[ Skip to content ]

Department of Education Privacy Policy

U.S. Department of Education

As a servicer for U.S. Department of Education student loans, Edfinancial provides the Department's privacy policy to borrowers.

Gramm-Leach-Bliley Privacy Information Act

In 1999, Congress enacted the Gramm-Leach-Bliley Act (Public Law 106-102). This Act requires that lenders provide certain information to their customers regarding the collection and use of nonpublic personal information. Because you have a loan held by the U.S. Department of Education, we are providing you this Notice.

In general, the categories of nonpublic personal information collected about you from your application, your educational institution, and consumer reporting agencies, include your address and other contact information, demographic background, loan and educational status, family income, social security number, employment information, collection and repayment history, and credit history. We disclose nonpublic personal information to third parties as necessary to process and service your loan and as permitted by the Privacy Act of 1974. The Privacy Act permits disclosure to third parties as authorized under certain routine uses. Examples of disclosures permitted under the Privacy Act include disclosure to federal and state agencies, private parties such as relatives, present and former employers, and creditors, and our contractors for purposes of administration of the student financial assistance programs, for enforcement purposes, for litigation, and for use in connection with audits or other investigations.

We do not sell or otherwise make available any information about you to any third parties for marketing purposes. We protect the security and confidentiality of nonpublic personal information by implementing the following policies and practices. All physical access to the sites where nonpublic personal information is maintained is controlled and monitored by security personnel. Our computer systems offer a high degree of resistance to tampering and circumvention. These systems limit data access to our staff and contract staff on a need-to-know basis and control individual users' ability to access and alter records within the systems. All users of these systems are given a unique user ID with personal identifiers. All interactions by individual users with the systems are recorded.