Privacy Policy

Last updated: June 2024

Generation: You Employed, Inc. (“GYE”) and Generation affiliated entities (“Affiliates”) (collectively referred to as “Generation”) are committed to the security and the confidentiality of your personal data. This notice is intended to provide you with a clear understanding of the types of personal data we collect, how we use it, the circumstances in which we may share the information, your rights in connection with it, and the steps we take to safeguard it. 

GYE primarily determines the means and purpose for processing core recruitment and alumni data. This means that GYE is the primary data controller of your personal data for most collection activities under applicable law, such as the EU General Data Protection Regulation, the UK General Data Protection Regulation (collectively “GDPR”), and relevant country and state data protection laws.

In some circumstances, GYE and the Affiliate will act as joint controllers of your personal data. This is because both GYE and the Affiliate may mutually decide why certain personal data is collected and how it will be used and processed.  This notice will make clear when such joint controllership is present. 

This notice does not apply to personal information we collect for human resource purposes.

When does this privacy policy apply? 

This notice explains Generation’s practices for the collection and use of your personal data when you: 

  • Visit GYE’s website at https://www.generation.org/ or one of our Affiliates’ websites at the generation.org domain; 
  • Use any of the mobile, web or desktop applications Generation provides in connection with our services, such as applying for our programs through the Gen Recruiting platform or accessing the Learner Portal;
  • Email or engage in any other form of correspondence with Generation; 
  • Make donations on our website;
  • Provide information to us offline including in-person and in paper documents; 
  • Or any other purposes that are mentioned in this notice. 

We also collect personal information through automated technologies. Please refer to our Cookies Policy for more information about the types of cookies we use and their purpose.

We collect, use and share aggregated or anonymized data such as statistical or demographic data for any purpose. Aggregated or anonymized data could be extracted from your personal information but is not legally considered personal information as this data will not directly or indirectly reveal your identity. If we combine or connect aggregated data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this notice. 

We might update this notice to reflect changes to our data collection practices. If changes to this privacy policy materially affect the processing of your personal data, we will endeavor to communicate these changes to you in a way that we would normally communicate with you (e.g. via e-mail) in a reasonable period prior to implementing the changes. We will note the date the terms were last revised at the top of the notice. The latest version of our notice can be found on our website: https://www.generation.org/privacy-policy/.

Personal Data We Collect and Why We Collect Personal Data 

When you visit GYE’s website https://www.generation.org/, an Affiliate’s website, or our systems, we collect certain information about you either because you provided it directly to us or automatically. We also collect your information when you contact us either by using the contact form on the website, completing forms or surveys, or by using email, telephone or social media channels. 

For some of the processing activities included in the table below, GYE will act as the controller of your personal data and the Affiliates will collect the data on the basis of instructions of GYE as processors. While Affiliates participate in collecting data to assess the eligibility criteria of learners(pre-program) and the data collection through the Alumni survey (post-program), these activities, as described in more detail below, are led by GYE. Both GYE and Affiliates may act as data controllers for other activities noted below.The following information we collect directly when you choose to provide it to us:

Personal Data We Collect DirectlyWhy and Legal Basis
When you register on https://myaccount.generation.org/ and create an account as a learner, we will collect the following personal data: your first name, name, phone number and email address, password. We collect this personal data based on your consent and to allow you to register for our services.
Data you make public yourself on the websites of Generation or on the Learners Platform website. This may include: your name, comments and opinions on blogs and forums, profile pictures, etc. We process this personal data based on our legitimate interest to improve our programs and to interact with our learners. 
When you donate to our Generation Global programs around the world by using the donate now registration form on the Websites, we collect: your first name, name, email, phone number, amount of donation, and company name and payment information (if applicable).We process this personal data based on your consent, to receive and record donations in compliance with our legal obligations, and our legitimate interest to maintain communications with donors.
When you use the contact form on the website, we collect: your name, your email, name of organization (and country of headquarters), your position, telephone number and any questions or comments you may leave. We process this personal data based on our legitimate interest to manage our operations and effectively respond to your comments and questions.
When you contact us via phone, email or social media channels, we collect: your name, address, telephone number, social media account information, the company you work for, and any details of the communication. 
When you sign up for our mailing list or when you receive marketing messages from us, we will collect: your name and email. We process this personal data based on our legitimate interest to promote our services and objectives as an organization.
In jurisdictions where consent is required for sending marketing communications (opt-in), we will only send you marketing messages with your consent. In jurisdictions where no consent is required, we rely on our legitimate interest to promote our programs and services.

