EU General Data Protection Regulation Privacy Notice


Georgia Tech, including the Office of International Education (OIE), is closed December 24th - December 28th 2018, and January 1st 2019. OIE will be open on December 31st. OIE will reopen on January 2nd and ISSS will resume regular walk-in advising hours for all international students and scholars. Walk-in advising will be available on Wednesday, January 2 from 1pm- 4pm.

Last date for Fall 2018 International Students and Scholars walk-in advising:
Thursday, Dec. 20 from 1-4 p.m.

No International Students and Scholars walk-in advising available:
Friday, December 21 and Monday, December 31

If you are an international student or scholar with an emergency (not related to international student travel documents) that needs attention during the time the Institute is closed, please contact the Georgia Tech Campus Police at 404-894-2500. They will be able to connect you to the Dean of Students on duty.


Office of International Education

EU General Data Protection Regulation Privacy Notice

This is the Georgia Institute of Technology’s (“Georgia Tech”) Office of International Education (“OIE”) privacy and legal notice for compliance with the European Union General Data Protection Regulation (“EU GDPR”).  For more information regarding the EU GDPR, please review Georgia Tech’s EU General Data Protection Regulation Compliance Policy.

Lawful Basis for Collecting and Processing of Personal Data

Georgia Tech is an institute of higher education involved in education, research, and community development.  In order for Georgia Tech to administer international education activities, it must collect, use and process this personal data. 

The lawful basis for the collection and processing of personal data by Georgia Tech’s OIE falls under the following category:

  • Processing is necessary for the purposes of the legitimate interests pursued by Georgia Tech or third parties in providing education.

In certain circumstances, OIE does collect special categories of sensitive personal data (as defined in the EU General Data Protection Regulation Compliance Policy), for which it does obtain affirmative consent.

Types of Personal Data collected and why

In order for Georgia Tech to provide international education activities, it needs to collect the following categories of personal data:

  • Name
  • Contact information including, without limitation, email address, physical address, phone number, and other location data
  • Unique personal identifiers and biographical information (e.g. date of birth)
  • Photographs of you
  • Details of your education and/or employment qualifications
  • Medical information including, without limitation, immunization records and food allergies
  • Information related to visa requirements, copies of passports and other related immigration documents to ensure compliance with U.S. laws
  • Financial information gathered for the purposes of issuing immigration forms, administering fees and charges, loans, grants, scholarships, etc.
  • Information related to the prevention and detection of crime and the safety of employees,  students and visitors of Georgia Tech

The personal data collected by Georgia Tech’s Office of International Education will be shared with:

Georgia Tech Units

Georgia Tech Unit

Purpose

Academic Departments (for example: School of Economics)

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance

Student Life

administering student education programs internationally; administering student living-learning communities U.S. visa and immigration compliance

Financial Aid

administering student education programs internationally; administering student living-learning communities

Bursar

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance; health insurance enrollment

Office of the Registrar

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance

Residence Life (Housing?)

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance

Office of Admission

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance

Center for Academic Enrichment

administering student education programs internationally; administering student living-learning communities; U.S. visa and immigration compliance

Human Resources

U.S. visa and immigration compliance

Third Parties

Third Party

Purpose

Insurance Companies - CISI

Provision of insurance to students and faculty participating in study and intern abroad programs

Travel agencies

Administering study abroad programs.

Federal and State Agencies (Department of Homeland Security, Student Exchange Visitor Program, U.S. Department of State)

U.S. visa and immigration compliance

Embassies and Consulates in the countries of international study

Assisting students in emergencies while abroad.

Emergency Personnel in the countries of international study

Assisting students in emergencies while abroad.

Ticketing agencies (concerts, sporting events, etc) and local excursion companies (white water rafting, bus companies, etc)

administering student living-learning communities

 

If you have specific questions regarding the collection and use of your personal data, please contact the Office of Enterprise Data Management at eugdpr@edm.gatech.edu         

If a data subject refuses to provide personal data that is required by Georgia Tech in connection with one of Georgia Tech’s lawful bases to collect such personal data, such refusal may make it impossible for Georgia Tech to provide education, employment, research or other requested services.

Where Georgia Tech gets Personal and Sensitive Personal Data

Georgia Tech receives personal and sensitive personal data from multiple sources. Most often, Georgia Tech gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for undergraduate admission to Georgia Tech through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Georgia Tech’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

              a)   information about the controller collecting the data

b)   the data protection officer contact information

c)   the purposes and legal basis/legitimate interests of the data collection/processing

d)   recipients of the personal data

e)   if Georgia Tech intends to transfer personal data to another country or international organization

f)   the period the personal data will be stored

g)   the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability

  1. the existence of the right to withdraw consent at any time
  1. the right to lodge a complaint with a supervisory authority (established in the EU)
  1. why the personal data are required, and possible consequences of the failure to provide the data
  2. the existence of automated decision-making, including profiling
  3. if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the Office of Enterprise Data Management at eugdpr@edm.gatech.edu      

Cookies

Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user.  Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Security of Personal Data subject to the EU GDPR

All personal data and sensitive personal data collected or processed by Georgia Tech under the scope of the Georgia Tech EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171 as set forth in the Georgia Tech Controlled Unclassified Information Policy.

Georgia Open Records Act
As a state university, Georgia Tech is subject to the provisions of the Georgia Open Records Act  (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee. The ORA requires that Georgia Tech produce public documents within three business days. For more information on Georgia Tech’s ORA compliance, please visit the Open Records Act page on the Legal Affairs website

Data Retention

Georgia Tech keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules: https://www.usg.edu/records_management/schedules/

For examples of Student Records Retention Schedules, see: https://www.usg.edu/records_management/schedules/934

For examples of Human Resources (Employment) Records Retention Schedules, see: https://www.usg.edu/records_management/schedules/930