CEB Privacy Policy

CEB Inc. ("CEB", “we” or “us”) is committed to protecting your personal information.

This Privacy Policy (the "Policy") explains how we collect and use personal information that you provide: via our public website www.cebglobal.com and our member-based websites (which are listed on our public website) (the "Sites"); through our CEB mobile application (“CEB App”); or offline when participating in any Member Program run by CEB, including the CEB International Executive Forums operated by the CEO Forum Group. The Sites do not include our CEB Iconoculture website, which is subject to its own privacy policy. The Policy applies to all Sites and services where the Policy is posted.

This Policy also applies to information we collect from you and/or your employer via our survey tools. Depending on where you are resident, you may be shown a confidentiality notice before participating in a survey. Please note that in cases where the terms of any such survey-specific confidentiality notice conflict with any terms in this Policy, the survey-specific terms will take precedence over the terms in this Policy.

If you participate in the Shared Services Leadership Council, please refer to the information in this section below for Shared Services-specific terms.

Personal information collected via our Talent Management assessment systems is not covered by this Privacy Policy and will be governed by the terms of the specific Data Protection Notice (“DPN”) shown at the beginning of each assessment.

Please read this Policy before you provide any personal information to us. By using our Sites, CEB App, survey tools or participating in our Member Programs and Shared Services Leadership Council, you consent to the collection and use of your personal information as outlined in this Policy. If you do not agree with the content of this Policy, you should not provide us with any personal information.  

Who We Are

The Sites are owned and operated by CEB Inc, which has its principal place of business at 1919 North Lynn Street, Arlington, Virginia 22209, USA. More information about CEB, its subsidiaries and affiliates, and its network of Programs can be found at www.cebglobal.com. A full list of CEB offices, subsidiaries, and affiliates can be found here.

The Data Controller is CEB Inc of 1919 North Lynn Street, Arlington, Virginia 22209, USA.

Please note that when we perform surveys at the specific request of your employer, the Data Controller is your employer.

Contents

•    Information We Collect
•    CEB Shared Services
•    How We Use Information We Collect
•    Choices About Use of Your Information
•    Disclosure of Information
•    International Transfers of Personal Information
•    Access to Personal Information
•    Information Security
•    Other Websites
•    Questions, Complaints, and Dispute Resolution
•    Children
•    Changes to This Policy

Information We Collect

Information We Collect From You or Your Employer. Information we collect from you or your employer may include your name, business or personal email address, job title, organization, organization’s physical address, direct telephone number, photograph, and biographical details. You may need to provide certain types of information (e.g., email address) to register as a member, submit a question, participate in a survey, or engage in other transactions on our Sites or via the CEB App.

You may use the send-to-colleague functionality on some of our Sites or the CEB App to send your colleagues information from CEB or its subsidiaries. In order to fulfill this request, we will ask you for your and your colleagues' names and email addresses. We do not retain this data after the email is sent. Please be aware that your name and e-mail address may be included in the communication sent to your colleague.

Restricted Areas. If you access the Restricted Areas of any of our Sites (via browser or the CEB App), we may collect information about your access to and use of research materials, decision-support tools, and other online and offline resources we offer.

My Favorites. The My Favorites feature of the Member websites allows Members to save content available to the Member’s Favorites list, add labels, tags, and notes to saved content, and share content and notes with, and receive content and notes from, other members. We may review information about your use of My Favorites, including the content you save, folders you create, any tags, labels, or notes you add to your saved content or folders you have created, and any content that you share, and use such information to recommend content, tools, or other CEB services we think may be of interest to you. Information about your use of My Favorites will only be accessible to CEB and will not be visible to or otherwise shared with other CEB Members unless you choose to share it.  

Information from other sources. We also may periodically obtain information about you from other sources. The collection of such information will be in accordance with applicable privacy laws. Examples of information we may receive include updated contact information and additional demographic information. Please note that we may have previously collected personal information relating to you at the time you or your organization enrolled in a Program run by CEB or any of its subsidiaries, as well as in the course of allocating and issuing to you a unique ID and password to access the Restricted Areas of our Sites.

Information collected automatically. When you visit the Sites, we automatically collect and analyze certain information. This information includes your IP address, information about your browser type and language, the date and time you are accessing our Sites, the content of any undeleted cookies that your browser previously accepted from us, and the referring website address.

When you access our content via the CEB App, the app will store an authentication token so you will not need to login every time.

Use of cookies and other technologies. We use various technologies to collect information about your activities on our Sites.