You may at any time withdraw your consent or object to the processing of your personal data for marketing purposes by following the unsubscribe instructions found in any e-mail we send. 
Pre-program data processing:
• Name
• Contact information
• Date of birth
• Address
• Proof of Identification (in some instances)
• GenderRace/ethnicity
• Work authorization
• Referral source
• Education level
• Employment history
• Financial situation
We collect this information to assess your eligibility for our programs and help determine how we can make the Generation programs most beneficial to you. We do so based on pre-contractual performance of the contract you may enter into with us.

Certain data is solicited but not required for completion of application and are not considered eligibility requirements. We will only collect particularly sensitive information, such as your race and ethnicity, if you provide your explicit consent to this processing. We sometimes need this information to ensure the diversity of our programs (e.g., programs designed and funded for underserved communities and groups). For some programs, donors may require this information as a criteria of eligibility.  In these situations, Generation will make clear during the application process that this information is needed for eligibility purposes and will notify data subjects if this was the reason for rejection for that program.
In-program data processing, we collect personal data from selected applicants about your behavior and mindset during the program. This includes data about your well-being during the program (future outlook, confidence, etc.) and about your expectations after the program. We collect this personal information to assess your improvement during the program, to receive ongoing feedback during the program, and to offer support to offset risk factors and obstacles to completing the program.

The lawful basis for this processing is the performance of the contract you have entered into with us and our legitimate interest in improving programming for learners, demonstrating the value of our programs and supporting our learners and graduates.

We collect data concerning your well-being (such as your future outlook) to provide effective mentorship during the program and assess changes in outlook through duration of the program.  This data provides us with information to improve mentorship programs and set up a baseline for measuring well-being post-program. During the course of the program, we may ask for freely volunteered sensitive information falling under special categories of data such as mental and physical health (i.e., disabilities).  We give you the voluntary option of providing health information in order to make accommodations as appropriate. We also collect this information to provide effective mentorship during the program. For sensitive health information, we rely on the exception in Article 9 (2) a) of the GDPR, and will only collect this information when you explicitly consented to it.  We may also process certain health information about you based on a legal obligation. In this case, we will inform you about this legal obligation.
In-program data processing, we also collect data about your satisfaction with the program and its instructors. We collect this information to improve our programs.

The lawful basis for this processing is our legitimate interest to improve our programs. 
In-program data processing, we collect data about your performance and progress in the program. We gather performance data from assessments to track your progress and identify areas where you need more support. This allows us to customize content, fine-tune instruction, and provide mentorship support to help you improve, enhancing your overall learning experience and success in the program.

The lawful basis for this processing is the performance of the contract you have entered with us to successfully graduate from the program and improve your skills.
In-program attendance We collect this information to track participation for internal purposes and to comply with contractual requirements of our donors to confirm eligibility requirements, if applicable.

The lawful basis for this processing is performance of the contract you have entered into with us and performance of the contract we have with certain donors.
Post-program data processing, we may collect certain data after you have graduated from our programs only if you consented to this data collection (these include post-programs surveys): employer information, job quality information, financial well-being and job satisfaction, career growth and progress, general well-being.

Once a year, GYE will send out an Annual Alumni survey for voluntary participation, when you participate in this survey, the same data as mentioned in the previous paragraph will be collected. The survey results will be shared with the other Affiliates in an anonymized way. 
To estimate the success of our programs (including durability and sustainability of our impact) and to help us improve our programs in the future.

The lawful basis to process this data is our legitimate interest to improve our programs.

The data we request concerning your well-being may be considered sensitive information concerning mental and physical health. If you decide to freely provide this information to us, we rely on the exception in Article 9 (2) a) of the GDPR because you provided your explicit consent. 
All categories of personal data mentioned above. We may process your personal data to comply with legal obligations or to comply with any reasonable request from competent law enforcement agencies or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.

In this case we will process your personal data on the lawful basis to comply with our legal obligation. 
We may process your personal data for informing any third party in the context of a possible merger with, acquisition from/by or demerger by that third party.

In this case we will process your personal data on the basis of our legitimate interest. 
All categories of personal data mentioned above. We will also process your personal data when we need them for evidence purposes, so that we may defend ourselves in possible legal or other proceedings.

In this case we will process your personal data on the basis of our legitimate interest. 

The following information we will collect indirectly when your visit one of our Websites or when you use any of our Mobile, Web or Desktop Application:

Personal Data We Collect Indirectly Why and Legal Basis
Technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system.We process this personal data to provide you a personalized and efficient way with the services we offer via our Websites. We also process this personal data to perform statistical analyses so that we may improve our Websites, our Services or develop new programs. 

We may process your personal data to preserve our legitimate interest, our partners or other third party if and when you register with or use our Websites, Social Media Websites or other communication channels.
Information concerning your browsing behavior or use of the Web, Mobile and Desktop Applications, such as how long you visit and how many times you visit our Websites.

