Privacy Policy | General Assembly

About General Assembly

General Assembly Space, Inc a Delaware corporation, (and/or its applicable affiliated subsidiary companies) (“Company”, “we” or “us”) is committed to protecting and respecting your privacy while visiting this website.

At General Assembly we recognise that the collection, processing, use and/or disclosure of personal data has important implications for us and for the individuals whose personal data we process. Most of our offices operate in countries which regulate the collection, use, processing, and impose restrictions on overseas transfers of personal data. To ensure that we handle personal data properly, we have adopted a global approach to privacy compliance.

Within the Company, our Data Privacy team oversees compliance with data protection laws and regulations. If you have any questions about this notice, please contact our Global Head of Data Privacy by emailing privacy@ga.co. To submit a request to exercise your rights please click here.

1. Purpose and Applicability

This “Privacy Policy” or “Notice” (together with other documents referred to herein) describes what Personal Information (as defined below) we collect from you, and how we collect, use and process it. This privacy policy is incorporated by reference into the General Assembly Terms of Use and GA Talent GAT Terms of Use.. Please read this Privacy Policy and our Terms of Service carefully. When you submit or provide Personal Information to us, you consent to the collection, use and disclosure of your Personal Information as described in this Privacy Policy. This Privacy Policy also applies to our data collection practices conducted offline. Your use of our website and/or services will be subject to the Privacy Policy then in effect.

Our website is not intended for the use by children and we do not knowingly collect data relating to children.

It is important that you read this Privacy Policy together with any other privacy or fair processing documents we may provide on specific occasions (e.g. when you instruct the Company) when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. In the event of conflict between this Privacy Policy and any other document, the provisions of this Privacy Policy shall control.

To exercise any of your rights related to your personal information, please fill in this form.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, PLEASE DO NOT USE OUR WEBSITE AND ONLINE SERVICES AND DO NOT PROVIDE US WITH YOUR PERSONAL INFORMATION.

In case you:

have any questions or concerns regarding this Privacy Notice,
would like further information about how we protect your information (for example when we transfer it outside your country), or
want to contact the local Privacy Lead,

please email privacy@ga.co or contact us at “Contact us”.

2. What personal information does the Company collect and use?

We collect and use personal information to provide you with the best user experience, which we have grouped together as follows:

Identity information:	Information we use to identify you, authenticate you as an authorized user of the services, communicate with you, and record any transactions you make. This includes first name, maiden name, last name, login/user ID and password details, marital status, title, date of birth and gender, and social security number where required for reporting purposes. Identity information may also include your voice and image if you participate in a course, class, workshop, or event that is recorded and you appear in the recording, or if you provide us with a picture of yourself and consent to our use of your picture on our website or services.
Contact information:	Includes billing address, postal address, email address, telephone number, and mobile phone number, social media handles, business contact information and any other personal information that you share, send, or provide using the services
Technical information:	Includes internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website and services.
Usage information:	Includes information about how you use the website and services.
Transaction information:	Includes details of the services for which you have previously registered and/or in which you have been enrolled.
Financial information:	In limited circumstances, we may collect payment information for processing of payments, but this information generally is collected and processed directly by our payment services providers. We may also ask you for your banking information in limited circumstances where we need to make a payment to you. Such bank information may include, but is not limited to, your bank account number, routing transit number, credit card, or other bank account details.
Assessment information:	Information on your aptitude in certain technology-based subject areas and your performance on the Company capabilities and learning-needs assessments.
Profile information:	Includes (if applicable and, in most cases, only when you choose to provide such information to us as part of the services) your interests; preferences; social media account(s); demographic information, including but not limited to age, gender, race; education level; resume information; professional portfolio link; economic information or employment status; criminal history; immigration status; disability or accommodation information; and feedback and survey responses. Profile information may also include information that you provide to us voluntarily throughout your journey as a General Assembly student.
Marketing and Communications information:	Includes your preferences with respect to receiving marketing from us, our affiliates, and/or our third-party partners, and your communication preferences.
Job Applicants	Name; personal email address; telephone number; postal address; education; employment history, and any other information included in a resume, cover letter, or personal LinkedIn profile; gender, race, or ethnic origin; veteran status; disability status; information relating to references; and details of race or ethnic origin or your disability status, and it will not affect your application in any way if you do not provide such information.
Contact Forms and Surveys information	Includes any information you provide to us when you use our contact forms (for example by using the “Contact”, “Send us a Message”, “Stay in touch”, “Get financial updates” functions on our websites, apps, products or services), or when you participate in a survey (including its content), the record of that correspondence and other information or personal information you share with us when completing our contact forms in your sole discretion. (Please note that fields marked with an asterisk (*) are mandatory fields, because we need this information to comply with or respond to your request.)
Social Media information	Includes your profile data and other information you made public on or otherwise share with us from social media.
Sensitive Data	includes information about any needs, disabilities and accommodations we may need to make for your use of our Services including health data that may require adaptation of Services for you.
Third party related Data	Information provided by you to the Company relating to other people (e.g. your partner, dependents, etc.)

