Family Educational Rights and Privacy Act (FERPA)
All academic records of students who enroll at American College of Education are maintained in accordance with the provisions of the Family Educational Rights and Privacy Act (FERPA) (34 CFR Part 99), a federal law that protects student education records from disclosure by a school, college or university to a third party without the student’s consent. FERPA defines education records as those that are maintained by ACE, or a party acting on ACE’s behalf, and directly related and personally identifiable to a student [http://www2.ed.gov/policy/gen/guid/fpco/pdf/ferparegs.pdf].
Purpose and Scope
The purpose of this policy is to describe the rights and responsibilities of students, faculty and staff regarding the confidentiality of student records, including as specified under the Family Educational Rights and Privacy Act (FERPA).
Statement of the Policy
This policy pertains to personally identifiable information contained in education records. The term “education records” generally includes records that are directly related to a student and maintained by the College or a party acting for the College.
- Sole possession of the maker. This policy does not apply to records kept in the sole possession of the maker and used only as a personal memory aid and not accessible to any other individual except a temporary substitute of the maker of the record.
- Peer graded papers. This policy does not apply to grades on peer-graded papers/assignments before they are collected and recorded by a teacher.
- Law enforcement records. This policy does not apply to records created and maintained by a law enforcement unit, for law enforcement purposes.
- Employment records. This policy does not apply to records relating exclusively to an individual in his or her capacity as an employee except for records regarding an individual in attendance who is employed as a result of his or her status as a student.
- Treatment-related records. This policy does not apply to records made or maintained by a healthcare professional that are used only in connection with treatment of the student and disclosed only to individuals providing treatment.
- Other FERPA exceptions. This policy does not apply to any records or information specifically excepted from the term “education records” under FERPA and its implementing regulations, as they may be amended.
- Individuals in attendance. This policy applies to students who are or have been in attendance at the College.
- Alumni. In general, this policy does not apply to records that contain only information about an individual after he or she is no longer a student at the College. However, if the record relates back to the student’s attendance at the College, it is still an “education record.”
- Deceased individuals. Neither FERPA nor this policy applies to records of deceased persons. The person responsible for such records, however, should exercise informed discretion in responding to requests for disclosures and should ensure that the person making the request has a legitimate interest in the information and that the privacy interests of the deceased and third parties are considered.
- Applicants. This policy does not apply to applicants for admission. However, the admission-related records of applicants who become students at the College are subject to the policy.
ACE will annually inform individuals in attendance of their rights under FERPA, including the right to consent to disclosure of personally identifiable information contained in their education records, the right to opt out of the disclosure of “directory information,” the right to review and seek correction of education records, and the right to file a complaint with the Department of Education concerning the College’s alleged failure to comply with FERPA.
Disclosure of Education Records
A. Consent Required
As a general rule, personally identifiable information from education records may not be disclosed to other parties without the student’s prior consent. Such consent shall be signed using an appropriate electronic signature method and dated and specify records or information to be disclosed, the purpose(s) of the disclosure, and the party or class of parties to whom disclosure may be made.
B. Consent Not Required
In certain cases (some of which are described below) personally identifiable information from education records may, and in some cases must, be disclosed from the records of a student without that individual’s prior written consent. If such disclosure is made, it should be limited to that information necessary for the purpose of the disclosure. Note also that specific requirements and qualifications may apply to these exceptions.
- To “school officials” with “legitimate educational interests.”
- “School officials” means employees of the College, including faculty and staff, as well as certain individuals such as vendors or contractors, performing work for the College under proper authorization.
- A school official has “legitimate educational interests” in personally identifiable information in the records of a student if the information in question is required or would be helpful to the official in the performance of his or her duties.
- A contractor, consultant, volunteer, or other party to whom the College has outsourced services may be considered a school official provided that the outside party (1) performs a service for which the College would otherwise use its employees (2) is under the direct control of the College with respect to the use and maintenance of education records and (3) is subject to FERPA requirement governing the use and redisclosure of personally identifiable information from education records.
- The College must use reasonable methods to ensure that school officials obtain access to only those education records in which they have legitimate educational interests. Custodians of records will establish control procedures to ensure that these limitations are observed. If the custodian does not use physical or technological access controls, the custodian must ensure that its administrative policy for controlling access to education records is effective.
- To another school where the student seeks or intends to enroll or where the student is already enrolled so long as the disclosure is for purposes related to the student’s enrollment or transfer and the College has provided notice of the disclosure or annual notice of its policy to make such disclosures.