Who We Share Your Information With

Within Generation, the following persons and parties will have access to your personal data: 

  • GYE personnel: we may share the information we collect within GYE personnel on a need-to-know bases. Anyone with access to your personal data will be bound by strict legal or contractual obligations to keep your personal data safe and confidential. 
  • Affiliates: we may share certain information we collect with the other Affiliates where permitted by applicable law, and as described in this privacy policy. We shall make sure that appropriate safeguards are in place such as contractual arrangements and legal bases to share the data. Most of the information pre-program, in-program and post-program (mentioned above) is collected by the Affiliates, but stored and managed on IT-programs and systems owned by GYE. Affiliates are not allowed to share personal data with other Affiliates. 

If we are required by law to disclose the information that you have submitted, we will attempt to provide you with prior notice (unless we are prohibited or it would be futile) that a request for your information has been made in order to give you an opportunity to object to the disclosure. We will attempt to provide this notice by email, if you have given us an email address, or by postal mail if you have entered a postal address. If you do not challenge the disclosure request, we may be legally required to turn over your information.

We share your personal data with third parties only when strictly necessary, and for the purposes as mentioned above. We will share your personal data with the following third parties: 

  • Employer partners: we may share information with our employer partners who will interview and/or seek to hire you upon or after completion of our programs for work placement purposes. 
  • Donors: in principle, we will only share anonymous and aggregated information with our donors. If donors would require personal information to be shared with them, we will ask you for your consent and we will inform you separately about this data sharing. 
  • Other service providers/sub-contractors: Generation works with various service providers to provide our services, Websites and Web, Mobile and Desktop Applications. This includes Service Providers to provide for the performance of hosting, providing analytics, performing research, undergoing development of the services, and engaging in social media services. These third parties will only process your personal data on the basis of Generation’s instructions. Generation will ensure that the necessary data processing agreements are in place with these service providers to ensure that your personal data is kept secure. 

1. How long do we keep your personal data?

Your personal data will be processed for as long as necessary to achieve the purposes described above in accordance with our Record Retention Policy. In general, we will keep your information for a period of 7 years, but if the information is no longer needed or if you withdraw your consent, we will delete or anonymize your personal data. 

When we no longer need your personal data or when you withdraw your consent, we will delete or anonymize your personal data. In some cases, we will however maintain a back-up of your personal data in a secured location in cases where we would need your data for our legitimate interest to use in court proceedings. In this case, we will only access the back-up data for these purposes. We will not delete your personal data if we are not allowed to do so based on a legal obligation or a court of administrative order prevents us from doing so.

2. Where will my data be transferred to? 

Due to the international group structure of Generation, personal data will be transferred to countries outside the jurisdiction of the Affiliates. As described above, all pre-program, in-program and post-program data will be collected by the Affiliates on IT-systems that are owned by GYE and that are accessible by GYE personnel. For EEA Affiliates this means that under the GDPR, appropriate safeguards need to be implemented to ensure a safe cross-border transfer of data to the US:  

  • For the EEA-affiliates: Generation has implemented the Commissions Standard Contractual Clauses to ensure an adequate level of protection for your personal data. 
  • For the United Kingdom: we have additionally implemented the data transfer UK addendum to the European Commission’s Standard Contractual Clauses.

Keeping your personal data secure

The security and confidentiality of the personal data we process is very important to us. That is why we have taken security measures to ensure that all personal data that is being processed is kept secure. When you submit personal information via the Platform, we take measures designed to ensure your information is protected. . The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.  We also protect your information offline. We limit access to personal information to employees who need the information to perform a specific job (for example, communications or recruiting). The servers on which we store personal information are kept in a secure environment. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. Please do not to share your password with anyone.

Unfortunately, the transmission of information via the internet is always subject to security vulnerabilities. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. In the case a data breach would occur, GYE takes the necessary measures to mitigate the risks and to, if mandatory, report the data breach to the competent supervisory Data Protection Authority.

3. What are your rights regarding your personal data?

If you are a resident of the European Economic Area (“EEA”) or of the United Kingdom (“UK”), the General Data Protection Regulation (“GDPR”) and the United Kingdom General Data Protection Regulation (“UK GDPR”) provide additional rights regarding your personal data, which might not be applicable to residents located in other countries outside the EEA or the UK. However, the rights of access, correction and deletion of your information as described below are also applicable to non-EEA or UK residents. This section describes the rights given to data subjects under the GDPR or UK GDPR. Please be aware that whenever you wish to exercise a right, we will ask you for a proof of identity. We do this to avoid that we have a data breach on our hands, e.g. because an unauthorized person pretends to be you and exercises a right in your name.

