Data Privacy Policy
Policy Overview
The Data Privacy Policy describes how Cummings Graduate Institute manages personal information and respects your privacy. This policy may be amended by the Policy Department when applicable. Cummings Graduate Institute encourages online visitors and users of our website and social media sites to regularly review our Privacy Policy.
Cummings Graduate Institute, is defined as the entity that acts as the controller or processor of personal information, as explained in more detail in the sections below.
The purpose of this policy is to secure and respect the privacy of all personal information and data collected from anyone Cummings Graduate Institute communicates with, including current students, applicants, prospective students, or previously associated students, non-students, and non-prospective students. Cummings Graduate Institute encourages you to periodically review this Privacy Policy because Cummings Graduate Institute may update it when applicable.
CGI may collect the following types of personal and sensitive data:
- Full name
- Mailing/permanent address,
- Email address
- Telephone number
- Date of birth
- Social security number or other tax identification number (only for applicants to CGI’s academic programs)
- Information relating to education and employment history, the colleges or universities students have attended and places where students have worked, the courses students have completed, dates of study and degrees conferred, including Transcripts
- Billing & payment information (i.e. payment information, billing address, name)
- Racial or ethnic origin
- Gender
- Country of Citizenship
- Copy of government issued ID
- Military Affiliation
CGI also collects information about the computers, mobile devices, or other devices used to access Cummings Graduate Institute’s technology network, such as IP address, unique device identifiers, browser types, browser languages, web pages requested, network software access, referring web pages, date, time, and duration of activity, passwords, and accounts accessed, volume of data storage and transfers, and locations of user devices when connected to Cummings Graduate Institute’s technology network. Logs of this information may be retained. Cummings Graduate Institute may contract with non- Cummings Graduate Institute service providers to help us better understand users. These non-Cummings Graduate Institute service providers are not permitted to use the information collected on Cummings Graduate Institute’s behalf except to help conduct and improve Cummings Graduate Institute’s services.
Cookies are small files that are stored on your computing devices. Cummings Graduate Institute uses cookies to understand and save preferences for future visits and compile aggregate data about network traffic and network interaction so that Cummings Graduate Institute can offer better network experiences and tools in the future. Cookies may be set by an organization other than Cummings Graduate Institute. These non-Cummings Graduate Institute cookies may, for example, originate from social media services such as YouTube and Facebook. Because the cookie policies of these services change over time, the user should review their policies by visiting the privacy policies of these services directly. Users may disable cookies through their individual browser options.
Cummings Graduate Institute uses information collected to provide services, in support of Cummings Graduate Institute’s Mission, to protect the security of Cummings Graduate Institute’s technology network, to support academic integrity, and to provide safety and security services to users, as well as to monitor, preserve, and enhance the use, functioning, and integrity of Cummings Graduate Institute’s technology network. Cummings Graduate Institute may also use information collected from the users for analysis and statistical purposes consistent with Cummings Graduate Institute’s Mission.
How Cummings Graduate Institute collects your information
Cummings Graduate Institute may collect personal data in a number of ways, for example:
- From the information provided to Cummings Graduate Institute when the user interacts with Cummings Graduate Institute before enrolling. For example, when the user expresses interest in studying at Cummings Graduate Institute.
- When the user subscribes to a Cummings Graduate Institute newsletter;
- When the user registers to attend a Cummings Graduate Institute professional development event or conference;
- When the user applies to study at Cummings Graduate Institute and completes an admission application;
- When the user completes other admissions processes and procedures;
- When the user communicates with Cummings Graduate Institute by telephone, email, or via our website. For example, in order to make an inquiry or raise concerns;
- In various other ways as the user interacts with us during their time as a student of Cummings Graduate Institute, for the various purposes set out below.
- From third parties. For example, from the user’s previous or current school, university, or employers who may provide a reference about the user or employer reimbursement/third party payments.
- The use of online surveys which may be conducted for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, answers are confidential and individual responses will not be shared with other parties. Aggregate data from surveys may be shared with external third parties.
