- Subscription Services. Client, and with respect to organizational subscribers only, its Authorized Users, may access, view, and use the hosted offering outlined in Client’s subscription order (the “Subscription Services”), subject to the terms of this Agreement. Subject to Client’s timely payment of the Access Fee, Studer Education hereby grants Client a non-exclusive, non-transferable, right and license to access and use the Subscription Services throughout the subscription access period outlined in the subscription order and each agreed-upon renewal thereof (each, a “License Term”) for your personal educational use and with respect to organizational subscribers only, for the internal business purpose of educating and training Client’s Authorized Users.
- License Term; Termination. For individual subscribers, Client’s initial License Term will automatically renew for successive subscription periods equivalent in length to the initial License Term, based on Studer Education’s then-applicable rates; provided, that at any time either party may terminate the subscription order and any subsequent renewals hereunder by providing the other party with written notice its desire to terminate this Agreement, in which event the termination will be deemed effective as of the first day of the next month and any prepaid amounts attributable to Client’s access to the Subscription Services following the effective date of termination will be refunded by Studer Education within a reasonable period following termination. For organizational subscribers, the applicable License Term and corresponding termination rights will be governed by the terms of Client’s Engagement Letter.
- Client will also pay, or reimburse Studer Education for, all applicable sales, use, excise, value added, services, consumption and other taxes and duties associated with your use and receipt of the Subscription Services, excluding taxes on Studer Education’s income generally. Client will provide Studer Education with a copy of Client’s certificate of tax exemption, if applicable. If Client is required by the laws of any foreign tax jurisdiction to withhold income or profits taxes from the Access Fee, then the amount payable by Client upon which the withholding is based shall be paid to Studer Education net of such withholding. Client shall pay any such withholding to the applicable tax authority. However, if after 120 days of the withholding, Client does not provide us with official tax certificates documenting remittance of the taxes, Client shall pay to Studer Education an amount equal to such withholding. The tax certificates shall be in a form sufficient to document qualification of the taxes for the foreign tax credit allowable against our corporation income tax.
- Equipment and Technical Support. The Subscription Services are hosted online, and Client will be responsible for obtaining any equipment and Internet access needed for Client and its Authorized Users, if any, to use the included services. Studer Education will provide commercially reasonable maintenance and technical support for the Subscription Services during normal business hours.
Client acknowledges that any unauthorized use or disclosure of the Subscription Services and included Content would cause Studer Education irreparable harm, and therefore, in addition to any other remedy available in law, Studer Education would be entitled to immediate injunctive relief, without showing any actual damages sustained, to prevent such disclosure or unauthorized use. Studer Education will have no obligation to post a bond or other security in connection with obtaining an injunction, specific performance, or other relief.
- User Contributions. The Subscription Services contains message boards, forums, networking opportunities, and other community-focused features which allow users to post, publish, or share messages and specific Content with other users of the Subscription Services. For purposes of this Paragraph 8, “User Contributions” means any messages or other content shared by Client or any Authorized Users other than Studer Education’s proprietary Content. Client is fully responsible for any User Contributions that Client or if applicable, its Authorized Users may share through the Subscription Services or otherwise send to other Subscription Services users, including the legality, reliability, accuracy and appropriateness of such User Contributions.
Based on the design of the Subscription Services, Client and any Authorized Users may share messages and internally circulate Studer Education’s Content using the included community-focused features but may not share or provide access to any external content or materials. Client and its Authorized Users, if any, shall not post, submit, or link to any User Contributions that infringe, misappropriate, or violate the rights of any third party or any applicable law, or that is defamatory, obscene, indecent, harassing, threatening, abusive, inflammatory, or fraudulent, purposely false or misleading, or otherwise harmful.
- All notices or demands required hereunder shall be in writing and shall be delivered personally or sent by certified or registered mail, return receipt requested, or by overnight express service, to the appropriate party at the address stated in the Client’s submitted subscription order, his or her successor, or other designee or officer of the party with a copy to Studer Education at: Legal Department, Huron Consulting Group Inc., 550 West Van Buren Street, Chicago, IL 60607.