You have the right to access your personal data, which means that you can ask us to provide you information regarding the personal data we have about you. You can even ask for a copy of your personal data. However, note that you must specify for which processing activities you would like to have access to your personal data. If you make the same request repeatedly, clearly causing us nuisance, we are allowed to refuse granting you these subsequent requests or charge an administrative fee covering the expenses. We can also refuse granting you a right to access your personal data, or only grant it partially, if such access would risk disproportional detriment to the rights and freedoms of others, or Generation’s. 

You have the right to ask that we correct your personal data if you can show that the personal data we process about you are incorrect, incomplete or outdated. Please specify the context in which we use your personal data (e.g. to send you marketing correspondence or to respond to a request), so that we may assess your request swiftly and accurately.

If we asked for your consent to collect and use your personal data, e.g. to send you marketing correspondence, you have the right to withdraw that earlier given consent. You may withdraw your consent at any time by contacting privacy@generation.org. A withdrawal of consent will not affect the validity of our use of your personal data collected up to the point of your withdrawal. 

You can ask that we delete your personal data, if these personal data are no longer needed for the purposes for which we collected them in the first place, if our collection of them was illegitimate or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. When one of these circumstances applies, we will immediately delete your personal data unless the law, regulatory obligations or administrative or judicial orders prohibit us to delete your personal data.

You can ask that we restrict the processing of your personal data: 

  • during the time we are assessing your request for correction of your personal data;
  • during the time we are assessing your objection to the processing of your personal data;
  • when such processing was unlawful but you prefer restriction to erasure;
  • we no longer need your personal data, but you require them for the establishment, exercise or defence of a legal claim.

When we process your personal data on the basis of our own interests, i.e. you have not given us your consent and we do not need them for the execution or performance of an agreement nor to comply with legal obligations, you have the right to oppose our processing of your personal data. When our interest relates to direct marketing, we will grant you your request immediately. For other interests, e.g. our security interests, we will ask you to describe your specific circumstances giving rise to request. We then need to balance your circumstances against our interests. If this balancing exercise results in your circumstances outweighing our interests, we will cease processing your personal data. 

When we have collected your personal data on the basis of your consent or because they were necessary for the execution or the performance of an agreement with you, you have the right to obtain a copy from us in a structured, commonly used and machine-readable format. However, this right only applies to personal data you have provided to us.

If you would like to exercise any of these rights, we ask that you send us an e-mail. You can reach us at privacy@generation.org. Rest assured that we will not interpret an e-mail from you requesting to exercise a right as your consent with any processing of your personal data beyond what is required for handling your request. A request should clearly state and specify which right you wish to exercise. Always indicate the context in which we have obtained your personal data so that we may handle your request swiftly and diligently. We will promptly inform you of having received this request. If the request proves valid, we will notify you as soon as reasonably possible and at the latest thirty (30) days after having received the request. If you have any complaint regarding the processing of your personal data by Generation, you may always contact us via the e-mail address mentioned in the first paragraph of this clause. If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority: 

Should you have any questions about this notice or desire to exercise any of the rights listed above, you should contact Generation at privacy@generation.org or at the following addresses:

California and U.S. State Law privacy rights 

As nonprofit organizations, GYE and its Affiliates are not directly subject to the requirements of the California Consumer Privacy Act of 2018 (“CCPA”) as “businesses,” or certain other U.S. state privacy laws. However, we strive to act to provide rights to our data subjects consistently with the intent of the CCPA and similar U.S. privacy laws. No matter where you live, you may request information about the personal information we hold about you by following the procedures to contact us outlined in this Privacy Notice. Moreover, we have not sold your personal information, meaning that we have not disclosed your personal information for monetary or other valuable consideration.

4. Children’s use of the Generation Services 

Within the EEA. This Platform is not intended for children living in the EEA who are under 16 years of age. No one under the age of 16 may provide any information to or on the Platform. If you are under 16, do not use or provide any information to Generation or otherwise interact with the Platform. If we determine that we have collected or received any information from any child under the age of 16, we will delete that information immediately. If either (1) a child under 16 has provided information to the Platform or (2) you believe that we might have any information from or about a child under the age of 16, please contact us at privacy@generation.org to provide additional information or to request the removal of the relevant information from our database.

Outside of the EEA. Also, the Platform is not intended for children under the age of 16 years of age living outside of the EEA. No one under the age of 16 may provide any information to or on the Platform. If you are under 16, do not use or provide any information to Generation or otherwise interact with the Platform. If we determine that we have collected or received any information from any child under the age of 16, we will delete that information immediately. If either (1) a child under 16 has provided information to the Platform or (2) you believe that we might have any information from or about a child under the age of 16, please contact us at privacy@generation.org to provide additional information or to request the removal of the relevant information from our database.

5. Do you have any further questions? 

If you have any further questions about the processing of your personal data, please do not hesitate to contact our data protection officer at: privacy@generation.org