How Cummings Graduate Institute uses information about its students
The purposes for which Cummings Graduate Institute may use personal data (including sensitive personal data) collected during a student’s association with Cummings Graduate Institute, include:
- Recruitment and admissions;
- Academic matters, including:
- the provision of Cummings Graduate Institute’s core teaching, learning and research services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation);
- maintaining student records;
- assessing your eligibility for financial aid and scholarships, etc.
- Providing library, IT and information services;
- Non-academic matters in support of our core services, including:
- providing student support services (e.g. Operations, Student Services, and Academic Departments);
- monitoring equal opportunities;
- safeguarding and promoting the welfare of students;
- ensuring students’ safety and security;
- managing student accommodation;
- managing the use of social media;
- administering finance (e.g. fees, scholarships and tuition);
- other administrative purposes, including:
- carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice);
- promoting our services (e.g. providing information about student service);
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- Addressing and managing complaints and inquiries.
How Cummings Graduate Institute Protects Your Information
When you access your personal information, Cummings Graduate Institute uses a secure server. Industry standard encryption (TLS) is employed before any information you input is sent to us. Furthermore, all of the data we collect is protected against unauthorized access. As effective as encryption technology is, however, no security system is completely impenetrable, so Cummings Graduate Institute cannot affirm absolute security of our systems, nor can the Institute affirm that information you supply won’t be intercepted while being transmitted to us over the Internet.
Data retention
Cummings Graduate Institute may retain your personal data for a period of ten (10) years after your association with Cummings Graduate Institute has come to an end. However, some information may be retained indefinitely by Cummings Graduate Institute in order to maintain the students academic record for archiving purposes.
Disclosure of Information
Cummings Graduate Institute does not disclose confidential information collected online to individuals or entities not affiliated with Cummings Graduate Institute, except in the limited circumstances described below. Non-confidential information may be disclosed or distributed pursuant to federal laws, state laws, including Arizona’s public records laws and policies. These laws and policies explain what information may be shared or disclosed. They also explain what information is protected as confidential.
Student’s Rights
Under the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) students have the following rights:
- Eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
- Eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
- Schools must have written permission from the eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State law.
GDPR was enforced in May 2018, given students the additional rights:
- to require Cummings Graduate Institute to correct the personal data it holds about the student if it is incorrect;
- to require Cummings Graduate Institute to erase the student’s personal data;
- to require Cummings Graduate Institute to restrict its data processing activities (and, where our processing is based on the student's consent, the student may withdraw that consent, without affecting the lawfulness of Cummings Graduate Institute processing based on consent before its withdrawal);
- to receive from Cummings Graduate Institute the personal data we hold about you which you have provided to the Institute, in a reasonable format specified by the student, including for the purpose of the student transmitting that personal data to another data controller;
- to object, on grounds relating to the student’s particular situation, to any of the Institute’s particular processing activities where the student feels this has a disproportionate impact on the student rights.
Please note that the above rights are not absolute, and Cummings Graduate Institute may be entitled to refuse requests where exceptions apply.
If the student has given their consent and wishes to withdraw it, please contact our Policy and Compliance Office via email at compliance@cgi.edu. Please note that Cummings Graduate Institute processing of your personal data relies on the student consent and when the student then withdraws that consent, Cummings Graduate Institute may not be able to provide all or some aspects of our services to the student and/or it may affect the provision of those services.
Policy Responsibility
Student Responsibility
It is the responsibility of the student to review the policy.
Registrar
It is the responsibility of the Registrar to respond to all student inquiries within the time limits set out by the policy.
Staff, Faculty, and Stakeholders
The Cummings Graduate Institution requires all “Institute Officials”, defined as: administrative staff, faculty, and any third parties under contract with the Institution, to undergo an annual Data Privacy Policy Training upon hire and annually to ensure compliance.
Policy Procedure
Changes to your personal data
If a student would like to change any of their information, they should send an email request to the Policy and Compliance Office at compliance@cgi.edu.
Forms
At this time, there are no student forms associated with this policy.
Approvals/Revision History
Policy was revised on: June 15th, 2020
Policy was approved by: Amanda Harrison, Chief Operating Officer