Depending on the relevant circumstances and applicable local laws and requirements, we may collect some of the information listed above when you visit our website, provide us with your business card, talk to us at a conference or other event, or if you are a customer or prospective customer. Except in the event where specific sensitive data is required to accommodate your needs in order to enable us to provide the Services, please note that we do not collect any special categories of personal data about you through our website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We collect and use personal information to deliver our products and services, to send you information that you requested, or to contact you to provide additional information on our available products and services as more particularly detailed in section 3 below.

In cases where we are required to collect personal data by law (inter alia, in relation to anti-money laundering or other “know your customer” checks) or under the terms of a contract we have with you and you fail to provide the personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to decline to provide or receive the relevant services, however we will notify in that event at the time the collection of personal data is intended.

In any event, we only process your personal data where we have a legal basis and business purpose to do so. The table below outlines our reasons for processing various types of data.

3. Why do we process your personal information and how long do we keep it for?

Purpose/Activity	Type of Data	Lawful Basis for Processing
To identify you and your account and to enable you to register to use the services.	Identity Information Contact Information Assessment Information	Legitimate interest: (i) to allow you to access the services, (ii) for the performance of a contract with you, your employer, and/or our partners and service providers, and (iii) to be able to provide the services to you and efficiently communicate directly when required.
To manage and process payments, fees, and charges for the services.	Identity Information Contact Information Financial Information	Performance of a contract: (i) for the performance of a contract with you, your employer, and/or our partners and service providers and Legitimate interest: (ii) to obtain payments due to us for the services provided to you.
To facilitate and deliver the services.	Identity Information Contact Information Assessment Information Profile Information Financial Information	Legitimate interest: (i) to provide the services to you and/or your employer, as applicable, (ii) for the performance of a contract with you, your employer, or our partners and service providers, and (iii) to be able to provide the services to you.
To manage our relationship with you, including: To fulfil rights and obligations under the employment agreement. To exercise the Company's rights under applicable law and to support any claim, defense, or declaration in a case or before a jurisdictional and/or administrative authority, arbitrator, or mediator; To meet legal and regulatory requirements including, but not limited to, civil discovery in litigation involving the Company or affiliated companies; and To declare employment to local authorities for immigration purposes.	Identity Information Contact Information Profile Information Usage Information	Legitimate interest: (i) for the performance of a contract with you, your employer, and/or our partners and service providers, (ii) to be able to provide the services to you and/or your employer, as applicable, and (iii) to provide an excellent customer experience to you during the course of the services.
Notifying you about any changes to our services, timetables for the services, requirements for the services, and any technical requirements.	Identity Information Contact Information Profile Information	Legitimate interest: (i) for the performance of a contract with you, your employer, and/or our partners and service providers, (ii) to be able to provide the services to you and/or your employer, as applicable, and (iii) to provide an excellent customer experience to you during the course of the services.
Providing you with feedback on your participation and performance in the services.	Identity Information Contact Information Profiles Information Usage Information Assessment Information	Legitimate interest: Necessary (i) for the performance of a contract with you, your employer, and/or our partners and service providers, (ii) to be able to provide the services to you and/or your employer, as applicable, and (iii) to provide an excellent customer experience to you during the course of the services.
Reviewing and scoring your Assessments and course work and certifying your completion of the relevant services.	Identity Information Contact Information Assessment Information	Necessary (i) for the performance of a contract with you, your employer, and/or our partners and service providers, (ii) for our legitimate business interest in being able to provide the services to you and/or your employer, as applicable, and (iii) to provide an excellent customer experience to you during the course of the services.
Notifying you of any changes to this or any other policy.	Identity Information Contact Information	Legal Obligation: Necessary for our compliance with our legal obligations under applicable data privacy laws.
Asking you to complete a review or take a survey.	Identity Information Contact Information Marketing & Communications Information	Legitimate interest:: (i) in keeping our records updated, (ii) understanding how customers use and rate our services, (iii) providing you an excellent customer experience during the course of the services, and (iv) ensuring we continuously improve our services to meet the needs and demands of our clients and students.
To provide our website and its content to you and to enhance users’ experience.	Identity Information Technical Information Profile Information Usage Information	Legitimate interest: In being able to provide the website and services to you and to improve the website and services to best meet your needs and use.
To improve the functionality of the website or services and to provide related customer service.To provide Help Desk support to employees of the Group Companies worldwide; To administer secure access to Company's IT resources worldwide; To manage workplace safety, including secure access to global physical facilities;	Identity Information Contact Information Profile Information Technical Information Usage Information	Legitimate interest: (i) for the performance of a contract with you, your employer, and/or our partners and service providers and (ii) to be able to provide the services to you and/or your employer, as applicable, (iii) to be able to provide administration and IT services and network security in connection with the services, (iv) to be able to provide you with an excellent customer experience during the course of the services, and to ensure that we constantly improve our services to meet the needs and demands of our clients and students.
To administer and protect the website and services (including troubleshooting, data analysis, testing, and system review).	Identity Information Contact Information Profile Information Technical Information Usage Information	Legitimate interest: (i) for the performance of a contract with you, your employer, and/or our partners and service providers, and (ii) to be able to provide the services to you and/or your employer, as applicable, (iii) to be able to provide administration and IT services and network security in connection with the services, (iv) to be able to provide you with you an excellent customer experience during the course of the services, and to ensure that we constantly improve our services to meet the needs and demands of our clients and students.
To respond to your communications and send you information that you request or agree to receive, via regular or electronic mail, text message, or other marketing channels.	Identity Information Contact Information Technical Information Usage Information Profile Data Marketing & Communications Information	Legitimate interest: (i) for the performance of a contract with you, your employer, and/or our partners and service providers and (ii) to continue to develop and offer new and improved services and in continuing to grow our business.
To make suggestions and recommendations to you about other courses and services that may be of interest to you.	Identity Information Contact Information Technical Information Usage Information Profile Information Marketing & Communications Information	Legitimate interest: In continuing to develop and offer new and improved services and in continuing to grow our business.
To allow you to partake in a competition or promotion.	Identity Information Contact Information Profile Information Usage Information Marketing & Communications Information	Legitimate interest: In encouraging users to visit the website and use the services and in the general promotion of our business.
To send you advertisements or other marketing materials via email, text message, or other marketing channels about other programs, promotions, or services (or those of our affiliates), including our newsletter, that we think may be of interest to you if you have requested or agreed to receive such information, or where we are otherwise permitted by local law to contact you for these purposes.	Identity Information Contact Information Technical Information Usage Information Profile Information Marketing & Communications Information	Legitimate interest: In continuing to develop and offer new and improved services and in continuing to grow our business.
To be able to process and administer certain employee benefits and to fulfil certain employee rights such as expressions of wish and assigned beneficiaries where applicable. To be able to maintain update data regarding emergency contacts as applicable.	Information provided by you to the Company relating to other people (e.g. your partner, dependents, etc.)
In order to comply with legal obligations in accordance with applicable laws or as necessary to manage employment agreements, including benefits administration, occupational health, disability accommodation, workers' compensation, and sick leave; Please note that it may be possible that Health information is not transferred to the parent company but it may be collected at the local level to meet certain requirements, particularly related to disability accommodation. To manage employee and public safety by taking steps to control the spread of COVID-19 during the pandemic;	Health information, including information volunteered by you as a special need in order to request certain accommodations including for health and safety reasons and such information as may required by law from time to time such as temperature, symptoms, and COVID-19 test results; and Union membership status as required by law to ensure benefits, terms of employment, and employment policies comply with the Union's requirements.

