Online Privacy Statement – European Union Supplement, 5.36
PURPOSE
These Supplemental Privacy Provisions for Persons in the European Union (EU Privacy Provisions) are provided pursuant to Regulation (EU) 2016/679 ("Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data"), commonly referred to as the General Data Protection Regulation (GDPR), effective May 25, 2018.
These EU Privacy Provisions supplement Yavapai College's (the College) Online Privacy Statement and should be read together with the College's Online Privacy Statement. These EU Privacy Provisions are intended to be consistent with the GDPR principles of privacy, fairness, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity, and accountability. Terms in these EU Privacy Provisions are used consistent with their definitions in the GDPR.
POLICY APPLICATION
These EU Privacy Provisions apply to EU residents only if and to the extent YC is Processing their EU Personal Data, where the Processing is related to the College offering goods or services or the College is monitoring behavior in the EU (e.g., through online course proctoring, or location tracking). Application of this policy should be a rare occurrence.
OPERATIONAL POLICY
I. PROCESSING
The College may Process your EU Personal Data in accordance with these EU Privacy Provisions, the College's Technology Resource Standards, the College's Online Privacy Statement, and as permitted or required by law. If you do not agree with these EU Privacy Provisions, please do not provide any EU Personal Data to the College. If you choose not to provide any EU Personal Data necessary for the College to provide you with specific products or services, the College may not be able to provide those products or services.
II. EU PERSONAL DATA THE COLLEGE COLLECTS AND HOW WE USE IT
A. Collection of Your EU Personal Data
The College collects EU Personal Data from you:
- When you apply for admission to the College from the EU
- When you enroll or participate, from the EU, in classes or programs given by the College, online or in person
- When you register from the EU for an online account from the College, or update or change, from the EU, information for your account
- When you participate from the EU in the College classes or programs using the College's websites and technology network, such as when you turn in assignments and projects online, use online courseware or proctoring services, participate in online discussions and forums, and communicate with the College faculty and staff
- When you send the College emails and other communications from the EU
- When you inquire about or apply for employment with the College from the EU
- When you, from the EU, complete a survey for, submit information to, or request information from, the College
B. Use of Your EU Personal Data
The College may use your EU Personal Data to:
- Respond to your questions
- Provide you with specific courses, services, products, programs, and/or services you select
- Satisfy our contractual obligations to you
- Send you updates and information regarding the College
- Send you email messages about maintenance or updates of the College's technology network
- Support the College's alumni relations and fundraising
- Archive your EU Personal Data
- Use it for research and analytics purposes
- Use it for future communications with you
- Establish, exercise, and defend legal claims
- Use it for reasons of substantial public interest, including archiving purposes
- Use it for historical, scientific, research, or statistical purposes, subject to appropriate safeguards
- Use it for the legitimate interests of the College or any third party to whom the College discloses your EU Personal Data, provided your fundamental rights and freedoms do not override those interests
C. Lawfulness of Processing
The College's Processing of your EU Personal Data for the interdependent purposes set out in these EU Privacy Provisions is necessary for one or more of the following:
- Pursuing the College's legitimate interests
- Carrying out a task in the public interest
- Exercising the College's official authority as a legislatively approved institution governed by a duly elected board of citizens of the sovereign State of Arizona in the United States of America
- Performing a contract with you, or to take steps at your request prior to contracting with you
- Protecting your vital interests or the interests of another person
- Complying with the College's legal obligations
III. SPECIFIC GUIDANCE
1. Applications for Student Admissions from the EU
If, while you are in the EU, you apply for admission as a student to the College, the College may use the details you provide on your application, supporting documents, information from references or third parties, and records made during the application process. This data is processed to:
- Identify you
- Process your application
- Verify the information provided
- Decide whether to offer you admission and communicate that outcome
- Prevent or detect fraud
- Conduct disciplinary or academic integrity proceedings
- Meet reporting obligations to state or federal departments
- Make reasonable decisions regarding accommodations for disabilities
If accepted, the College will include the EU Personal Data collected during your application process in your student files.
2. Enrollment and Participation in Programs and Courses while in the EU
The College collects EU Personal Data necessary for admission, registration, enrollment, and participation in courses or programs. This data is used for:
- Tracking attendance, progress, and completion
- Sharing performance with instructors and designated individuals
- Research and statistical purposes
3. Disclosure of Student Personal Data
The College may disclose EU Personal Data with your consent, under subpoena or court order, or to comply with legal obligations. Students have rights under FERPA and Arizona law to limit access to their Personal Data.
4. YC Alumni in the European Union
The College uses alumni data to maintain communication, provide updates, offer services, and identify ways alumni can support the College.
5. Identity Verification
To verify your identity, the College may require you to provide EU Personal Data, such as your name, address, date of birth, or a photo identification document.
6. Enrollment Sponsors
The College may share EU Personal Data with employers, government programs, or other sponsors of your course or program participation.
7. YC Service Providers
The College contracts with service providers who may have access to EU Personal Data. These providers must protect Personal Data and may not sell it.
8. Transfer to Third Parties
The College transfers EU Personal Data only to third parties that comply with GDPR.
9. Government Authorities, Legal Rights, and Actions
The College may share EU Personal Data with government authorities as required by law or for legal defense.