- In connection with financial aid for which a student has applied, or which he or she has received, but only for such purposes as determining eligibility for financial aid, the amount of financial aid, and the conditions that will be imposed, or for enforcing the terms or conditions of financial aid.
- To comply with a judicial order or lawfully issued subpoena provided that the College makes a reasonable effort to notify the student whose records are involved in advance of disclosing the information. Prior notification may be prohibited in certain situations. All subpoenas and court orders should be directed to the Office of Regulatory Affairs and Compliance in response to them must be approved by that office.
- In connection with an emergency, to appropriate persons if knowledge of the information is necessary to protect the health or safety of the student or other individuals.
- To a person who submits a written affirmation that he or she is the parent or legal guardian of a student and that the student is a dependent within the meaning of Section 152 of the Internal Revenue Code of 195499.31(a)(8).
- To a parent or legal guardian of a student regarding the student’s violation of any federal, state or local law or any rule or policy of the school concerning the use or possession of alcohol or a controlled substance, if the student is under the age of 21 and the school has determined that the student has violated the Student Code of Conduct section with respect to that use or possession.
- Regarding directory information as described in Section IV. (c) below.
- Other circumstances as authorized by FERPA and its implementing regulations, as they may be amended or as otherwise required by law. Questions about legal requirements should be directed to the Office of Regulatory Affairs and Compliance.
C. Consent Not Required-Directory Information
“Directory Information” is generally regarded to be less sensitive than other types of information in a student’s education record. The College designates as “directory information,” which may be disclosed from records relating to a student without his or her consent if the student has not “opted out” of allowing such disclosure, the following categories of information: a student’s name, address (local, home or electronic mail), telephone number, date and place of birth, major field of study, participation in officially recognized activities, dates of attendance, degrees and awards received, and previous educational institutions attended. The College will continue to exercise informed discretion in responding to requests for directory information.
D. Limitation on Redisclosure
As required by FERPA, the College will inform a party to whom a disclosure of personally identifiable information from the records of a student is made; that disclosure is made only on the condition that the party will not disclose the information to any other party without the student’s prior written consent. Exceptions to this requirement include disclosure of directory information, disclosures to the student, to parents under appropriate circumstances, to victims of certain disciplinary matters, and disclosures pursuant to court orders and valid subpoenas.
E. Verification of Identity and Authority
Before disclosing personally identifiable information from education records, College employees must take reasonable steps to verify the identity of the requesting party as well as their authority to have access to the information.
F. Maintaining a Record of Disclosures
As required by FERPA, the College will maintain a record of requests for and/or disclosures of personally identifiable information from a student’s education records. The record must include the identities of the requesters and recipients and the legitimate interests they had in the information. This record should be maintained with records for as long as the records themselves are maintained and may be inspected by the student.
These recordkeeping requirements do not apply to requests from or disclosures to: (1) the student; (2) a school official with a legitimate educational interest; (3) a person with written consent from the student; (4) a person seeking directory information; or (5) a federal grand jury or law enforcement agency in connection with an order or subpoena requiring disclosure.
Right to Review Education Records & Seek Correction
- Individuals who are or have been in attendance at the College are entitled to inspect and review their education records upon a written request. The request to inspect or review records must be honored within 45 days after the College has received the request. The request should be directed to the office that maintains the record and such office may charge a reasonable fee for copies.
- A student does not have a right to inspect or review the following:
- Financial records and statements of the student’s parent(s), except with the written permission of the parent(s).
- Confidential letters and statements of recommendation related to admission to an educational institution, application for employment, or the receipt of an honor or honorary recognition that were placed in a student’s records after January 1, 1975, and as to which the student has executed a written waiver of his or her right to inspect and review; provided that the College uses the letters and statements only for the purpose for which they were originally intended and notifies the student upon request of the names of all individuals providing such letters and statements.
- Other records as to which the student has executed a written waiver of his or her right to inspect and review. The College may not require a student to waive his or her rights under FERPA or this policy.
- Those portions of records that contain information on other students.
- Other exceptions as prescribed by FERPA and its implementing regulations, as they may be amended.
C. Opportunity to Seek Correction
- A student who believes that information contained in his or her education records is inaccurate or misleading or violates his or her privacy rights may request that the College amend them, and the College will decide whether to do so within a reasonable period of time.
- If the College decides that the information is inaccurate or misleading or otherwise in violation of the privacy rights of a student, the College will amend the record and inform the student of the amendment in writing.
