Data Privacy and Legal Notice
This Notice establishes College of Coastal Georgia’s (“CCGA”) data privacy and legal notice with respect to the gathering and dissemination of information we obtain from you on CCGA’s websites located at CCGA.edu (“Site”) and with any applicable privacy standards and legal requirements in regard to the data collected.
CCGA is the operator of this Site, although software, hosting and other functions may be provided by third parties (“Service Providers”). This Data Privacy and Legal Notice (“Notice”) describes the type of information CCGA and its Service Providers collect from visitors to this Site, what we do with that information, and how visitors can update and control the use of information collected by this Site.
This Notice does not necessarily describe information collection policies on other sites, such as separate sites operated by our Service Providers that CCGA does not control. Many of the resources linked from CCGA’s site are not maintained by CCGA. CCGA cannot monitor all linked resources, only those pages that fall directly within CCGA’s World Wide Web structure. CCGA is in no way responsible for the privacy practices or the content of these linked resources, and the statements, views, and opinions expressed therein are neither endorsed by nor do they necessarily reflect the opinion of CCGA. Any links to non-CCGA information or resources are provided as a courtesy. They are not intended to endorse, nor do they constitute an endorsement by CCGA of the linked materials.
This Notice may be changed from time to time and without notice. Continued use of the Site after any such changes constitutes acceptance of the new terms. If you do not agree to abide by these new terms or any future terms, please do not use the Site. This site is not directed to children under 13 years of age, and children under 13 years of age shall not use this Site to submit any personal information about themselves. [reference note below]
Note: In accordance with the Federal Trade Commission (FTC) Children’s Online Privacy Protection Rule (“COPPA”) (https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule).
When visiting the Site, CCGA may collect certain routing information, including, but not limited to, the Internet Protocol (“IP”) address of your originating Internet Service Provider (“ISP”), and information provided by “cookies” stored on your hard drive. CCGA may also collect aggregate information about the use of the Site, including, but not limited to, which pages are most frequently visited, how many visitors the Site receives daily, and how long visitors stay on each page. CCGA may disclose and publish aggregate information on an aggregate basis to any party through any means, but such aggregate information will not disclose any personal information. Any information collected through this Site may also be used in aggregate by system administrators in the administration of the Site. This information helps CCGA understand aggregate uses of the site, track usage trends, and improve services. Visitors may also be required to provide certain personal information in order to access various features and information on the Site. Such information may include, among other things, name, address, and phone number. If you do not want to provide such information, you may choose not to access those features of the Site. Any personal information that you choose to provide through the Site will be protected in accordance with the provisions of this Notice.
Cookies are small pieces of data that may be stored by a Web browser. Cookies are often used to remember information about preferences and pages visited. This information is stored for visitor’s convenience and also may be used in the aggregate to monitor and enhance the Site. For example, when you visit some sites on the Web you might see a “Welcome Back” message. The first time you visited the site a cookie may have been set on your computer; when you return, the cookie is read again. You can refuse to accept cookies, disable cookies, and/or remove cookies from your hard drive. However, if you do not accept cookies from the Site, you may lose access to the Site or experience decreased performance of the Site.
Security and Accuracy of Confidential Information
CCGA does its best to reasonably ensure that the personal information obtained from you is accurate. Visitors may review the information saved or submitted via the Site at any time up to the point when it is purged. In the event that there is an error in your personal information, we will correct the information upon your request. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to our use of the information collected online. While we strive to protect visitor’s personal information by encryption and other means, we cannot guarantee or warrant the security of the information you transmit to us, and if you choose to use the Site, you do so at your own risk.
Please keep in mind that any information you disclose on our Site can be collected and used by visitors to the Site.
If you post any data within a public forum on any CCGA websites that data is now public.
Sharing of Information
CCGA is committed to maintaining the privacy of your personal information. CCGA does not actively share personal information gathered from the Site. However, there may be some instances in which CCGA will need to do so as required by law (including but not limited to the Georgia Open Records Act), as necessary to protect CCGA interests, and/or with Service Providers acting on CCGA’s behalf. CCGA also complies with the Family Educational Rights and Privacy Act (“FERPA”), which generally prohibits (with some exceptions) the release of education records without student permission. For more details on FERPA, currently enrolled students should see their institution’s specific policies.
If you have questions about this Notice or you believe that your personal information has been released without your consent or if you wish to correct information held by CCGA, please contact us at firstname.lastname@example.org.
Lawful Basis for Collecting and Processing Personal Data
CCGA is an institution and a part of a system of organizations of higher education involved in education, research, and community development. In order for CCGA to educate its students both in class and online, engage in world-class research, and provide community services, it is essential and necessary, that CCGA have lawful basis to collect, process, use, and maintain data of students, employees, applicants, research subjects, visitors and others involved in its educational, research, and community programs. The lawful basis includes, without limitation, admission; registration; delivery of classroom, online, and study abroad education; grades; communications; employment; applied research; development; program analysis for improvements; and records retention. Examples of data that CCGA may need to collect in connection with the lawful basis are: name, email address, IP address, physical address or other location identifiers, photos, as well as some sensitive personal data obtained with prior consent.