Additional Information for Residents of California
This supplemental section of Huron’s Privacy Statement is directed at and applies to a limited subset of individuals who interact with Huron, who are verifiable residents of the state of California, and who are not otherwise exempted from the California Consumer Privacy Act (CCPA). Huron is largely not subject to the requirements of the CCPA given the nature of our business (i.e., primarily business-to-business transactions as described below).
If you are a resident of California, who is neither (a) an employee, owner, director, officer, or contractor of an organization (i.e., company, sole proprietorship, non-profit, or government agency) whose communications or transactions with us occur solely within the context of us conducting due diligence regarding, or providing or receiving a product or service to or from your organization), or (b) a job applicant, you have the following specific additional privacy rights under the law:
- Right to request access to personal information. California residents have the right to request that we disclose to them the categories and specific pieces of personal information we have collected about them. Upon submission and our receipt of a verifiable consumer request, and not more than twice in a 12-month period, we are required to provide such information directly to California consumers (if it is not already provided here or in another notice).
- Right to request deletion of personal information. California residents have the right to request that we delete any personal information about them which we collected from them. Our obligation to delete personal information is limited by the law, and we are not required or able to comply with requests in all instances; for example, if it is necessary for us to maintain personal information in order to complete a transaction with the consumer, detect or protect against security incidents or other illegal or deceptive activity, exercise our free speech or other rights provided by law or protect the lawful rights of another consumer, comply with other legal obligations, or enable internal uses of the personal information in a lawful manner compatible with the context in which the consumer provided the information or would expect it to be used based on their relationship with us. For the full list of exceptions, see Cal. Civ. Code § 1798.105.
- Right to request disclosure of what personal information we process, the source of it, the business or commercial purpose for processing it, and with whom (e.g., service providers) we share it. California residents have a right to request that we disclose to them (if we have not already in this or another notice): the categories of personal information collected about them, the categories of sources from which it was collected, the business or commercial purpose for collecting it, the categories of third parties (e.g., service providers) with whom we share it, and the specific pieces of personal information collected about them. A large portion of that information is provided here in this Privacy Statement, and we may direct you back here to make note of that information. It should also be noted that the disclosure right related to specific pieces of personal information is not absolute, and it is our responsibility to protect that sort of information from unauthorized Please refer to the sections below on How to Submit and What to Expect for more information about the process.
- Right to know that we do not “sell” personal information. We have not sold (neither under the ordinary meaning of the term “sale,” nor under the CCPA’s definition of “sale”) consumers’ personal information in the preceding 12 months.
How to Submit a Request to Exercise your CCPA Rights
If you are a consumer and resident of California who is not a job applicant or individual involved in business-to-business communications and transactions with Huron (as described in the Your California Consumer Privacy Rights section above), and you wish to exercise one of your CCPA rights, please send an email to email@example.com and include your name, your specific request, and a preferred contact method (e.g., email or mail) for us to follow up with you.
You may call 1-866-229-8700 (toll-free) and ask to be connected with Christopher Hoff, Huron’s Chief Privacy Officer. Ultimately though, we will instruct and require you to submit your request in writing, for us to keep appropriate records, and because the law requires us to respond to you in writing. Please start by contacting us at firstname.lastname@example.org to expedite the process.
Please see the section below for what to expect once you contact us.
What to Expect When you Submit a Request to Us
We are a professional services firm, dealing almost exclusively with other companies, as opposed to directly with consumers as that term is usually understood, in business-to-business transactions; and the protection of our clients’ information (past, present, and future) is paramount to our corporate values and our privacy program.
We take data security, in addition to privacy, very seriously, and California law is clear on the need for businesses to protect all consumers from fraudulent requests made by someone other than the actual individual.
We mention this to prepare you for the fact that if you request from us specific pieces of personal information collected about you, we will do whatever is reasonably necessary (as the law allows and requires) to verify that you are who you say you are; and as such, you should expect a thorough and personalized vetting process from us to ensure that we do not provide one individual’s personal information to an imposter. The process may take 45 days (or longer when reasonably necessary) depending on the request, and consistent with our obligations under the law.
