Please note that this Website may contain links to other Websites. Naturally, Sommet is not responsible for the privacy practices or the content of such other Websites.
This Policy complies with the Safe Harbor Principles as agreed upon between the United States Department of Commerce and the European Commission, and separately the United States Department of Commerce and the Swiss Federal Data Protection and Information Commissioner. Consistent with its commitment to protect personal privacy, Sommet complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework, which can be found at: http://www.export.gov/safeharbor/.
This Policy applies to, and is limited to, the processing of Personal Data that Sommet receives in the United States concerning its Students and Website visitors who are residents of the EEA, EU or Switzerland (see definition below).
This Policy does not cover data rendered anonymous where individual persons are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost, or labor, or situations in which pseudonyms are used. (The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult). If data rendered anonymous becomes no longer anonymous (i.e., individual persons are again identifiable), or if pseudonyms are used and the pseudonyms allow identification of individual persons, then this Policy will apply.
“Data Subject” means an identified or identifiable natural living person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity. For purposes of this Policy, “Data Subject” means Sommet Students and visitors to Sommet Websites.
“European Affiliate” means a Sommet affiliate located in Switzerland, the EU or the EEA.
“Student” means any individual that is a prospective, current, past student or alumni of any Sommet institution who is also a resident of Switzerland, the EU or EEA.
“Personal Data” means data that personally identifies a Data Subject or that may be used to personally identify a Data Subject (such as an identification number that identifies a Data Subject). Personal Data includes data such as an individual’s name, country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID and password. Personal Data does not include data that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation or trade union membership, aid granted by social services and/or debt collection proceedings, criminal or administration sanctions.
Collection and Use of Personal Data
Sommet may receive Personal Data concerning Students: 1) directly from the Student, 2) from a European Affiliate or 3) through other means, such as provided by other Websites requested by the individual to be provided to Sommet.
Sommet systems are not set up to automatically or without the express knowledge of the Student or Website visitor track, collect or distribute Personal Data or Sensitive Data about a Sommet Student or Website visitor. Our systems do recognize the home server of Students or Web visitors, but not email addresses. For example, our computer servers can tell which Internet Service Provider Students or Website visitors of our Websites use, and the IP addresses associated with Students or Website visitors’ computers. But our computer servers do not track names, addresses or other information that would allow us to identify particular Students or Website visitors to our sites. The non-personal information collected by our servers is used for internal purposes only (such as to ensure the smooth functioning of the Sommet Websites and efficient delivery of content on the sites, for example knowledge of the Web browser used allows content to be displayed in the manner best suited for that Web browser) by Sommet technical support staff.
In addition, Sommet servers track information about visits to our Websites. For example, we compile statistics that show the daily number of visitors to our sites, the daily requests we receive for particular files on our sites and what countries those requests come from. These aggregated statistics are used internally to provide better services to our clients and may also be provided to others, but again, the statistics contain no Personal Data and cannot be used to discern such information.
Subject to the below consent of the Data Subject, Sommet uses Student Personal Data for business purposes, including without limitation: (i) managing Student on-line experiences; (ii) enrollment into an institution; (iii) enrollment in specific courses; (iv) recording and reporting grades; (v) managing the process for prospective students through enrollment and admission; (vii) managing alumni; (viii) marketing purposes, as permitted under applicable local law or regulations; and (ix) for other business-related purposes permitted and/or required under applicable local law or regulations.
Consent to Disclosures/Onward Transfers of Personal Data
For the proper administration of Sommet activities and in order to allow Sommet to fully provide you with the various services contained therein, you hereby expressly permit Sommet to collect, maintain and process any of your Personal Data, or a part thereof, including without limitation, any information protected by the Dutch Data Protection Act, the European Union Directive on the protection of individuals with regard to the processing of personal data and the free movement thereof, the Swiss Federal Act on Data Protection, or by any other applicable legislation, in any computer network as Sommet deems appropriate. For these purposes, you further expressly permit Sommet to transfer such data, or a part thereof, to any computer network(s), including without limitation that of any Sommet institution of higher education, that of Sommet representatives worldwide, in the Netherlands, the United Kingdom, Switzerland, the USA or any other country as Sommet deems appropriate to provide you services. You understand that the level of data protection in countries outside the European Union or Switzerland may not be equal to the level of data protection under EU or EAA law and Swiss law and that Sommet will take adequate measures to ensure an adequate level of protection of the Personal Data during and after the transfer.