Most of CCGA’s collection and processing of personal data will fall under the following categories:
Data subject: is any person whose personal data is being collected, held or processed.
- Processing is necessary for the purposes of the legitimate interests pursued by CCGA or third parties in providing education, employment, research and development, and/or community programs.
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which CCGA is subject.
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.
Types of Personal Data and Special Categories of Sensitive Personal Data, where CCGA gets this data and why
CCGA receives personal data and special categories of sensitive personal data from multiple sources. Most often, this data comes directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission through use of a common application).
Individual Rights of the Data Subject
Individual data subjects can expect the following, if requested:
- Information about how CCGA is collecting the data;
- The USO Data Privacy Committee Chair contact information;
- The purposes and legal basis/legitimate interests of the data collection/processing;
- Information about who received any personal data;
- If CCGA intends to transfer personal data to another country or international organization;
- The period the personal data will be stored;
- The existence of the right to rectify incorrect data or erase applicable personal data, restrict or object to processing, and the right to data portability;
- The existence of the right to withdraw consent at any time;
- The right to lodge a complaint with a supervisory authority (regulators, etc.);
- Why the personal data are required and possible consequences of the failure to provide the data;
- The existence of automated decision-making, including profiling; and,
- If the collected data are going to be further processed for a purpose other than that for which it was collected.
Note: Exercising of these expectations is a guarantee to be afforded a process and not the guarantee of an outcome. Any data subject who wishes to exercise any of the above-mentioned expectations may do so by filing or submitting such request at email@example.com.
Security of Personal Data
All personal data and special categories of sensitive personal data collected or processed by CCGA must comply with CCGA Cybersecurity Plan, as authorized by the Board of Regents Policy Manual Section 10.4 Cybersecurity: https://www.usg.edu/policies. Anyone suspecting that his or her sensitive personal data has been exposed to unauthorized access, report your suspicion to firstname.lastname@example.org. Otherwise, questions concerning more general data privacy can be sent to email@example.com.
CCGA will not share your information with third parties except as necessary to meet one of CCGA’s lawful purposes.
Georgia Open Records Act
As an entity of the government of the State of Georgia, CCGA is subject to the provisions of the Georgia Open Records Act (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee.
CCGA keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules: https://www.usg.edu/records_management/schedules/.
The College of Coastal Georgia, in compliance with the Family Educational Rights and Privacy Act of 1974 and subsequent amendments, releases no information restricted by that Act without student consent.
The Family Educational Rights and Privacy Act (FERPA) affords students certain rights with respect to their education records. These rights include:
- The right to inspect and review the student's education records within forty-five (45) days of the day the College receives a request for access. Students should submit to the Registrar written requests that identify the record(s) they wish to inspect. The College official will make arrangements for access and notify the student of the time and place where the records may be inspected. If the records are not maintained by the College official to whom the request was submitted, that official shall advise the student of the correct official to whom the request should be addressed.
- The right to request the amendment of the student's education records that the student believes is inaccurate. Students may ask the College to amend a record that they believe is inaccurate. They should write the College official responsible for the record, clearly identify the part of the record they want changed, and specify why it is inaccurate. If the College decides not to amend the record as requested by the student, the College will notify the student of the decision and advise the student of his or her right to a hearing regarding the request for amendment. Additional information regarding the hearing procedures will be provided to the student when notified of the right to a hearing.
- The right to consent to disclosures of personally identifiable information contained in the student's education records, except to the extent that FERPA authorizes disclosure without consent. One exception, which permits disclosure without consent, is disclosure to school officials with legitimate educational interests. A school official is a person employed by the College in an administrative, supervisory, academic or research, or support staff position (including law enforcement unit personnel); a person or company with whom the College has contracted (such as an attorney, auditor, or collection agent); or a student serving on an official committee, such as a disciplinary or grievance committee, or assisting another school official in performing his or her tasks. A school official has a legitimate educational interest if the official needs to review an education record in order to fulfill his or her professional responsibility.
- The right to file a complaint with the U.S. Department of Education concerning alleged failures by The College of Coastal Georgia to comply with the requirements of FERPA.The name and address of the Office that administers FERPA is:
Family Policy Compliance
Office of U.S. Department of Education
400 Maryland Avenue, SW
Washington, DC 20202-5901
- Directory information, which is information that is generally not considered harmful or an invasion of privacy if released, can also be disclosed to outside organizations without a student's prior written consent. The College has designated the following information as directory information: student's name; participation in officially recognized activities and sports; address; telephone listing; weight and height of members of athletic teams; electronic mail address; photograph; degrees, honors, and awards received; date and place of birth; major field of study; dates of attendance; grade level; the most recent educational agency or institution attended. If you do not want the College to disclose directory information without your prior written consent, you must notify the College in writing. To prevent the disclosure of directory information, you should contact the Registrar at 912.279.5738 or via e-mail at firstname.lastname@example.org.