Data Retention. We will only keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information; the potential risk of harm from unauthorized use or disclosure of your personal information; the purposes for which we process your personal information and whether we can achieve those purposes through other means; and the applicable legal requirements.

Data Security. The Company has implemented reasonable and appropriate administrative, physical, and technical safeguards for your Personal Data. For example, your Personal Data will be stored on a secure server when in electronic form and in physically secure areas when in paper form. Technical and physical controls restrict access to your Personal Data to employees of the Company with a need to know. The Company will retain your Personal Data throughout the employment relationship and as long thereafter as is permitted by applicable law. For additional information about the Company’s retention of your Personal Data, refer to the Company’s Data Retention Policy or contact privacy@ga.co.We implement the appropriate technical and cybersecurity measures and processes designed to ensure confidentiality, integrity, and availability of all data entrusted to the Company and the level of security which minimises the risk when processing Personal Data.

4. How do we collect your personal information?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity Information, Contact Information, Contact Forms and Surveys Information, Marketing Communications Information, Social Media Information and Financial and Legal Events Information by filling in forms or by corresponding with us by post, phone, email or otherwise.
This includes personal information you provide when you:
- apply for our products or services;
- enrol or otherwise participate in our courses and/or workshops
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us feedback or contact us.
Automated technologies, Cookies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies and from the communications we receive from your browser. Please refer to our Cookie section below for further details about how we use cookies and other similar technologies.
Third parties or publicly available sources. We will receive personal information about you from various third parties and public sources as set out below:
- Public information made available by you on social media and similar websites and apps;
- Public information about you in directories, for example of professional memberships or qualifications.
- Transcripts and academic information from any prior schools that you attended

5. What marketing communications do we send?

Communication with Individuals

We will only send marketing communications to you, as an individual, if you have consented to us doing so.

To receive marketing or promotional communications, you can opt-in by checking the relevant box located on the form on which we collect your data, or we can send you these communications based on our legitimate interests to promote our products and services where we are not obliged to obtain your consent by law.

Communication with Businesses

We process your data within the scope of an existing business relationship with you or your company because:

We have a contract with you (or are considering entering into a contract with you). In this case, the personal information we collect and use for marketing purposes relates to individual employees or potential employees of our clients and other companies with which we have an existing business relationship; or

It is in our legitimate interests for the conduct of our business activities (for example, to communicate with you in a 'business to business' capacity in order to promote our products and services that we believe will be of interest to you or your company). In that regard, we may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company; or

You consented to receive our marketing communications via e-mail as an individual at our clients/companies. In this case, we will send you marketing communications to develop or maintain a business relationship in accordance with applicable electronic and marketing communications laws. These communications may include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click on.

How to unsubscribe?

In any case, where we send marketing communications to you via email, text or electronic mail, you may opt out of receiving any further marketing communications by clicking the ‘unsubscribe’ or ‘opt-out’ function in the email. In addition, you can also exercise your opt-out right at any time by contacting us here.

6. Do we use artificial intelligence?

Yes, we do use artificial intelligence (AI) at times. However, we do not use your personal information in any automated decision making (a decision made solely by the creation and application of
technologies without any human intervention) or profiling (processing of personal information with a range of technologies that reduce human intervention to evaluate certain conditions about an individual) that produces a legal effect or similarly significant effect concerning you.

