NOTICE TO INDIVIDUALS LOCATED IN THE EUROPEAN UNION
Pursuant to the provisions of Regulation (EU) 2016/679 (“Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data”) (“the EU GDPR”), we hereby inform you that The College of Saint Rose (“the College”), in its capacity as Data Controller, pursuant to Article 12 of the EU GDPR, of the processing of your personal data and information, is required to provide you with the following information:
- All personal data you have provided to the College, as well as any entity from whom personal data are collected, and all the further data provided in order to allow the processing of your application for admission to the College in the US, and thereof aimed at the performance of the related services to be provided to you, will be processed and handled by the College in accordance with its applicable policies and procedures, with EU GDPR, and with the principles of fairness, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality and accountability, as well as the utmost protection of your privacy; sensitive data processing will only take place in relation to data regarding your health condition (such as diseases, allergies, food intolerances) or judicial data.
- All data shall be processed exclusively for the College’s purposes, connected or related to the student applicant’s activities, carried out by the College. In particular, the data supplied or collected will be processed for the following purposes:
- a) To fulfill the obligations established by any applicable United States Federal or New York State Law or Regulation and applicable European Union Law and Regulations (collectively referred to as “Laws and Regulations”); and
- b) To execute the obligations with reference to your application for admission to the College.
Sensitive data regarding your health conditions and food habits will only be processed for the purpose of protecting your safety or of fulfilling the obligations established by the applicable Laws and Regulations; sensitive data regarding judicial measures which may have been provided to the College by public bodies will be processed only for purposes relating to a health or safety emergency and complying with any applicable mandatory provision of applicable Laws and Regulations.
- Submittal and processing of personal data is necessary to achieve the purposes provided above.
- Any refusal to submit such data may make it impossible to carry out the necessary activities associated with your application for admission to the College, as well as the obligations imposed by the applicable Laws and Regulations.
- All personal data, including sensitive data, will be collected and processed automatically and/or manually in compliance with the provisions of the applicable Laws and Regulations, including the EU GDPR, and by adopting the appropriate data protection measures, securing strictly monitored access.
- Data processing will take place, according to the aforementioned criteria, only within those College offices which are necessary to process student applications; the data will be handled only by the persons who are ordinarily responsible of the related activities and by other persons working on the same areas as specified in internal communications; sensitive data will be handled only within those College offices needed to handle and process your application for admission. Your personal data you have provided may be transferred overseas pursuant to the terms, conditions and limits specified by Chapter V of the EU GDPR.
- In particular, your data may be communicated, in compliance with the applicable Laws and Regulations and information contained within this notice, to public or private subjects to whom they may necessary in order to fulfill obligations set forth by the Laws and Regulations; sensitive data may be communicated to public bodies and authorities (such as public hospitals, public safety authorities, Police offices, courts, etc.) and to private subjects (such as private hospitals and clinics, security supervisors, insurance companies, etc.) only for purposes relating to health and safety emergency and for the purposes of fulfilling obligations set forth by the applicable Laws and Regulations.
- The Data Controller, under the law and with particular reference to the safety obligations related to the automatic processing of your data, is the Vice President for Finance and Administration. The Data Controller may be contacted by email to firstname.lastname@example.org.
- You will be able to exercise any and all other rights, as applicable and not in violation of the Laws and Regulations, provided by Articles from 15 to 22 of the EU GDPR, namely right of access, right to rectification, right to erasure or “to be forgotten”, right to restriction of processing, right to data portability, and right to object. Regulation (EU) 2016/679 is available at: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en
- In addition, please be informed that:
- a) Your personal data will be stored from now until it is no longer required to be maintained in accordance with the College’s Records Retention Schedule and applicable laws and Regulations;
- b) You can withdraw your consent, if granted below, at any time and even only orally, but this will not affect the lawfulness of processing your personal data based on your consent before withdrawal; and
- c) You have legal rights and remedies against any breach of your personal privacy according to articles from 77 to 84 of the EU GDPR.
EU GDPR Opt-In and Withdrawal Forms
The forms to opt-in, opt-out, or withdraw consent regarding the use of your personal data can found using the links below.
Opt-In/Opt-Out Form for All Current and Prospective Students
Withdrawal of Consent Form