  • Cookies. When you visit our Sites, we may assign your computer one or more "cookies." A cookie is a small text file containing information that can we can read later to facilitate your access to our Sites and personalize your online experience. For example, whenever you sign into our Sites, we will record your user ID (and password, if you check the “Save this password for automatic sign in box”) in a cookie on your computer. We may also use cookies to collect information about your activity on our Sites, such as the pages you visit, links you click, and searches you conduct. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies by visiting the Help section of your browser’s toolbar. If you choose to decline cookies, you may not be able to sign in or use some of the interactive features offered on the Sites. More detailed information on our use of cookies can be found here.
  • Other Technologies. We may use standard Internet technologies, such as web beacons (also called clear GIFs or pixel tags), locally stored objects (often referred to as “flash cookies”) and other similar technologies, to deliver or communicate with cookies and track your use of our Sites. We may include web beacons in e-mail messages or newsletters to track whether you open the messages. We use this information to customize our services and measure the overall effectiveness of our online content, advertising campaigns, and products and services we offer through the Sites. Flash cookies operate differently than browser cookies, and cookie management tools available in a web browser will not remove flash cookies. To learn more about how to manage flash cookies, you can visit the Adobe website and make changes at the Global Privacy Settings Panel.

Information Collected by Third Parties. Third parties, such as vendors, advertising entities, and business partners, may use cookies and other technologies described above to collect information about your online activities. The purposes for collecting this information include measuring usage of our Sites and analyzing, modifying, and personalizing content on our Sites. We do not have access to or control over cookies or other features these third parties may use, and the information practices of these third parties are not covered by this Privacy Policy. Some of these third parties may be third-party network advertisers that offer you the option of not having this information collected. For more information about these practices and how to control how these companies use your information, please visit the following links: http://www.networkadvertising.org/choices/ or http://www.aboutads.info.

CEB Shared Services

The CEB Shared Services Leadership Council (“Shared Services”) prides itself in facilitating members’ connections with one another. If you use the Shared Services site, you agree to provide and share with other Shared Services users certain pieces of contact information which may include your name, job title, organization's name, business email address, phone number, and your business address.

Shared Services encourages members to participate in surveys, including Process Surveys and ASK Questions. If you participate in a Process Survey, your company name will be attributed to the quartile in which your response to the question falls and/or your response to the question. If you use the ASK question feature, your company name and individual name will attributed to that question. If you respond to an ASK Question, your company name and individual name will appear next to your response, and/or to any comments that are added to an ASK question.

How We Use The Information We Collect

We use the information we collect about you for the following purposes, including:

  • for the purposes for which you provided the information;
  • to respond to your inquiries and to determine which Programs and services will help you achieve your business goals;
  • to administer your membership in any of our Programs and facilitate your access to the Sites and CEB materials;
  • to attribute content that you make available through the Sites;
  • to communicate with you about surveys, marketing, promotions, executive-oriented events, educational forums, and other exclusive opportunities offered by CEB and its subsidiaries, partners, and affiliates, including information about other Programs in which you may be interested (for further details, please see the section “Choices About Your Information” below);
  • to customize the content you see;
  • to engage in research and analysis in order to maintain, protect and improve our Programs, products, and services, as well as develop new products and services;
  • to enforce the legal terms that govern your use of the Sites; and
  • to ensure the technical functioning of the Sites.

Member Profiles. On some of our Sites, you may be able to create an online profile, which may include information about your job title, employer, and your experience in different areas.  This profile enables other Members participating in the Member program to determine whether your background and expertise might make you a useful contact on a particular issue. You can choose how much, if any, of your profile information is displayed in Member listings or when you post discussion messages in the Discussion areas, and whether to make your information searchable by other Members in your particular Member program. When you create an online profile and choose to (i) display any of your profile information in the Member listings or when you post discussion messages; or (ii) make your profile information searchable by other Members; you acknowledge and agree that you are making that information about you available to other Members who might use that information to contact you via messages sent through the Sites to obtain the benefit of your expertise.

Discussions. In the event that you post personal information in discussion forums or other areas of the Sites allowing users to upload or post content, please note that this information can be viewed by any user with access to those areas.

Choices About Use of Your Information

We believe that it is important to give you choices about the use of your information. We will use your information as described in this Policy or any service-specific privacy or data protection notice. If we want to use your personal information for a purpose not described in this Policy, we will first obtain your consent to do so.

Marketing Communications: We will respect your wishes not to receive, or to stop receiving, marketing communications. You can change your marketing preferences by contacting us as described below. If you provided us with your email address in order to receive such communications, you can opt out at any time by using the unsubscribe links or instructions at the bottom of our emails. Please note that we will continue to send you service-related communications regardless of any such request. We will not share or sell your information and personal details with third parties (for the avoidance of doubt, other than subsidiaries and/or affiliates) for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.

California Online Privacy Protection Act Notice Concerning Do Not Track Signals: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We do not recognize or respond to browser-initiated DNT signals, as the industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT. To learn more about Do Not Track, you can do so here.

Disclosure of Information

Utilization information. We may share information with our organizational Members about how their employees use the Sites and the resources available to them through the Sites (e.g. how employees used certain features of the Sites, utilization trends, which features were most popular with the Member’s employees.)

We may share your information with third-party companies or individuals in the following instances:

  • When we engage service providers and third-party agents to process personal information on our behalf. When we do so, we contractually require these service providers to implement adequate security and privacy measures to ensure that your personal information will be appropriately protected and only used for the purposes of performing the services for us.
  • In response to subpoenas, court orders, or other legal process (including for national security and law enforcement purposes); to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases we reserve the right to raise or waive any legal objection or right available to us.
  • When we believe it is appropriate to investigate, prevent, or take action regarding illegal or suspected illegal activities; to protect and defend the justified rights, property, or safety of CEB or its subsidiaries, our customers, or others; and in connection with our Terms of Service and other agreements.
  • In connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, including any pre-transaction diligence, or in the unlikely event of bankruptcy.

