EDMC Data Privacy Principles

Last Updated June 17, 2014

Education Management Corporation is committed to the responsible use of information and protecting individual data privacy rights in connection with our provision of educational services by its education systems, The Art Institutes, Argosy University, Brown Mackie Colleges, and South University (collectively, “EDMC”, “we” or “our”). We strive to promote transparency through education initiatives, privacy principles and policies, and appropriate opportunities for choice, access, and correction with respect to personal information. We collect and maintain about prospective students, applicants, students, and alumni. EDMC employment records are not subject to these Data Privacy Principles (these “Principles”).

DATA PRIVACY PRINCIPLES

These Principles apply to the personal information, including sensitive personal information, collected, maintained, used or disseminated in connection with the educational services offered by EDMC. In the event of a conflict between these data privacy principles and applicable law, such as the Family Educational Rights and Privacy Act (“FERPA”) or Canadian privacy laws for Our Canadian campus, applicable law will control. EDMC also, from time to time, may revise these Principles by posting changes on http://www.edmc.edu.

1. NOTICE

EDMC makes its Data Privacy Principles publicly known and publicly posts these Principles. EDMC also strives to make available general information about its privacy and data security practices through online privacy policies, privacy statements in student catalogues and other materials, and in the course of collecting personal information directly from the individual or obtaining authorizations involving the collection, use or disclosure of personal information.

2. CHOICE

EDMC strives to provide individuals with choices regarding the disclosure of personal information it maintains about them. Disclosures of U.S. educational records are made in accordance with FERPA and the FERPA policies published in the student catalogues by each of EDMC’s educational systems. We also strive to provide choices to individuals in connection with the marketing of our educational offerings. Disclosures may be made without individual choice where required by law or legal process or where we believe disclosure is permitted by law and necessary to protect life or property.

3. USE AND DISCLOSURE OF PERSONAL INFORMATION

EDMC strives to limit its collection of personal information to that necessary for the promotion, offering, and administration of educational services and compliance with its legal, regulatory and accreditation obligations. We also strive to limit internal access to and the disclosure of personal information consistent with the nature and sensitivity of the information and the job-related needs of individuals to access information. We also strive to ensure that there are safeguards for personal information handled by our vendors.

4. ACCURACY & RELEVANCY

EDMC strives to collect and maintain accurate personal information relevant to the purposes for which it is collected. EDMC recognizes, however, that errors may occur and offers individuals opportunities, where applicable, to request correction of personal information they believe to be inaccurate.

5. ACCESS & CORRECTION

EDMC strives, whenever practicable, to provide individuals, upon request and proper identification, with meaningful opportunities to review personal information it maintains about them and request correction of information they believe to be inaccurate. There may be limits on student access and correction rights. For example, confidential information submitted by other parties, such as financial aid information submitted by parents or confidential letters and recommendations (such as those relating to admissions, employment, job placement, or honors) may not be made available to student requestors. Similarly, if a record includes information about more than one person, only the information about the person requesting access may be disclosed.

6. SECURITY

EDMC strives to protect personal information that it collects, maintains and discloses through the use of appropriate administrative, physical, and technical safeguards. In the event of a data security breach, we strive to notify affected individuals in a timely manner in accordance with applicable law, consistent with the conduct of our investigation and the needs of any law enforcement investigation of the breach.

7. PROTECTION OF SOCIAL SECURITY NUMBERS AND OTHER SENSITIVE PERSONAL INFORMATION

EDMC strives to protect personal information that it collects, maintains and discloses through the use of appropriate administrative, physical, and technical safeguards. In the event of a data security breach, we strive to notify affected individuals in a timely manner in accordance with applicable law, consistent with the conduct of our investigation and the needs of any law enforcement investigation of the breach.

8. RETENTION

EDMC strives to retain personal information only for as long as is reasonably necessary to support of the purposes for which it was collected and in order to comply with legal compliance needs and accreditation requirements, recognizing that certain information such as student enrollment data and transcripts may be retained on a long-term basis so that such information may be available to support requests that the student may make in the future.

9. REDUCATION AND TRAINING

EDMC strives to educate and inform its employees, students, and others about the importance of privacy and data security and to promote privacy and data security best practices by its employees and students.

10. ONLINE PRIVACY

EDMC strives to protect the privacy of personal information obtained over the Internet and strives to apply these Principles and evolving standards to the online environment.

10. ACCOUNTABILITY

EDMC understands the importance of accountability to data security and safeguarding personal privacy. Violations of our privacy and security policies and procedures may result in sanctions up to and including termination of employment or vendor contracts, as well as potential legal remedies. If you have questions about these Principles or our privacy and security practices, please contact: Joe Wynn, CISO, Vice President, Security, Privacy and Safety, at jwynn@edmc.edu or by calling 412-995-7147.