Privacy Shield Disclosures & EPI Privacy Policy

EPI is a member of the E.U.-U.S. Privacy Shield:

EPI complies with the E.U.-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. EPI has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit


How we use information we collect:

EPI collects personal data related to the J-1 Visa Exchange Visitor Program it administers, sponsoring teachers for placements in public, private, and charter schools in North Carolina, South Carolina, Virginia, and Florida. We use the information we collect to: provide, maintain, protect, and improve our website and the program we administer; to help applicants apply for and succeed in the J-1 Visa Exchange Visitor Program; and to protect EPI program applicants and participants. In order to help teachers obtain J-1 Visas and enter the exchange visitor program, EPI collects personal information from applicants and program members including, but not limited to: Driver’s Licenses; Passports; Visas; Criminal Background information; email addresses; school transcripts; teaching licensures; bank accounts; health insurance; deeds; and titles and other relevant information relating to the program. EPI only collects these types of personal information and shares it with data processors aiding it in furtherance of the United States exchange visitor program it administers.

EPI never sells your personal information to companies, organizations, and other outside individuals. EPI is obligated to share personal information with the U.S. Department of State and schools as it relates to placing teachers and the administration of its program.


We collect information in the following ways:

Information you give EPI: EPI requires those seeking participation in its program to sign up for an account. When you do, we will ask for personal information like your name, email address, and telephone number to store with your account. In most instances, exchange visitor program applicants and current/past program participants (collectively “Users”) are asked to upload the majority of their personal information directly, and they retain access to any uploaded information as they transition from applicant, to participant, and, finally, to alumni status. Users uploading information to EPI’s secure website retain access to the information they uploaded for as long as the information is retained by EPI. 

Information we get from your use of EPI’s website: Additionally, EPI may track device-specific information like your hardware model, operating system version, unique device identifiers, and mobile network information including phone number. We may collect identifying information related to your computer and internet usage. Specifically, EPI may collect your computer’s IP address, and other identifying information that it tracks via cookies and similar programs such as in-website history collection mechanisms that track your internet browsing history directly. This information may be used to improve the User experience with EPI’s services and to market EPI’s services to other potential exchange visitor program participants. Examples of information we may gather from your use of EPI’s website include:

Log information: When you use EPI’s services, we may collect and store certain information in server logs. This includes details of how you used our services, telephone log information, your IP address, device event information, and cookies.

Location information: We may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, and other sensors that may, provide us with information on nearby devices, Wi-Fi access points and cell towers.

Unique Application Numbers: Certain services include a unique application number and information about your installation, like the operating system type and application version number.

Local Storage: We may collect and store information, including personal information, locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

Cookies and similar technologies: We may use various technologies like cookies to identify your browser and device. We also use these technologies to collect and store information when you interact with websites before or after accessing EPI’s website in order to analyze the traffic to our websites and apps.

Information we collect when you are signed in to the EPI website, in addition to information we obtain about you from partners, and your use of the website may be associated with your EPI Account. When information is associated with your EPI Account, we treat it as personal information. For more information about how you can access, manage or delete information that is associated with your EPI Account, visit the Transparency and Choice section of this policy.


Transparency and Choice:

At EPI, Users are in control of their personal information. Our goal is to clearly state what information we collect and how we use it so that you can make an informed decision prior to becoming a User. To become a participant in the exchange visitor program that EPI administers, the U.S. Department of State requires EPI to gather, review, and retain certain types of personal information. However, this does not mean that those wishing to participate in the program EPI administers are without choice in the collection of their personal information outside the initial decision to become a User. EPI Users have additional choice in determining the personal information they share with EPI and access to that personal information, such as:

What you upload to EPI: You often have a choice in the information which you upload to EPI. Keep in mind that certain documents and types of personal information are required in order to be considered for the exchange visitor program that EPI administers. However, in many instances, you have a choice of the exact information you upload to EPI from a range of documents and personal information, and Users are directly in control of the uploading of information to our secure server.  

Blocking Cookies: You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled.

Access: Users have the right to access the personal information about them that EPI holds, and they can access almost the entirety of this personal information at any time through their online profile. Users will be able to correct, amend, or delete personal information that EPI holds if they can demonstrate that such personal information is inaccurate, or has been processed in violation of the Privacy Shield Principles. However, to the extent permitted by applicable local laws, EPI may limit or deny a User’s access to the personal information it holds where the burden or expense of providing access would be disproportionate to the risks to their privacy, the legitimate rights of other persons would be violated, or an exception applies under another applicable law. To request access to, correct, amend, or delete your personal information with EPI, please contact EPI’s Human Resources and Chief Privacy Officer at:



Information Sharing:

Your information is normally only visible to you and EPI employees. There are limited circumstances in which EPI shares your personal information:

With your Consent: We will share personal information with companies, organizations, data processors, and other individuals outside of EPI when we have your consent to do so.

