European Union General Data Protection Regulation (GDPR) Privacy Policy
Purpose and Applicability of this Policy
St. Louis Community College (the “College”) is committed to protecting the security
and privacy of
personal and sensitive information collected from individuals in the European Union
(EU). The General
Data Protection Regulation (EU 2016/679) (GDPR) is legislation of the EU that is intended
to protect the
privacy of individuals in the EU by establishing how data controllers and data processors
must address
the collection and processing of personal information about those individuals. This
policy is applicable to
the processing of personal data received from individuals who are physically in the
EU at the time data is
initially collected in connection with the offering of goods or services by the College.
This policy is in
addition to and does not replace other College policies and procedures, such as policies
regarding the
protection of student information, employee information, health record information
or other data.
Personal Information
Personal data means any information relating to an identified or identifiable natural
person (data
subject). An identifiable natural person is one who can be identified, directly or
indirectly, in particular
by reference:
- to an identifier such as a name, an identification number, location data, an online identifier or
- to one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural, or social identity of that natural person (EU 2018/1725) (GDPR).
Types of Personal Information the College Processes
We process your personal information, including, but not limited to, contact information,
demographic
information, educational history and records, entrance exams scores, medical information,
behavior
information, financial information, military service and/or status, employment history,
professional and
personal references, criminal background checks and other additional information necessary
to process
your application, and general administrative requirements related to your relationship
with the College.
Data Privacy Principles:
- The College will only process your personal information for lawful purposes and only
for the
specific purpose identified. - We will not process additional personal information that is not needed.
- We will ensure that all personal information we maintain is kept accurate.
- We will not retain your personal information for longer than necessary.
- We will always process your personal data securely.
- We will not sell or trade your personal information to other colleges, universities,
non-profit
organizations, or businesses, unless we have your consent to share the information, and if
ordered to do so by legal processes, subpoenas, or court orders.
Entities That Process Your Personal Information:
- College staff, faculty, and Board of Trustees
- Third Parties
- College related organizations
The College may share your personal information with other individuals or entities
as indicated in the St.
Louis Community College’s Privacy Policy.
Responsible Use of Information
The College protects personal information related to the data subject as specified
in the Board Policy:
Responsible Use of Information and Technology.
Legal Basis for Processing Your Personal Information
The College will process your personal information only when necessary for one or
more of the
following lawful purposes:
- Contract – The College needs to process your personal information to provide your
education
services. - Legal Obligation – Personal information as necessary for compliance with a legal obligation.
- Legitimate Interests – The College has determined that processing your personal information
is
necessary to perform the services or conduct the business for which the data is collected. - Vital Interests – We must process your personal information to protect an interest
important to
you or someone else. - Public Task or Public Interest – The College processes personal information related
to providing
educational services or process information related to race or ethnicity. - When you have given consent – If consent is the basis for processing data, you may
withdraw
consent at any time.
Purposes for Processing Your Personal Information
In addition to the above lawful purposes for processing your data, the College may
process your data
without specific consent for the following uses:
- The College requires the data to carry out specific obligations or rights of the College,
or the
data subject in relation to business transactions with the College, education services performed
by the College, obligations related to employment or to process payments to comply with a
contract. - For compliance with a legal obligation, we record and report donations.
- You grant us permission to provide health services, to process payments or to process
admissions and student education information. - The College has a legitimate interest when we evaluate your academic performance and
determine financial aid eligibility. - We provide health care for various public health related reasons and to respond to
and inform
you of emergency situations. - The College reports information relating to public health and safety.
Data Protection Rights
You have certain rights regarding your personal information. Additional details can
be found in the
Official Journal of the European Union, Chapter 3, Rights of the Data Subject.
The Right to Access
You have the right to request copies of your personal information.
The Right to Correct
You have the right to request that the College correct any information you believe
is inaccurate, and
complete information that you believe is incomplete.
The Right to Erasure (known as the “right to be forgotten”)
You have the right to request that we erase your personal information. However, information
that is
necessary to be retained for legal compliance will be securely retained by the College.
The Right to Restrict Processing
You have the right to request that we restrict the processing of your personal information.
The Right to be Notified
You have the right to request that you are notified when your personal information
is corrected, erased
or when we restrict the processing of your information.
The Right to Data Portability
You have the right to request we transfer your personal information that we collected
to another
organization or directly to you.
The Right to Object
You have the right to object to our processing of your personal information. If you
object to our
processing of personal information, it may impact the services or functions we can
engage in with you.
Automated Individual Decision-Making System
You have the right not to be subject to automated decision-based processing, such as profiling.
File a Complaint
For information regarding filing a complaint with an appropriate European Union supervisory
authority,
visit: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints_en
Contact Information
For general information regarding data privacy concerns, contact:
Data Privacy Officer
St. Louis Community College
3221 McKelvey Road, Bridgeton, Missouri, 63044
privacy@stlcc.edu
314-539-5113
Changes to This GDPR Privacy Policy
Any changes to this policy will be highlighted on the top of this page for one month
before going into
effect. The highlights will remain on the top of the page for three months to keep
you informed of the
changes.
Last Updated: June 9, 2021