云顶集团3118app下载. 创造未来.

萨拉劳伦斯学院GDPR数据政策

萨拉劳伦斯学院 recognizes the General 数据保护 Regulation (GDPR) and the rights of European Union citizens whose information may reside in its data 过程ing systems. The College is actively working towards efforts that show compliance data 过程ing of personal information for these EU citizens. This document contains information that shows the college’s preparedness and efforts towards compliance where personal data is 过程ed for EU Citizens.

联系

Any specific questions about your data or to exercise your data privacy rights can be addressed to:

萨拉劳伦斯学院
数据保护
its库低层
布朗克斯维尔,纽约州10708

or

DataProtection@sarahlawrence.edu

数据对象

学院将“资料当事人”界定为与个人资料有关的任何自然人. 就书院而言,资料当事人可分为以下几类:

  • 学生(准学生、在校生、校友)
  • 员工(申请人,现在,过去)
  • 其他联系人(代理商、合作伙伴、供应商等.)

个人资料

As defined within the context of GDPR is any data that can be directly or indirectly related to a natural person (data subject). Personal data includes any identifiable personal data that can connect personal data to a data subject e.g. 名字, 公民身份证, 电话号码, 电子邮件地址, 性别, 国籍, address, 利益, 职业生涯的细节, 等.

敏感个人资料

学院可能会不时被要求处理敏感的个人资料. 敏感个人数据包括与医疗信息有关的数据, 性别, 宗教, 比赛, 性取向, 工会会员资格, 以及犯罪记录和诉讼程序.

处理个人资料

The College shall so far as is reasonably practicable make all efforts to ensure all personal data is:

  • 公平合法地处理
  • 为合法目的而处理的
  • 适当的,相关的,而不是过度的
  • 准确及最新
  • 根据数据主体的权利进行处理
  • 安全
  • 在向海外项目传输数据时采取充分的预防和保护措施

处理数据的合法依据

GDPR要求处理个人数据有合法依据. 书院存放个人资料以供辨认, 过程, 并与潜在学生的数据主体进行沟通, 当前的学生, 未来的员工, 现有员工, 和校友. The 过程ing of this data is lawful and necessary and falls into one or more of the following categories:

  1. 同意: We 使用 personal information while 过程ing data for communicating with prospective students and 未来的员工. 虽然我们目前还没有与这些数据主体签订隐含合同, the data subjects give us their implied consent to communicate with them by completing an application, 来学院的目的是什么. (学生、员工)
  2. 合同: We 使用 personal information while 过程ing data that is necessary for the implied contract the college has with the individual e.g.
    • 学生的学术处理;
    • 处理员工的工资、财务和税务
  3. 法律责任: 我们将与公司共享个人信息, 组织, 或学院以外的个人,如果我们有一个真诚的信念,访问, 使用, 保存, 或披露信息是合理必要的,以便:
    • 满足任何适用的法律、法规、法律程序或可执行的政府要求.g. 这一过程对于学院遵守美国联邦法律是必要的, 以及纽约州和联邦的报告要求;
    • 执行适用的服务条款,包括调查潜在的违规行为;
    • 检测、预防或以其他方式解决欺诈、安全或技术问题;
    • 保护权利不受损害, 财产, 或学院的安全, 我们的用户或公众在法律要求或允许的情况下.
  4. 公共任务: the 过程ing is necessary for the College to perform a task in the public interest or for our official functions as a private college within the State of New York and the USA, 该任务或职能具有明确的法律依据. 这些例子有:
    • 向全国学生信息中心提供学生统计信息;
    • 爱浦多报道

机密数据

Any information which falls under the definition of personal data and is not otherwise exempt will remain confidential and will only be disclosed to third parties with appropriate consent.

cookie和其他技术

自动收集的信息

除非你采取措施匿名浏览互联网, 萨拉劳伦斯学院, 像互联网上的大多数机构和组织一样, 跟踪网页浏览模式,以了解我们的网站是如何被使用的. 一般信息是通过使用“cookie”收集的,,这是放在你电脑上的文本文件, 评估使用模式,以便我们可以改进内容和分发. You may ref使用 the 使用 of cookies by selecting the appropriate settings on your browser; however, 这样做可能会使您无法使用我们所有网站的全部功能. 我们收集的一般信息是基于IP地址的, 哪个是计算机或网络的位置.