Personal Information We Collect About Consumers
We have collected the below categories of personal information about consumers in the past 12 months.
In the table below, we have used the CCPA categories of Personal Information and provided basic explanations in plain English for each of those categories. Our responses are divided below into the three broad categories of individuals (or “consumers”) with whom we work every day, and to whom this Privacy Statement applies: (1) leads (a/k/a potential clients/customers), (2) clients/customers, and (3) job applicants.
Not everything below will apply to you, because we have different relationships with different individuals. Our Privacy Statement should be read and understood in the reasonable context of your particular relationship with Huron.
|CCPA Categories of Personal Information||Does Huron Collect that for Leads?||Does Huron Collect that for Clients/Customers?||Does Huron Collect that for Job Applicants?|
|A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Yes. We collect identifying information about leads who interact with us online, for example, (a) online or IP identifiers or email addresses for potential clients and customers who interact with us online, and (b) names and addresses for organization contacts at potential client organizations.||Yes. We know the identities of our clients and customers and maintain interest and transactional records that would be expected of a professional services firm with business clients and customers. We also receive and process personal information from or on behalf of our clients and customers (about their own customers, clients, employees, market research participants, etc.) when we perform services for them and otherwise act as a service provider to them.||Yes. We know the identities of those who apply for employment with Huron. This is the only group that we are likely to collect some of the more sensitive categories of identifiers from (in order to screen and properly identify them in accordance with employment law), such as social security number, driver’s license number, or similar identifiers.|
|B. Any categories of personal information described in subdivision (e) of Section 1798.80 (i.e., any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information)||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.|
|C. Characteristics of protected classifications under California or federal law (subject to change under the law, but for example: race, color, sex, gender identity and expression, sexual orientation, age, religion, national origin, disability, citizenship status, and genetic information).||No.||No.||Maybe. This information may be passively collected if for example a job applicant discloses it in an employment application (e.g., a Huron job applicant states or implies their race, sex, sexual orientation, religion, or other protected characteristic by listing an affiliation that implies inclusion in a protected classification on their resume or application). Huron does not actively collect this information, unless and until it is part of the equal employment opportunity data recordkeeping process.|
|D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes. We may collect this information about leads in order to develop new business with organizations and individuals who may be interested in or have expressed an interest in Huron. We are primarily a business-to-business organization, and as such we are concerned with organizational habits and needs, far more than individual consumer habits and needs.||Yes. We collect and retain this information about organizational clients and customers because it helps us provide tailored goods and services.||No.|
|E. Biometric information.||No.||Probably not. However, it is possible within the reasonable context of our relationship with clients that as a professional services firm, Huron may be providing consulting or other services that relate to the client’s own biometric information systems, and may result in Huron having tertiary access to such information that belongs to the client.||No.|
|F. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.||Yes. Huron may have information regarding a lead’s interaction with an Internet website (e.g., Huron’s or other websites), application (e.g., Huron’s SaaS offerings), or advertisement (e.g., Huron’s advertisements). We may collect information related to internet activity attributable to other organizations (i.e., activity attributable to another organization’s known IP addresses for example, rather than individual or household activity) to inform our marketing strategies.||Yes. Huron may have information regarding a client or customer’s interaction with an Internet website (e.g., Huron’s or other websites), application (e.g., Huron’s SaaS offerings), or advertisement (e.g., Huron’s advertisements). We may collect information related to internet activity attributable to other organizations (i.e., activity attributable to another organization’s known IP addresses for example, rather than individual or household activity) to inform our marketing strategies.||Yes. Huron may have information regarding an individual job applicant’s interaction with an Internet website (e.g., Huron’s recruiting website), application (e.g., Huron’s recruitment portal), or advertisement (e.g., Huron’s job postings).|
|G. Geolocation data.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.|
|H. Audio, electronic, visual, thermal, olfactory, or similar information.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time. We electronically monitor the use of our website, but both the technology and our policy prohibit the capturing of personal information in such monitoring and the attribution of website activity to individuals.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time. We electronically monitor the use of our website, but both the technology and our policy prohibit the capturing of personal information in such monitoring and the attribution of website activity to individuals.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time.|
