s engineering lead, who can be reached at support@embark.com. |
The purposes of the processing for which the personal data are intended as well as the legal basis for the processing, including the legitimate interests pursued by the controller | Embark’s typically processes personal data of applicants (often students) on behalf of institutions for the purposes of allowing these institutions to recruit, accept applications, |
The recipients or categories of recipients of the personal data, if any | |
Where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and how the transfer ensure adequacy of protection (i.e. which of the approved transfer mechanisms are used) | Embark uses Amazon’s global web hosting capabilities and personal data is currently stored in the United States. |
The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period | The storage period will be determined based on how helpful past data is for the current admissions cycle – for example, some clients like to compare year over year data or allow applicants who are re-applying to reference prior years’ applications. |
The existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability | Embark users may request through their institution the update or deletion of their personal data as well as an extract of the data they have provided. |
Where the processing is based on consent, the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal | Embark users may request through their institution the withdrawal of their consent, which would result in the deletion of their data, including any application, recommendation or associated documents shared with Embark via the cited institution. |
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data | Each client institution of Embark will note which elements of data, personal or otherwise, are required components of their application or other forms. |
The existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject | Each client institution of Embark will post on its own web site the eligibility requirements for its application, which may include age and other factors. |