With 3rd parties helping to administer our program: we provide limited personal information to other companies helping us manage or process your data based on our instructions and in compliance with our privacy policy and any other appropriate confidentiality and security measures.

With the U.S. Department of State: EPI is designated as an exchange visitor program sponsor by the U.S. Department of State and the program is governed by the United States Code of Federal Regulations. Because of this, EPI is required to retain certain personal information in accordance with U.S. Department of State and Federal Regulations. Due to the nature of the program, EPI may be required to share your personal information with other U.S. Federal offices like the Department of State, the Department of Homeland Security, Immigration and Customs Enforcement, and the like.

For Other Legal reasons: We will share personal information with companies, organizations or individuals outside of EPI if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms of Service, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of EPI, our users or the public as required or permitted by law.


Information Security:

EPI works hard to protect the information you share with us from unauthorized access, unauthorized alteration, disclosure, or destruction. We use website security measures consistent with current best practices to safeguard our website, email, and other internet connected programs. In particular:

  • We encrypt our website, requiring the use of a secure browser with encryption, or SSL. Using encryption protects information by scrambling information as it is sent from your computer or device to EPI and vice versa, helping keep your information secure and private.
  • We frequently patch or update our systems so that we are using the latest software versions with the most current security technology.
  • We engage in system monitoring, regularly reviewing activity logs to identify potential problems. We have systems in place to automatically block and help prevent unauthorized access to your information from unknown or untrusted sources. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We deploy physical safeguards, including state-of-the-art security systems and 24/7 video surveillance, to strictly control access at all of our facilities.
  • We restrict access to personal information to EPI employees, contractors, government authorities, and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Despite EPI’s efforts, no data transmissions you make to EPI over the internet can be guaranteed to be 100 percent secure. Consequently, EPI cannot ensure or warrant the security of any information you transmit to us and you understand that any information that you transfer to EPI over the internet is done at your own risk.


Accountability for Onward Transfers:

Except as otherwise explained in this Policy, EPI will transfer User Personal Data only to:

(a) an entity that a User has specifically authorized to receive the data (and its designated representatives),

(b) third party contractors and other third parties acting as EPI’s agents (e.g., service providers that help host or support EPI’s web site, or that otherwise provide program related assistance), or

(c) government agencies associated with a User's exchange visitor program.

Furthermore, EPI will transfer Personal Data to such third parties only if the transfer is for limited and specified purposes and the third party will provide at least the same level of privacy protection as is required by this Privacy Statement and, as applicable, the Privacy Shield Principles (“Principles”). EPI takes reasonable steps to ensure that its third party affiliates, contractors, and agents effectively processes the personal information in a manner consistent with EPI’s obligations under the Principles.

When EPI uses third parties and data processors to perform certain processing tasks on behalf and under the instruction of EPI, it requires such processors to either certify under Privacy Shield or another adequacy finding, or enter into a written agreement requiring they process the data only for limited and specified purposes and to provide the same level of protection that EPI provides.

As further described in the Privacy Shield Principles, in cases of onward transfer and processing of Personal Data by third parties or EPI’s agents, EPI remains liable for the third party/agent’s failure to comply with the Privacy Shield Principles, unless EPI can prove that it is not responsible for the event giving rise to the damage.

EPI may be required to disclose personal information in response to a lawful request by public authorities, including requests to meet national security or law enforcement requirements.


Contact EPI Directly with Comments/Issues Related to Personal Data:

In compliance with the Privacy Shield Principles, EPI commits to resolve complaints about our collection or use of your personal information.  European Union individuals with inquiries or complaints regarding our Privacy Shield policy should first contact EPI’s Human Resources and Chief Privacy Officer in one of the following ways: by email at; by addressing your physical mail to EPI Human Resources and Chief Privacy Officer, 105 Whitson Avenue, Swannanoa, NC 28778; or by calling 1-828-239-9930.

The Federal Trade Commission has jurisdiction over EPI’s compliance with the Privacy Shield.

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Those mechanisms may be found here:

EPI commits to cooperate with the panel established by the EU data protection authorities (“DPA”s) and comply with the advice given by the EU DPAs with regard to all personal data, including human resources data transferred from the EU in the context of personal data transferred to EPI for services and for any employment relationship.

Want to learn more about EPI? Sign up for our newsletter!