Privacy policy

Our commitment to your privacy

EF Education First (“EF”) is committed to protecting the privacy of our potential and existing customers. The EF privacy policy (the “Privacy Policy”) applies to all Personal Data (as defined below) processed by us, including Personal Data collected or submitted through our websites, emails, mobile applications or through our official social media pages or through other channels online and offline as further described below (collectively the “EF Products”). 

If you cannot, or will not, provide us with the personal information we reasonably require, we may be unable to provide you with the information, goods or services you have requested.

Personal Data
“Personal Data” is information or pieces of information that could allow you to be identified, such as for example:

  • Name and contact details (e.g. postal and email address, telephone number)

  • Profile information (e.g. user name, profile picture or social media account ID)

  • Social Security number

  • Country of residence

  • Birth date

  • Gender

  • Technical information, e.g. screen name, IP address, browser and device data, information collected through cookies, pixel tags and other technologies, server log file data, app usage data and location data

  • Preferences (e.g. shopping and browsing habits, preferred educational courses)

  • Company, school, or teacher name and address

  • Credit and debit card number and/or checking account and routing numbers

  • Passport number and/or driver’s license number

  • Medical condition (e.g. allergies or illness)

How do we collect Personal Data?
We collect Personal Data in a variety of ways:

  • Directly from you: Information is collected directly from you, either by you providing the information directly to us or you acting in a manner that provides us with the information, for example:

    • Offline: We collect Personal Data from you offline, for example when you contact customer service, enroll in a product or service or provide information to us in writing.

    • Online: We collect your Personal Data through the EF Products, for example when you sign up for a newsletter or a brochure or enroll in or use a product or service. We also collect Personal Data:

      • Through cookies. “Cookies" are pieces of information that a website transfers to your computer's hard disk for record-keeping purposes. We use both session and persistent cookies. The use of cookies is an industry standard, used to provide useful features for customers. Cookies by themselves, do not personally identify users, although they do identify a user's computer. We may append contact information gathered from third parties to cookie data that we collect. Cookies allow a web server to transfer data to a computer or device for recordkeeping and other purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. If you do so, however, you may not be able to take full advantage of our website. For example, the complete online reservation process can only be accessed if you accept cookies. To learn more about cookies, please visit http://www.allaboutcookies.org/.

      • Through your use of a mobile application. When you download and use one of our mobile applications, and to the extent allowed by your privacy settings in the application, we track and collect mobile application usage data, such as the date and time the mobile application on your device accessed our servers and what information and files have been downloaded to the mobile application based on your device number.

      • Through your device. Provided that you have enabled that function on your device, we collect the physical location of it to provide you with personalized location-based services and content. Read more about such services under “How do we use Personal Data?

      • Through links. We track and collect information about how users interact with links across products and services, including through email and links made available through third party services.

      • Through browsing our sites. We may also collect information about your use of our services through your browser to trace activity on our sites, such as your IP address, Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, service provider, time of visit, page(s) visited and the name and version of the EF Product you are using.”

  • From our corporate affiliates, business partners, assistance providers or claim handlers. We may receive Personal Data from other parties in conjunction with your program, including:

    • Our corporate affiliates, such as the local EF company that promotes the sales of our services and offers customer service in your country of residence and provides us with the Personal Data that is needed to come to an agreement with you on your order, or the school in your country of destination that provides some of the services that you have ordered, or the Swiss principal company that is located in Switzerland and is responsible for the performance of the contract with you for any of EF’s offers.

    • Business partners, such as local sales agents that promote the sales of our services in your country of residence.

    • Claims handlers who receive information about your insurance claims in case of an insurance situation.

  • From other sources. We may receive your Personal Data from other sources, such as public databases; licensed databases from third parties; joint marketing partners such as marketing agencies or providers of software and services for digital marketing automation and analytics; social media platforms, including but not limited to; Facebook, Instagram, Snapchat, Musically, LinkedIn, Twitter, YouTube and messenger services such as WhatsApp or Facebook Messenger; from people with whom you are friends or otherwise connected with on social media platforms, as well as from other third parties. For example, if you elect to connect your social media account to your EF Products account, such personal data that you have registered in your profile, such as your email address, phone number, postal address, date of birth, name and user name will be shared with us. Furthermore, we use cookies to track members of social media networks as further explained above in the section “How do we collect Personal Data?”

How do we use Personal Data?

  • Your Personal Data will be processed by EF for the purposes of completing your booking, providing you with the products and services that you have ordered (including travel insurance coverage), for customer service, administrative services or as otherwise necessary to perform the contract between you and us or as further described in this policy.

  • We may also use Personal Data:

    • For statistical purposes, calculating usage levels, and helping diagnose server problems with the EF Products as well as to ensure that the EF Products function properly.

    • To allow you to contact and be contacted by other users through the EF Products, as permitted by the applicable product.

    • To allow you to participate on message boards, chat, profile pages and blogs and use other services enabling you to post information and materials.

    • To analyze and improve our offers by identifying usage trends, determining the effectiveness of our promotional campaigns and tailoring the EF Products experience and content based on your past activities on the EF Products. For example, depending on what EF Product you have searched for on our website, or in previous browsing, the offer presented to you on the EF Products may be limited to a specific tour, geography or budget.

    • To provide you with personalized location-based services and content through the use of your device’s physical location. For example, you will be redirected to the local EF website in your language if your device indicates that you are browsing from that country, or you may be suggested the nearest EF office to your location for visits or information.

