Effective Date: [March 27, 2020]
DigiPen (USA), LLC, dba DigiPen Institute of Technology (“DigiPen”) respects the privacy of people who visit our web site, www.digipen.edu, and other DigiPen sites (individually and collectively referred to herein as the “Site”).
Information Collection, Sharing, and Use
We only have access to collect personal information that you voluntarily supply us with. We will not sell or rent this information to anyone. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, or as required by law. For example, DigiPen may disclose personal information to third parties (including without limitation, governmental agencies) if required to do so by law or based on the good faith belief that such action is necessary to: (i) conform to the edicts of the law or comply with legal process; (ii) protect and defend the rights or property of DigiPen or its agents or contractors; or (iii) act in urgent circumstances to protect the personal safety of users of DigiPen, the Site, or the public.
Your Access to and Control Over Information
You may opt out of marketing communications from us at any time by contacting us via the email address or phone number given below or by following “unsubscribe” steps for email, as appropriate. At your request, we will remove your personal information from our files.
You are solely responsible for maintaining the secrecy of your passwords or any account information. Please be careful and responsible whenever you are online. While we strive to protect your personal information, DigiPen does not ensure or warrant the security of any information you transmit to us, and you do so at your own risk.
Third-Party Sites and Links
The Site is not intended for or directed to children under the age of 13. Any person who provides their information to DigiPen through the Site represents to DigiPen that they are 13 years of age or older.
EU-U.S. Privacy Shield Policy
This Privacy Shield Policy (“Policy”) applies to all personal information received by DigiPen (USA), LLC, d/b/a DigiPen Institute of Technology (“DIT”, “we”, “our”, or “us”) in the United States from the European Economic Area (EEA) (which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and the United Kingdom. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information.
For purposes of this Policy, the following definitions shall apply:
“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, DIT or to which DIT discloses personal information for use on DIT’s behalf
“DigiPen Institute of Technology” means DigiPen (USA), LLC, d/b/a DigiPen Institute of Technology, DigiPen Housing LLC, and any predecessors and successors in the United States.
“Personal information” means any information or set of information that identifies or could be used by or on behalf of DIT to identify (together with other information) a living individual. Personal information does not include information that is anonymized or aggregated.
“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.
EU-U.S. Privacy Shield
DIT receives personal information about individuals in the EEA and the United Kingdom collected by DIT and its affiliates. This personal information may include basic contact information like name and email address for current and prospective students, as well as billing and academic information of current students such as classes taken and grades.
DIT uses this information to provide our educational services, support for such services, for billing, for marketing communications, and to correspond with students and faculty. This information also facilitates our affiliates’ and franchisees’ services.
DIT also receives information about employees of DIT’s subsidiaries who are located in the European Union and the United Kingdom, and which is transferred in the context of the employment relationship. DIT uses this information for internal employment and human resources purposes. DIT commits to cooperate in investigations by and to comply with the advice of competent EU and UK authorities.
DIT will subject all personal information received via the Privacy Shield to its Privacy Principles.
DIT is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC), is obliged to disclose personal information in response to lawful requests by public authorities, for law enforcement and national security purposes, and has liability for onward transfers to agent third parties unless we can prove we were not a party to the actions giving rise to the damages.
Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions. More information is available in the Dispute Resolution section below.
DIT will offer individuals the opportunity to choose whether their information is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below. DIT does not disclose personal information to non-agent third parties. If this changes, DIT will offer an opt-out or opt-in choice to individuals prior to their data being released.
DIT will not use sensitive personal information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual unless DIT has received the individual’s affirmative and explicit consent (opt-in). DIT will treat as sensitive any personal information received from a third party where the third party identifies and treats it as sensitive.
DIT will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. DIT will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
Transfers to Agents
DIT contracts with third parties who perform business functions on our behalf. DIT uses these third parties to manage tuition, housing, and related payments, as well as fee processing. These entities may have access to personal information if needed to perform their functions for DIT. DIT does not disclose personal information to non-agent third parties.
For information received under the Privacy Shield, DIT will require its agents to safeguard personal information consistent with this Policy by contract, obligating the agent to provide at least the same level of protection as is required by the Privacy Shield Principles.
DIT remains liable for onward transfers of personal data where its agent processes personal data inconsistent with the Privacy Shield Principles, unless DIT proves that it is not responsible for the event giving rise to the damage.
Access and Correction
Pursuant to the Privacy Shield Principles DIT acknowledges the individual’s right to access their personal data that has been transferred into the United States. Upon request, DIT will grant individuals reasonable access to personal information that it holds about them. In addition, DIT will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. An individual may request to access their information, or otherwise correct or amend their information. Individuals have the further right to request deletion of information that has been handled in violation of the Principles. EU and UK individuals wishing to exercise their right of access may do so by contacting us at the address given below.
DIT will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
DIT will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that DIT determines is in violation of this policy will be subject to disciplinary action.
