The European Union General Data Protection Regulations (“EU GDPR”) is a regulation governing the use of personal data. It imposes new obligations on entities that control or process personal data about people who are located in the European Union. This regulation applies both inside the European Union (“EU”) and outside of the EU and applies to data about anyone in the EU, regardless of whether they are a citizen or permanent resident of an EU country.
The regulation took effect on May 25, 2018.
Thomas University is committed to safeguarding the privacy of “personal data” of present and future students (a “student” is any person who presently attends Thomas University or has attended Thomas University in the past). “Personal data” is defined as any record created in the EU and transferred to Thomas University which is directly related to an identified or identifiable student, either directly or indirectly. Examples of “personal data” include, but are not limited to, directory information as defined in Thomas University’s FERPA Policy.
Students who reside in EU countries and who apply, or may apply, to Thomas University will need to provide consent for collection and use of personal data. To provide consent, use the following consent form:
• Notice Regarding Protection of Personal Data and Request of Consent for Their Processing – Applicant Students Located in the European Union found at:Consumer Information.The Data Controller, under the GDPR law and with particular reference to the safety obligations related to automatic processing of student data, is Thomas University. All data will be processed by Thomas University in its capacity as Data Controller with the supervision of the Chief Information Officer, who you can reach at firstname.lastname@example.org
Use of Information
Thomas University Departments supporting students collect and process Information and Sensitive Information from individuals who are students only as necessary in the exercise of the College’s legitimate interests, functions, and responsibilities as a higher education institution.
Information is collected from students and shared with internal and external parties to: register or enroll persons in the College, provide and administer housing to students, manage student accounts, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruit students, make regulatory reports, audit, maintain of accreditation, and other related College processes and functions. Thomas University Departments supporting students also use Information and Sensitive Information to conduct general demographic and statistical research to improve the College’s programs.
Sensitive Information is collected, processed, and shared internally and externally as necessary, applicable, and appropriate in order to: identify appropriate support services or activities, provide reasonable accommodations, enforce College policies, and comply with applicable laws. Information and Sensitive Information may be shared by the International Programs Office with third parties who have entered into contracts with the College in order to perform functions on behalf of the College while sponsoring or hosting programs, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
Third Party Use of Sensitive Information
Thomas University may disclose a student’s Sensitive Information and other Information as follows:
• Consent: Thomas University may disclose Sensitive Information and other Information if it has a student’s consent to do so.
• Emergency Circumstances: Thomas University may share a student’s Information and Sensitive Information when necessary to protect the student’s interests when the student is physically or legally incapable of providing consent.
• Employment Necessity: Thomas University may share a student’s Sensitive Information when necessary for administering employment benefits, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
• Public Information: Thomas University may share a student’s Information and Sensitive Information if the student has manifestly made it public
• Archiving: Thomas University may share a student’s Information and Sensitive Information for archiving purposes in the public interest, for historical research, and for statistical purposes.
• Performance of a Contract: Thomas University may share a student’s Information when necessary to administer a contract the student has with the College.
• Legal Obligation: Thomas University may share a student’s Information when the disclosure is required or permitted by international, federal, and state laws and regulations.
• Service Providers: Thomas University uses third parties who have entered into a contract with the College to support the administration of College operations and policies. In such cases, the College will share a student’s Information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
• College Affiliated Programs: Thomas University may share a student’s Information with parties that are affiliated with the College for the purpose of contacting the student about goods, services, or experiences that may be of interest to the student.
• De-Identified and Aggregate Information: Thomas University may use and disclosure Information in de-identified or aggregate form without limitation.
Thomas University ensures that there are appropriate technical controls in place to protect your personal details. For example, College online forms are always encrypted and the College network is protected and routinely monitored. Thomas University undertakes regular reviews of who has access to information that it holds to ensure that your information is only accessible by relevant staff, volunteers and business partners.
Thomas University appoints an external party to undertake a screening of information, any such arrangements are subject to a formal agreement between the College and that firm has measures to protect the security of all data.
Individuals with questions about their personal data collected and processed by Thomas University’s Student Affairs Office and International Programs Office should contact email@example.com.
Retention and Destruction of a Student’s Information
A student’s Information will be retained by the College in accordance with applicable federal laws and the College’s Record Retention Policy. A student’s Information will be destroyed upon the student’s request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of the student’s information given the level of sensitivity, value, and criticality to the College.
A Student’s Rights
Students have the right to request access to, a copy of, rectification of, restriction in the use of, or erasure of Information in accordance with all applicable laws. The erasure of a student’s Information shall be subject to the retention periods of applicable federal law and the College’s Record Retention Policy.
If the student has provided consent to the use of his / her Information, the student has the right to withdraw consent without affecting the lawfulness of the College’s use of the Information prior to receipt of the request. Students may exercise these rights by contacting the Registrar.
Information created in the EU will be transferred out of the EU to the College. If a student feels the College has not complied with applicable foreign laws regulating such Information, the student has the right to file a complaint with the appropriate supervisory authority in the EU.
Updates to this Policy
Thomas University may update or change this policy at any time. A student’s continued use of the College’s website and third party applications after any such change indicates the student’s acceptance of these changes.
GDPR 2018 EU APPLICANT STUDENTS NOTICE CONSENT