10. YC Server Locations
The College's websites and technology networks operate on servers located within the United States.
11. EU Personal Data Retention and Storage
The College retains EU Personal Data to meet legal obligations, maintain academic records, and comply with records retention policies.
IV. YOUR RIGHTS REGARDING YOUR EU PERSONAL DATA
You have rights under GDPR, including access, rectification, erasure, restriction, objection, and data portability. Contact the College's GDPR data protection team for rights requests.
DEFINITIONS
- General Data Protection Regulation (GDPR)
- A regulation protecting the personal data of EU residents, effective 2018.
- Personal Data
- Any information that can identify you, directly or indirectly.
- EU Personal Data
- Personal Data submitted or disclosed while in the EU.
- Processing
- Includes collecting, storing, transferring, or erasing EU Personal Data.
RELATED POLICIES
- Access to Student Records: 3.09
- Technology Resource Standards: 5.27
- Retrieval, Disclosure, and Retention of Records: 5.28
- Online Privacy: 5.31
POLICY HISTORY
- Adopted 8/20/2019
- Revised to "Operational" Policy and owner reassigned 3/5/2021
- Transferred to PolicyStat 12/1/2021
- Modified 9/25/2024
Online Privacy, 5.31
PURPOSE
Yavapai College (the College) provides online information and services to students, employees, and the community to supplement services provided at our physical locations. The College is required to disclose its practices related to privacy and confidentiality surrounding the use of its websites and other online services.
POLICY APPLICATION
This policy applies to any constituent who accesses online information or services the College provides.
OPERATIONAL POLICY
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT
The College complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of students' academic records without consent.
GENERAL DATA PROTECTION REGULATION (GDPR)
The College shall make all reasonable efforts to comply with the provisions of the European Union GDPR. European Union Residents are encouraged to view the specific The College GDPR Operational Policy, 5.36 for additional information and GDPR-specific contact information.
INFORMATION GATHERING
The College may collect and record information from users and network-connected devices such as computers and mobile devices, including but not limited to Internet Protocol (IP) addresses, device and browser fingerprints, information requested or delivered, referring addresses, operating systems, applications, etc. The College will also collect and store metadata related to the use of our services, including bandwidth and services utilized. The College's vendors and third-party partners may also collect, store, and process similar information.
Logs related to this data collection will be retained pursuant to Arizona State Library records retention requirements and relevant the College operational policies and procedures (see operational policy Retrieval, Disclosure, and Retention of Records 5.28). This information may help diagnose problems with the College technical resources, analyze traffic patterns and usage trends, identify and assess security incidents, and mitigate potential or prosecute real abuses of college resources. We may also share these logs with vendors and third parties to aid in the identification and resolution of technical problems or to address security concerns and incident response.
COOKIES
The College and its business partners may utilize 'cookies' on some of our web properties and specific applications and services. This data may be used to verify identity or provide authorization to access resources, store preferences and customizations, track communications history, analyze performance, or for other purposes such as marketing.
You are not required to accept the cookies that the College or its partners use; however, if you are unable or unwilling to allow the College or partner cookies, your online experience may be degraded or significantly impaired. In such cases, you may contact the appropriate the College business unit to identify alternative methods of conducting business if available.
INFORMATION SHARING - THIRD-PARTY SERVICES
The College may utilize third parties to provide official services to the College constituents (e.g., email, learning management services, payment processing, etc.). The College may provide information to these service providers, including personal or confidential information, to help us deliver programs, products, news, and services. The College takes reasonable steps to ensure these service partners protect information transmitted to them. The College does not share or sell personal information (such as phone numbers) to third parties for marketing purposes.
INFORMATION DISCLOSURE
The College makes reasonable efforts to limit the disclosure of personal information. If you are a student, certain information you provide to us may be considered directory information and subject to public disclosure. The College may disclose personally identifiable information from an education record only on the condition that the third party to whom the information is disclosed will use the information only for the purposes for which the disclosure was made, and that third party will not disclose the information to any other party. Additionally, the College is obligated to disclose certain information upon request to government agencies. The College is also subject to public records laws and must abide by court orders or issues of public safety, which may result in the disclosure of personal or confidential information.
EXTERNAL CONTENT
The College is not responsible for the privacy practices nor the content of third-party services and websites which may be linked to by college web pages or referenced in other College materials, including those with which the College has a contractual relationship. Constituents are encouraged to review privacy policies for each site and service.
DEFINITIONS
- Family Educational Rights and Privacy Act (FERPA)
- A federal law enacted in 1974 that protects the privacy of student education records.
- General Data Protection Regulation (GDPR)
- The European Union General Data Protection Regulation (GDPR) is a data protection ruling that took effect in 2018. It creates one set of guidance and authority to protect the personal data of all EU citizens.
- Cookie(s)
- A cookie is a small text file that may be used to identify, store, or collect information about a user or computing device.
RELATED POLICIES
- Access to Student Records: 3.09
- Online Privacy - European Union Supplement: 5.36
- Retrieval, Disclosure, and Retention of Records: 5.28
POLICY HISTORY
- Adopted 4/1/2014
- Revised 8/20/2019
- Revised to "Operational" Policy and owner reassigned 3/5/2021
- Transferred to PolicyStat 12/1/2021
- Modified 9/25/2024