Privacy Protection Policy
This policy applies to all parties (staff, faculty, students, alumni, etc.) who provide any amount or type of personal data to Excelsior College (“Excelsior” or “College”).
Personal data includes but is not limited to data subject’s name, home address, email address, social security number, student identification number, photo, Internet Protocol (IP) address, a cookie identifier, transcripts, employment records, etc.
Statement of Policy
Personal Data Collected by Excelsior
When you access our website, you may voluntarily give personal data to us so we can provide you with requested information or services. Some examples are: your name, address, phone number, and email address. You can always opt not to provide such information to us. However, we may not be able to communicate with you if you choose to opt out.
In addition, during your interaction with our website, other personal data about your usage of the site is collected automatically, such as: top viewed and visited pages and links on our web site, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our website, your Internet Protocol (IP) address, information collected via cookies (see below), device event information such as system activity, crashes, hardware settings, browser type, etc.
What are cookies? Cookies are alphanumeric identifiers we transfer to your computer or mobile device through your internet browser to recognize you as a return user of our site. The information we collect is used to make our website and services we provide more customized and beneficial to you.
You may set your internet browser to block all cookies including ours. The “help” portion of the toolbar on most browsers will direct you on how to enable or disable cookies. However, some online services will not work if cookies are disabled.
After you opt in and acknowledge that you are accepting the use of our cookies, your continued use of our website is your consent to the collection of this data for the purposes outlined above unless and until you decide to opt out.
How Excelsior Uses the Information It Collects
Excelsior uses the information we collect to enhance our website and the services we provide to you. Excelsior does not share, sell, rent or trade personal data to third parties for their promotional purposes. Excelsior does share limited information with companies that perform work on our behalf. These companies are required to keep this information confidential and to use it strictly for authorized business purposes in accordance with Excelsior College policies and applicable laws and regulations.
Excelsior may release personal information when we believe in good faith that it is necessary for us to comply with the law or for the safety of our employees, our customers, or others.
Excelsior also shares aggregate information for regulatory or governmental reporting purposes.
Email and Text Communications from Excelsior
Excelsior often uses email communications to update you about new programs or services that may be of interest to you. Each such email communication contains instructions on how to opt out of receiving future communications. Excelsior receives a confirmation when you open and/or interact with an email from us if your system permits. We use this information to ensure that future communications with you are as helpful and useful as possible.
Excelsior uses texting to send messages that are timely and relevant but only if you opt in to receiving texts from us. Even if you do opt in to accepting texts from us, you may opt out at any time. However, by opting out you may not receive helpful information that is important to you in a prompt manner.
In its communications, the College adheres to the requirements of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), the Telephone Consumer Protection Act (TCPA), and other applicable laws and regulations.
Updating Your Information
If you believe that any information Excelsior has collected about you is inaccurate or which you would like removed from our system, you may be able to change it yourself using the MyProfile (login required) application. You can also use MyProfile to opt out of electronic mail communications. Otherwise, contact the Office of the Registrar to make any changes.
Excelsior uses information technology industry best practices to ensure that all personal data is kept secure from unauthorized access and from improper use by authorized users.
Data breaches, whether caused through human error or malicious intent, will be reported to the chief technology officer, or designee, for investigation and reporting, as appropriate. Once a breach has been confirmed, designated staff will take appropriate steps, as outlined in the Excelsior College Crisis Management Plan. Any questions about the College’s data breach reporting process should be directed to the chief technology officer, or designee; via email to email@example.com.
Use of Social Media
Links to Third-Party Content or Websites
Excelsior bears no responsibility for the accuracy of third-party or user-generated content posted on its website and the opinions expressed by third parties and/or users are not necessarily those of the College or its employees. If the College receives a complaint regarding third-party or user-generated content on its website, the College will follow the procedures required by the Digital Millennium Copyright Act (DMCA).
Excelsior reserves the right to amend this policy at any time without notice. Any questions about this policy should be directed to the chief technology officer, or designee, via email to firstname.lastname@example.org.
Use of Information and Material
The information and material contained on this site, and the terms, conditions, and descriptions that appear, are subject to change at any time without notice. Any information or material on this site may be downloaded for review provided the user does so for their individual, non-commercial use. Such information or material may not be otherwise copied, edited, linked with, or used, in any other website, visual, print, or broadcast medium, without the express permission of the College.
The European Union General Data Protection Regulation 2016/679 (GDPR)
Pursuant to the GDPR, the College, in its capacity as Data Controller, provides this information for individual data subjects (staff, faculty, students, alumni, etc.) residing in the European Union (“EU”):
The GDPR applies to personal data the College may collect and process, and may include a data subject’s name, home address, email address, social security number, student identification number, photo, Internet Protocol (IP) address, a cookie identifier, transcripts, employment records, etc.
As a higher education institution, Excelsior College may collect and process personal data for the purposes of providing information or services to data subjects, including but not limited to: admissions, advisement, billing, bookstore purchases/transactions, communications, contracts with third-party vendors, employment, delivery of instruction, enrollment, financial aid assistance, promoting degree programs of potential interest to data subjects, payroll, records retention, registration, social media platforms, transcripts, tuition assistance, tutoring, etc.
Lawful Basis for Collecting and Processing Personal Data
The College has determined the categories listed below may apply when collecting and processing personal data:
- Consent: The data subject has given consent for the College to process his or her personal data for a specific purpose.
- Legitimate Interests: The processing is necessary for the College’s legitimate interests or the legitimate interests of a third party.
Personal Data Breaches
Data breaches, whether caused through human error or malicious intent, will be reported to the College’s chief technology officer, who has been appointed as the governance and data protection officer for investigation and reporting, as appropriate. Any questions about the College’s data breach reporting process should be directed to the governance and data protection officer, or designee, via email to email@example.com.
Once a breach has been confirmed and it is determined that the breach poses a risk to an individual’s rights and freedoms, the governance and data protection officer will notify the supervisory authority without undue delay, but no later than 72 hours following confirmation of the data breach.
Once a breach has been confirmed and it is determined that the breach poses a high risk to an individual’s rights and freedoms, the governance and data protection officer will also notify the individuals directly and without undue delay.
Student Records Retention
The Office of Registrar is responsible for providing a centralized imaging function for creation of the student’s electronic file and for maintaining, retrieving, and disposing of paper and electronic records. This is done in compliance with state and federal laws and the American Association of Collegiate Registrars and Admissions Officers (AACRAO) guidelines for the retention of student records.