Privacy Policy for Online Visitors and Students


Overview

Laureate Education, Inc. ("Laureate") values the privacy of its current, past and prospective students, as well as its alumni and all Laureate Website visitors. This Privacy Policy ("Policy") is intended to: 1) inform students and visitors of sites owned or operated by Laureate institutions how their Personal Data (as defined below) is collected, used, disclosed, transferred and processed; 2) provide choices with respect to how such Personal Data will be handled by Laureate; 3) confirm the consent of students and visitors of sites owned or operated by Laureate institutions to the collection, processing and transfer of Personal Data; and 4) facilitate the transfer of such Personal Data from its affiliates in Switzerland, the European Union ("EU") and European Economic Area ("EEA") (collectively, "European Affiliates") to the United States. For purposes of this Privacy Policy, "Laureate" includes all institutions operated by European affiliates as listed on Laureate’s Website, www.laureate.net.

Please note that this Website may contain links to other Websites. Naturally, Laureate is not responsible for the privacy practices or the content of such other Websites.

This Policy complies with the Safe Harbor Principles as agreed upon between the United States Department of Commerce and the European Commission, and separately the United States Department of Commerce and the Swiss Federal Data Protection and Information Commissioner. Consistent with its commitment to protect personal privacy, Laureate complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, which can be found at: http://www.export.gov/safeharbor/.

This Policy applies to, and is limited to, the processing of Personal Data that Laureate receives in the United States concerning its Students and Website visitors who are residents of the EEA, EU or Switzerland (see definition below).

This Policy does not cover data rendered anonymous where individual persons are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost, or labor, or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult). If data rendered anonymous becomes no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then this Policy will apply.

Capitalized terms in this Privacy Policy have the following meanings:

"Data Subject" means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity. For purposes of this Policy, "Data Subject" means Laureate Students and visitors to Laureate Websites.

"European Affiliate" means a Laureate affiliate located in Switzerland, the EU or the EEA.

"Student" means any individual that is a prospective, current, past student or alumni of any Laureate institution who is also a resident of Switzerland, the EU or EEA.

"Personal Data" means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject (such as an identification number that identifies a Data Subject). Personal Data includes data such as an individual’s name, country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID and password. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.

"Sensitive Data" means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation or trade union membership, aid granted by social services and/or debt collection proceedings, criminal or administration sanctions.

Collection and Use of Personal Data

Laureate may receive Personal Data concerning Students: 1) directly from the Student, 2) from a European Affiliate or 3) through other means, such as provided by other Websites requested by the individual to be provided to Laureate.

Laureate systems are not set up to automatically or without the express knowledge of the Student or Website visitor track, collect or distribute Personal Data or Sensitive Data about a Laureate Student or Website visitor. Our systems do recognize the home server of Students or Web visitors, but not email addresses. For example, our computer servers can tell which Internet Service Provider Students or Website visitors of our Websites use, and the IP addresses associated with Students or Website visitors’ computers. But our computer servers do not track names, addresses or other information that would allow us to identify particular Students or Website visitors to our sites. The non-personal information collected by our servers is used for internal purposes only (such as to ensure the smooth functioning of the Laureate Websites and efficient delivery of content on the sites, for example knowledge of the Web browser used allows content to be displayed in the manner best suited for that Web browser) by Laureate technical support staff.

In addition, Laureate servers track information about visits to our Websites. For example, we compile statistics that show the daily number of visitors to our sites, the daily requests we receive for particular files on our sites and what countries those requests come from. These aggregated statistics are used internally to provide better services to our clients and may also be provided to others, but again, the statistics contain no Personal Data and cannot be used to discern such information.

Subject to the below consent of the Data Subject, Laureate uses Student Personal Data for business purposes, including without limitation: (i) managing Student on-line experiences; (ii) enrollment into an institution; (iii) enrollment in specific courses; (iv) recording and reporting grades; (v) managing the process for prospective students through enrollment and admission; (vii) managing alumni; (viii) marketing purposes, as permitted under applicable local law or regulations; and (ix) for other business-related purposes permitted and/or required under applicable local law or regulations.

Choice

Laureate respects your right to privacy. When a Laureate affiliate contacts you for marketing purposes, you will be advised of how to remove your name from receiving any further materials. You may also remove yourself at any time by following the links provided on each institution’s privacy policy page which will provide you with the contact information for that institution or instructions on how to remove your name from receiving any further materials from that institution.

Consent to Disclosures/Onward Transfers of Personal Data

For the proper administration of Laureate activities and in order to allow Laureate to fully provide you with the various services contained therein, you hereby expressly permit Laureate to collect, maintain and process any of your Personal Data, or a part thereof, including without limitation, any information protected by the Dutch Data Protection Act, the European Union Directive on the protection of individuals with regard to the processing of personal data and the free movement thereof, the Swiss Federal Act on Data Protection, or by any other applicable legislation, in any computer network as Laureate deems appropriate. For these purposes, you further expressly permit Laureate to transfer such data, or a part thereof, to any computer network(s), including without limitation that of any Laureate institution of higher education, that of Laureate representatives worldwide, in the Netherlands, the United Kingdom, Switzerland, the USA or any other country as Laureate deems appropriate to provide you services. You understand that the level of data protection in countries outside the European Union or Switzerland may not be equal to the level of data protection under EU or EAA law and Swiss law and that Laureate will take adequate measures to ensure an adequate level of protection of the Personal Data during and after the transfer.

