Policy Overview
The Data Privacy Policy describes how Cummings Graduate Institute manages personal information and respects your privacy. This policy may be amended by the Policy Department when applicable. Cummings Graduate Institute encourages online visitors and users of our website and social media sites to regularly review our Privacy Policy.
Cummings Graduate Institute, is defined as the entity that acts as the controller or processor of personal information, as explained in more detail in the sections below.
The purpose of this policy is to secure and respect the privacy of all personal information and data collected from anyone Cummings Graduate Institute communicates with, including current students, applicants, prospective students, or previously associated students, non-students, and non-prospective students. Cummings Graduate Institute encourages you to periodically review this Privacy Policy because Cummings Graduate Institute may update it when applicable.
CGI may collect the following types of personal and sensitive data:
- Full name
- Mailing/permanent address,
- Email address
- Telephone number
- Date of birth
- Social security number or other tax identification number (only for applicants to CGI’s academic programs)
- Information relating to education and employment history, the colleges or universities students have attended and places where students have worked, the courses students have completed, dates of study and degrees conferred, including Transcripts
- Billing & payment information (i.e. payment information, billing address, name)
- Racial or ethnic origin
- Gender
- Country of Citizenship
- Copy of government issued ID
- Military Affiliation
- Device and browser information (e.g. IP address, operating system, browser type
- Authentication metadata (login timestamps, authentication method used via SSO/Duo)
- Chat and support interaction content (Zendesk messaging)
- Online behavior and usage data (via cookies and analytics tools)
- Assignment content and metadata (submitted through tools such as Turnitin)
CGI also collects information about the computers, mobile devices, or other devices used to access Cummings Graduate Institute’s technology network, such as IP address, unique device identifiers, browser types, browser languages, web pages requested, network software access, referring web pages, date, time, and duration of activity, passwords, and accounts accessed, volume of data storage and transfers, and locations of user devices when connected to Cummings Graduate Institute’s technology network. Logs of this information may be retained. Cummings Graduate Institute may contract with non- Cummings Graduate Institute service providers to help us better understand users. These non-Cummings Graduate Institute service providers are not permitted to use the information collected on Cummings Graduate Institute’s behalf except to help conduct and improve Cummings Graduate Institute’s services.
Cookies are small files that are stored on your computing devices. Cummings Graduate Institute uses cookies to understand and save preferences for future visits and compile aggregate data about network traffic and network interaction so that Cummings Graduate Institute can offer better network experiences and tools in the future. Cookies may be set by an organization other than Cummings Graduate Institute. These non-Cummings Graduate Institute cookies may, for example, originate from social media services such as YouTube and Facebook. Because the cookie policies of these services change over time, the user should review their policies by visiting the privacy policies of these services directly. Users may disable cookies through their individual browser options.
Cummings Graduate Institute uses information collected to provide services, in support of Cummings Graduate Institute’s Mission, to protect the security of Cummings Graduate Institute’s technology network, to support academic integrity, and to provide safety and security services to users, as well as to monitor, preserve, and enhance the use, functioning, and integrity of Cummings Graduate Institute’s technology network. Cummings Graduate Institute may also use information collected from the users for analysis and statistical purposes consistent with Cummings Graduate Institute’s Mission.
How Cummings Graduate Institute collects your information
Cummings Graduate Institute may collect personal data in a number of ways, for example:
- From the information provided to Cummings Graduate Institute when the user interacts with Cummings Graduate Institute before enrolling. For example, when the user expresses interest in studying at Cummings Graduate Institute.
- When the user subscribes to a Cummings Graduate Institute newsletter;
- When the user registers to attend a Cummings Graduate Institute professional development event or conference;
- When the user applies to study at Cummings Graduate Institute and completes an admission application;
- When the user completes other admissions processes and procedures;
- When the user communicates with Cummings Graduate Institute by telephone, email, or via our website. For example, in order to make an inquiry or raise concerns;
- In various other ways as the user interacts with us during their time as a student of Cummings Graduate Institute, for the various purposes set out below.
- From third parties. For example, from the user’s previous or current school, university, or employers who may provide a reference about the user or employer reimbursement/third party payments.
- The use of online surveys which may be conducted for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, answers are confidential and individual responses will not be shared with other parties. Aggregate data from surveys may be shared with external third parties.
- When the user engages with online support features such as the Cummings Graduate Institute Help Desk or answer bot, which may collect session data, browser/device information, and user-submitted content through third-party platforms like Zendesk.
- When the user logs into CGI systems using Google Single Sign-On (SSO) and/or Duo Mobile two-factor authentication, which may collect limited authentication data such as email address, device type, and login method (e.g., biometric confirmation, push notification).
- When the user interacts with CGI websites that use cookies to track preferences, enable functionality (e.g., live chat), and gather anonymous usage data. Users may choose to accept or reject non-essential cookies.
