Information we collect
McKinsey collects personal data about you when you enter your user account information and participate in course content, including in user posting areas (such as bulletin boards, discussion forums and surveys). We may also automatically collect information about the devices you use to interact with McKinsey Academy, including the location of these devices such as time zone, and iOS. The information we automatically collect may include IP address, device identifier, web browser, and browsing information collected through cookies, web beacons, pixels, clear gifs, and other similar technologies (collectively “Cookies and Other Tracking Technologies”) on the site. We also automatically collect information about how you use the McKinsey Academy site, such as what you have bookmarked, searched for and viewed. Further, we collect information about your academic performance and behavior related to test and poll taking, like progress, score, time spent, and your answers to these tests and polls. The information automatically collected will be associated with any other personal data you have provided.
Use of information
McKinsey uses your personal data to enable you to access courses and McKinsey Academy content. McKinsey also uses your personal data to evaluate and improve our services, distribute newsletters and alerts to you, analyze McKinsey Academy performance and functioning, compare the use of McKinsey Academy content among different audiences. We also use your personal data to identify other courses, services or offerings provided by us that may be of interest to you.
McKinsey Academy does not collect personal data about your online activities over time and across third party websites or online services. Accordingly, we do not alter our data collection and use practices in response to “do not track” signals transmitted from web browsers.
Sharing information with your Sponsoring Organization
From time to time we may provide your Sponsoring Organization with user progress and proficiency data with respect to particular McKinsey Academy courses or courses, some of which may constitute your personal data (collectively, “Participation Data”). McKinsey shall not be responsible or liable for the use of such information by your Sponsoring Organization, and such use shall be subject to your Sponsoring Organization’s policies (including privacy policies) applicable to you.
The legal basis by which we process your personal data
Our processing of your personal data for the purposes mentioned above is based
- on our legitimate interests in promoting and protecting McKinsey, building and maintaining relationships, and providing our services, for example where we analyze usage data to see how the Academy is functioning;
- on your consent, for example if you register for our newsletters or alerts;
- to comply with the law, when certain information is necessary to satisfy our legal or regulatory obligations.
Data recipients and international data transfers
Personal data collected or processed by McKinsey Academy may be transferred from time to time to McKinsey subsidiaries and affiliates and their personnel (including employees and contractors) across our global organization, as well as to third party service providers located throughout the world, including in countries where the local law may grant you fewer rights than you have in your own country. Additionally, McKinsey Academy Content may be viewed and hosted by McKinsey and our third party service providers anywhere in the world. Where required by law, we have put in place legal mechanisms designed to ensure adequate data protection of your personal data that is processed by McKinsey subsidiaries, affiliates, and third party service providers, including the transfer of your personal data to countries other than the one in which you reside. If you would like more information about these legal mechanisms, which may include the EU’s Standard Contractual Clauses, please contact us at the address below.
In addition, we may disclose information about you:
- If we are required to do so by law or legal process;
- To law enforcement authorities or other government officials;
- When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
- If disclosure is necessary to protect the vital interests of a person;
- To enforce our Terms;
- To protect our property, services and legal rights;
- To prevent fraud against McKinsey, our subsidiaries and affiliates and business partners;
- To support auditing, compliance, and corporate governance functions; or
- To comply with any and all applicable laws.
In addition, we may disclose or transfer your personal data in the event of a re-organization, merger, sale, joint venture, assignment, or other transfer or disposition of all or any portion of our business.
You should be aware that whenever you publicly disclose information, even to a limited group of recipients (for example, other users who are enrolled in the same McKinsey Academy course as you), that information could be collected and used by others. McKinsey is not responsible for any action or policies of any third parties, including other McKinsey Academy users, who collect information that users disclose to such third parties.
Third-party websites and platforms
In addition, certain Mobile Offerings may be made available to you through a website, application or platform operated by a Mobile Platform Provider (as such term is defined in the Terms). When you share data with a Mobile Platform Provider, for example to create user credentials allowing you to use their platform to access the Mobile Offering, that personal data is stored outside of McKinsey’s control and will be subject to the relevant Mobile Platform Provider’s own terms and privacy policies.
McKinsey has implemented generally accepted standards of technology and operational security to protect personal data from loss, misuse, alteration, or destruction. Only authorized McKinsey personnel and third party service providers are provided access to personal data, and these personnel and service providers are required to treat this information as confidential. Despite these precautions, McKinsey, however, cannot guarantee that unauthorized persons will not obtain access to your personal data.
Data retention policy
Where granted by local law, you may have the right to request access to the personal data that we have hold about you for the purposes of reviewing, modifying, or requesting deletion of the data. You may also have the right to request a copy of the personal data that we hold about you and to have any inaccuracies in that data corrected. In certain circumstances, you may also request that we cease processing your personal data.
If you would like to make a request to access, review, or correct the personal data we have collected about you, or to discuss how we process your personal data, please contact our support team.
To help protect your privacy and security, we will take reasonable steps to verify your identity, such as requiring you to provide or confirm your identity, including your User Account Information, before granting access to your personal data. We will make reasonable attempts to promptly investigate, comply with, or otherwise respond to your requests as may be required by applicable law. Different laws or circumstances may prevent us from providing access to your personal data or otherwise fully complying with your request depending upon the circumstances and the request; such as for example, where producing your information may reveal the identity of someone. We may, including where required by applicable law or contract, notify your Sponsoring Organization of your request and coordinate with your Sponsoring Organization in responding to your request. We reserve the right to charge an appropriate fee for complying with your request where allowed by applicable law, and/or deny your requests where they may be manifestly unfounded, and/or excessive, or otherwise objectionable or unwarranted under applicable law.
Where the processing of your personal data is based on consent (for example if we send you newsletters), you may withdraw your consent at any time, by contacting our support team.
In addition, and where granted by local law, you have the legal right to lodge a complaint with a competent data protection authority.
Your California privacy rights
Pursuant to California Civil Code Section 1798.83(c)(2), McKinsey does not share your personal data with third parties for those third parties’ direct marketing use.
Contact our privacy department
- McKinsey & Company
- Legal Department
- 711 Third Avenue
- New York, NY 10017
- +1 212 446 7000