We use a range of technologies to analyse data. On our website we might use your search terms for recommendations of course offerings. In all cases, there is always human intervention in these processes, as we use these tools to support our expert human decision makers.

For example, when you are searching for a course as a “data analyst” we will display alternative but close course offerings like “data science” as well. The piece of processing that might use AI (for instance machine-learning, logic- or knowledge based and statistical approaches) is based on Natural Language Processing techniques to calculate similarities of words and word meanings. In any case these results are only shown to you as recommendations to make an informed decision about your application.

7. How we share your data with third parties

Data Protection Laws require that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a "legal basis" for the collection, processing, storing or sharing. We take our responsibilities under Data Protection Laws extremely seriously, including meeting these conditions. The legal bases on which your personal data are collected are explained in detail under section 3 above.

Your personal data, including any contact mobile or telephone data you have provided to us when requesting any information in relation to our services, will not be sold to third parties, nor shared with third parties without your consent. Furthermore, we do not allow any third party to use your personal data for their own purposes – we only permit them to process your personal data for specified purposes and in accordance with the applicable legal basis.

To review the full terms of use of the website, visit our Terms of Use.

In order to facilitate our efficient use of your information and to provide you with the content and/or resources and/or services you request, we may disclose certain information to third parties, however, subject to the applicable legal basis, this disclosure will only occur in the following circumstances:

Internal Third Parties	Other companies, including parent and subsidiary companies, in the Company’s group acting as processors or joint controllers and who are based in the United Kingdom, USA, Canada, France, Singapore, Australia, and the Kingdom of Saudi Arabia and provide IT and system administration services and support internal audits and reporting. GA is part of the Adecco Group, internal third parties include members of The Adecco Group and their affiliates (“Members of The Adecco Group”) within or outside the European Union. A list of the countries in which the Adecco Group operates is available on our website atwww.adeccogroup.com/worldwide-locations. Your information may be shared with them for different reasons: o information is shared with Members of The Adecco Group that provide IT functions for The Adecco Group companies worldwide; those IT functions are located among others in Czech Republic and France United States, United Kingdom, Australia, Singapore, Canada, France, Saudi Arabia, Poland, Malaysia, Costa Rica, Mexico, Columbia, El Salvador, and Brazil. o information is also shared with Members of The Adecco Group worldwide (including the legal entities acquired after the collection of information) for the purposes previously described or to propose offers to you adapted to your profile where you have expressed an interest in local or international opportunities in that market, or Members of The Adecco Group identify that you may have particular interests in acquiring skills in that market.
External Third Parties	Service providers acting as processors based in USA, Canada, France,, Singapore, Australia, Kingdom of Saudi Arabia and Bahrain who provide IT, payment processing and system administration services. Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in USA, Canada, France, Singapore, Australia, Kingdom of Saudi Arabia, United Kingdom and Bahrain who provide consultancy, banking, legal, insurance and accounting services. HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the USA, Canada, France, Singapore, Australia, Kingdom of Saudi Arabia, United Kingdom and Bahrain who require reporting of processing activities in certain circumstances. Market Researchers based in the USA, Canada, France, Singapore, Australia, Kingdom of Saudi Arabia, United Kingdom and Bahrain.
Third parties	to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy policy.
As Required by Law and Similar Disclosures	We may access, preserve, and disclose your personal information, other account information, usage information and device identifier (including IP address), and content if we believe at our sole discretion we consider that we are legally obliged or authorised to do so or it would be prudent to do so or appropriate to comply with law enforcement requests and legal processes, such as a regulator request or audit, court order, warrant or subpoena; respond to your requests; enforce our policies related to our website or services, or other applicable policies; or protect yours, ours, or others' rights, property, or safety.

We use a range of technologies to analyse data. On our website we might use your search terms for recommendations of course offerings. In all cases, there is always human intervention in these processes, as we use these tools to support our expert human decision makers.

For example, when you are searching for a course as a “data analyst” we will display alternative but close course offerings like “data science” as well. The piece of processing that might use AI (for instance machine-learning, logic- or knowledge based and statistical approaches) is based on Natural Language Processing techniques to calculate similarities of words and word meanings. In any case these results are only shown to you as recommendations to make an informed decision about your application.

8. Do we transfer your personal information outside of your country?

Your personal information can be transferred and processed in one or more other countries, in- or outside the European Union or the United Kingdom. A full list of the countries in which we operate is available on our website at https://generalassemb.ly/locations.

We shall only transfer data to those parties set out in section 7 above who are outside the European Economic Area, or UK:

to countries which the European Commission, or the UK Information Commissioner or the Swiss Federal Data Protection and Information Commissioner believes offers an adequate level of protection to you pursuant to Art 45 of the UK and EU GDPR or Art 6 of the Swiss Federal Data Protection Act (Art 16 revised Act) (a list of those countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en) or;

where GA has put in place appropriate safeguards to seek to preserve the privacy of your information (for which we usually use one of the forms of data transfer contracts approved by the European Commission, or the Information Commissioner’s Office (ICO) for the UK, copies of which are available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en; and here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/). These are approved by the European Commission and the UK Information Commissioner under Art 46 of the EU and UK’s GDPR.

