COLLECTION OF INFORMATION
Personal Information. “Personal information” is information that identifies you and may include your name, address, email address, telephone or fax number, company name, IP address, any content you post in your resume or CV, and any other information you may provide to us that identifies you.
Sources of Personal Information. We collect Personal Information that you provide on an Advisory Board website or through other sources like postal mail, telephone, or fax. We may add this information to the information we have already collected from you via the Advisory Board websites in order to provide you with Advisory Board products and services and to improve the products and services we provide.
Member Information. If you or your organization is a member of an Advisory Board program and access the restricted, members-only area of an Advisory Board website, we may collect additional Personal Information relating to your participation in Advisory Board programs. For example, the Advisory Board may obtain information about your access and use of Advisory Board research materials, decision-support tools, and other online and offline offerings. Please note that we also collect Personal Information relating to you at the time you or your organization enrolled in an Advisory Board program or programs, as well as in the course of allocating and issuing to you your unique ID and password to access the members-only areas of Advisory Board websites. Please be aware also that others could view some of your Personal Information when you post a message to one of our online blogs in a members-only area of an Advisory Board website.
Advisory Board members also should be aware that, by participating in our online and offline networks and services, such as retreats, blogs, and other conferences, Personal Information about you and/or your individual employees might be made available or visible to other Advisory Board members throughout the world to facilitate intelligence sharing across our membership. If you are uncomfortable with this transfer of your or your individual employees’ Personal Information, you should not use those services.
If a member of an Advisory Board program provides us with identifiable information regarding the member’s patients, students, or employees to facilitate their use of an Advisory Board product or service, in compliance with the applicable laws, such data is also subject to any agreed upon restrictions in the written agreement between the member and the Advisory Board, such as those found in a Business Associate Agreement, as well as additional protections under other Advisory Board privacy and information security policies. If you have any questions regarding these additional policies, please contact our Compliance Officer, using the contact information listed below.
Information Collected Automatically. When you visit the Advisory Board websites, we automatically collect and analyze certain information about your computer. This information includes, but may not be limited to, the IP address used to connect your computer to the Internet, information about your browser type and language, the date and time you are accessing the website, the content of any undeleted cookies that your browser previously accepted from us, and the referring website address.
Cookies and other Technologies. We use various technologies to collect information about your and your organization’s activities on an Advisory Board website.
- Cookies. When you visit an Advisory Board website, we may assign your computer one or more “cookies.” A cookie is a small text file that contains information that can later be read by us to facilitate your access to the site and personalize your online experience. For example, when you sign into an Advisory Board website, we may record your user ID in a cookie file on your computer. In addition, through the use of a cookie, we may automatically collect information about your online activity on the Advisory Board website, such as the web pages you visit, the links you click, and the searches you conduct. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies by visiting the Help portion of your browser’s toolbar. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on the Advisory Board websites.
- Other technologies. We may use standard Internet technology, such as web beacons (also called clear GIFs or pixel tags) and other similar technologies, to deliver or communicate with cookies and track your use of Advisory Board websites. We also may include web beacons in e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer and measure the overall effectiveness of our online content, advertising campaigns, and the products and services offered through the site.
USE AND DISCLOSURE OF PERSONAL INFORMATION
Uses by the Advisory Board.
We use the Personal Information collected through Advisory Board websites for statistical and analytical purposes, for improving the Advisory Board websites, and for marketing purposes. Specifically, we use this information to provide you Advisory Board services and products, send you further information regarding the Advisory Board, and to better collect information that allows us to analyze and improve the features and performance of the Advisory Board websites and our other products and services. Unless you affirmatively elect not to receive (“opt out”) communications from us, Personal Information we collect from you may be used to respond to inquiries you submit to us; administer your membership and facilitate your access to Advisory Board resources and materials; send you general informative announcements, electronic newsletters, and marketing-related emails about us or our products and services or about members of Advisory Board programs or their products and services; and aid us in serving you better. At the bottom of every newsletter or general informative email we send you, you will be given the opportunity to opt out or unsubscribe from future email communications.
We may also share aggregate or anonymous information with third parties, including advertisers, investors and partners. This information does not contain any Personal Information and is used to develop content and services.
We may disclose any information we deem necessary, in our sole discretion, to comply with any applicable law, regulation, legal process, or government regulation.
The Advisory Board has implemented technical and organizational security measures to help protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Information. We review our systems regularly to help ensure that the security and integrity of Personal Information in our possession is not compromised. Unfortunately, no data transmission over the Internet can be guaranteed to be entirely secure, and we do not assume any liability for any damage suffered by you caused by the interception, alteration, or misuse of information during transmission that is outside of our reasonable control.
