American College of Education is committed to ensuring the privacy and accuracy of your confidential information. As part of its commitment to maintain the privacy of its users, ACE has developed this privacy statement.
The statement has two purposes:
- To educate users about privacy issues.
- To inform users about specific privacy policies and guidelines employed at ACE.
While ACE has not and will not share, provide, or sell Personal Information with third parties for their own marketing purposes the College may actively share your information to facilitate, manage and improve our services.
This may include third parties or vendors whom the College has engaged as School Officials who help the College with marketing, advertising, or promotion. ACE may also share your Personal Information with government and law enforcement agencies or regulators to respond to subpoenas, court orders, or any other legal requirements or when it is necessary to protect and defend the legal rights of the College or to protect your safety and/or the public’s safety.
- “School Officials” means employees of the College, including faculty and staff, as well as certain individuals such as vendors or contractors, performing work for the College under proper authorization.
- “Personal Information” means any non-public information (paper or electronic) that can be used to distinguish, identify, or contact a specific individual. This includes account information, social security numbers, grades, and financial or health data as well as any other information that is not considered public. Also included is all information required to be protected under the Gramm-Leach-Bliley Act (“GBLA”), namely, (a) any non-public personal information (i) a student or other third party provides in order to obtain a financial service from ACE, (ii) about a student or other third party resulting from any transaction with ACE involving a financial service, or (iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person; and (b) personally identifiable information as defined under state cybersecurity laws.
- For State of California residents “personal information” under the CCPA (California Consumer Privacy Act) includes any information that “identifies, relates to, describes, references, or could reasonably be linked, directly or indirectly, with a particular consumer or household,”
- “College’s Technology Services” – include all College technologies and related forms such as the College website, mobile applications and text, surveys, college chat boards, etc. where you may provide personal information voluntarily through the use of technology platforms and the completion of forms required for business purposes.
ACE also complies with the Family Educational Rights and Privacy Act (“FERPA”) administered by the U.S. Department of Education. FERPA protects students’ personal identifiable information (PII) and prohibits the release of education records without students’ permission or consent. Information on the College’s FERPA policy and practices may be found here.
The law allows us to share your account information or other personal information with non-affiliated companies when the information is used for financial transactions (Gramm-Leach-Bliley Act, Part V, § 14-15). The following are circumstances when non-affiliated parties might be given personal information:
- Services providers to the extent necessary to enable us to provide you with the products and services you have requested, process transactions, and maintain accounts.
- Credit reporting agencies in accordance with the Fair Credit Reporting Act
- In connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit.
- When legally required to comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by Federal, State, or local authorities.
- When otherwise required to comply with Federal, State, or local laws, rules and other applicable legal requirements
This policy is effective specifically for the ACE.edu website and domain, and any student information systems learning management systems, or student or public communications platforms utilized by the College, collectively known as the “College’s Technology Services”.
Information Gathered by ACE
When you visit the ACE.edu domain and website our web servers may generate temporary logs that may contain the following Personal Information:
- 1. The IP address from which you access our domain and website.
- The Internet address of the website from which you linked to our domain and website.
- The type of browser and operating system used to access our domain and website.
- The date and time you access our domain and website.
- The pages, files, documents, and links that you visit in our domain and website.
- Aggregate information collected by School Official internet analytics services.
Additionally, by using the College’s Technology Services such as ACE.edu or ACE student information systems and learning management systems, and similar, the College may collect Personal Information that you knowingly and voluntarily provide when completing applications and forms, sending emails, registering for classes or other programs or responding to surveys.
We use unique identifiers called “Cookies” to collect anonymous non-personally identifiable information. Cookies are small pieces of code that are saved by your browser. The cookies include information about your device, browser, area code, zip code, and IP address and are used to provide you with a more customized user experience and improve the design and functionality of our website.
We may share cookies with third Parties to better understand how you use our websites and the type of devices you use to personalize content and deliver relevant advertisements of interest to you. These third parties may collect information about your online activities over time and across different websites when he or she uses our sites.
You may refuse to accept cookies by activating the appropriate setting on your device or browser. However, you may be unable to use certain features of the ACE website dependent on your selection. You can change your cookie settings by reviewing your internet browser’s cookie options. Typically, such information can be found under the browser’s ‘Help’, ‘Preferences’ or ‘Options’ menus.
External Third-Party Content
Sites within ACE may enable you to pay for products or services online with a credit card. Although ACE makes every effort to ensure that the third parties providing these transactions are encrypted, ACE is not responsible for the privacy practices of these external third parties.
Although no computer system is 100% secure, ACE has deployed extensive security measures to protect against the loss, misuse, or alteration of the information collected through the Colleges’ services and under our control. ACE maintains physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic Personal Information. We continually review our policy and practices, monitor our computer networks, and independently test the strength of our security to help us ensure the safety of Confidential Information. These security measures and our systems are routinely audited and updated by ACE security specialists.
Digital Millennium Copyright Act (DMCA)
The Digital Millennium Copyright Act (DMCA), described as the most dramatic change to copyright law in a generation, was the 105th Congress’s effort to update copyright law for the digital environment. Please be aware that in accordance with Section 512(i)(1)(a) of the DMCA, ACE reserves the right to terminate computing services of users who repeatedly infringe upon the rights of copyright owners.
California Privacy Act (CCPA)
For State of California residents, through your use of the College’s Technology Services such as ACE.edu or ACE student information systems and learning management systems, and similar, the College may collect Personal Information that you knowingly and voluntarily provide when completing applications and forms, sending emails, registering for classes or other programs or responding to surveys, we may collect “Personal Information. “Personal Information” may include:
- Email address, account name, Social Security number, driver’s license number, and passport number.
