通用数据保护条例(GDPR)政策

的 全网最大的彩票娱乐平台 is committed to safeguarding the privacy of all personal data provided by students, employees, alumni, and other constituents, as well as contractors (集体”数据对象”).

自2018年5月25日起，欧盟(“EU")《全球最火爆彩票网站大全》("GDPR”) places additional obligations on organizations that control or process personally 关于欧洲人的可识别信息. GDPR旨在保护 收集或处理的有关自然人的数据的隐私 or transferred out 欧盟主席, and to regulate the data privacy practices of entities 在欧盟提供商品或服务的公司. 作为一个数据控制器， University collects, uses, and discloses 数据对象’ information according to the 以下政策.  

范围

GDPR适用于欧盟内外的实体. 此外，规章制度 apply to data about anyone present in the EU, regardless of whether they are a citizen or permanent resident of an EU country; for example, GDPR includes U.S. 人当 their 个人资料 is collected, stored and used in the EU or transferred from the EU.

GDPR定义了“个人资料，内容如下:

与已识别或可识别的自然人有关的任何信息(“数据”) subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (including information that is manually or automatically read, such as an IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity 那个自然人的.”

This policy describes the University’s measures to manage and protect 个人资料 可能会受到GDPR的约束.

数据类别

To provide services to students and employees, administer its programs, and perform contractual obligations, the University may collect, process, and transfer various types of 个人资料, including but not limited to: name; application information; attendance; academic records; employment records; contact information, including phone numbers, email addresses, and mailing addresses; and date of birth.

法律基础

的 GDPR requires 个人资料 to be processed lawfully, fairly and in a transparent manner, limited only to the data which is necessary, maintained for accuracy, stored only for the length of time required or needed, and safeguarded for unauthorized disclosure. Processing includes performing a task with 个人资料 such as collection, recording, storage, alteration, retrieval, disclosure by transmission, dissemination, or otherwise 使数据可用.

允许大学收集和处理GDPR下的法律依据 个人资料 include, but are not limited to, the following: (1) the data subject has given consent to the processing for a specific purpose; (2)  the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the University, as controller of the data, is subject; (4) the processing is necessary in order to protect the vital interests of the data subject or another natural person, (5) processing is necessary for the performance of a task carried out in the 为公众利益或行使赋予大学的官方权力; or (6) processing is necessary for the legitimate interests pursued by the University 或由第三方，除非该等利益被…的利益所压倒 the fundamental rights and freedoms of the data subject which require protection of 个人资料.

特殊数据类别

显示种族、健康、刑事定罪和犯罪的个人数据; 以及某些其他敏感问题(统称)敏感数据(如GDPR所定义)，可由大学要求.  除了例外 of criminal convictions, 数据对象 are not obligated to provide 敏感数据 在自愿的基础上这样做.  大学尽一切努力处理敏感 只在资料当事人同意的情况下提供资料. 在某些情况下，健康信息可能 be required under state or federal law in order for the University to provide services, 也不是为了公众健康和安全. 受上述限制， 数据主体可随时撤销其对敏感数据的同意.  

数据主体的权利

Subject to limitations established by legal requirements, 全网最大的彩票娱乐平台 Policies, 根据监管准则，数据主体有权:

• 访问我们处理的他们的个人数据;
  • 纠正我们所持有的有关他们的个人资料中的不准确之处;
  • To have their details removed from systems that we use to process their 个人资料;
  • 以某些方式限制其个人资料的处理;
  • 以常用的电子形式取得其个人资料的副本;
  • To object to certain processing of their 个人资料 by us; and
  • 要求我们停止向他们发送直接营销信息.

的 University will act to fulfill such rights as promptly and as fully as possible.

资料保安措施

的 University maintains and implements policies designed to protect confidentiality 个人资料的安全和地址记录的保留. 相关的政策 包括但不限于:

数据传输

When necessary to conduct its functions, University may transfer 个人资料 outside 欧盟主席 and may share 个人资料 with third party organizations within and outside 欧盟主席. 在我们分享个人资料时，我们会要求有适当的 有保障个人资料的措施. 保障措施包括但不限于 到:要求第三方成为美国的成员.S. 隐私保护，数据安全 合同条款，以及数据的匿名化.

个人资料的保留

Personal data will be retained by the University in accordance with applicable federal and state laws, regulations, and accreditation guidelines, as well as University policies. Personal data will be destroyed when no longer required for University services and 计划，应要求或在任何适用的保留期限届满后， 以较晚的为准. 销毁的方式应适合保存和 ensure the confidentiality of information given the level of sensitivity, value and 对大学至关重要.

违反通知

In the event that there is a data breach involving covered 个人资料 of students, employees, alumni, or venders, the University will notify the appropriate supervisory authorities within 72 hours, where feasible, after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of 数据对象. Furthermore, the University will also notify individual 数据对象 of a data breach 对于自己的个人资料如果被泄露很可能会造成很高的风险 他们的权利和自由. 向资料当事人发出的通知将包括资料的性质 of the breach and recommended steps the data subject should take in order to mitigate 潜在的不利影响. 初步通知可以是一般性的，并加以补充 随着附加信息的了解.

联系信息

In addition to contacting the offices that maintain the relevant records, 数据对象 may contact the UA following offices with questions they have regarding the University’s 政策和行使其权利:

关于GDPR的其他信息

• 该大学的 一般资料保护规例网页
• 的 GDPR的文本
• 资料当事人亦可 联系适当的数据保护机构 关于GDPR