DIT is subject to the jurisdiction and enforcement authority of the FTC.
Privacy Shield Dispute Resolution – For Non-HR Data
In compliance with the Privacy Shield, DIT commits to resolve complaints about your privacy and our collection or use of your personal information. EU and UK individuals with inquiries or complaints regarding this Policy should first contact DIT at the address given below. DIT will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.
DIT has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, BBB EU Privacy Shield. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB web site at https://bbbprograms.org/programs/bbb-privacy-shield/eu-dispute-resolution for more information and to file a complaint.
Privacy Shield Dispute Resolution – For HR Data
In compliance with the Privacy Shield, DIT commits to resolve complaints about your privacy and our collection or use of your personal information as it pertains to the HR relationship. EU and UK individuals with inquiries or complaints regarding this Policy should first contact DIT at the address given below. DIT will investigate and attempt to resolve complaints regarding use and disclosure of personal information by reference to the principles contained in this Policy.
DIT has further committed to refer unresolved HR privacy complaints under the Privacy Shield Principles to the EU Data Protection Authorities (DPA’s). If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://ec.europa.eu/digital-single-market/en/news/list-personal-data-protection-competent-authorities to locate the appropriate DPA office. Please do not refer HR complaints to BBB EU Privacy Shield.
Last Chance Binding Arbitration Option
Finally and in limited circumstances, if your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Where applicable to the employment relationship, DIT agrees to cooperate and comply with the EU data protection authorities (DPAs) regarding the unresolved complaints of employee of European-affiliated companies who are located in the EU and the United Kingdom. Such employees may direct complaints about their personal information to their respective DPA. For the contact information for your country’s DPA, please contact us at the address given below.
Questions regarding this Policy should be submitted to DIT by mail to:
DigiPen Institute of Technology
9931 Willows Rd NE
Redmond, WA 98052
Or by e-mail to: privacy[at]digipen[dot]edu
Limitations & Changes
We may also be required to disclose an individual’s personal information in response to a lawful request by public authorities or in connection with a legal obligation. Adherence by DIT to these Privacy Shield Principles may also be limited to the extent necessary to meet national security, public interest or law enforcement obligations, and to the extent expressly permitted by an applicable law, rule or regulation. This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield. The amended Policy will be made publicly available via DIT’s website.
California Privacy Rights
California Shine the Light
Residents of the State of California have the right to request information from DigiPen regarding other companies to whom the company has disclosed certain categories of information during the preceding year for those companies’ direct marketing purposes. If you are a California resident and would like to make such a request, please email privacy[at]digipen[dot]edu
California Consumer Privacy Act
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of “Personal Information,” as well as rights to know/access, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” as “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” Certain information we collect may be exempt from the CCPA because it is considered public information (i.e., it is made available by a government entity) or covered by a specific federal privacy law, such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.
To the extent that we collect Personal Information that is subject to the CCPA, that information, our practices, and your rights are described below.
Right to Notice at Collection Regarding the Categories of Personal Information Collected
You have the right to receive notice of the categories of Personal Information we collect, and the purposes for which those categories of Personal Information will be used. This notice should be provided at or before the time of collection. The categories we use to describe the information are those enumerated in the CCPA.
We collect your name, phone number, and email address and contact address when you create an account, complete a transaction, or apply for admission into one of our programs. If you choose to create an account, you will also be asked to create a username, which may sometimes be your email address, and we will assign one or more unique identifiers to your profile. We use this information to provide the Site and our services and products, process your application to our programs, respond to your requests, and send information and advertisements to you.
We collect your social media handle and basic account information when you interact with the Site through social media.
We collect a unique numerical identifier, assigned to you by a first-party cookie, automatically when you use the Site in order to identify you, provide the Site, keep you logged in to the Site, prevent fraud, and provide you with targeted information and offers.
We collect payment information when you provide it to us, which may include your credit card number when you complete a transaction. You have the option to store this information to your account. We use this information to streamline and facilitate payments and transactions.
We collect your IP address automatically when you use the Site. We use this information to identify you, gauge online activity on our website, measure the effectiveness of online services, applications, and tools, and serve targeted advertisements based on your online activities.
We collect your Device ID automatically when you use the Site. We use this information to monitor your use and the effectiveness of the Site, to identify you, and to provide you with targeted information and offers.
We collect your Social Security number if you submit financial aid documents to us. We use this information to process any financial aid documents and facilitate the process of providing you with such financial aid.
We collect medical information and health information about you if you use certain medical or social services provided by us. We use this information to provide such services to you, including mental health counseling or Disability Support Services.
Protected Classifications: We also collect your age, date of birth, race, and ethnic origin when we process your application for admission into our programs or financial aid documents. We may collect your disability status if you use our Disability Support Services in order to provide you with such services.
