General Data Protection Regulation (GDPR)
Curry College
General Data Protection Regulation (GDPR) Privacy Notice Last Edited:
June 7, 2019
1.0 Background
The General Data Protection Regulation (EU) 2016/679 (GDPR) is European Union (EU) law on data protection and privacy for all individuals within EU and the European Economic Area (EEA) Member States. The GDPR also addresses the export of Personal Data outside the EU /EEA. The GDPR gives control to individuals over their Personal Data.
2.0 Overview & Purpose
This privacy notice describes how Curry College collects and processes Personal Data through Curry websites, systems and applications, how this information is protected, and the rights of a natural person (data subject) to control this information. Curry College is committed to respecting and protecting the privacy rights of persons in the EU and EEA and those EU/EEA residents/citizens that provide Personal Data to the College. The GDPR defines these as rights of: access, rectification, erasure, notification, restriction, data portability, and to reject automated decision making.
3.0 Scope
The GDPR is a data protection regulation that applies broadly to the processing of Personal Data relating to an identified or identifiable natural person (data subject) within the EU and EEA (regardless of citizenship). Personal Data, as used in this notice, is defined in the College’s Written Information Security Program [WISP; posted at https://my.curry.edu/group/mycampus/policies/wisp].
Data Protection Principles
In compliance with the GDPR requirements that data be collected, processed and maintained in compliance with articulated standards, Curry College has a policy of collecting only data germane to the support of its mission, and in service of maintaining the required operations of the College. Incidental data are not collected beyond those that are explicitly and implicitly collected in the service of College operations and functions. Curry retains Personal Data as required by law and as further defined by the Curry Records Retention and Destruction Policy [posted at https://my.curry.edu/group/mycampus/help/record-retention].
Accountability and Governance
The Institutional Information Security Workgroup, chaired by the College’s Chief Information Officer (CIO), has overall responsibility for the College’s compliance with data security laws, regulations and policies, and through delegation and oversight is responsible for related implementation, oversight, training, auditing, and, in collaboration with the College Counsel, responding to requests from data subjects.
Acknowledgement
Residents and citizens of EU/EEA Member States who process Personal Data through the College as employees or students will be asked to sign an Acknowledgement of their rights under GDPR, as will faculty, staff and students that travel to EU/EEA Member States for study away or other employment- or academic-related purposes.
Contact
If you have questions or concerns regarding the way in which your Personal Data has been used or would like to exercise your data subject right(s), please contact the Data Privacy Officer, Deborah Gelch, at support@curry.edu. You will receive a response within 30 days