This is Gordon College’s general statement on its data processing activities to notify data subjects of categories of personal data processed and the purpose and extent of processing. This is not a consent form but an announcement how Gordon College processes personal data.
As an educational institution, Gordon College operates in an environment where it collects information from multiple stakeholders. It is done in many ways that best serve its legitimate interests and purposes for processing and managing personal information. The college wants that the stakeholders understand the types of information it collects as they engage with it. If the stakeholders choose to withhold personal data that Gordon College needs to process, it may be unable, in some circumstances, to comply with its obligations. The college will inform them about the implications of the decision.
Gordon College collects the following General Personal Information from the abovementioned stakeholders:
Gordon College expects that the following uses will fall within the category of its “legitimate interests”:
Gordon College collects Personal Data physically through printed forms, attachments, and other documents required by the college, its academic units, and its administrative offices. Gordon College collects Personal Data electronically through electronic forms, via email, or inputting of information directly by the data subject or by the concerned faculty, personnel, and other stakeholders.
Gordon College prioritizes the correctness of the personal information of its stakeholders. With this, the college implements;
As part of Gordon College’s legitimate interests as an educational institution, it needs to transfer and/or share personal information within and across college departments and offices relevant to the processes involved.
Gordon College abstains from renting, selling, or sharing personal information about its stakeholder with other non-affiliated people, entities or third parties.
In general, the college will disclose or share its stakeholders to non-affiliates only with their consent or under the following circumstances:
Gordon College makes it a practice to store and transmit data securely in a number of ways, including manual paper and electronic formats, including databases that are shared between and among the different units or offices of the college. Access to personal data is limited to the respective college personnel who have legitimate interest for the purpose of carrying out contractual duties. It shall only collect and store information that is necessary to achieve its legitimate purposes and/or when permitted by law.
Unless otherwise provided by law or by appropriate college policies, the basic academic records for individual students are kept permanently and in perpetuity by the college, with more detailed records kept for defined retention periods. Each unit or office processing personal data have their respective retention policies, after which, all affected records will be securely disposed of.
There are also some categories of data that the college retain for historical, archival and statistical purposes, unless otherwise provided by law or by applicable college policies.
Gordon College shall exercise every practicable and reasonable means to protect personal information and to ensure the security of personal data about individuals through appropriate organizational, physical and technical measures. This includes policies around the use of technology and devices and the access to college systems. All personnel and faculty will be made aware of these policies and their duties under the Data Privacy Act of 2012 and receive relevant training at least once a year.
The college implements security measures in the following aspects;
Gordon College encourages that its stakeholders should be aware on the importance of their rights as “Data Subjects”. The institution educates them about the importance of their Personal Data, thus helping the college to cultivate an environment that promotes “respect of privacy”.
Gordon College stakeholders have the following rights:
Gordon College stakeholders have the following responsibilities:
Other rights and responsibilities of stakeholders are in the Gordon College Data Privacy Manual.
The mitigation, management and resolution of Security Incidents and Personal Data Breaches requires the coordination of various stakeholders. All concerned should be vigilant in their responsibilities to enable an effective security incident management process.
Gordon College forms a Data Breach Response Team that will assess and evaluate the Security Incidents, which includes Personal Data Breaches, restore integrity to the information and communication systems, mitigate and remedy resulting damages, and comply with reportorial requirements.
The following incident management and notification procedure is established in the Gordon College Security Incident Management Policy, this is divided into three major steps;
For Inquiries and reporting of security incident that involves Personal Information, you may contact us:
Types of Information Collected
Processing of Information
Ways to Collect Information
Accuracy of Information
Disclosure, Transfer and Sharing
Information Security Measures
Participation of Stakeholders
Breach and Security Incidents
Inquiries and Reporting