Data Protection Statement
Data Protection Statement for Those Seeking Information and/or Applying for Admission
This Data Protection Statement (“policy statement”) provides information about why personal information is being requested from you and how it will be used by Northern Essex Community College. This policy statement is provided in compliance with the General Data Protection Regulations (“GDPR”) issued by the European Union (“EU”) and effective on May 25, 2018. The GDPR protects the personal information of EU citizens and residents and provides a single set of rules for international businesses and organizations, including institutions of higher education, that process this data. The GDPR applies exclusively to the processing of “personal information” that is obtained from you while you are physically located in an EU member state, regardless of your nationality or citizenship. The GDPR does not apply to personal information obtained from you when you are located outside of the EU.
What is “personal information”?
“Personal information” means any information which relates to or identifies you as an individual including, but are not limited to, name, email, phone numbers, IP address, photo, and educational, financial, employment-related, and health data.
What does it mean to “process” personal information?
Processing is any operation performed on personal information, such as collecting, destroying, recording, organizing, storing, altering, or disclosing.
What personal information will be processed?
The College will process the information you provide when you request additional information from the College and/or submit your admission application together with the supporting documents requested to complete your application.
What is the purpose and legal basis of the processing?
The College will process your personal information for the purposes of identifying you, processing your request for information or application for admission, verifying the information provided, reaching an admission decision, and communicating that outcome and/or other feedback. The College may also process your information for the following statutory obligations, contractual necessity and/or public interest purposes:
- To confirm immigration status;
- For affirmative action and equal opportunity monitoring;
- To prevent or detect fraud or other criminal activity;
- To confirm elementary and secondary education record;
- To assist in providing reasonable accommodations for a disability;
- To provide information as required by applicable law; and
- For research and statistical purposes, but only in a non-identifiable, aggregate format.
- Admission decisions are made on a case-by-case basis and are not the result of automated decision-making.
Who will process my personal information?
For the purposes stated above, during the admission process your personal information will be processed by and shared with the following:
- Admissions Office;
- Financial Aid Office;
- International Studies Office;
- Student Services Office;
- Registrar’s Office;
- Disability Services if an accommodation is requested;
- Institutional Research;
- Student and Exchange Visitor Program Designated School Official;
- Governmental bodies when required by law;
- State authorities in order to perform one or more statutory duties; and
- Third-parties providing specific services to, or on behalf of, the College.
The College may subsequently identify other departments or external parties who will process your personal information as you progress through the application process.
How is my personal information used if I am accepted?
Once you are accepted and begin attending the College your personal information is no longer covered by the GDPR. As a student at the College, your personal information shall be processed in accordance with the Family Educational Rights and Privacy Act (“FERPA”), a U.S. federal law.
To learn about your rights under FERPA, please visit https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html?src=rn.
If your acceptance to the College is for an on-line course or program only, and you remain in an EU member state while participating in the course or program, the GDPR shall continue to apply to the processing of your personal information.
How can I access my personal information?
You have the right to access the personal information that is held about you by the College. You also have the right to ask the College to correct any inaccurate personal information it holds about you. In order to access your personal information, please contact the Chief Technology Officer, Ricardo Rivera, at 978-556-3742 or email@example.com.
How long is my personal information kept?
The College shall retain and store personal information in accordance with applicable U.S. state and federal laws and regulations. If you attend the College, your personal information will be kept as part of your student record for the duration of your studies and for a period up to 5 years after graduation. If you do not attend, your application information will be retained for a period up to 3 years after the completion of the application process.
Who can I contact if I have any questions?
If you have any questions about this policy statement, the College’s compliance with the GDPR, or the processing of your personal information, please contact the Chief Technology Officer, Ricardo Rivera, at 978-556-3742 or firstname.lastname@example.org.
How do I report a complaint?
If you are not happy with the way your information is being handled, or with the response received from the College, it is recommended that you contact Chief Technology Officer, Ricardo Rivera, at 978-556-3742 or email@example.com for further assistance. If the College fails to adequately address your concerns, you also have a right to file a complaint with the Massachusetts Department of Higher Education at:
Policy Statement updates?
This policy statement was issued on June 12, 2018. It will be reviewed as necessary and at least annually. Any changes to the policy will be posted on the College’s website.Print View