Commercial Information: When you engage in transactions with us, we create records of goods or services purchased or considered, as well as purchasing or consuming histories. We use this information to measure the effectiveness of the Site and to provide you with targeted information and advertisements.
Internet or Other Electronic Network Activity Information: We collect information about your browsing history, search history, information regarding your interaction with websites, and applications or advertisements automatically when you utilize the Site. We use this information to gauge online activity on our website, measure the effectiveness of online services, applications, and tools, and to serve targeted advertisements based on your online activities.
Geolocation Data: As described above, we collect your IP address automatically when you use the Site. We may be able to determine your general location based on the IP address.
Audio, electronic, visual, thermal, olfactory, or similar information: If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. If you enroll in our programs, we collect your photographic or video image to provide you with a student badge.
Professional or employment-related information: If you submit a résumé as part of an application, we collect information about your current employer and your employment history. We use this information to process your application into our programs and conduct background and other screening activities. If you are a student, we use this information to connect you to employers that may be interested in hiring our students.
Education information: We collect information about the institutions you have attended and the level of education you have attained. We use this information to process your application into our programs or for employment and to conduct background and other screening activities.
Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We may analyze your actual or likely preferences through a series of computer processes. On some occasions, we may add our observations to your internal profile. We use this information to gauge and develop our marketing activities, measure the appeal and effectiveness of the Site, applications, and tools, and to provide you with targeted information, advertisements, and offers.
We may use any of the categories of information listed above for other business or operational purposes compatible with the context in which the Personal Information was collected.
Right to Know About Personal Information Collected, Disclosed, or Sold
Right to Know/Access Information
You have the right to request access to Personal Information collected about you and information regarding the source of that information, the purposes for which we collect it, and the third parties and service providers with whom we share it. You may submit such a request as described below. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request.
Right to Request Deletion of Information
You have the right to request in certain circumstances that we delete any Personal Information that we have collected directly from you. You may submit such a request as described below. To protect our customers’ Personal Information, we are required to verify your identify before we can act on your request. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
How to Submit a Request
You may submit a request to exercise your rights to know/access or delete your Personal Information through any one of three means:
In order to process your request to know/access or delete Personal Information we collect, disclose, or sell, we must verify your request. We do this by asking you to:
You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf. We require that you and the individual complete notarized affidavits in order to verify the identity of the authorized agent and confirm that you have authorized them to act on your behalf. Parents of minor children may submit a birth of the child certificate in lieu of an affidavit, in order to make requests on the child’s behalf. Please see our required affidavits here.
What are cookies?
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a website or mobile application. Cookies are then sent back to the originating site on each subsequent visit, or to another site that recognizes the cookies.
How to Manage Your Cookie Preferences
There is no accepted standard on how to respond to Do Not Track signals, and DigiPen does not respond to such signals. Rather, you may visit aboutads.info to receive more information about the collection and use of information about your online activities for online behavioral advertising or to learn how to opt out of having your data used for online behavioral advertising by Digital Advertising Alliance (DAA) participating companies. European users can also visit youronlinechoices.com to learn how to opt out of having their data used for online behavioral advertising by European Interactive Digital Advertising Alliance (EDAA) member companies.
Please note that if you choose to block cookies, you may impair our Sites or prevent certain elements of our Sites from functioning. Also, if you delete your cookies in the future you will need to opt again and if you use multiple web browsers, you may need to opt again.
Please note that even if you opt out using the mechanisms above, you may still receive advertisements when using DigiPen’s Sites.
Types of Cookies and Technologies Used
DigiPen uses a number of first-party cookies, most of which expire when the user’s browser is closed. Generally, these cookies help to store user information (i.e. language preferences) or ensure that users are aware of specific events related to their campus.
DigiPen uses the following third-party technologies:
We use Google Analytics to track the behavior of website visitors. Their third-party tracking cookies are used on all of our sites and subdomains and provide us with information used to learn where our visitors are coming from (e.g., traffic sources), how visitors interact with our site (e.g., how many pages they view, how long they stay during a visit, etc.), what kind of devices are used to access our site, etc. We use this data in aggregate to analyze the effectiveness of our website and to improve user experience. We do not track user demographics (this is an opt-in feature for Google Analytics customers). Our sites are still functional for users who choose to disable this cookie. Analytics cookies used by Google are persistent cookies that expire after two years.
- Fonts served
- Kit ID
- Account ID (identifies the customer the kit is from)
- Service providing the fonts (e.g., Typekit or Edge Web Fonts)
- Application requesting the fonts (e.g., Adobe Muse)
- Server serving the fonts (e.g., Typekit servers or Enterprise CDN)
- Hostname of page loading the fonts
- The amount of time it takes the web browser to download the fonts
- The amount of time it takes from the web browser downloading the fonts until the fonts are applied
Questions or Comments
If you have any questions or comments about this policy, please contact us at privacy[at]digipen[dot]edu.