- If the College declines to amend the student’s records, it will so inform the student and inform them of the right to request a hearing to challenge the information believed to be inaccurate, misleading or in violation of their privacy rights. A hearing, however, may not be requested by a student to contest the appropriateness of a grade.
- The hearing will be conducted by an individual who does not have a direct interest in the outcome of the hearing and will provide the student an opportunity to present evidence, relevant to the request to amend the student’s records. The College will provide a written decision within a reasonable period of time after the hearing based on the evidence presented at the hearing. The decision will include a summary of the evidence and the reasons for the decision. Additionally, information regarding hearing procedures will be provided when the student receives notice of his or her rights.
- If, after a hearing, the College determines that a student’s challenge is without merit it will notify the student of the right to place in his or her records a statement commenting on the challenged information and/or setting forth reasons for disagreeing with the College’s decision. The College will maintain such statement with the student’s record and disclose the statement whenever it discloses the portion of the record to which the statement relates.
Right to File Complaint
Students have a right to file a complaint concerning any alleged failure by the College to comply with the requirements of FERPA and its implementing regulations. A complaint may be filed with the federal office that administers FERPA:
Family Policy Compliance Office
U.S. Department of Education 400
Maryland Avenue, SW
Washington, DC 20202-5901
Waiver of Rights
A student may waive any of his or her rights under FERPA and this policy, provided that the waiver is made in writing and signed by the student. The College may not require a student to waive his or her rights under FERPA or this policy.
American College of Education is committed to ensuring the privacy and accuracy of your confidential information. As part of its commitment to maintain the privacy of its Web users, ACE has developed this privacy statement.
The statement has two purposes:
- To educate users about privacy issues.
- To inform users about specific privacy policies and guidelines employed at ACE.
While ACE will not share, provide, or sell Personal Information with third parties for their own marketing purposes the College may actively share your information to facilitate, manage and improve our services.
This may include third parties or vendors whom the College has engaged as School Officials who help the College with marketing, advertising, or promotion. ACE may also share your Personal Information with government and law enforcement agencies or regulators to respond to subpoenas, court orders, or any other legal requirements or when it is necessary to protect and defend the legal rights of the College or to protect your safety and/or the public’s safety.
- “School Officials” means employees of the College, including faculty and staff, as well as certain individuals such as vendors or contractors, performing work for the College under proper authorization.
- “Personal Information” means any non-public information that can be used to distinguish, identify, or contact a specific individual. This includes account information, social security numbers, grades, and financial or health data as well as any other information that is not considered public.
- For State of California residents “personal information” under the CCPA (California Consumer Privacy Act) includes any information that “identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
- “College’s Technology Services” - include all College technologies and related forms such as the College website, mobile applications and text, surveys, college chat boards, etc. where you may provide personal information voluntarily through the use of technology platforms and the completion of forms required for business purposes.
ACE also complies with the Family Educational Rights and Privacy Act (“FERPA”) administered by the U.S. Department of Education. FERPA protects students’ personal identifiable information (PII) and prohibits the release of education records without students’ permission or consent. Information on the College’s FERPA policy and practices may be found here.
This policy is effective specifically for the ACE.edu website and domain, and any student information systems learning management systems, or student or public communications platforms utilized by the College, collectively known as the “College’s Technology Services.”
Information Gathered by ACE
When you visit the ACE.edu domain and website our web servers may generate temporary logs that may contain the following Personal Information:
- The IP address from which you access our domain and website.
- The Internet address of the website from which you linked to our domain and website.
- The type of browser and operating system used to access our domain and website.
- The date and time you access our domain and website.
- The pages, files, documents, and links that you visit in our domain and website.
- Aggregate information collected by School Official internet analytics services.
Additionally, by using the College’s Technology Services such as ACE.edu or ACE student information systems and learning management systems, and similar, the College may collect Personal Information that you knowingly and voluntarily provide when completing applications and forms, sending emails, registering for classes or other programs, or responding to surveys.
We use unique identifiers called “Cookies” to collect anonymous non-personally identifiable information. Cookies are small pieces of code that are saved by your browser. The cookies include information about your device, browser, area code, zip code, and IP address and are used to provide you with a more customized user experience and improve the design and functionality of our website.
We may share cookies with third Parties to better understand how you use our websites and the type of devices you use to personalize content and deliver relevant advertisements of interest to you. These third parties may collect information about your online activities over time and across different websites when he or she uses our sites.
