Facebook pixel European Union General Data Protection Regulation (GDPR) Privacy Policy

European Union General Data Protection Regulation (GDPR) Privacy Policy

Purpose and Applicability of this Policy

St. Louis Community College (the “College”) is committed to protecting the security and privacy of personal and sensitive information collected from individuals in the European Union (EU). The General Data Protection Regulation (EU 2016/679) (GDPR) is legislation of the EU that is intended to protect the privacy of individuals in the EU by establishing how data controllers and data processors must address the collection and processing of personal information about those individuals. This policy is applicable to the processing of personal data received from individuals who are physically in the EU at the time data is initially collected in connection with the offering of goods or services by the College. This policy is in addition to and does not replace other College policies and procedures, such as policies regarding the protection of student information, employee information, health record information or other data.

Personal Information

Personal data means any information relating to an identified or identifiable natural person (data subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference:

  • to an identifier such as a name, an identification number, location data, an online identifier or
  • to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person (EU 2018/1725) (GDPR).

Types of Personal Information the College Processes

We process your personal information, including, but not limited to, contact information, demographic information, educational history and records, entrance exams scores, medical information, behavior information, financial information, military service and/or status, employment history, professional and personal references, criminal background checks and other additional information necessary to process your application, and general administrative requirements related to your relationship with the College.

Data Privacy Principles:

  • The College will only process your personal information for lawful purposes and only for the specific purpose identified.
  • We will not process additional personal information that is not needed.
  • We will ensure that all personal information we maintain is kept accurate.
  • We will not retain your personal information for longer than necessary.
  • We will always process your personal data securely.
  • We will not sell or trade your personal information to other colleges, universities, non-profit organizations, or businesses, unless we have your consent to share the information, and if ordered to do so by legal processes, subpoenas, or court orders.

Entities That Process Your Personal Information:

  • College staff, faculty, and Board of Trustees
  • Third Parties
  • College related organizations

The College may share your personal information with other individuals or entities as indicated in the St. Louis Community College’s Privacy Policy.

Responsible Use of Information

The College protects personal information related to the data subject as specified in the Board Policy: Responsible Use of Information and Technology.

Legal Basis for Processing Your Personal Information

The College will process your personal information only when necessary for one or more of the following lawful purposes:

  • Contract – The College needs to process your personal information to provide your education services.
  • Legal Obligation – Personal information as necessary for compliance with a legal obligation.
  • Legitimate Interests – The College has determined that processing your personal information is necessary to perform the services or conduct the business for which the data is collected.
  • Vital Interests – We must process your personal information to protect an interest important to you or someone else.
  • Public Task or Public Interest – The College processes personal information related to providing educational services or process information related to race or ethnicity.
  • When you have given consent – If consent is the basis for processing data, you may withdraw consent at any time.

Purposes for Processing Your Personal Information

In addition to the above lawful purposes for processing your data, the College may process your data without specific consent for the following uses:

  • The College requires the data to carry out specific obligations or rights of the College, or the data subject in relation to business transactions with the College, education services performed by the College, obligations related to employment or to process payments to comply with a contract.
  • For compliance with a legal obligation, we record and report donations.
  • You grant us permission to provide health services, to process payments, or to process admissions and student education information.
  • The College has a legitimate interest when we evaluate your academic performance and determine financial aid eligibility.
  • We provide health care for various public health related reasons and to respond to and inform you of emergency situations.
  • The College reports information relating to public health and safety.

Data Protection Rights

You have certain rights regarding your personal information. Additional details can be found in the Official Journal of the European Union, Chapter 3, Rights of the Data Subject

The Right to Access

You have the right to request copies of your personal information.

The Right to Correct

You have the right to request that the College correct any information you believe is inaccurate, and complete information that you believe is incomplete.

The Right to Erasure (known as the “right to be forgotten”)

You have the right to request that we erase your personal information. However, information that is necessary to be retained for legal compliance will be securely retained by the College.

The Right to Restrict Processing

You have the right to request that we restrict the processing of your personal information.

The Right to be Notified

You have the right to request that you are notified when your personal information is corrected, erased or when we restrict the processing of your information.

The Right to Data Portability

You have the right to request we transfer your personal information that we collected to another organization or directly to you.

The Right to Object

You have the right to object to our processing of your personal information. If you object to our processing of personal information, it may impact the services or functions we can engage in with you.

Automated Individual Decision-Making System

You have the right not to be subject to automated decision-based processing, such as profiling.

File a Complaint

For information regarding filing a complaint with an appropriate European Union supervisory authority, visit: https://ec.europa.eu/info/about-european-commission/contact/problems-and-complaints_en

Contact Information

For general information regarding data privacy concerns, contact:

Data Privacy Officer St. Louis Community College 3221 McKelvey Road, Bridgeton, Missouri, 63044 privacy@stlcc.edu 314-539-5113

Changes to This GDPR Privacy Policy

Any changes to this policy will be highlighted on the top of this page for one month before going into effect. The highlights will remain on the top of the page for three months to keep you informed of the changes.

 

Last Updated: June 9, 2021

Back to top