Those countries include the Member States of the European Union, the United Kingdom, United States, Canada, Singapore, Australia and the Kingdom of Saudi Arabia.

We endeavour to take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Policy. You may request additional information in this respect and obtain a copy of the relevant safeguard by contacting us using the details set out above.

9. What data security measures do we have in place?

We understand how important it is to protect your personal information. We have implemented operational procedures and adequate technical and organizational security measures to prevent any unauthorised access, alteration, deletion or transmission of this personal information.

We have put in place security measures to prevent your information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed while it is under our control.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Our software and systems are designed to protect your personal information from data breaches and to minimise the possibility that the information could be intercepted as it travels through the different processes in order to provide you with the Services. However, no data transmissions over the internet can be guaranteed to be 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us or to third parties via the internet and you do so at your own risk. Once we receive your information, we make efforts to ensure security on our systems. We use physical, electronic, and procedural safeguards to protect personal information about you. By using this website and providing your personal information to us, you agree that in the event of a security breach, if required, we will be able to notify you electronically, so that you can take prompt appropriate protective steps. Additionally, we will be able to communicate with you electronically, regarding security, privacy and administrative issues connected to your use of our website. More information on how to withdraw your consent is stated under section 10 below.

10. What are your rights regarding your personal information?

Under applicable data protection laws, you have the following rights:

Right to access and obtain a copy of your personal information
You are entitled to request confirmation of whether we process any of your personal information. Where this is the case, you may have access to your personal information and to certain information about how it is processed. In some cases, you can ask us to provide you with an electronic copy of your information. In some limited circumstances, you also have the right to request that we transfer (“port”) your personal information directly to another third party provider.

Right to correct your personal information
If you can demonstrate that the personal information we hold about you is not correct or incomplete, you can ask that this information be updated or otherwise corrected, including the right to provide any supplementary statement or information.

Right to be forgotten or to delete personal information
In certain circumstances you have the right to have your personal information deleted. You may make such a request at any time and we will evaluate if your request should be granted in the event that the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed. However, this right is subject to any legal obligations we may have to retain data. For situations where in accordance with the law, we determine that your request to have your personal information deleted must be granted, we will do so without undue delay.

Right to restrict or object to the processing of your personal information
In certain circumstances you have the right to obtain restriction of the processing of your personal information, or to object to certain processing thereof on grounds relating to your particular situation, (i.e., data will be blocked from normal processing but not erased) where: (i) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy; (ii) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; (iii) we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (iv) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of you. You have the right to object to the processing of personal data based on legitimate interests of the Company or any third party based on your particular situation, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Right to withdraw consent
You have the right to withdraw consent at any timewhere we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data, in some limited circumstances, to the extent required or otherwise permitted by law, or in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

Right to Data Portability
You have the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.

If you want to exercise any of your rights, please use our form by clicking here.

Finally, you have the right to lodge a complaint with the data protection authority in the place where you live or work, or in the place where you think an issue in relation to your personal information has arisen.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Our software and systems are designed to protect your personal information from data breaches and to minimise the possibility that the information could be intercepted as it travels through the different processes in order to provide you with the Services. However, no data transmissions over the internet can be guaranteed to be 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us or to third parties via the internet and you do so at your own risk. Once we receive your information, we make efforts to ensure security on our systems. We use physical, electronic, and procedural safeguards to protect personal information about you. By using this website and providing your personal information to us, you agree that in the event of a security breach, if required, we will be able to notify you electronically, so that you can take prompt appropriate protective steps. Additionally, we will be able to communicate with you electronically, regarding security, privacy and administrative issues connected to your use of our website. More information on how to withdraw your consent is stated under section 10 below.

11. How do we handle changes to this Privacy Notice?

The effective date of this Privacy Policy is set forth at the top of this webpage. As business needs evolve, the terms of this Privacy Notice may change from time to time. We will review our practices regarding the collection and use of your Personal Information, and based on such review, we may amend this Privacy Policy as appropriate. We shall publish any material changes to this Privacy Notice through appropriate notices either on this website or contacting you using other communication channels. The amended Privacy Policy supersedes all previous versions. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy.

12. Specific Jurisdictions

In cases where applicable Personal Data Protection and privacy laws require a higher or more robust standard of protection for Personal Data than presented in this Global Privacy Policy, such additional legal requirements shall prevail. Please note that in the event of any conflict between the Global Privacy Policy and any specific provision(s) stated under the “Specific Jurisdictions” below, the provisions hereunder shall govern.

California

CALIFORNIA “SHINE THE LIGHT” LAW/YOUR CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits consumers who are California residents, to request and obtain from us once a year, free of charge, information about the categories of personal information (as defined in the Shine the Light law), if any, that we disclosed in the preceding calendar year to third parties for those third parties’ direct marketing purposes. We do not disclose personal information about you to third parties for their own direct marketing purposes, unless you have opted in to such a disclosure or were offered the opportunity to opt out of such a disclosure at the time you provided your personal information and elected not to opt out, or we are required to do so by law.

California Consumer Privacy Act and the California Privacy Rights Act

The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of information about them, as well as rights to know/access, delete, and limit sharing of Personal Information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.

For more information about how we may share your personal information, please refer to Section 7 herein.