|I. Professional or employment-related information.||Yes. Because we are a professional services firm serving other business organizations, and some individuals directly, we do collect professional and employment-related information as part of the lead generation or business development process, as you would expect.||Yes. Because we are a professional services firm serving other business organizations, and some individuals directly, we do collect professional and employment-related information as part of the client management process, client service process (e.g., market research and other services provided to or on behalf of other businesses), and additional business development, as you would expect.||Yes. Most job applicants provide this information on their application or we otherwise receive it (e.g., from recruiters or public professional networking and job sites) during the recruiting process.|
|J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).||No.||Usually not. However, in the context of our TeacherReady Online Certification program we may process education information. And as with certain other categories, it is possible within the reasonable context of our relationship with clients that as a professional services firm, Huron may be providing consulting or other services that relate to the client’s own education information systems, and may result in Huron having tertiary access to such information that belongs to the client.||Yes. As part of the ordinary job applicant background check process, we may collect education information, such as degree confirmations or degree transcripts.|
|K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Not really at the consumer level, as much as the organization-level. Huron’s marketing efforts are principally focused on figuring out what organizations need and then providing relevant professional services to those organizations (as opposed to targeting and profiling consumers individually to influence their consumer purchases). That means that we are profiling potential client organizations. However, a necessary part of marketing and business development usually includes reaching out to individuals who represent their organizations. In order to do that we have marketing and business development operations and Customer Resource Management systems with information contained therein that you would expect from a B2B professional services firm.||Not really at the consumer level, as much as the organization-level. Huron’s marketing efforts are principally focused on figuring out what organizations need and then providing relevant professional services to those organizations (as opposed to targeting and profiling consumers individually to influence their consumer purchases). That means that we are profiling potential client organizations. However, a necessary part of marketing and business development usually includes reaching out to individuals who represent their organizations. In order to do that we have marketing and business development operations and Customer Resource Management systems with information contained therein that you would expect from a B2B professional services firm.||Not really. We don’t collect inferences to create a profile, but, as is the case with every organization, we do have a recruitment file for job applicants, and we are trying to determine whether any particular applicant is a good fit for Huron.|
Regarding any of the above categories of personal information that we process, Huron may disclose that information for a business purpose. Huron uses service providers, like all organizations. And those service providers may process Personal Information for operational purposes – such as detecting or protecting against security incidents, auditing, and performing services on behalf of Huron. For personal information that belongs to our clients, if the clients allow us to use “subcontractors,” then we may be disclosing personal information to those subcontractors which are acting as service providers, as part of our contractual performance on behalf of clients.
Additional Information for Individuals Located in Europe
This supplemental section of Huron’s Privacy Statement is directed at and applies to individuals located in the European Union (“EU”), United Kingdom (“UK”), Switzerland, or where applicable EU data protection laws (e.g., the General Data Protection Regulation (“GDPR”)) applies.
By using the website or providing Personal Data to Huron, your Personal Data may be transferred to the United States, where Huron is headquartered, or to other Huron locations where we carry out our support activities. Your country’s laws governing data collection and use may differ from those in the United States or other Huron locations. For example, the data protection laws of the United States, India, and most other countries have not been found by the European Commission to provide the same level of protection as EU data protection law. Some of the entities with whom we share your Personal Data are also located in countries whose laws have not been deemed by the European Commission to provide the same level of protection to your Personal Data. Only a small number of countries have been officially recognized by the European Commission as providing an adequate level of protection (list available here). Transfers to Huron entities and others located in countries outside the European Economic Area (“EEA”), UK, or Switzerland take place on the basis of an adequacy finding by the relevant authority (i.e., European Commission, Swiss Federal Data Protection and Information Commissioner (“FDPIC”), UK Information Commissioner’s Office (“ICO”) or other competent supervisory authority), EU Standard Contractual Clauses (or other standard contractual clauses approved by a competent supervisory authority), or other appropriate GDPR or applicable law derogations. Please contact email@example.com if you want to receive further information.
