Section 1. Information We Collect and Share
We collect and share personal information about you in order to identify you as our customer, to establish and manage customer accounts, to complete customer transactions, to provide information to you about our products and services, and to comply with legal and regulatory requirements. Examples of the types of personal information that we collect:
- Your Social Security Number, name, contact information, birth date, assets, and income.
- Your transaction history and account balances.
- Your credit history and credit scores.
We collect personal information about you from sources that include, but are not limited to:
- Information we receive from you or your representative on applications, promissory notes, forms, and through other communications (for example, when you take out a loan, send us an email, or open an online account on our website).
- Information about your transactions with us or others, including lenders, schools, or the U.S. Department of Education (for example, when you make a payment or finish school).
- Information we receive from consumer credit reporting agencies or public records.
We may share all of the information we collect, as described below.
Section 2. Disclosure of Personal Information
All financial companies need to share their customers' personal information to run their everyday business. Below, we explain how and why we may share your personal information.
We do not disclose personal information about our customers or former customers, except as permitted or required by law. For example, PHEAA shares your personal information in the delivery of our financial products and services to you in the following circumstances:
- When you have authorized the disclosure of information.
- To provide products or services that you request.
- As required by order of court or subpoena, pursuant to state, local, federal, or international statute, regulation or mandate, and in cooperation with law enforcement agencies.
- With consumer reporting agencies.
Additionally, PHEAA sometimes shares your personal information with nonaffiliated vendors that perform services on our behalf, for example, printing services, software programming, or loan collection support. PHEAA provides these vendors with only the information needed to perform that particular service. Before representatives of these vendors receive such information, we require that they sign an agreement to keep all personal information confidential. These vendors may not use this information for their own purposes.
PHEAA may share your information with nonaffiliated vendors that market PHEAA products and services to you. Generally, we only provide these vendors with customer contact information, although we might provide limited account information in some circumstances, such as account balances or status, payment amount or transaction history. Such nonaffiliated marketers must agree via contract with PHEAA to keep your information confidential and to use the information only to market PHEAA products and services.
Finally, consistent with student loan industry practice, PHEAA shares customer information with industry aggregators for the benefit of students. Such industry aggregators include the National Student Clearinghouse1, ELM Resources2, and Meteor™ 3.
Consistent with the Children's Online Privacy Protection Act (COPPA), PHEAA will not knowingly collect or retain information submitted by children under the age of 13. If PHEAA learns that we unknowingly collected personally identifying information from children under 13 years of age, we will immediately take all reasonable measures to delete the information from our computer systems and all other data systems.
Section 3. Data Security
To protect your personal information from unauthorized access and use, we use security measures that comply with federal law and regulations. These measures include computer safeguards and secured files and buildings. We restrict access to nonpublic personal information about you to those employees who we have determined have a legitimate business need for the information in order to provide our products and services.
Section 4. Online Privacy Practices
PHEAA protects the privacy of your personal information on our websites using the same standards and care that we utilize for all PHEAA communications and transactions.
PHEAA does not automatically collect personal information from visitors to our websites. However, we may automatically collect and store certain data from all website visitors, for example, the name of the domain and host from which the visitor accessed the Internet, the Internet Protocol (IP) addresses of computers and browser software used to access a PHEAA website, the date and time the visitor accesses PHEAA websites, and the Internet address of the website from which a visitor links directly to a PHEAA website. We may also use HTML encoding to record aggregate information about the usage of PHEAA websites and whether emails that we send have been accessed or acted upon.
PHEAA provides links from its websites to other vendors and third parties. Because PHEAA cannot guarantee how these third parties use or collect personally identifying information, you are encouraged to fully review the privacy statements of these other websites to determine whether or not your use of these websites comports with your desire to maintain the privacy of personally identifying information.
Section 5. How to Contact PHEAA
- The National Student Clearinghouse is a source for post-secondary student degree and enrollment verification.
- The ELM Resources system provides students, schools and lenders with automated Federal Family Education Loan Program (FFELP) and alternative loan data, processing, and information.
- MeteorTM is a collaborative effort to provide financial aid professionals and students with online aggregated financial aid award information from various industry participants.
Originally Adopted: February 2, 2001
Date Last Modified: September 2, 2010