We also may share aggregate or anonymous information with third parties, including advertisers, investors, and partners. Aggregate or anonymous information does not contain any personal information and its use and disclosure is not subject to the terms of this Policy.

International Transfers of Personal Information

We operate the Sites in the United States and, depending on your country of residence, the submission of personal information to our Sites may involve the transfer of personal information to the United States.

In addition, we may transfer personal information to our subsidiaries or affiliated companies and service providers and/or third party agents in various countries, including the United Kingdom, India, Australia, Canada, Germany (and other EU Member States), Singapore, or South Africa for certain processing operations. You should be aware that privacy laws in these countries may not provide protections equivalent to those of your country of residence.

All CEB entities have signed an Intragroup Agreement containing the European Union (“EU”) Commission Approved Standard Contractual Clauses for the transfer of data outside the European Economic Area. All CEB entities have the same technical, physical, and administrative security controls and are required to comply with our data protection policies and procedures, applicable laws, and the terms of our client and member contracts governing the collection and use of personal information.

CEB Inc. and its wholly-owned subsidiary SHL US, LLC comply with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries, and are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. CEB Inc and its wholly-owned subsidiary SHL US, LLC adhere to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  

CEB’s accountability for personal information that we receive under the Privacy Shield and subsequently transfer to a third party is described in the Privacy Shield Principles. In particular, we remain responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process the personal information on our behalf do so in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

More information about the Privacy Shield program can be found at https://www.privacyshield.gov/.

Access to Personal Information

In some cases, you may directly access your online profiles and other personal details, and amend, update or add information yourself at any time by logging into your account.

You may request access to any personal information that we hold about you, ask us to correct any personal information which may be inaccurate, and/or ask us to block or delete such information and object to the processing of personal data except where the law requires otherwise. Please note that in cases where your employer is the Data Controller of such information, we will need to obtain their permission before making such changes. To access, correct or raise inquiries concerning your personal information in our possession, please email us at privacy@cebglobal.com or contact:

Global Data Protection Officer
CEB
1919 North Lynn Street
Arlington, Virginia 22209, USA

We may require you to prove your identity with approved identification.

We will retain your personal information for as long as needed to provide you with any services which you request. We will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

California Residents

California Civil Code Section 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e­mail to privacy@cebglobal.com

Information Security

We have implemented reasonable technical and organizational security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of information. Unfortunately, no data transmission over the Internet can be guaranteed to be entirely secure, and we cannot and do not guarantee or warrant the security of any information that you transmit on or through our Sites or the CEB App or that we otherwise maintain.

We make reasonable efforts to restrict access to personal information to only those employees, contractors, and agents who need to know that information in order to operate, develop, or improve our Programs, products, and services. We subject our third-party agents to contractual controls to ensure that they appropriately protect and use any personal information they access or receive from us.

Please note that the effective security with respect to our Sites depends, in part, on you ensuring that any IDs and passwords that you have been issued by us are kept confidential and secure and that you adhere to the restrictions on password and ID-sharing set forth in our Terms of Service.

Other Websites

To provide increased value to you, we may provide links to other websites or resources that are not part of the network of Programs, products, or services run by CEB or its subsidiaries. We do not exercise control over these websites or their privacy practices, and any information you provide to those sites is subject to the Privacy Policies of those sites and not this Policy.

Questions, Complaints and Dispute Resolution

If you have any questions about this Policy or how CEB processes your personal information, please email us at privacy@cebglobal.com or contact us at:

CEB
Attn: Global Data Protection Officer
1919 N. Lynn St.
Arlington, VA 22209

Any complaints about our adherence to the practices described in this Policy should first be addressed to CEB’s Global Data Protection Officer at privacy@cebglobal.com.

We agree that any disputes regarding our privacy policies and related actions regarding personal information from data subjects in the EU can be heard by the European Data Protection Authorities (“DPAs”) or the Swiss Federal Data Protection and Information Commissioner, and we will be subject to the determinations of those bodies (as further explained in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA. In certain circumstances after they have first tried to resolve the dispute directly with us and with the European Data Protection Authorities, data subjects in the EU may be able to invoke binding arbitration of disputes by the Privacy Shield arbitration panel.

Formal complaints regarding our data protection practices and related actions regarding personal information from countries outside the EU may be addressed directly to the data protection authority in your country.

Children

Our Sites contain business-related content and are specifically aimed at and designed for use by adults. We do not knowingly solicit or collect personal information from or about individuals under the age of 18 years.

Changes to This Policy

This Policy may change from time to time. If we make any changes to this Policy, we will post any Policy changes on this page. Where we make any material changes to this Policy, we will provide a more prominent notice. Your continued use of our Sites following such posts or notices will signal your acceptance of such changes.

Last Updated: October 2016