This is the Georgia Institute of Technology’s (Georgia Tech) Professional Education (Non-Degree Programs, including Professional Development and Language Institute) privacy and legal notice for compliance with the European Union General Data Protection Regulation (“EU GDPR”). For more information regarding the EU GDPR, please review Georgia Tech’s EU General Data Protection Regulation Compliance Policy.
Georgia Tech is an institute of higher education involved in education, research, and community development. In order for Georgia Tech Professional Education (Non-Degree Programs, including Professional Development and Language Institute) to provide in-person and online education, conduct surveys for program evaluation and improvement, conduct marketing activities to engage in educational program outreach, conduct student and faculty/instructor recruitment, review and process applications for admission, review and process applications for employment, provide educational support services and process student payments, it must collect, use and process this personal data.
The lawful basis for the collection and processing of personal data by Georgia Tech Professional Education (Non-Degree Programs, including Professional Development and Language Institute) falls under the following category:
In order for Georgia Tech Professional Education (Non-Degree Programs, including Professional Development and Language Institute) to provide in-person and online education, conduct surveys for program evaluation and improvement, conduct marketing activities to engage in educational program outreach, conduct student and faculty/instructor recruitment, review and process applications for admission, review and process applications for employment, provide educational support services and process student payments, needs to collect the following categories of personal data:
The personal data collected by Georgia Tech Professional Education (Professional Development and Language Institute Non-Degree Programs) will be shared as follows:
| Georgia Tech Unit | Purpose |
|---|---|
| Georgia Tech Academic Departments | Communication with prospective students for the purpose of recruitment and outreach concerning areas of interest about programs of study |
| Georgia Tech Academic Departments | Support of departmental programs; reporting certificate program completion progress (ex: Scheller College of Business; Supply Chain Logistics Institute) |
| Office of Academic Effectiveness | For the administration of course surveys |
| Bursar’s Office | Student account details (invoicing/collections) |
| Conference Services | To assist students with on campus housing during their course of study |
| Office of Housing and Residence Life | To assist students with on campus housing during their course of study |
| Office of Human Resources | Information for employment related processes |
| Office of International Education | Management of and support for international students, scholars, and employees/ Institute Affiliates |
| Office of the Registrar | Official records management |
| Office of Scholarships & Financial Aid | Fund disbursement |
| Third-Party Name | Purpose |
|---|---|
| Basno | Badge issuing system for MOOC students who have chosen to opt-in for a verified course track (student name, email and course completed) |
| Corporate entities or government organizations providing student financial support | Provide academic records and information about scholarship recipient(s); invoicing and remittance details |
| Digital marketing agency (currently MediaCurrent) | Database access requirements for supporting GTPE departmental websites containing student data |
| Off campus housing vendors | To assist students with off campus housing during their course of study |
| Online learning management systems | To deliver learning activities and management for educational courses |
Georgia Tech is a unit of the Board of Regents of the University System of Georgia (the “BOR”), and data is shared with the BOR and its employees.
The Family Educational Rights and Privacy Act (FERPA) provides that “Directory Information” is information not generally considered harmful or an invasion of privacy if disclosed. Directory Information is considered public information, but the categories of information that comprise Directory Information also comprise “personal data” under the EU GDPR. Please review Georgia Tech's definition of Directory Information for further information, including how to prohibit the release of Directory Information.
If you have specific questions regarding the collection and use of your personal data, please contact the Office of Enterprise Data Management at eugdpr@edm.gatech.edu
If a data subject refuses to provide personal data that is required by Georgia Tech in connection with one of Georgia Tech’s lawful bases to collect such personal data, such refusal may make it impossible for Georgia Tech to provide education, employment, research or other requested services.
Georgia Tech receives personal data and special categories of sensitive personal data from multiple sources. Most often, Georgia Tech gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for undergraduate admission to Georgia Tech through use of the Common App).
Individual data subjects covered by Georgia Tech’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:
Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.
Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the Office of Enterprise Data Management at eugdpr@edm.gatech.edu
Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user. Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.
All personal data and special categories of sensitive personal data collected or processed by Georgia Tech under the scope of the Georgia Tech EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171 as set forth in the Georgia Tech Controlled Unclassified Information Policy.
As a state university, Georgia Tech is subject to the provisions of the Georgia Open Records Act (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee. The ORA requires that Georgia Tech produce public documents within three business days. For more information on Georgia Tech’s ORA compliance, please visit the Open Records Act page on the Legal Affairs website.
Georgia Tech keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules: https://www.usg.edu/records_management/schedules/
| Record Type | Retention Schedule Link |
|---|---|
| Academic Affairs | https://www.usg.edu/records_management/schedules/925 |
| Administration | https://www.usg.edu/records_management/schedules/924 |
| Finance | https://www.usg.edu/records_management/schedules/935 |
| Human Resources | https://www.usg.edu/records_management/schedules/930 |
| Information Technology | https://www.usg.edu/records_management/schedules/2520 |
| Student Records | https://www.usg.edu/records_management/schedules/934 |