You may refuse to accept cookies by activating the appropriate setting on your device or browser. However, you may be unable to use certain features of the ACE website dependent on your selection. You can change your cookie settings by reviewing your internet browser’s cookie options. Typically, such information can be found under the browser’s ‘Help’, ‘Preferences’ or ‘Options’ menus.
External Third-Party Content
Sites within ACE may enable you to pay for products or services online with a credit card. Although ACE makes every effort to ensure that the third parties providing these transactions are encrypted, ACE is not responsible for the privacy practices of these external third parties.
Although no computer system is 100% secure, ACE has deployed extensive security measures to protect against the loss, misuse, or alteration of the information collected through the Colleges’ services and under our control. ACE maintains physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic Personal Information. We continually review our policy and practices, monitor our computer networks, and independently test the strength of our security to help us ensure the safety of Confidential Information. These security measures and our systems are routinely audited and updated by ACE security specialists.
Digital Millennium Copyright Act (DMCA)
The Digital Millennium Copyright Act (DMCA), described as the most dramatic change to copyright law in a generation, was the 105th Congress’s effort to update copyright law for the digital environment. Please be aware that in accordance with Section 512(i)(1)(a) of the DMCA, ACE reserves the right to terminate computing services of users who repeatedly infringe upon the rights of copyright owners.
California Privacy Act (CCPA)
For State of California residents, through your use of the College’s Technology Services such as ACE.edu or ACE student information systems and learning management systems, and similar, the College may collect Personal Information that you knowingly and voluntarily provide when completing applications and forms, sending emails, registering for classes or other programs or responding to surveys, we may collect “Personal Information. “Personal Information” may include:
- Email address, account name, Social Security number, driver’s license number, and passport number.
- Personal information under California’s records destruction law (Cal. Civ. Code §1798.80(e)).
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products, or services purchased, obtained, or considered.
- Biometric information.
- Internet or network activity.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information.
- Education information that is not publicly available personally identifiable information, as defined in the Family Educational Rights and Privacy Act (20 USC § 1232(g), 34 CFR Part 99).
- Inferences drawn from any of the information listed above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Information under the CCPA does not include aggregate consumer information,” which is defined as data that is “not linked or reasonably linkable to any consumer or household, including via a device,” as well as information that is publicly available from federal, state, or local government records.
As a California resident pursuant to the CCPA, you have certain rights. This Privacy Notice summarizes what these rights are and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Title 1.81.5. California Consumer Privacy Act of 2018.
Right to access data
California law permits users who are California residents to request and obtain at no cost an annual list of the third parties to whom ACE has provided or disclosed personnel identifiable information (PII) in the immediately preceding calendar year. California residents shall only be entitled to have this information provided at most once per calendar year.
Once we receive and confirm your verifiable consumer request, we will disclose to you within thirty (45) days of the receipt of such request:
- The categories and sources of personal information we collect about you;
- Our business or commercial purpose for collecting or selling that personal information;
- A list of categories of Personal Data provided to a third party for its own direct marketing purposes; and,
- The names of any third parties that received the California resident’s Personal Data within the preceding calendar year from us.
Right to opt-in to sharing of minor PI
If you are a California resident, under 16 and a registered user of the Services, you may ask us to opt-in to share posted to the Services by submitting a verifiable consumer request to us at the address below.
Right to be forgotten
Also, California residents have the right to request deletion any of personal information that we have collected from you, subject to certain exceptions listed in the California Electronic Communications Privacy Act if retaining the information is necessary for us to facilitate your account or respond to requests under the law. Once we receive and confirm your verifiable consumer request, we will delete (and direct our school officials to delete) your personal information from our records, unless an exception applies.
Right to opt-out from having information sold
Under California’s Privacy law, Cal. Civ. Code § 1798.83, California residents may opt out of the sharing of Personal information to educational partners who are School Officials for direct marketing purposes. However, although the College may actively share your information to facilitate, manage and improve our services the College will not share, provide, or sell Personal Information with school officials for their own marketing purposes.
Attn: Office of Regulatory Affairs and Compliance
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204
A verifiable consumer request should contain your name and state of residence or student identifier as applicable, and the specific request as related to the rights described above. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
General Data Protection Regulation (GDPR)
Your Personal Information may be stored and processed by service providers using cloud technology, and you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
The College may receive your Personal Information when you visit the College’s websites, apply for or take online courses or programs, voluntarily communicate with the College or request or services, or otherwise interact with the College while in the EU.
