Laureate EU Data Privacy Policy
I. Purpose
This Privacy
Policy (“Policy”) is intended to: 1) inform each employee and job applicant of Laureate
Education, Inc. (“Laureate”) how his or her Personal Data (defined in Section
II below) is collected, used, disclosed, transferred and processed; 2) to
provide choices with respect to how such Personal Data will be handled by
Laureate; and 3) to facilitate the transfer of such Personal Data from
its affiliates in Switzerland, the European Union (“EU”) and European Economic
Area (“EEA”) (collectively, “European Affiliates”) to the United States. For
purposes of this Privacy Policy, “Laureate” includes both Laureate Education,
Inc. and its subsidiaries, including Walden University, Inc.
This Policy complies with the Safe Harbor Principles
as agreed upon by the United States Department of Commerce and the European
Commission. Consistent with its commitment to protect personal
privacy, Laureate adheres to these Safe Harbor Principles, which can be found
at http://www.export.gov/safeharbor/SHPRINCIPLESFINAL.htm.
II. Scope
This Policy
applies to, and is limited to, the processing of Personal Data that
Laureate receives in the
This Policy does not cover
data rendered anonymous where individual persons are no longer identifiable, or
identifiable only with a disproportionately large expense in time, cost, or
labor, or situations in which pseudonyms are used. (The use of pseudonyms
involves the replacement of names or other identifiers with substitutes, so
that identification of individual persons is either impossible or at least
rendered considerably more difficult). If data rendered anonymous becomes no
longer anonymous (i.e., individual persons are again identifiable), or if
pseudonyms are used and the pseudonyms allow identification of individual
persons, then this Policy will apply.
III.
Defined Terms
Capitalized
terms in this Privacy Policy have the following meanings:
“Data Subject” means an identified
or identifiable natural living person, and includes Laureate Employees. An identifiable person is one who can be
identified, directly or indirectly, in particular by reference to an
identification number or to one or more factors specific to his physical,
psychological, mental, economic, cultural or social identity.
“European Affiliate” means a Laureate Affiliate located in
“Employee” means an employee (whether temporary, permanent, part-time or
contract), former employee, independent contractor,
or job applicant of Laureate or any of its
affiliates, who is also a resident of
“Personal Data” means data that
personally identifies a Data Subject or that may be used to personally identify
a Data Subject (such as an identification number that identifies a Data
Subject). Personal Data includes data such as an individual’s name, country of
birth, marital status, emergency contact, salary information, terms of
employment, job qualifications (such as educational degrees earned), address,
phone number, e-mail address, user ID and password. Personal Data does not
include data that is encoded or anonymized, or publicly available information
that has not been combined with non-public Personal Data.
“Sensitive Data” means Personal
Data that discloses a Data Subject’s medical or health condition; race or
ethnicity; political, religious or philosophical affiliations or opinions;
sexual orientation; or trade union membership.
IV. Collection and Use of Personal Data
Laureate may receive Personal Data concerning Employees: 1) directly from
the Employee, 2) from a
European Affiliate or 3) through other means.
Laureate uses Employee Personal Data for
business and employment purposes, including without limitation: (i) filling
positions; (ii) planning and implementing Employee
transfers; (iii) managing employees from another country; (iv)
conducting performance evaluations and salary, bonus, and other Employee reviews; (v)
satisfying governmental reporting and tax requirements; (vi) satisfying
security, health; and safety concerns; (vii) planning and implementing
potential acquisitions and mergers; (viii) storing and processing data,
including Personal Data, in computer databases and servers located in
the United States; (ix) to implement and maintain our information technology;
and (x) for other employment-related and business-related purposes permitted
and/or required under applicable local law and regulation.
V. Disclosures/Onward Transfers of Personal Data
Laureate discloses Employees’ Personal Data only to those who reasonably
need to know such data for a legitimate business purpose and must abide by
confidentiality obligations. Absent consent of the Data Subject, Laureate shall
disclose Employees’ Personal Data only to:
(a) Comply with the
(b)Agree to provide adequate
protections for the Employees’
privacy interests that are no less
protective than those set out in this Privacy Policy and to use the Personal Data only for the purposes for which
the third party has been engaged by Laureate.
VI. Sensitive Data
Except as stated otherwise herein, Laureate will not
disclose Sensitive Data to any third party. Further, Laureate will not use
Sensitive Data for any purpose other than (i) for the purpose for which it was
originally provided by the Employee,
(ii) for a purpose later expressly consented to by the Employee, or (iii) for an exception
expressly noted below.
