Privacy Notice

  PRIVACY STATEMENT  

-  ExEd Hub - 

At Central European University (address: 224 West 57th street, New York, NY 10019, USA and Quellenstrasse 51, 1010 Vienna, Austria) and Central European University Private University (seat: Quellenstrasse 51, 1010 Vienna, Austria) (hereinafter collectively referred to as Joint Data Controllers) we place great emphasis on the protection of your personal information and compliance with the applicable data privacy requirements, including specifically the EU General Data Protection Regulation (GDPR)[1]. This Privacy Notice relates to the collection, use, transfer and retention of your personal data in the course of application to an executive degree or CEU PU certificate program or any promotions related to these programs. 

 1.Who are we and what do we do?

Central European University (CEU) is a graduate institution of advanced research and teaching, dedicated to socially and morally responsible intellectual inquiry.The Universityis accredited by the Middle States Commission on Higher Education in the United States with a teaching site in Vienna.

Central European University Private University (CEU PU) is established in Vienna under the Austrian Federal Act on Private Universities.

OSUN ExEd Hub develops innovative and experiential executive education degree and non-degree certificate programs that are focused on the most critical leadership skills and behaviors needed in today’s world, across different subject areas.

2,Identity and contact details of the Joint Data Controllers

Central European University, and Central European University Private University qualify as joint data controllers according to Article 26 of the GDPR (the “Joint Data Controllers”).

Central European University

224 West 57th street, New York, NY 10019, USA

 

Central European University Private University

Quellenstrasse 51, 1010 Vienna, Austria

 

E-mail: privacy@ceu.edu

3.     What is the purpose and legal basis of processing your data?

 

Data category

Purpose of data processing

 

Category of personal data

Storage time

Legal basis

 

Central European University

Legal basis

 

Central European University PU

Promotional activity

 

 

 

 

 

1. Online or hard copy inquiry form

Collecting personal data of prospective students in order to send them brochures or other material of interest via e-mail

• First Name

• Last Name

• E-mail address

• Phone number

• Field of interest

• Program of Interest

•preferred program start

• years of work experience

• title

•employer
• country of residence

data deleted at the end of the month when the promotional material was sent

Legitimate interest of the data controller

Legitimate interest of the data controller

2. Registration for webinars, events

•Providing information on events to interested people

 

 

• First Name

• Last Name

• E-mail address

• date and type of event

 

• video recording of the event

8 days after the event

 

 

 

• 3 years after publication of the recording

Legitimate interest of the data controller

Legitimate interest of the data controller

3. Sending newsletters and follow-up e-mails

•Sending personalized communications to prospective students and applicants based on their activity and interest

•promoting events for the general public on the internet or via e-mail

• data listed in 1., 2.,

• data on the time of delivery and opening of e-mail, click behaviour,

until consent withdrawal

Consent of the data subject

Consent of the data subject

4.Referral form

Used by external partners (NGOs, student and other organizations, academic partners, agents, local area coordinators)

•Collecting personal data of prospective students for creating a database in order to send them personalized

communications

• Recruiting candidates for our academic degree programs and non-degree programs via their network

 

First Name

• Last Name

• E-mail address

• Phone number

• Field of interest

• Program of Interest

•preferred program start

• years of work experience

• title

• employer
• country of residence

 

 

Legitimate interest of the data controller

 

Legitimate interest of the data controller

 

5. External partner contacts (administration of partner information: contacts for NGOs, student and other organizations, academic partners, agents, local area coordinators)

• Communicating with partners about our programs.

 

• First Name

• Last Name

• E-mail address

• Phone number

• title

 

 

Legitimate interest of the data controller

 

Legitimate interest of the data controller

 

6. Direct questions via e-
mail
(direct inquiries coming
in via e-mail: exedhub@ceu.edu)

• Responding
questions occurred
in the email

• First Name
• Last Name
• E-mail address
• Content of the
e-mail

It may
occur

Legitimate interest
of the
data
controller

Legitimate interest
of the
data
controller

 

Remarketing and behavioral targeting related to the use of https://exed.ceu.edu/

We use conversion tracking and remarketing tools provided by different service providers in order to show you individualized advertising messages (e.g., in search results, in videos, on web pages, within other online content or services) and to measure the performance of advertisements placed on websites collaborating with them as advertising partners. For these purposes data are collected by the service providers e.g. which websites the user has visited, what content he/she is interested in and which offers the user has clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer or other information that they might find of relevance. It is our legitimate interests the analysis, optimization and economic operation of our website and advertising activity for the operation and promotion of our services.

Google Ads Remarketing (Google Inc.)

Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on the location is accessed from, that connects your activity on https://exed.ceu.edu/ with the Google Ads advertising network. Google will truncate your IP address before analysis of the usage statistics, which means that conclusions cannot be drawn as to your identity by us. 

You can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.

 

Facebook Custom Audience (Facebook, Inc.)

Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025, USA that connects your activity on https://exed.ceu.edu/  with the Facebook advertising network. If you are a member of Facebook and have made the appropriate privacy settings on your Facebook account, Facebook will also be able to associate the information stored with us about your visit with your personal account, which it can use for the targeted display of Facebook Ads.

Facebook Pixel (Facebook, Inc.)

Facebook Pixel is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. that connects the your activity on https://exed.ceu.edu/  with the Facebook advertising network.

Any time you can change the Privacy Settings for your Facebook profile.