Laureate discloses Student’s Personal Data only to those who reasonably need to know such data for a legitimate business purpose and those third parties must abide by confidentiality obligations. Unless Laureate has a Data Subject’s consent, Laureate will only disclose Student’s Personal Data to third parties for the purpose of performing tasks on Laureate’s behalf when such third parties either:

(a) comply with the Safe Harbor principles or use another data transfer mechanism permitted by the EU Data Protection Directive or, as applicable, the Swiss Federal Act on Data Protection; or

(b) agree to provide adequate protections for the Data Subject’s privacy interests that are no less protective than those set out in this Privacy Policy and agree to use such Data Subject’s Personal Data only for the purposes for which the third party has been engaged by Laureate.

If Laureate learns that one of its data processors/service providers is using or disclosing Personal Data in a manner contrary to this Policy, Laureate will take necessary steps to prevent or stop the use or disclosure.

Sensitive Data

Except as stated otherwise herein, Laureate does not disclose Sensitive Data to third parties. Further, Laureate does not use Sensitive Data for any purpose other than (i) for the purpose for which it was originally provided by the Student, (ii) for a purpose later expressly consented to by the Student, or (iii) for an exception expressly noted below.

You expressly agree that Laureate may use or disclose Sensitive Data (or other Personal Data) without prior express consent where such disclosure or use: (a) is in the vital interests of the Student, Website visitor or another person; (b) is necessary for the establishment of legal claims or defenses; (c) is required to provide medical care or diagnosis; (d) is necessary to carry out Laureate’s obligations; (e) is data manifestly made public by the Data Subject; or (f) as otherwise required or permitted by law.

Confidentiality and Security of Data Personal

Laureate maintains reasonable physical, administrative and technical safeguards designed to secure Data Subjects’ Personal Data and Sensitive Data, and to prevent unauthorized access to such information. For example, all Student communication and files in digital format are stored on a secure network, accessible only by approved staff. All critical systems and servers are separately housed within Laureate's secure facilities and are accessible only by authorized personnel. Our information security is managed internally and meets industry standards for secure networks. Laureate takes precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Laureate's physical premises are protected with a security guard and all off-hour entry is logged through an access control system. Laureate periodically performs network backups. While our backup files are stored offsite, they are handled by authorized personnel only.

Right to Access, Change or Delete Personal Data

Upon reasonable request and to the extent the request does not compromise the protections set forth in this Privacy Policy, Laureate and any of its institutions allows Data Subjects reasonable access to their Personal Data, including any Sensitive Data that Laureate may maintain. Individuals have the right to receive confirmation from Laureate and any of its institutions about the data relating to them that Laureate or any of its institutions stores in its files, and may request that Laureate or any of its institutions correct, amend, or delete that information when it is inaccurate. Students should direct any such request following the procedure provided by each institution for changes to any Personal Data. Students or Website visitors may also direct any questions or requests for changes to the contact listed below.

Laureate and any of its institutions will endeavor to respond in a timely manner to all reasonable written requests to view, modify or delete Personal Data.

Data Integrity

Students and site visitors are responsible for the accuracy of the data they provide to Laureate. Laureate will use reasonable efforts to maintain the accuracy and integrity of any Personal Data it receives and update it as appropriate.

Laureate does not, as a matter of business practices, maintain Personal Data longer than necessary for the purposes stated, unless otherwise agreed to by the Student or site visitor.

Changes to this Policy

This Policy may be amended from time to time, consistent with any changes in the Safe Harbor Principles and/or Laureate business practices. Appropriate public notice will be given in the event of such amendments.

Questions or Complaints

Students and site visitors may contact Laureate with questions or complaints concerning this Privacy Policy at the following address:

Sylvia T. de Jesus
Vice President Global IT
Compliance & Information Security
4090 49th Avenue South
Saint Petersburg, FL 33711
+01 (443) 756-9525
sylvia.dejesus@laureate.net

Oversight

Laureate's privacy practices are self-certified as defined in the U.S. Department of Commerce Safe Harbor Program. For more information about the Safe Harbor Program, please go to www.export.gov/safeharbor

Enforcement and Dispute Resolution

Laureate periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, and conforms to the EU Safe Harbor Principles and the Swiss Federal Act on Data Protection. We encourage interested persons to raise any concerns with us using the contact information below. Laureate will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

With respect to any complaints related to this Policy that cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures with the European Data Protection Authorities ("DPA") to resolve disputes pursuant to the Safe Harbor Principles. In the event that a dispute is submitted to one of the DPAs, we will cooperate with such DPA in the investigation and resolution of complaints brought under this policy. If we or such DPA conclude that we did not comply with the Policy, we will take appropriate steps to address any adverse effects and assure future compliance.

Laureate retains sole and absolute discretionary authority to resolve all questions relating to the administration, interpretation and application of this Policy. This authority includes interpreting the terms of this Policy, including any disputed or doubtful terms.