EU-U.S. and Swiss-U.S. Privacy Shield
Special 2020 Privacy Shield Notice: Please note that with respect to Personal Data received from the EEA, UK, and Switzerland in reliance on Huron’s Privacy Shield certification prior to July 2020, and received from Switzerland prior to September 2020, Huron continues to process such Personal Data (previously transferred) in accordance with the Privacy Shield Principles, as the Privacy Shield framework requires. However, the European Commission’s EU-U.S. Privacy Shield adequacy decision was invalidated by the Court of Justice of the European Union in July 2020, and the Swiss-U.S. adequacy decision was revoked by the Swiss FDPIC in September 2020; and as such, Huron no longer relies on its Privacy Shield certification for current and future transfers of Personal Data from the EEA, UK, and Switzerland to the U.S. As noted above, we rely on other appropriate GDPR Art. 46 and 49, UK Data Protection Act Ch. 5, or Swiss Federal Data Protection Act Art. 6 provisions to validate transfers of Personal Data from the EEA, UK, and Switzerland to third countries.
Huron complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EEA, UK, and Switzerland to the United States prior to July 2020 with regard to the EEA and UK, and September 2020 with regard to Switzerland . Huron has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Our Privacy Shield certification applies to all U.S. entities and subsidiaries covered in our Privacy Shield certification record, accessible here. Huron and its controlled U.S. subsidiaries subject to the Privacy Shield Principles hold and process all Personal Data previously received from the EEA, UK, and Switzerland, in reliance on our Privacy Shield certification, to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles related to Personal Data transferred in reliance on our Privacy Shield certification, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Huron is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
When we receive written complaints submitted as instructed herein, we will follow up with the person who made the claim. If you have a complaint or concern, please contact us and we will attempt to resolve it. If we are unable to do so, we have designated JAMS, a worldwide provider of alternative dispute resolution services, as our independent recourse mechanism to address complaints and provide appropriate recourse free of charge to individuals covered by the Privacy Shield. The website for submitting complaints which have not been resolved directly by Huron can be found here. Individuals covered by the Privacy Shield may seek binding arbitration for limited types of claims. For additional information about the Privacy Shield arbitration process, please visit the Privacy Shield website at Privacy Shield Arbitration. If a service provider providing services to Huron processes Personal Data from the EEA, UK, or Switzerland that is subject to the Privacy Shield in a manner inconsistent with the Privacy Shield Principles, Huron will be liable unless we can prove we are not responsible for the event giving rise to the damages.
Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain information in this regard.
Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.
Objection. You have the right, when we process Personal Data on the grounds of legitimate interests, to object to the processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your Personal Data is processed for direct marketing purposes.
Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
Restriction. You may request to restrict processing of your Personal Data (i) while we verify your request – if you have contested the accuracy of the Personal Data about you which we hold; (ii) if the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) if we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) while we verify your request if you have objected to processing based on public or legitimate interest.
Erasure. You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal grounds for the processing exists, you objected and no overriding legitimate grounds for the processing exist, the processing is unlawful, or erasure is required to comply with a legal obligation.
Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.
Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.
If you have questions about exercising any of those rights or their applicability to any of our particular processing activities or have questions about any data transfer mechanism or want a copy thereof, you may contact us at firstname.lastname@example.org or at the address provided below.
VeraSafe has been appointed as Huron’s representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Huron’s Chief Privacy Officer (available at email@example.com), only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
Alternatively, VeraSafe can be contacted at:
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
We have taken great measures to ensure that your visit to our website and your interactions with Huron are satisfying and that your privacy is respected. Unless otherwise stated, Huron is a business and data controller for Personal Data processed subject to this Statement. Because Huron is a professional services firm focused primarily on serving other businesses, Huron is a service provider and data processor to our clients for Personal Data that belongs to the data subjects and consumers who are associated with those clients. If you have any questions, comments or concerns about our privacy practices, please contact us by e-mail at firstname.lastname@example.org.
Copyright 2012-2020 Huron Consulting Group Inc. and its subsidiaries
All rights reserved.
Effective October 2020