Student Privacy Notice: European Union GDPR
This notice explains how School for International Training (“SIT”) will collect and use your personal data. SIT is the data controller for personal data we process about you. Throughout this Notice “SIT”, “we”, “our”, and “us” refers to SIT, its umbrella organization, World Learning Inc, and World Learning Inc’s affiliated entities. “You” and “your” or “their” refers to those expressing an interest in becoming a student at SIT (both prior to and at the formal application stage), together with those who later become a registered student at SIT. The European Union may be referred to
throughout this Notice as “EU”.
As of May 25, 2018, SIT processes your personal data in accordance with General Data Protection Regulations (“GDPR”). This Notice meets the requirements of both the DPA and GDPR. Prior to and after the effective date of the GDPR, we may make changes to this Notice. We will inform you of any changes to this notice. Notification will be through an appropriate medium of communication, such as email, text, written notice, or website notice, depending on the contact information that we have for you. You can find the current version of this notice on SIT’s website. If you have any questions about this notice, please contact our data protection officer (DPO), who will be happy to answer any queries you may have concerning this notice or the way in which we process or use your personal data. SIT’s DPO is Wendy Mason and she can be reached at [email protected]. SIT obtains your personal data from you when you provide us with your personal information, such as (but not limited to) when you fill out any form or application, when you interact with our website or staff, or when you communicate with us in any way. In addition, we obtain your personal data from various third-party sources (for example, student loan administrators, other institutions that we partner with in providing our programming, your other academic institutions, and other service providers). All such information obtained about you is handled in accordance with our policies and with DPA and GDPR as well as FERPA and other applicable legislation.
In general, we process or use your personal data for the administration of all of the offices and functions associated with operations of SIT related to your role as student or prospective student with us and all of the support functions that arise from those roles in the legitimate operation of SIT. All your data is processed for SIT’s institution purposes, connected to or related to activities carried out by SIT or its affiliates, such as (but not limited to) academic programs operated in the United States or for study abroad programs or workshops in the European Union, or related to your immigration requirements and entry/exit for any country for the purpose of participating in any program, or for the performance of contractual obligations related to operation of our programming in the United States or European Union. In particular, the data supplied or collected will be processed for the following purposes and will be handled according to the following terms, as indicated:
- Your personal data will be collected and processed to fulfill the obligations established by any applicable law, including the regulations or the European Union Law.
- Your personal data will be collected and processed to execute the contractual obligations with reference to your enrollment with the SIT study programs organized in the EU at SIT (such as but not limited to courses, attendance certification, student health, and safety protection).
- Your personal data will be collected and processed with reference and in connection to data provided by public authorities or by hospitals should an accident or aggression occur to the student, in order to take the necessary actions.
- Your sensitive data regarding your health conditions and food habits will only be processed for the purpose of protecting student safety or of fulfilling the obligations established by local law, by regulations, or by the European Union law; sensitive data regarding judicial measures that may have been provided to SIT by public bodies will be processed only for purposes relating to a health or safety emergency and complying with any applicable mandatory provision of local or European Union law.
- Submittal and processing of personal data is necessary for SIT to achieve the purposes above specified.
- Any opting out or refusal to allow such processing and use will make it impossible to carry out the necessary activities and the correct administrative, operational, and academic management of student programs necessary to accomplish the contractual obligations of SIT in connection with your graduate and/or study abroad stay at SIT in the EU as well as the obligations imposed by law.
- All personal data, including sensitive data, will be collected and processed automatically and/or manually in compliance with the provisions of the EU GDPR and by adopting the appropriate data protection measures, securing strictly monitored access.
- Data processing will take place, according to the aforementioned criteria, only within those offices of SIT that are exclusively dedicated to SIT graduate or study abroad programs; the data will be handled only by the persons who are responsible for the related activities and by other persons working on the same areas as specified in internal communications; sensitive data will be handled only within those offices of SIT that are exclusively dedicated to SIT graduate or study abroad programs, for the purposes above specified, by persons officially appointed to this task. Your personal data you have provided may be transferred overseas pursuant to the terms, conditions, and limits specified by Chapter V of the EU GDPR.
- In particular, your data may be communicated, in compliance with the rules above indicated, to public or private subjects to whom they may be necessary in order to fulfill obligations set forth by local laws, regulations, or EU laws; sensitive data may be communicated to public bodies and authorities (such as public hospitals, public safety authorities, police offices, courts, magistrates, and the like) and to private subjects (such as private hospitals and clinics, security supervisors, or insurance companies) only for purposes relating to health and safety emergency and for the purposes of fulfilling obligations set forth by local laws, regulations, and EU laws.
- You will be able to exercise any and all other rights, as applicable, foreseen by Articles 15 to 22 of the EU GDPR, namely right of access, right to rectification, right to erasure or “to be forgotten,” right to restriction of processing, right to data portability, and right to object; you can read Regulation (EU) 2016/679 at eurlex. europa.eu/eli/reg/2016/679/2016-05-04.
- Please be also informed that:
- the period for which your personal data will be stored will be from now until the information is no longer needed for the purposes articulated herein and until the applicable retention period has expired and the information is deleted or destroyed.
- you can withdraw your consent, if granted below, at any time and even only orally, but this will not affect the lawfulness of processing your personal data based on your consent before withdrawal.
- you have legal rights and remedies against any breach of your personal privacy according to articles 77 to 84 of the EU GDPR.