Under the California Privacy Rights Act (“CPRA”) -amended data privacy regime in California, we can only collect, use and share Californians’ personal information if it’s in accordance with what is reasonably necessary and proportionate to the collection purpose (data minimization).

We do not collect, share or sell more data than what is strictly necessary for your stated purpose of collection.

Notice at Collection Regarding the Categories of personal information Collected

You have the right to receive notice of the categories of personal information we collect and the purposes for which we use personal information. The following table summarizes the categories of personal information we collect, the categories of sources of that information, and whether we disclose or sell that information to service providers or third parties, respectively. We collect this personal information for the purposes described in Section 3 herein.

Category	Information Type	Source	Processed by:	We sell* to:
Identifiers	Contact information or personal characteristics (name; email address; postal address; telephone number; image; signature) Social media handles	You; our social media pages; third party subscription service providers	Internal and External Third Parties for the purposes of providing services under a contract.	Not sold
Health Information	Health information you volunteer if you apply for a job	You	Internal Third Parties	Not sold
Financial Information	Payment card information Bank account information Credit information	You	External Third Parties for the purposes of fulfilling payment obligations under a contract..	Not sold
Protected Classifications and Other Sensitive Data	Date of Birth Gender Race Criminal history Immigration status Disability or accommodation information	You	Internal Third Parties	Not sold
Commercial Information	Transaction information Billing and payment records Order history Obtained services	You	Internal Third Parties	Not sold
Geolocation Information	Coarse (information that describes location at ZIP code-level or less precision)	You; our analytics and advertising partners	Service Providers	Advertising partners (coarse location only)
Internet or Electronic Network Activity Information	IP address Login information Browser type and version Time zone setting and location Browser plug-in types and versions Operating system and platform Device identifier (e.g., MAC) Advertising identifier (e.g., IDFA, AAID) Information provided in URL string (e.g., search keywords) Cookie or tracking pixel information Information about your interaction with our website, app, email correspondence, or products Browsing history Search history Diagnostic information (e.g., crash logs, performance data)	You; our analytics and advertising partners	Service Providers	Advertising partners
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information	Call recordings Photographs Video	You	Service Providers	Not sold
Professional or Employment-Related Information	Name and last name Sex Race (US only, voluntary and subject to consent for Europe) and for the purposes to champion greater equality, inclusion and diversity and fulfilling applicable educational needs. Previous Education Disability (US only) Veteran status (US only) Current employer Job title Company Name Job Offer acceptance Date and start date Hiring Manager Name, Email, Job Title and phone number Salary Location Skills Placement information Employer details Supervisor name and Title Details of unavailability of employment	You	Service Providers Regulators	Not sold
Education Information	Education history Level of education	You	Service Providers	Not sold
Inferences Drawn About You	User profile reflecting preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes (including Assessment information)	You; our analytics and advertising partners	Service Providers	Advertising partners
Content of Communications	Contents of phone calls, emails, or text messages, slack, LMS (if you contact us through any of those means)	You	Service Providers	Not sold

We restrict service providers from using personal information for any purpose that is not related to our engagement.

* The CCPA’s definition of “sell” is very broad and can include certain everyday business activities. In our case, a “sale” occurs between us and our advertising and marketing partners when those partners collect information about your visit to our website. Please rest assured that we do not sell information that directly identifies you—such as your name, email, or address—to third parties.

In addition, California residents are entitled to know that third parties may collect personal information about your online activities over time and across different websites when you visit our website. For additional information about this, please refer to Section 13 of this Privacy Policy, entitled "Cookies, Automatic Data Collection, and Related Technologies."

For information about your privacy rights, please refer to Section 10, What are your rights regarding your personal information?

Non-Discrimination for the Exercise of CCPA Privacy Rights

We will not discriminate against you for exercising any of your CCPA rights. In particular, we will not:

Deny you any Services
Charge you different prices for the Services, whether through denying benefits or imposing penalties
Provide you with a different level or quality of the Services
Threaten you with any of the above

Nevada

Residents of the State of Nevada have the right to opt out of the sale of certain pieces of their information to other companies who will sell or license their information to others. We do not sell personal information under Nevada law.

If you are a Nevada resident and would like more information about our information sharing practices, please contact us using the contact information in section 1above.
Canada

Where applicable, General Assembly will abide by the rules imposed to the collection, use and disclosure of personal information in the private sector is governed by Bill C-6 of the Personal Information Protection and Electronic Documents Act (PIPEDA) 2000 as amended in November 2018 to include mandatory data breach notification and record-keeping laws. For the public sector, such as federal departments and Crown Corps., data privacy is governed by the Privacy Act 1983.
Virginia

Residents of the State of Virginia have the right to access their personal data and request that it be deleted by General Assembly under the Virginia Consumer Data Protection Act (“VCDPA”). We conduct data protection assessments related to processing personal data for targeted advertising and sales purposes.
European Economic Area and United Kingdom

This Privacy Policy abides by the rules of the GDPR, including the rights of Data Subjects. The General Data Protection Regulation (GDPR) imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The GDPR applies to us in instances where we offer goods or services to EU citizens and residents inside the EU (“Data Subjects”).

The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. The UK GDPR is the UK General Data Protection Regulation which sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.