Sommet discloses Student’s Personal Data only to those who reasonably need to know such data for a legitimate business purpose and those third parties must abide by confidentiality obligations. Unless Sommet has a Data Subject’s consent, Sommet will only disclose Student’s Personal Data to third parties for the purpose of performing tasks on Sommet’s behalf when such third parties either:
(a) comply with the Safe Harbor principles or use another data transfer mechanism permitted by the EU Data Protection Directive or, as applicable, the Swiss Federal Act on Data Protection; or
If Sommet learns that one of its data processors/service providers is using or disclosing Personal Data in a manner contrary to this Policy, Sommet will take necessary steps to prevent or stop the use or disclosure.
Except as stated otherwise herein, Sommet does not disclose Sensitive Data to third parties. Further, Sommet does not use Sensitive Data for any purpose other than (i) for the purpose for which it was originally provided by the Student, (ii) for a purpose later expressly consented to by the Student, or (iii) for an exception expressly noted below.
You expressly agree that Sommet may use or disclose Sensitive Data (or other Personal Data) without prior express consent where such disclosure or use: (a) is in the vital interests of the Student, Website visitor or another person; (b) is necessary for the establishment of legal claims or defenses; (c) is required to provide medical care or diagnosis; (d) is necessary to carry out Sommet’s obligations; (e) is data manifestly made public by the Data Subject; or (f) as otherwise required or permitted by law.
Confidentiality and Security of Data Personal
Sommet maintains reasonable physical, administrative and technical safeguards designed to secure Data Subjects’ Personal Data and Sensitive Data, and to prevent unauthorized access to such information. For example, all Student communication and files in digital format are stored on a secure network, accessible only by approved staff. All critical systems and servers are separately housed within Sommet’s secure facilities and are accessible only by authorized personnel. Our information security is managed internally and meets industry standards for secure networks. Sommet takes precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Sommet’s physical premises are protected with a security guard and all off-hour entry is logged through an access control system. Sommet periodically performs network backups. While our backup files are stored offsite, they are handled by authorized personnel only.
Right to Access, Change or Delete Personal Data
Sommet and any of its institutions will endeavor to respond in a timely manner to all reasonable written requests to view, modify or delete Personal Data.
Students and site visitors are responsible for the accuracy of the data they provide to Sommet. Sommet will use reasonable efforts to maintain the accuracy and integrity of any Personal Data it receives and update it as appropriate.
Sommet does not, as a matter of business practices, maintain Personal Data longer than necessary for the purposes stated, unless otherwise agreed to by the Student or site visitor.
Changes to this Policy
This Policy may be amended from time to time, consistent with any changes in the Safe Harbor Principles and/or Sommet business practices. Appropriate public notice will be given in the event of such amendments.
Sommet’s privacy practices are self-certified as defined in the U.S. Department of Commerce Safe Harbor Program. For more information about the Safe Harbor Program, please go to www.export.gov/safeharbor
Enforcement and Dispute Resolution
Sommet periodically verifies that the Policy is accurate, comprehensive for the information intended to be covered, and conforms to the EU Safe Harbor Principles and the Swiss Federal Act on Data Protection. We encourage interested persons to raise any concerns with us using the contact information below. Sommet will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.
With respect to any complaints related to this Policy that cannot be resolved through our internal process, we agree to participate in the dispute resolution procedures with the European Data Protection Authorities (“DPA”) to resolve disputes pursuant to the Safe Harbor Principles. In the event that a dispute is submitted to one of the DPAs, we will cooperate with such DPA in the investigation and resolution of complaints brought under this policy. If we or such DPA conclude that we did not comply with the Policy, we will take appropriate steps to address any adverse effects and assure future compliance.
Sommet retains sole and absolute discretionary authority to resolve all questions relating to the administration, interpretation and application of this Policy. This authority includes interpreting the terms of this Policy, including any disputed or doubtful terms.