    • To market our products and services, including special promotions based on your interests, for example through email marketing solutions such as Salesforce Marketing Cloud’s management software which maintains mailing lists and schedules and modifies email messages based on what recipients read, click-on or forward. All such email communication will include a clear unsubscribe link.

    • Employee and Applicant data may be used to comply with applicable law, process payroll, administer benefits, and manage employee performance.

How do we share Personal Data?

  • We share your Personal Data with our corporate affiliates, business partners and service providers both within and outside the U.S. and Canada:

    • Our corporate affiliates are for example a local EF company that promotes the sales of our services and offers customer service in your country of residence, or in your destination country that provides some of the services that you have ordered, or one of the principal companies that is offering another of EF’s program.

    • Business partners are for example local sales agents that promote the sales of our services in your country of residence; transportation or accommodation providers in your destination country; or course leaders, activity leaders or other contractors for management of any of our programs; or a travel insurance company that prepares the travel insurance for you.

    • Service providers, such as providers of IT systems, for example for managing customer relations or payments; or providers of software and services for digital marketing automation and analytics.

    • We use Vantiv to process our payments for EF Educational Tours. To view their privacy policy, please visit https://www.vantiv.com/privacy-policy.

  • We have put appropriate safeguards in place for transfers of your Personal Data outside the U.S. or Canada, including the standard data protection clauses adopted by the European Commission for any transfers of Personal Data to the EEA/Switzerland, available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915 and http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.

  • We also share Personal Data as we believe to be necessary: (a) under applicable law; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions or a contract; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Security
We use appropriate organizational, technical and administrative measures to keep the Personal Data under our control accurate and up-to-date, as well as to protect the Personal Data against unauthorized or unlawful processing and the accidental loss, destruction or damage of the Personal Data.

Unsubscribe from email marketing
To respect the privacy of our users, you may choose not to receive commercial emails from us by following the unsubscribe instructions contained in the commercial emails we send you. Please note that even if you unsubscribe from commercial email messages, we may still email you regarding your account and your transactions.

Third party sites
Except as specifically addressed below, this Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which the EF Product contain a link. The inclusion of a link on EF Products does not imply endorsement of the linked site by us or by our affiliates.

Additionally, we may provide you with access to third-party functionality that permits you to share your activities on EF Products to your social media account(s), for example Facebook or LinkedIn. Please note that any information that you provide through the use of this functionality is governed by the applicable third party’s privacy policy, and not by this Privacy Policy. We have no control over, and shall not be responsible for, any third party’s use of information that you provide through use of this functionality.

If you are under the age of 13
If you are under the age of 13, you should review this text together with your parent or guardian to make sure you both understand it. We are not responsible for checking your age but sometimes we still do verification checks. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us.  If we learn that you are under the age of 13 and that we have collected information about you without consent from your parent or guardian, we will delete the information as soon as possible and you will not be able to use EF Products.

Updates to this Privacy Policy
Our Privacy Policy may change from time to time. Any material changes to this policy will be posted on our webpage to keep you aware of what Personal Data is collected, how it is used, and under what circumstances it will be shared.  It is your responsibility to review this Privacy Policy each time you provide Personal Data to us as the policy may have changed since the last time you used an EF Product.

Special notice to California residents
Under California Civil Code Section 1798.83, California residents have the right to request and receive from us, once per year and free of charge, information about the personal information we have disclosed (if any) to third parties for their marketing purposes during the previous calendar year, and a description of the categories of personal information shared. To make such a request, please send an email to [email protected] including the phrase “California Privacy Request” in the subject line, and provide us with your name, postal address and email address.

If you are a California resident under the age of 18, and a registered user of any site where this policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted.  To make such a request, please send an email with a detailed description of the specific content or information to the email address listed below including the phrase “California Privacy Request” in the subject line.  Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

If you are a California resident, the California Consumer Protection Act (“CCPA”) provides you with the following specific rights regarding your personal information that is subject to this Privacy Policy and this section explains how to exercise those rights.  Please note that EF does not sell your personal information to third parties as defined under the CCPA.

  • Access to Specific Information and Data Portability Rights. California residents have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verified consumer request, we will disclose to you: (i) the categories of personal information we collected about you; (ii) the categories of sources for the personal information we collected about you; (iii) our business or commercial purpose for collecting that personal information; (iv) the categories of third parties with whom we share that personal information; (v) the specific pieces of personal information we collected about you (also called a data portability request); (vi) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing any sales (identifying the personal information categories that each category of recipient purchased) and disclosures for a business purpose (identifying the personal information categories that each category of recipient obtained).

  • Deletion Request Rights. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verified consumer request, we will delete (and direct any service providers to delete) your personal information from our records unless an exception applies, which may include but is not limited to information needed: (i) to complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you; (ii) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities; (iii) enable solely internal uses that are reasonable aligned with consumer expectations based on your relationship with us; (iv) comply with a legal obligation; and (v) make other internal and lawful uses of that information that are compatible with the context in which you provided it.

  • Exercising Access, Data Portability, and Deletion Rights. To exercise the access, data portability, and deletion rights above, please submit a verifiable consumer request to us by either:

    Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verified consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. 

    You may only make a verifiable consumer request for access or data portability twice within a 12-month period.  The verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us properly to understand, evaluate, and respond to it.  We cannot response to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us.  We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make a request. 

  • Response Timing and Format. We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without issue. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. 

  • Non-Discrimination. We will not discriminate against you for exercising any of your rights under the CCPA.

Contact us
If you have questions about this Privacy Policy, please contact us at the address EF Education First, Two Education Circle, Cambridge, MA 02141.