This Privacy Policy is provided on behalf of each General Assembly entity, which are not joint controllers with regard to Personal Data collected under this Privacy Policy. Depending on the type of or location where training or other services are provided, different General Assembly entities may be the data controller in relation to your Personal Data. The data controller (“we”, “us”, “our”) is the Entity named when we collect your Personal Data or in the location where General Assembly referred you to this Privacy Policy (e.g., the Entity identified in the email signature containing a link to this Privacy Policy).

If no Entity has been clearly identified, the data controller or data controllers may be identified in the following order or precedence:
- For Personal Data that General Assembly collects on or through its websites and mobile applications, Company is the data controller.
- For Personal Data that is collected in connection with our newsletters and other marketing message, the data controller will be the entity to whom the subscription form is submitted.
- For Personal Data collected in connection with invitations and participation in our webinars, seminars, and other events, the data controller will be the entity which is organizing such event as identified in the invitation.
- For alumni communications and activities, the data controller is the Entity that is identified in the respective communication or in the context of the activity.
- For Personal Data collected in the context of a recruitment process, the data controller is the General Assembly entity identified in the job posting or otherwise seeking to source a position.
- For Personal Data that General Assembly collects pursuant to a client or contractor relationship, the General Assembly entity with which you have the client or contractor relationship is the data controller. Note that General Assembly is an independent data controller with regard to Personal Data we obtain through our client relationships; General Assembly will not be a data processor for our clients.
- For activities in the context of the procurement of products and services, the data controller will be the Entity identified in the enrollment form, agreement, or similar document.
- If you have any doubt about the controller or controllers of your Personal Data, please contact us using the information in the section “Contact us”.
International Transfers

In order to provide the Services, we may transfer your data outside your country to countries which provide adequate level of data protection, or where the General Assembly Group has put in place appropriate safeguards to seek to preserve the privacy of your information. Those countries include the United States. In cases where we share your personal data within General Assembly Space Inc., this may involve transferring your personal data outside the European Economic Area (“EEA”) and the UK. The personal data is shared in accordance with our Privacy Policy and Data Transfer Agreements in place, which require all General Assembly entities to follow the same rules when processing your personal data. You can request copies at any time by contacting us at Contact Us.

In some cases, the parties who we use to process personal data on our behalf are based outside the EEA and/or the UK, therefore their processing of your personal data will involve a transfer of such data outside the EEA and/or the UK. Similarly, in the course of providing services to clients based outside of the EEA and/or the UK, we may be required to share matter-relevant personal data with them. Where this is the case we will only share the minimal amount of personal data ad only the personal data that is necessary for the purpose of processing and, where possible, we will share the personal data in an anonymised form.

Whenever we transfer your personal data out of the EEA and/or the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission (in the case of transfers out of the EEA) or the UK Government (in the case of transfers out of the UK); and/or

where we use certain service providers, we may use specific contracts approved by the European Commission (in the case of transfers out of the EEA) and/or the UK Government (in the case of transfers out of the UK), in both cases which give personal data the same protection it has within the EEA and/or UK as applicable.

Please contact us at Contact Us if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA and/or the UK.
Singapore.

Where applicable, General Assembly adheres to the rules imposed by The Personal Data Protection Act 2012 (“PDPA”) as amended by the Personal Data Protection (Amendment) Act 2020 (“Amendment Act”).

If required for the provision of Services by the Company, we may only transfer personal data outside Singapore after taking appropriate steps to ensure that: (i) such transfer will comply with the PDPA obligations in respect of the transferred personal data while it remains in our possession or under our control; and (ii) the recipient outside of Singapore is bound by legally enforceable obligations to provide a standard of protection to the personal data transferred that is comparable to that under the PDPA.

13. Cookies, Automatic Data Collection, & Related Technologies

What is a cookie and why do we use it?

A cookie is a small piece of data (text file) that a website stores on your device (i.e., your computer, tablet or cell phone) in order to remember information about you and facilitate your use of the Website, improve the performance and your user experience, and/or increase the relevance of our offerings on the Website and on third party websites.

For example, cookies allow us to offer you a better user experience by remembering your language preferences when you return to the website.

When you visit the website or use the services, we and our third-party service providers, which may include third-party analytics service providers and third-party advertisers, may use cookies, server logs, and other similar technology to collect and store your preferences, usage statistics, website traffic and browsing history, and performance data, as well as other information such as your IP address, the type of internet browser or device you use, any website you have come to the website or services from, and your operating system.

Cookies are small text files that include a unique reference code placed on a visitor’s device to store their preferences and sometimes track information. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to our website or services and will last for longer.

Some cookies are necessary to enable you to move around the website and use the services, such as accessing the secure areas of the website, and they enable us to provide you with the services you have requested. “Performance cookies” collect aggregated, anonymous, statistical information on how visitors use our website and services. We use this information to make improvements to the website and our services and to enhance your overall experience. Other cookies, called “functionality cookies,” allow the website and services to remember choices you make, such as your user name when you log in to your account or the language or region you are in. They may also be used to help you watch a video or comment on a blog and are intended to improve your online experience.

What types of cookies do we use and how long are they stored?

Below, we explain the different types of cookies we use.

Type of cookies	Description
Strictly Necessary Cookies	These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies	These cookies allow us to count visits and traffic sources so we can measure GAand improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functional Cookies	These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies	These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

For more information on the specific cookies that we use, please see the Cookies List for an overview of the cookies used on the Website, sorted per cookie type and confirming the lifespan of each cookie.