Within the Advisory Board, we restrict access to Personal Information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our programs and services. As described above, we subject our third party contractors and agents to contractual controls to help ensure that they apply suitable protections to any Personal Information they access or receive from us.
The Advisory Board websites contain business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect Personal Information from or about individuals under the age of 13 years other than from Advisory Board members that provide such information to us as part of an Advisory Board program. If we discover that we have received Personal Information from an individual whom we believe to be under the age of 13 in some other manner, we will delete such information from our systems.
EUROPEAN UNION SAFE HARBOR
The U.S. Department of Commerce and the European Commission have developed a “safe harbor” framework of data protection principles (“Safe Harbor”). This Safe Harbor is designed to provide U.S. organizations with a means to satisfy the European Union’s legal requirement that adequate data protections be afforded to personally-identifiable information transferred from the European Union to the United States. An “identifiable person” is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. This Policy sets forth the principles and standards that govern the collection and use of Personal Information received from the European Union (“EU”).
The Advisory Board has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, access, security, data integrity, and enforcement, which are published by the Department of Commerce. For more information on the Safe Harbor program or to view the Advisory Board’s certification, please see http://www.export.gov/safeharbor/.
Where the Advisory Board collects Personal Information directly from individuals in the E.U., we will inform them about the purposes for which we collect and use personal information about them; the types of non-agent third parties to which we disclose that information; the choices and means, if any, we offer individuals for limiting the use and disclosure of personal information about them; and how to contact us.
Where the Advisory Board collects Personal Information directly from individuals in the E.U., we will offer individuals the opportunity to choose (“opt out”) whether their Personal Information will be disclosed to a non-agent third party or used for a purpose incompatible with the purpose for which the Personal Information was originally collected or subsequently authorized by the individual. For “sensitive information,” i.e., Personal Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual, affirmative or explicit choice (“opt in”) must be given if the information is to be disclosed to a non-agent third party or used for a purpose other than its original purpose or the purpose subsequently authorized by the individual.
If we transfer Personal Information received from the E.U. to a non-agent third party, the Advisory Board will comply with the notice and choice principles as described above. When we transfer such Personal Information to a third party that is acting as our agent, we will obtain assurances that the third party agent 1) subscribes to these U.S.-E.U. Safe Harbor Privacy Principles, 2) is subject to the EU Data Protection Directive or another adequacy finding; or 3) enters into a written agreement with us requiring the third party agent to provide at least the same level of privacy protection as we are required to provide by the relevant U.S.-E.U. Safe Harbor Privacy Principles.
Upon request, the Advisory Board will grant individuals reasonable access to Personal Information about them that we hold to enable them to correct, amend, or delete information that is demonstrated to be inaccurate. We will grant such access in a reasonably timely manner but reserve the right to deny or limit such access where the burden or expense of providing the access would be disproportionate to the risks to the individual’s privacy in the case in question or where the rights of persons other than the individual would be violated.
The Advisory Board will take reasonable precautions to protect Personal Information received from the E.U. from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
The Personal Information requested and received by the Advisory Board from the E.U. must be relevant for the purposes for which it was collected or subsequently authorized by the individual. We will take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
The Advisory Board will conduct periodic training for members of our workforce with access to Personal Information received from the E.U. to enhance awareness of the U.S.-E.U. Safe Harbor Principles. In addition, we will conduct periodic reviews of our relevant privacy practices to verify adherence to this Policy. Any workforce member that we determine is in violation of this Policy will be subject to disciplinary action up to and including termination of employment.
Individuals who wish to file a complaint or dispute regarding their Personal Information received from the E.U. should direct such communications to the Advisory Board via http://advisory.alertline.com. The Advisory Board will investigate and attempt to resolve complaints and disputes regarding the use and disclosure of Personal Information in accordance with the principles set forth in this Policy.
For disputes within jurisdictions that have established data protection authorities overseeing the processing of Personal Information that are willing to assist in the resolution of complaints, the Advisory Board is committed to working with these authorities to resolve any complaint and to complying with their decisions in such cases. In jurisdictions where there is no data protection authority available to provide dispute resolution, we identified and will utilize an independent alternative dispute resolution mechanism administered by the American Arbitration Association (AAA) (www.adr.org).
COMMENTS AND COMPLAINTS
The Advisory Board Company
2445 M Street N.W.
Washington, DC 20037
We will make reasonable efforts to address the concerns of any individual who objects to the use of his or her Personal Information.
CHANGES TO THIS POLICY
Revised: Aug. 18, 2014