Protecting the privacy of your personal information is important to us at Studio Arts College International (SACI). We respect your right to privacy and recognize our obligation to keep information about you secure and confidential.
We adhere to the following GLBA & GDPR principles when processing personal data:
- Data is processed fairly and lawfully;
- Data is processed only for specified and lawful purposes;
- Processed data is adequate, relevant and not excessive;
- Processed data is accurate and, where necessary, kept up to date;
- Data is not kept longer than necessary;
- Data is kept secure and is processed in a manner that ensures appropriate security.
We are the controller and responsible for your data.
We are Committed to Protecting Your Privacy
This commitment is demonstrated by:
- Safeguarding any information that is shared with us by users according to strict standards of confidentiality and security also in place in the U.S.A. and Italy.
- Employing strict standards and safeguards to prevent fraud.
- Not selling information to other companies for marketing purposes.
- Limiting the collection and use of your personal information to the minimum we require to administer the data you send us and deliver quality service.
- Permitting only those employees who are trained in the proper handling of customer information access to your information.
- Requiring employees to undergo GLBA & GDPR Employee Cyber Security Awareness during the fall of every academic year, and immediately upon new employee hires if mid-year.
- Not revealing your information to any external entity unless we have been authorized to do so, are required to by law or have previously informed you via disclosures or agreements.
- Continuing to protect your privacy after your data has been processed.
Collecting Information About You
We collect nonpublic personal information about you from the following sources:
- Information we receive from you on SACI forms, loan application(s), promissory note(s), and financial support statements.
- Information received from schools you attend or formerly attended, such as transcripts or recommendation letters.
- Information received from credit reporting agencies.
- Information obtained in e-mails SACI receives from you.
Managing Information to Serve Your Needs
We do not disclose any nonpublic personal information about you or our other current and former students to anyone, except as permitted by law. For example, we share such information with schools, lenders, and other guarantee agencies and the U.S. Department of Education, as needed to administer your loan in conformance with the law. Nonpublic information may also be disclosed to persons or entities which you have authorized us to contact with respect to your student loan(s), such as your parents or references.
We maintain physical, electronic, and procedural safeguards in compliance with federal regulations to safeguard your nonpublic personal information.
Our Goal is Maintaining Accurate Information
We continually strive to maintain complete and accurate information about you. If you feel that our records contain inaccurate or incomplete information about you, please let us know immediately. We will correct any inaccuracies as quickly as possible.
Where Data is Stored
Your personal information is contained in our offices in locked cabinets in New York, U.S.A and/or Florence, Italy or in U.S.-based servers behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
Protecting Your Privacy Online
Protecting your personal information online is an essential part of our service to you. For example:
- We validate your identity before we allow online access to your account.
- When collecting information about you online, we employ technologies such as firewalls and data encryption to protect your information from others.
You'll notice this term used across the Internet to describe bits of information that some Web sites create when you visit their sites, which are then stored on your computer. A cookie is uniquely yours and can only be read by the Web site that gave it to you. Cookies are a basic way to identify the computer you happen to be using at the time and do not identify you personally. They cannot be used to obtain data from your hard drive, your e-mail address or personal information stored on your computer.
- Cookies remain active only while you have your Internet browser open.
- Cookies expire as soon as you close your browser.
- Cookies are not used to collect and store any personally identifying information.
- Cookies do not contain viruses.
If you have set your browser options to allow cookies on your computer, we treat the information supplied through those cookies with the same comprehensive security and privacy protections as any other customer information we receive.
Our websites use the following types of cookies:
- Browsing or session cookies, which are strictly necessary for the Website’s operation, and/or to allow you to use the Website’s content and Services.
- Google Analytics cookies, which allow us to understand how users make use of the Website, and to track traffic to and from the Website.
- Function cookies, which are used to activate specific Website functions, in order to improve your experience.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies. If you turn cookies off, some of the features that make your site experience more efficient may not function properly.
When you send us an e-mail to make a comment or to ask a question, we will use your e-mail address to reply to you and we will store your e-mail address for future communication.
When You Call SACI
Students or applicants who call SACI by phone regarding non-public personal information are required to provide the reception desk with the ID number assigned during the online application process.
Using Your IP Address
When you enter the SACI websites, we may identify the Internet Protocol (IP) address associated with the device you are using, such as a personal computer or handheld device. The IP address does not identify you personally, but it may allow us to identify the device you're using. We store IP addresses in case we ever need to track a connection to its point of origin for security reasons.
Linking to Other Web Sites
Links to third-party sites are provided for your convenience. Such sites are not within our control and may not follow the same privacy, security or accessibility standards as ours. SACI is not responsible for the content or availability of third-party sites, their partners or advertisers. We encourage you to review the privacy policies of third parties before providing information on their sites.
Protecting Your Information - How You Can Help
By taking a few simple precautions, you can help safeguard your personal information:
- Keep account information and passwords to yourself. Do not disclose this information to others.
- Never provide personal or confidential information over the telephone to unknown callers.
- Be sure to use a secure browser when doing any business over the Internet. When you have completed your Internet business, exit online applications immediately.
- Maintain current virus protection software on your personal computer. Never open e-mail from unknown sources.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify you via email and in accordance with local law requirements
- We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors
What are your rights as a data subject?
We understand how important your data and the processing of it is to you. We therefore adhere to the rights of the data subject within the various grounds of Lawful Processing (as defined in the General Data Protection Regulation). These rights include:
- The right to be informed how personal data is processed
- The right of access to your personal data: You may request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it
- The right to rectification: You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us
- The right to erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
- The right to object to processing: You may object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms
- The right to restrict processing: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
- The right to data portability: You may request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Rights in relation to automated decision making and profiling: Under the GDPR, you also have a right not to be subject to decisions based solely on automated data processing (including profiling) if the decision produces legal effects on you or significantly affects you.
You have the right to withdraw consent at any time where we are relying on consent to process your
personal data. However, this will not affect the lawfulness of any processing carried out before you
withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or
services to you. We will advise you if this is the case at the time you withdraw your consent.
Should you wish to exercise any of these rights, please do so by contacting us at the details stated below. To
better safeguard your data, we will also take reasonable steps to verify your identity before granting access
or making corrections to your data. Please note that calls may be recorded for training purposes and of
protection of our staff and clients.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Last Edited on November 20, 2018