This GDPR Privacy Notice applies to you if:
- You are a “Person” or “Data Subject” which is a natural person, not a corporation, partnership, or other legal entity who is physically present in the EU;
- “Personal Information”-means any identifiable information that you voluntarily provide, or we collect while you are physically present in the EU and not while you are outside the EEA;
- And the Personal Information is provided to the College:
- During the course of application and enrollment into the College or College’s programs;
- While you are enrolled in the College programs;
- While you are participating in College activities or surveys;
- While you are communicating with College services.
The College requires Personal Information for a variety of purposes to provide requested services, including, but not limited to:
- As part of the admissions process to evaluate applications. We also may obtain Personal Information from third parties, such as other schools, references, employers, and education as part of an application submission.
- As part of the program or course registration and scheduling process.
- To communicate College activities, messages, and special events.
As a Data Subject pursuant to the GDPR, you have certain rights. This GDPR Privacy Notice summarizes what these rights under the GDPR involve and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Articles 15-21 and 77 of the GDPR.
Right of access
You have the right to request that the College confirm whether it is processing your Personal Information.
Right of correction
You have the right to request that the College correct any inaccurate Personal Information that it maintains about you.
Right to erasure
You have the right to request the erasure of Personal Information that the College maintains about you in certain circumstances. These circumstances are identified in Article 17 of the GDPR and include that the Personal Information is no longer necessary in relation to the purpose(s) for which it was collected.
Right to restrict processing of Personal Information
You have the right to request that the College restrict the processing of your Personal Information where one of the reasons identified in Article 18 of the GDPR apply. These reasons include that the Personal Information is inaccurate, the processing is unlawful, or the College no longer needs the Personal Information.
Right to data portability
Where the basis for processing is either consent or performance of a contract between you and the College, and where the processing is carried out by automated means, you have the right to receive your Personal Information that you have provided to the College. The College will provide the Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible and upon your request, the College will transmit the Personal Information directly to another entity.
Right to withdraw consent
If the basis for processing your Personal Information is consent, you may revoke your consent at any time. Upon receipt of your notice withdrawing consent, and if there are no other legal grounds for the processing, the College will stop processing the Personal Information unless the processing is necessary for the establishment, exercise, or defense of legal claims. Revoking consent does not affect the lawfulness of processing that occurred before the revocation.
Right to file a complaint
You have the right to submit a complaint with an EU supervisory authority, specifically one in the EU Member State of your habitual residence, place of work, or place of the alleged violation, if you believe that the College’s processing of your Personal Information violates the GDPR. For more information on the process for submitting a complaint, consult the relevant EU supervisory authority.
Attn: Office of Regulatory Affairs and Compliance
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204
A verifiable consumer request should contain your name and EU member state or student identifier as applicable, and the specific request as related to the GDPR rights described above. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Attn: Office of Regulatory Affairs and Compliance
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204
Student Contact Information
The primary means of contact between American College of Education and its students is through email. Students are responsible for ensuring their contact information is accurate and current. Students can update their contact information via the MyACE portal. To guarantee receipt of important communications, students should make sure spam filters are set to receive email from the College. Due to FERPA regulations, ACE can only respond to a student’s email message or text if it is sent from the email account or contact number on record with the College.
ACE also may contact students by cellular phone or other wireless device using automated telephone dialing equipment or artificial or pre-recorded voice, short message service (SMS) or text messages. Contact with students may also be made through social messaging apps or social media.
Student Record Maintenance
The College maintains student records electronically through document imaging and in the student information system. Records are kept in perpetuity for all students who are currently enrolled as well as those who have graduated or withdrawn. Records maintained include documents submitted during the admission process, grades, documentation of requests, and forms.
If a student needs to make a change in relation to their name, address, or contact information, they are able to do so. Contact information can be updated in the MyACE Portal. Changes in names or other identification forms are completed through the Registration Office. Students can access the required form via the MyACE Portal.
ACE will not adjust records for students without prior approval except in rare instances when incorrect information is recorded and requires adjustment per the request of the individual outside of ACE. When this occurs, ACE will make all attempts to contact the student to correct the misinformation. If no response can be obtained from the student, documentation of the procedure will be included in the student’s file.
Application materials submitted to American College of Education become the property of the College and will not be returned to the applicant.
Verification of Student Identity
Students are assigned a unique user account and password combination that grants them access to specific facets of their personal information for editing and maintenance purposes. Students are directed to reset their own passwords through functionality built into the portal. It is school policy; student account information is not shared with others