- Personal information under California’s records destruction law (Cal. Civ. Code §1798.80(e)).
- Characteristics of protected classifications under California or federal law.
- Commercial information, including records of personal property, products, or services purchased, obtained, or considered.
- Biometric information.
- Internet or network activity.
- Geolocation data.
- Audio, electronic, visual, thermal, olfactory, or similar information.
- Professional or employment-related information.
- Education information that is not publicly available personally identifiable information, as defined in the Family Educational Rights and Privacy Act (20 USC § 1232(g), 34 CFR Part 99).
- Inferences drawn from any of the information listed above to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Personal Information under the CCPA does not include aggregate consumer information,” which is defined as data that is “not linked or reasonably linkable to any consumer or household, including via a device,” as well as information that is publicly available from federal, state, or local government records.
As a California resident pursuant to the CCPA, you have certain rights. This Privacy Notice summarizes what these rights are and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Title 1.81.5. California Consumer Privacy Act of 2018.
Right to access data
California law permits users who are California residents to request and obtain at no cost an annual list of the third parties to whom ACE has provided or disclosed personnel identifiable information (PII) in the immediately preceding calendar year. California residents shall only be entitled to have this information provided at most once per calendar year.
Once we receive and confirm your verifiable consumer request, we will disclose to you within thirty (45) days of the receipt of such request:
- The categories and sources of personal information we collect about you.
- Our business or commercial purpose for collecting or selling that personal information.
- a list of categories of Personal Data provided to a third party for its own direct marketing purposes; and,
- the names of any third parties that received the California resident’s Personal Data within the preceding calendar year from us.
Right to opt-in to sharing of minor Personal Information
If you are a California resident, under 16 and a registered user of the Services, you may ask us to opt-in to share posted to the Services by submitting a verifiable consumer request to us at the address below.
Right to be forgotten
Also, California residents have the right to request deletion any of personal information that we have collected from you, subject to certain exceptions listed in the California Electronic Communications Privacy Act if retaining the information is necessary for us to facilitate your account or respond to requests under the law. Once we receive and confirm your verifiable consumer request, we will delete (and direct our school officials to delete) your personal information from our records, unless an exception applies.
Right to opt-out from having information sold
Under California’s Privacy law, Cal. Civ. Code § 1798.83, California residents may opt out of the sharing of Personal information to educational partners who are School Officials for direct marketing purposes. However, although the College may actively share your information to facilitate, manage and improve our services the College will not share, provide, or sell Personal Information with school officials for their own marketing purposes.
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204
A verifiable consumer request should contain your name and state of residence or student identifier as applicable, and the specific request as related to the rights described above. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
General Data Protection Regulation (GDPR)
Your Personal Information may be stored and processed by service providers using cloud technology, and you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information
The College may receive your Personal Information when you visit the College’s websites, apply for or take online courses or programs, voluntarily communicate with the College or request or services, or otherwise interact with the College while in the EU.
This GDPR Privacy Notice applies to you if:
- You are a “Person” or “Data Subject” which is a natural person, not a corporation, partnership, or other legal entity who is physically present in the EU;
- “Personal Information”—means any identifiable information that you voluntarily provide, or we collect while you are physically present in the EU and not while you are outside the EEA;
- And the Personal Information is provided to the College:
- During the course of application and enrollment into the College or College’s programs;
- While you are enrolled in the College programs;
- While you are participating in College activities or surveys;
- While you are communicating with College services.
- As part of the admissions process to evaluate applications. We also may obtain Personal Information from third parties, such as other schools, references, employers, and education as part of an application submission.
- As part of the program or course registration and scheduling process.
- To communicate College activities, messages, and special events.
The College requires Personal Information for a variety of purposes to provide requested services, including, but not limited to:
As a Data Subject pursuant to the GDPR, you have certain rights. This GDPR Privacy Notice summarizes what these rights under the GDPR involve and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Articles 15-21 and 77 of the GDPR.
Right of access
You have the right to request that the College confirm whether it is processing your Personal Information.
Right of correction
You have the right to request that the College correct any inaccurate Personal Information that it maintains about you.
Right to erasure
You have the right to request the erasure of Personal Information that the College maintains about you in certain circumstances. These circumstances are identified in Article 17 of the GDPR and include that the Personal Information is no longer necessary in relation to the purpose(s) for which it was collected.
Right to restrict processing of Personal Information
You have the right to request that the College restrict the processing of your Personal Information where one of the reasons identified in Article 18 of the GDPR apply. These reasons include that the Personal Information is inaccurate, the processing is unlawful, or the College no longer needs the Personal Information.
Right to data portability
Where the basis for processing is either consent or performance of a contract between you and the College, and where the processing is carried out by automated means, you have the right to receive your Personal Information that you have provided to the College. The College will provide the Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible and upon your request, the College will transmit the Personal Information directly to another entity.
Right to withdraw consent
If the basis for processing your Personal Information is consent, you may revoke your consent at any time. Upon receipt of your notice withdrawing consent, and if there are no other legal grounds for the processing, the College will stop processing the Personal Information unless the processing is necessary for the establishment, exercise, or defense of legal claims. Revoking consent does not affect the lawfulness of processing that occurred before the revocation.
Right to file a complaint
You have the right to submit a complaint with an EU supervisory authority, specifically one in the EU Member State of your habitual residence, place of work, or place of the alleged violation, if you believe that the College’s processing of your Personal Information violates the GDPR. For more information on the process for submitting a complaint, consult the relevant EU supervisory authority:
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204
A verifiable consumer request should contain your name and EU member state or student identifier as applicable, and the specific request as related to the GDPR rights described above. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.
American College of Education
101 West Ohio Street, Suite 1200
Indianapolis, IN 46204