Laureate may use or disclose Sensitive
Data (as well as Personal Data) where such disclosure or use: (a) is in the
vital interests of the Employee or another person; (b) is necessary for the
establishment of legal claims or defenses; (c) is required to provide medical
care or diagnosis; (d) is necessary to carry out Laureate’s obligations; (e) is
data manifestly made public by the Employee; or (f) as otherwise required or
permitted by law.
VII. Confidentiality and Security of Personal Data
Laureate
maintains reasonable physical, administrative and technical safeguards designed
to secure Employees’ Personal Data, and to prevent unauthorized
access to such information. For more
information about how Laureate protects its Employees’ Personal Data, please
ask your local Human Resources office for the latest version of your
institution’s policies.
VIII.
Right to Access, Change or Delete Personal Data
Upon reasonable request and to the extent
the request does not compromise the protections set forth in this Privacy
Policy, Laureate allows Employees reasonable access to their Personal Data to correct,
amend or delete such data. Employees should direct any such request to their
local Human Resources representative. If you are an Employee and you are unable
to access, correct, amend or delete your Personal Data through your local Human
Resources office, you may send a request to Laureate’s Chief Compliance Officer.
All such requests must be sent by postal mail or by e-mail to the following
address:
Edward
Drumm
Chief Compliance Officer
+01 (443) 212-5290
Edward.Drumm@Laureate-Inc.Com
Laureate will endeavor to
respond in a timely manner to all reasonable written requests to view, modify
or delete Personal Data.
IX. Data Integrity
Employees are responsible for the
accuracy of the data they provide to Laureate. Laureate will use reasonable efforts to
maintain the accuracy and integrity of Personal Data and update it as
appropriate. Laureate will not maintain
Personal Data any longer than necessary for the purposes stated unless
otherwise agreed to by the Employee.
X. Changes
to this Policy
This Privacy Policy is current as of the
effective date set forth above. Laureate reserves the right
to change this Privacy Policy from time to time, consistent with applicable
data protection and privacy laws and principles. Unless such changes afford
greater protections to the privacy interests of Employees, or the affected
Employees otherwise consent, such changes will apply only to Personal Data
received after the effective date of such change. Employees should refer
to this Privacy Policy regularly, as it will be updated from time to time.
When Laureate deems it appropriate, other
forms of notice may be also given concerning any changes to this Privacy
Policy.
XI. Questions or Complaints
Employees may contact Laureate Education, Inc.
with questions or complaints concerning this Privacy Policy at the following
address:
Edward
Drumm
Chief Compliance Officer
+01 (443) 212-5290
XII. Enforcement
As part of
Laureate’s annual certification process, we will review our compliance with this
Privacy Policy. If you are an employee and have any questions, complaints or
disputes regarding the manner in which Laureate handles or protects your
Personal Data, please bring it to the attention of your local Human Resources
representative. Complaints or disputes that cannot be remedied by your local
Human Resources representative should be forwarded to Edward Drumm at the address above.
Laureate retains
sole and absolute discretionary authority to resolve all questions relating to
the administration, interpretation and application of this Privacy Policy. This
authority includes construing the terms of this Policy, including any disputed
or doubtful terms.
XIII. Compliance
Failure to comply with
this Privacy Policy, undergo related training and abide by all applicable
privacy, data protection and data security laws will amount to a serious
disciplinary offence, subject to disciplinary measures which may include
termination of employment.
Any
questions about the applicability or administration of this Privacy Policy
should be immediately brought to the attention of the Laureate Office of the
General Counsel or Laureate’s Chief
Compliance Officer.
Privacy
Policy
Information collection
The College collects diverse personal information
concerning staff, students and other persons where necessary for
administrative, academic, recruitment, admission or research needs, and for
reporting to outside agencies. Some categories of discreet information (like
religious affiliation) might be collected to satisfy legal requirements or
other justified circumstances. The range of information gathered will depend
upon the reason for its collection. It may include details concerning identity,
qualifications, health, criminality, academic performance, salaries, and data
concerning bio-research subjects. Information may be collected from various
sorts of communication such as official College forms, the internet, or written
correspondence.
Disclosure
Personal information is collected where necessary to
conduct academic and administrative activities and to streamline networking on
campus. Personal information collected for a particular purpose will not be
used for any other reason, unless that reason is related to the original
purpose of collection and its collection and disclosure would seem logical.
Personal information will only be disclosed to third parties with the written
consent of the student or staff member concerned, except in the event of a
serious threat to life or health.
Access
Staff and students may access assorted categories of
information on site with identity codes provided for intra-collegiate use. Upon
written request the College will provide individuals with access to personal
information held about them. Such a request for access may be denied for
reasons of illegality, infringement on the privacy or wellbeing of others, or
other valid reasons in line with relevant legislation.
Protection
Contact
For further information on this Disclaimer Policy
or Privacy Policy or the procedures and policies of