萨拉劳伦斯学院旗下网站的某些部分使用谷歌Analytics, b谷歌提供的网络分析服务, 公司. b谷歌Analytics使用cookie来帮助我们分析用户如何使用我们的网站. 由cookie生成的有关您使用网站的信息包括您的IP地址. 这些信息将被传输到b谷歌的服务器上并由b谷歌存储. 谷歌将使用这些信息来评估您对本网站的使用情况, 编制网站活动报告, 以及提供与互联网使用有关的其他服务. 谷歌也可以在法律要求的情况下将这些信息转移给第三方, 或此类第三方代表b谷歌处理信息. 谷歌不会将您的IP地址与谷歌持有的任何其他数据相关联. 通过使用本网站, you consent to the 过程ing of data about you by Google in the manner and for the purposes set out above.

有关谷歌Analytics的更多信息,请访问以下页面 使用条款 和谷歌的 隐私惯例.

FERPA, GLBA和HIPAA的美国法律

The College is also required to protect the personal data with respect to the laws of the United States as well as provide information to state and federal authorities with respect to these laws. The College complies with data requirements under the United States FERPA (The Family Educational Rights and Privacy Act), 《云顶集团3118app下载》, HIPAA(1996年健康保险流通与责任法案)

数据控制器,数据处理器和外部数据处理器

本院为其资料当事人的所有个人资料的资料控制者. 数据由两方处理.

  1. The College acts as its own data 过程or where on-premise College-owned systems are 使用d to 过程 the College’s data.
  2. 在某些情况下, 数据被转移到代表学院处理数据的外部供应商. The College will make every reasonable effort to get its external data 过程ors to comply with this policy.
  3. The College will make every reasonable effort to address all approved changes to personal data requests its internal and external 过程ors.

获取信息的权利

资料当事人有权查阅学院所持有的资料. Any data subject wishing to access their personal data should put their request in writing to the College contact identified above.

  • 学院将尽力在30天内对任何此类书面请求作出回应.
  • 学院将需要核实提出要求的资料当事人的身份.
  • 一旦数据主体的身份得到验证, the College will determine if the request can be carried out or if the College has to ref使用 the request based on current regulations or contract obligations between the data subject and the College.
  • 如果请求被批准, 该请求将在学院的内部和外部数据处理区域内处理.
  • 如要求被拒绝,资料当事人会被告知拒绝要求的原因.

豁免

某些数据不受GDPR下获取信息权利的规定的约束. 下面是一些例外的例子:

  • 国家安全和预防或侦查犯罪
  • 税评税任何税或关税的评税
  • Where the 过程ing is necessary to exercise a right or obligation conferred or imposed by law upon the College
  • 可能侵犯他人隐私的数据

精度

The College will make every reasonable effort to ensure that all personal data held in relation to all data subjects is accurate. Data subjects must notify the relevant College department of any changes to information held about them.

未成年人数据

学院致力于保护儿童的隐私. 因此, the College does not knowingly collect or 过程 data from children under 16 years of age except in compliance with children's online privacy protection law. 相应的, children under the age of 16 may only 使用 services and programs offered by the College with the permission and supervision of their parents. 另外, teachers and departments of the College that provide programs and services in the classroom with children under 16 years of age are required to obtain the express consent of such children's parents in compliance with the applicable law, 在允许这些儿童访问或使用服务或程序之前.

与监管机构的合规性和合作

If an individual believes that the College has not complied with this policy or acted otherwise than in accordance with the GDPR, 有关人士应按上述地址与书院联络,并以书面提出投诉. 我们将与相关监管机构合作, 包括当地数据保护机构, to resolve any complaints regarding the individual rights or transfer of personal data that we cannot resolve with our data subjects directly.

数据安全

We implement appropriate technical and organizational security measures to protect your information when you transmit it to us and when we store it our information technology systems.

安全的破坏

当根据此策略保存的数据被销毁时, 它必须在销毁时按照最佳做法安全销毁.

资料的保留

The College may retain data for differing periods of time for different purposes as required by statute or best practices, 各个部门将这些保留时间合并到流程和手册中. 其他法定义务, 法律程序, 调查也可能需要保留某些数据. 学院可能会存储一些数据,如寄存器, 照片, 考试成绩, 成就, 书, 作品, 等. 无限期地保存在档案中.

本政策的更新

学院可随时更新或更改此政策. Your continued 使用 of the College's website and third-party applications after any such change indicates your acceptance of these changes.

修订日期:2018年5月25日