How do we use the cookies on our Website?

By default, only Strictly Necessary cookies are active. Strictly Necessary cookies allow the Website to be accessible, and without them some parts of the Website will not work. They are essential for the basic functionalities of the Website to operate.

When accessing our Website from the EU, you have the chance to customize your cookie preferences the first time you access under the Cookie Preference Center or at any other time via our Cookie Preference Center (see below the section “How can you manage cookies?”).

We use industry standard cookies, as appropriate, to track your behaviour online and gain statistical information at an aggregated level to monitor the operation of the Website, to improve the Website based on performance and to assess the effectiveness of campaigns.

For example, we track the number of visits to the Website, where each visitor came from (i.e. the website you visited prior to coming to the Website) and where each visitor goes to from the Website (i.e. the website you visit after leaving ours).

We and our third-party vendors and service providers, including Google, use first-party cookies and third-party cookies to gather information about the pages visited through our advertising partners, both on our website as well as other websites that you visit, so as to place you in a "market segment." This information is then used by us and our third-party vendors and service providers to serve interest-based advertisements when you visit our website and other websites, and our third-party vendors and service providers will combine it with other information from your visits to other websites and apps to learn more about your interests.

For more information about this type of interest-based advertising and about how to opt-out of the automated collection of information by third-party ad networks, please visit the consumer opt-out pages of the following industry organizations: the Network Advertising Initiative, the Digital Advertising Alliance, and the European Interactive Digital Advertising Initiative. Without these cookies, advertisements you encounter will be less relevant to you and to your interests. Exercising these options will not prevent other companies from displaying personalized ads to you. If you delete your cookies, you may also delete your opt-out preferences.

“Do Not Track” Signals. Some web browsers may transmit "do not track" signals to the websites and other online services with which the browser communicates. There is currently no standard that governs what, if anything, websites should do when they receive these signals. Therefore, our website, like many others, may not respond to “do not track” signals.

We also use Google Analytics Advertising Features including Google Analytics Remarketing to advertise across websites, Demographics and Interest Reporting, and AdWords and AdSense integrations to collect data about our website traffic via advertising cookies and anonymous identifiers. We do not facilitate the merging of personal information with non-personally identifiable information previously collected through any Google advertising product. Google may serve ads across other websites that you visit based upon your past visits to our website, and may also serve our advertisements on other websites.

How can you manage cookies?

Unless you have adjusted your browser settings so that it will block cookies, our systems will issue Strictly Necessary Cookies each time you access the Website.

In the Cookie Preference Center, which you can access via this link, you can manage your preferences to allow or refuse the storing of cookies per type (as described at section 2 above). You can withdraw your consent at any time through that same Cookie Preference Center.

Do note that if you disable certain types of cookies, you may be unable to access certain parts of the Website or use certain functionality.

Website visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ad Settings found at https://www.google.com/settings/u/0/ads?hl=en. You can also opt-out of Google Analytics tracking with the Google Analytics opt-out browser add-on found at https://tools.google.com/dlpage/gaoptout/.

Third-party cookies

Whilst you use the Website, you may encounter links to third-party websites and/or content from third parties.

The Website may also offer you the opportunity to further engage with us and share information with others using social networks such as Facebook, LinkedIn and Twitter.

The third party content is added to our Website so we can keep you up-to-date with carefully selected information that you may find relevant or of interest; however this can result in these third-party providers storing additional cookies on your device that we have no control over.

Consequently, we suggest you check the websites of any such third parties and their respective privacy and cookie policies for more information about their cookies and how you can manage them.

Please note however that if you choose to access third party sites through this Website, the cookies we have listed in the previous section may not form an exhaustive list.

A complete list of our cookies is accessible at https://generalassemb.ly/rolling-cookies-policy.

In addition to cookies, we use the following similar technologies:

Pixel Gifs/web beacons: These are small image files that may be placed by us or third parties on the website or services, or within the body of our newsletters so we or third parties can understand which parts of the website and services are visited or whether particular content is of interest.
Flash cookies: We do not serve Flash cookies, but Adobe Flash Player may be used by third parties serving advertisements to the website in cases where these advertisements are served with flash related content. It is not possible to block or restrict Flash cookies using your browser settings; however, information on how to do this is available from the Adobe website at http://www.adobe.com/products/flashplayer/security.

Disabling Cookies

Most computer and some mobile web browsers automatically accept cookies but, if you prefer, you can use your browser to notify you each time a cookie is set or to block and delete cookies from your browser. The effect of disabling cookies depends on which cookies you disable, but please note that if you do that, the website and services may not work properly, and you may not be able to take full advantage of the website or our services. You can learn more about cookies by visiting www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies using different types of browsers.

Details on how to review your cookie settings and disable cookies on the most popular browsers are set forth below:

Cookie settings in Internet Explorer

Cookie settings in Firefox

Cookie settings in Chrome

Cookie settings in Safari web

14. Children's Privacy

Our services are not directed to or intended for use by minors. Consistent with the requirements of the US Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations, if we learn that we have received information directly from a child under age 16 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such information.

Global privacy and cookie policy

Last Updated: April 19, 2024