Place of processing: US – Privacy Policy – Opt Out.

 

Displaying content on https://exed.ceu.edu/ from external sites (plug-ins)

This type of services allows you to view content/access services hosted on external sites directly from our webpage and interact with them. This type of service might still collect web traffic data for the pages where the content/service is installed, even when Users do not use them.

It is our legitimate interests  the analysis, optimization and economic operation of our website in order to integrate their content and services, such as videos and maps or social media buttons (Facebook  SHARE / Follow us, LinkedIn) (hereinafter also referred to as "Plug-Ins").

These services usually require the third-party providers to be aware of the IP address and they may also use tools for collection of data for statistical and marketing purposes, or technical information about the browser and operating system, referring websites, visiting time and other details about the use of our site. If the visitor to our website is simultaneously logged in to third-party applications, the respective third-party provider can assign the visit to our website to the visitor. When users interact with the plug-ins, the corresponding information from your device is transmitted directly to the third-party provider and stored there. When you visit one of our sites equipped with a plugin, a connection to the provider’s servers is established.

 

Our website uses plugins/buttons or functions and contents of the

  • "YouTube" platform and the "Google Maps" service (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Place of processing: US – Privacy Policy.
  • Vimeo (Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA) Place of processing: US – Privacy Policy.
  • Facebook button (Facebook Ireland Ltd, 4
  • Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Twitter (Twitter, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
  • Instagram (Instagram Inc,1601 Willow Road, Menlo Park, CA, 94025, USA)
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland).

 

4.     Who receives your information?

The Joint Data Controllers work closely together to provide a coordinated approach. Any transmission of data between the Joint Data Controllers and their internal units is managed through agreed processes which comply with relevant data protection legislation.

Unless we have a legal obligation to do so, we will not disclose your data to individuals, organizations, or other entities outside the universities other than those who are acting as agents and data processors working on our behalf.

For the purposes set out above, we may need to pass your information to our third-party service providers, agents, and subcontractors, for the purposes of completing tasks and providing services to you on our behalf. However, with all external entities with whom data is shared, we share only those data needed to perform the specific service and require a data processing contract to be signed before any data transfer—requiring them to keep your information secure and not to use it for their own purposes.

Specific third parties acting as data processors we work with include:

  • Közép-európai Egyetem: Qualifies as data processor of Central European University and Central European University Private University.
  • Microsoft Office 365: Based in the US, with our data stored within EU in datacenters located in Amsterdam and Dublin. Software as a Service which provides our email and document management.
  • TargetX.com LLC (relying onSalesforce - SFDC Ireland Limited, 394272 3rd and 4th Floor, 1 Central Park Block G, Central Park, Leopardstown, 18 Dublin, Ireland): Located in  Watertown Office Liaison International 311 Arsenal Street, Suite 5600, Watertown, MA  02472
    617-926-0504) is a global provider of software and services to event registration, e-mail campaigns, inquiry forms..

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5.What are your rights?

 You have the right:

  • to access your personal information – you can obtain a confirmation that we are processing your data and information how we process it. We suggest that you make a request in writing. 
  • to object to the processing of your personal information – this allows you to ask us to stop processing your data at any time. Where we rely on legitimate interest, you must give specific reasons why you are objecting the processing of your data. In this case this is not an absolute right, we can demonstrate compelling legitimate grounds for processing, which override your interests, rights and freedoms. Where we are processing personal data for scientific or historical research, or statistical purposes, you only have a right to object if our lawful basis for processing is legitimate interest.
  • to rectify – you have a right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • to erase (also known as the right to be forgotten) – in certain circumstances you can ask for the data we hold about you to be erased from our records. Your personal data will be erased where the data are no longer needed for their original processing purpose, or you have withdrawn your consent and there is no other legal ground for processing, or you have objected and there are no overriding legitimate grounds for the processing, or erasure is required to fulfill a statutory obligation under the EU law or the right of the national law.
  • to request data portability – you can ask to have the data we hold about you transferred to another organisation.
  • to restrict processing your personal information – where certain conditions apply, you have a right to restrict the processing of your personal information.
  • to withdraw your consent at any time – without affecting the lawfulness of processing based on consent before its withdrawal.

 

If you wish to exercise any of these rights, please email privacy@ceu.edu or write to us at

Quellenstrasse 51, 1010 Vienna, Austria

We will make every effort to fulfill your request to the extent allowed by law and will respond in writing within 25 days of receiving your request.

Should you wish to request help from the relevant national authority, the details are as follows:

Österreichische Datenschutzbehörde

Barichgasse 40-42,

1030 Vienna

Austria/Europe

Telephone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

Web: https://www.data-protection-authority.gv.at/

In addition to the legal remedy, you have the right to apply to the court against the activities of the Joint Data Controller.

6.     Security of your Information

We are committed to holding your data securely and treating it with sensitivity. All data are held securely and in accordance with the relevant data privacy laws and our internal policies. We do not sell to or trade your data with any other organizations.

Although most of the information we store and process stays within Austria and Hungary, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partners’ servers are located in a country outside the EEA (see above: data processors). Where these countries do not have similar data protection laws to the European Union, we will take steps to make sure they provide an adequate level of protection in accordance with EU data protection law.

7.Future Changes

If we modify this Privacy Notice at some time in the future, we will post the new version on our website.

Last updated on: February 15, 2022


[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.