General Data Protection Regulation (GDPR) Statement

Effective June 12, 2018

Beginning May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) went into effect. These new regulations provide EU residents with greater control over what, how, why, where, and when their personally identifiable data is used, processed or disposed. The regulations expands these rights beyond the borders of the EU, applying to organizations, such as ours, that process personal data of EU residents on behalf of our customers (“Personal Data”). mbaMission has been committed to the privacy of our customers and end users, wherever located, since our inception and complying with GDPR principals is no exception.

mbaMission, Inc. (“mbaMission”, “we”, “us” or “our”) either already meets or is implementing our obligations as a data processor under GDPR. We are committed to periodically reviewing our policies and verifying our compliance with applicable law and our internal standards. This GDPR Statement (“Statement”) describes how mbaMission collects, uses, and discloses certain personally identifiable information that we receive in the United States (“U.S.”) from the European Union; the European Economic Area, the United Kingdom, and Switzerland. In this Policy, the European Union, the European Economic Area, the United Kingdom, and Switzerland are collectively referred to as the “EU”.

I. Information We Collect

We adhere to the principles of the GDPR with respect to Personal Data provided by: (i) individuals who visit our website and voluntarily provide their information, and (ii) from our customers, vendors, contractors, affiliates, and agents.

Our service provides educational materials and various types of consulting to assist our customers with their business school admissions planning and application process. Through providing this service, the Personal Data we may collect may include:

  1. First and last names
  2. Email addresses
  3. Phone numbers
  4. State/Regional Identification
  5. Links to LinkedIn profiles
  6. Test Scores
  7. Professional history/Resume/CV
  8. Username and password for your mbaMission account
  9. Education history, including degrees, dates and locations of attendance, grades, extracurricular accomplishments and educational institution affiliations
  10. Personal information you submit to us via our customer service methods or through leaving reviews
  11. Usage, viewing, and technical data, including device identifier and/or IP address, or location information
  12. Billing information (for subscribers)
  13. Log files, information collected by cookies or similar technologies about actions taken when accessing our platform
  14. Data submitted by our customers, which we process on their behalf

II. Purposes of Personal Information Collection and Use

mbaMission collects, uses and processes Personal Data for the purposes of:

  1. Providing information about our products, services and events
  2. Providing products, services and support to our customers
  3. Communicating with customers, business partners, vendors, agents and contractors about business matters
  4. Analysis of information in order to improve business practices, products and services
  5. Conducting related tasks for legitimate business purposes
  6. Other purposes disclosed at the time of collection
  7. Compliance with legal requirements

mbaMission will only process Personal Data in ways that are compatible with the purpose for which mbaMission collected the Personal Data, or for purposes that the individual or customer providing the Personal Data authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose for which it was collected or that you authorized, we will provide you with the opportunity to opt out.

III. Data Transfer to Third Parties

  1. Subcontractors. We transfer Personal Data to our subcontractors that perform consulting services and other functions on our behalf. We enter into written agreements with each of our subcontractors requiring them to provide the same level of protection that mbaMission provides for its customers and as required by the GDPR, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that subcontractors process Personal Data in accordance with our company policies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. We remain liable for the acts of our subcontractors that perform services on our behalf for their handling of Personal Data that we transfer to them.
  2. Third Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers that perform functions on our behalf. You can access our current list of subprocessors here. We enter into written agreements with those third-party agents and service providers requiring them to provide the level of protection required by the GDPR if applicable to such third-party agents and service providers, and if not, then the same level of protection that mbaMission provides, limiting their use of the Personal Data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third-party agents and service providers process Personal Data in accordance with our company polies and GDPR obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers that perform services on our behalf for their handling of Personal Data that we transfer to them.
  3. Third Party Data Controllers. In some cases, we may transfer Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third party software and services companies whose products interact with mbaMission products and services in certain instances where a mbaMission customer is also a client of such third party. We will only provide your Personal Data to third party data controllers where you have not opted-out of such disclosures. As a policy we work with only third-party data controllers that are GDPR compliant, and when possible enter into written contracts with any such third-party data controllers requiring them to provide the same level of protection for Personal Data that GDPR, as applicable, requires.

IV. Disclosures for National Security or Law Enforcement

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities or to meet national security or law enforcement requirements.

V. Security

mbaMission maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.

VI. Access rights

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of applicable law. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. If your Personal Data was provided to us by a mbaMission customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.

VII. Staff and Responsibilities

Everyone who works for or with mbaMission has some responsibility for ensuring data is collected, stored and handled appropriately. Only employees who need to access or know the Personal Data in order to accomplish their work have access to such Personal Data. Our employees that have access to Personal Data must ensure that it is handled and processed in line with this policy and data protection principles. The Board of Directors (“Board”) is ultimately responsible for ensuring that mbaMission meets its legal obligations. mbaMission has designated the Chief Technology Officer to oversee its information security policies and procedures, including its compliance with applicable law. The Chief Technology Officer shall review and approve any material changes to this policy as necessary.

VIII. Questions and Concerns

Any questions, concerns, or comments regarding this Statement or our use of your Personal Data, please contact us at compliance@mbamission.com.

mbaMission, Inc.
138 West 25th Street
7th Floor
New York, NY 10001

We reserve the right to amend this Policy from time to time consistent with GDPR requirements and other applicable law.


List of Subprocessors

  • HubSpot
  • Shopify
  • Zapier
  • Remedy Point Solutions
  • Neuro-Designs
  • Likeable Advertising
  • mbaMission Consultants
  • Appointment+
  • GrowthEngine
  • AWS