Data Governance and Privacy Mandate

BlackHaus University (hereinafter, BHU) operates under a strict Data Governance Mandate. This document formalizes our non-negotiable legal obligations regarding the acquisition, utilization, disclosure, and protection of Personal Data collected via our website, mobile applications, and services (collectively, the “Services”). This Policy is incorporated by reference into the BHU Terms of Service and constitutes a critical, non-severable component of the contractual relationship. By accessing or utilizing the Services, the user explicitly and irrevocably accepts the terms of this Mandate.

1. Data Collection and Classification

We collect data falling into the following categories:

1. Personal Data (Voluntary Submission)

This information is provided when a user enrolls, applies, or contacts us, and includes:

• Identifiers: Full name, current email address, telephone number, and physical mailing address.
• Financial Data: Billing information and payment instructions (processed exclusively by contractually obligated third-party payment entities).
• Educational Records: Enrollment status, specific courses of interest, and documented academic history.
• Sensitive Personal Data: Data related to health/disability status, racial/ethnic origin, and religious affiliation. This is collected and processed only upon receipt of the user’s explicit, affirmative consent or as strictly required by controlling state or federal statutes (e.g., FERPA).

1. Automatically Collected Data (Usage and Device Telemetry)

Data regarding device characteristics and service activity is automatically collected to ensure operational performance and security. This includes:

• Technical Telemetry: IP address, browser type and version, operating system, and unique device identifiers.
• Usage Metrics: Pages accessed, access date and time stamps, referring URLs, and Service navigation patterns.
• Geolocation Data: General geographic location derived from your IP address.

2. Authorized Use of Personal Data (Mandated Purposes)

Personal Data is utilized exclusively for the following legitimate business and legal purposes:

• Service Provision: To maintain, secure, and improve the Services; to execute and process financial transactions; and to manage the user’s account and enrollment status.
• Communication: To dispatch essential contractual notifications, security alerts, operational updates, and to issue formal responses to user inquiries.
• Marketing (Conditional): To deliver promotional material, provided the user has granted explicit consent.
• Analytics and Security: To rigorously analyze service usage trends, monitor and protect the structural security of the Services, and enhance platform functionality.
• Legal Compliance: To ensure continuous adherence to all applicable legal obligations, regulatory statutes, and internal governance policies.

3. Controlled Disclosure and Contractual Sharing

BHU does not sell Personal Data. Disclosure is strictly limited to the following circumstances:

• With Contracted Service Providers: Shared exclusively with third-party vendors (e.g., data hosting, payment processing) who are bound by enforceable contractual obligations requiring the highest commercially reasonable standards for data security.
• For Legal Mandate: Disclosure is compulsory if required by specific Georgia or federal law, regulation, subpoena, or valid legal process.
• In Corporate Restructuring: Disclosure may occur in connection with any merger, asset sale, or acquisition.
• With Explicit Consent: Disclosure to any other party requires the user’s prior, explicit, and documentable consent.

4. Third-Party Interfaces

This Mandate does not extend to the practices of external third-party websites or applications not managed or controlled by BHU. Users are strongly advised to review the privacy policies of any such third-party providers.

5. Data Retention and Security Protocols

Data Retention

Personal Data is retained only for the duration necessary to satisfy service delivery and meet any prevailing legal, financial, or regulatory retention requirements. Upon the expiration of the retention period, BHU will securely and irrevocably destroy or fully de-identify the data.

Data Security

BHU implements a variety of reasonable and auditable technical and organizational security measures (e.g., data encryption, stringent access controls) designed to protect Personal Data from unauthorized access, alteration, or destruction. Users must acknowledge that no electronic storage system is 100% secure.

6. User Data Integrity, Warranty, and Indemnity

Users warrant that all Personal Data provided to BHU is accurate, complete, and lawfully acquired. The user shall indemnify, defend, and hold harmless BHU from and against any claims, liabilities, costs, and expenses (including reasonable attorneys’ fees) arising out of or related to: (a) any misrepresentation in the data provided; or (b) any breach of this Mandate by the user.

7. Children’s Privacy Prohibition

The Services are not developed for or directed at individuals under the age of 13. BHU does not knowingly solicit or collect Personal Data from children under 13.

8. Governing Law and Jurisdiction

This Data Governance and Privacy Mandate shall be construed, interpreted, and enforced in accordance with the laws of the State of Georgia, without regard to its conflict of law principles. Any legal action or proceeding arising from or relating to this Policy, the Services, or BHU’s data practices shall be exclusively adjudicated in the competent state or federal courts located in Fulton County, Georgia.

9. Amendments to the Mandate

This Mandate may be updated periodically. Users will be formally notified of any significant changes by posting the revised Policy and updating the “Effective Date.”

10. Contact for Governance Inquiries

All questions or formal concerns regarding this Mandate must be directed to:

• Email: privacy@blackhausuniversity.com
• Formal Written Notice: BlackHaus University, 3575 Piedmont Rd NE, Suite 200, Atlanta, GA 30305, US. Attn: Hudson Lambert Parrott, LLC.