Safe Harbor Privacy Policy

Last Updated: 4/1/2014

Education Management Corporation (EDMC) and its U.S. subsidiaries comply with the United States (U.S.) – European Union (E.U.) Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework regarding the collection, use, and retention of personal information transferred from E.U. (plus European Economic Area (EEA) member countries) and Switzerland to the United States. EDMC has certified to the Department of Commerce that it adheres to the Safe Harbor Framework including the Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view EDMC’s certification, please visit http://www.export.gov/safeharbor. We also comply with U.S. laws, including the Family Educational Rights and Privacy Act (FERPA), where applicable, which provide privacy protections for personal information.

Consistent with Safe Harbor, EDMC’s adherence to the Safe Harbor Privacy Principles may be limited:

  • To the extent necessary to meet national security, public interest, or law enforcement requirements; or
  • By statute, government regulation, or case law that create conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, our non-compliance with the Safe Harbor Privacy Principles will be limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization.

This policy applies only to personal information EDMC transfers from the E.U. (including the EEA countries) and Switzerland to the United States.

PRIVACY PRINCIPLES

EDMC’s Safe Harbor Privacy Policy, as set forth below, reflects the following principles:

1. NOTICE

At EDMC, we notify individuals about the purposes for which we have collected and use personal information about them; choices they have regarding certain uses and disclosures of their personal information; how, in general terms, their personal information is stored and secured; the types of third parties to which we disclose their personal information (such as service providers, government agencies, or educational program partners such as clinical or other training programs); and how to contact us with inquiries or complaints (see below).

Notice will be provided in clear and conspicuous language either when individuals are first asked by EDMC to provide personal information, or as soon as practicable thereafter. In any event, notice will be provided before EDMC uses or discloses the information for a purpose other than that for which it was originally collected or discloses information to a non-agent third party except as otherwise permitted by Safe Harbor and this policy. Notice may take a variety of forms including this or other EDMC privacy policies, in academic catalogues, in disclosures on forms that request personal information, orally at the time of collection, or other similar means of notice.

EDMC may collect health, education, or financial information from the E.U. and Switzerland in the course of operating our business, which includes, among other things, providing online courses to individuals residing in the E.U. and Switzerland, soliciting enrollment by E.U. and Swiss-based individuals, verifying E.U. and Swiss-based financial and other information, and processing payments from individuals in the E.U. and Switzerland.

2. CHOICE

“Sensitive information,” for purposes of this Safe Harbor Privacy Policy, includes personal information specifying medical or health conditions, racial or ethnic status, political opinions, religious or philosophical beliefs, trade union membership, or sexual orientation and activity. If we transfer Sensitive Information from the E.U. or Switzerland to the U.S., we require (with some exceptions) the individual to opt-in before their Sensitive Information is disclosed to a non-agent third party or used for a purpose other than the original purpose for which the information was collected or the purpose authorized subsequently by the individual through the exercise of opt-in choice.

In other cases, where an opt-in is not provided, we give individuals the opportunity to choose (opt-out) whether their personal information will be disclosed to a non-agent third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual. For the purposes of this Safe Harbor Privacy Policy, “agent” means any third party, including our service providers, that collects or uses personal information under the instructions of, and solely for, EDMC or to which EDMC discloses personal information for use on EDMC’s behalf.

For example, under FERPA our schools may make certain basic “directory” information about students available to the public. Students, however, can opt-out of having their personal information included in our directories.

To opt-out of having your personal information disclosed in student directories you should contact the Registrar’s Office for your school, your Registrar’s Office also can assist you in exercising available choices concerning disclosures of personal information that is part of your educational record. To exercise choice in other contexts you can use the opt-out opportunities in e-mail or other communications that you receive from us or you may contact EDMC at 412-995-7123 or by email at EDMCEUsafeharbor@edmc.edu or in writing to:
Education Management Corporation
210 Sixth Avenue, 33rd
Pittsburgh, PA 15222
ATTN: CISO

3. ONWARD TRANSFER

EDMC’s disclosure of personal information to non-agent third parties will comply with the Notice and Choice principles, except in certain instances where we may be required by law to disclose your personal information to certain government authorities or third parties, for example to law enforcement agencies in the countries where we or third parties operating on our behalf may operate. Other examples of instances when EDMC may disclose personal information without notice or choice include when responding to court orders, legal process, or to establish or exercise legal rights or defend against claims.

4. SECURITY

EDMC takes reasonable precautions to protect personal information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

5. DATA INTEGRITY

EDMC strives to process personal information only in ways that are compatible with the purposes for which it has been collected or subsequently authorized by an individual. We take reasonable steps to ensure that data is accurate, complete, current, and reliable for its intended use.

6. ACCESS

We provide students with access to personal information in their educational records in accordance with FERPA. In the case of personal information that is not part of a student’s educational records, it is EDMC’s policy to provide individuals with access to personal information that is maintained in EDMC’s files. We provide a mechanism for individuals to correct, amend, or delete their personal information where it is inaccurate, except in cases permitted under Safe Harbor such as:
  • Where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question;
  • Where the rights of persons other than the individual would be violated; or
  • With respect to individual requests for the correction or deletion of information, in cases where EDMC is otherwise legally required to retain the personal information.
Whether the personal information is covered by applicable federal laws or regulations or by our Safe Harbor Privacy Principles, EDMC requires that an individual provide reasonable validation of his or her identity before we provide access to that individual’s file. To access your EDMC file and obtain any of the remedies contained in this section, contact us at 412-995-7123 or by email at EDMCEUsafeharbor@edmc.edu or in writing to:
Education Management Corporation
210 Sixth Avenue, 33rd Floor
Pittsburgh, PA 15222
ATTN: CISO

7. ENFORCEMENT

EDMC monitors and assesses its compliance with our Safe Harbor Privacy Policy. Any questions or concerns regarding the collection, use or disclosure of personal information should be directed to us at 412-995-7123 or by email at EDMCEUsafeharbor@edmc.edu or in writing to:
Education Management Corporation
210 Sixth Avenue, 33rd Floor
Pittsburgh, PA 15222
ATTN: CISO

EDMC will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

EDMC has further committed to refer unresolved privacy complaints under the US-EU and US-Swiss Safe Harbor Principles to an independent dispute resolution mechanism, the BBB EU SAFE HARBOR, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by EDMC, please visit the BBB EU SAFE HARBOR WEB SITE for more information and to file a complaint.

PUBLIC RECORD AND PUBLICLY AVAILABLE INFORMATION
In accordance with the Safe Harbor Privacy Principles, in cases where EDMC discloses publicly available information from the E.U. or Switzerland without combining that information with non-public information, our policies on Notice, Choice and Onward Transfer may not apply.

CONTACT US

If you have any questions or complaints regarding this policy or our privacy practices, contact us at 412-995-7123 or by email at EDMCEUsafeharbor@edmc.edu or in writing to:
Education Management Corporation
210 Sixth Avenue, 33rd Floor
Pittsburgh, PA 15222
ATTN: CISO

POLICY CHANGES

EDMC reserves the right to change this policy from time to time, consistent with the Safe Harbor Privacy Principles. In the event that EDMC, at some point in the future, EDMC were to choose to withdraw from the Safe Harbor program, personal information transferred pursuant to the Safe Harbor would continue to be subject to Safe Harbor requirements and protections even after our withdrawal.