How Cummings Graduate Institute uses information about its students
The purposes for which Cummings Graduate Institute may use personal data (including sensitive personal data) collected during a student’s association with Cummings Graduate Institute, include:
- Recruitment and admissions;
- Academic matters, including:
- the provision of Cummings Graduate Institute’s core teaching, learning and research services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation);
- maintaining student records;
- assessing your eligibility for financial aid and scholarships, etc;
- authenticating and securing user access to academic systems and records via institutional Single Sign-On and Duo Mobile authentication tools.
- supporting academic integrity and plagiarism detection through third-party platforms such as Turnitin, which may store submitted work in external databases for comparison and originality checking.
- Providing library, IT and information services;
- Non-academic matters in support of our core services, including:
- providing student support services (e.g. Operations, Student Services, and Academic Departments);
- monitoring equal opportunities;
- safeguarding and promoting the welfare of students;
- ensuring students’ safety and security;
- managing student accommodation;
- managing the use of social media;
- providing online help and support through automated or live chat using third-party platforms such as Zendesk Messaging;
- ensuring compliance with privacy and cookie consent practices as required by applicable law;
- monitoring and improving the performance and security of CGI’s digital platforms.
- administering finance (e.g. fees, scholarships and tuition);
- other administrative purposes, including:
- carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice);
- promoting our services (e.g. providing information about student service);
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- Addressing and managing complaints and inquiries.
How Cummings Graduate Institute uses authentication and support services
Cummings Graduate Institute uses secure digital tools and third-party platforms to provide essential services to students, applicants, and visitors. These include:
- Google SSO and Duo Mobile for secure access to institutional platforms;
- Zendesk Messaging for live and AI-powered student support, which may collect session information and cookies for chat continuity;
- Website cookies for functionality and analytics, with user consent managed through CGI’s web-based cookie notice;
- Turnitin to support academic integrity. When assignments are submitted for originality checking, Turnitin may collect and store submission content and metadata in its international database for comparison purposes.
These tools are used solely to improve service delivery, ensure security, and maintain operational effectiveness. For more information about how data is handled by these services, please visit our online Privacy Policy.
How Cummings Graduate Institute Protects Your Information
When you access your personal information, Cummings Graduate Institute uses a secure server. Industry standard encryption (TLS) is employed before any information you input is sent to us. Furthermore, all of the data we collect is protected against unauthorized access. As effective as encryption technology is, however, no security system is completely impenetrable, so Cummings Graduate Institute cannot affirm absolute security of our systems, nor can the Institute affirm that information you supply won’t be intercepted while being transmitted to us over the Internet.
Data retention
Cummings Graduate Institute may retain your personal data for a period of ten (10) years after your association with Cummings Graduate Institute has come to an end. However, some information may be retained indefinitely by Cummings Graduate Institute in order to maintain the students academic record for archiving purposes.
Disclosure of Information
Cummings Graduate Institute does not disclose confidential information collected online to individuals or entities not affiliated with Cummings Graduate Institute, except in the limited circumstances described below. Non-confidential information may be disclosed or distributed pursuant to federal laws, state laws, including Arizona’s public records laws and policies. These laws and policies explain what information may be shared or disclosed. They also explain what information is protected as confidential.
Student’s Rights
Under the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) students have the following rights:
- Eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
- Eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
- Schools must have written permission from the eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State law.
GDPR was enforced in May 2018, given students the additional rights:
- to require Cummings Graduate Institute to correct the personal data it holds about the student if it is incorrect;
- to require Cummings Graduate Institute to erase the student’s personal data;
- to require Cummings Graduate Institute to restrict its data processing activities (and, where our processing is based on the student’s consent, the student may withdraw that consent, without affecting the lawfulness of Cummings Graduate Institute processing based on consent before its withdrawal);
- to receive from Cummings Graduate Institute the personal data we hold about you which you have provided to the Institute, in a reasonable format specified by the student, including for the purpose of the student transmitting that personal data to another data controller;
- to object, on grounds relating to the student’s particular situation, to any of the Institute’s particular processing activities where the student feels this has a disproportionate impact on the student rights.
Please note that the above rights are not absolute, and Cummings Graduate Institute may be entitled to refuse requests where exceptions apply.
If the student has given their consent and wishes to withdraw it, please contact our Policy and Compliance Office via email at compliance@cgi.edu. Please note that Cummings Graduate Institute processing of your personal data relies on the student consent and when the student then withdraws that consent, Cummings Graduate Institute may not be able to provide all or some aspects of our services to the student and/or it may affect the provision of those services.
Policy Responsibility
Student Responsibility
It is the responsibility of the student to review the policy.
Registrar
It is the responsibility of the Registrar to respond to all student inquiries within the time limits set out by the policy.
Staff, Faculty, and Stakeholders
The Cummings Graduate Institution requires all “Institute Officials”, defined as: administrative staff, faculty, and any third parties under contract with the Institution, to undergo an annual Data Privacy Policy Training upon hire and annually to ensure compliance.
Policy Procedure
Changes to your personal data
If a student would like to change any of their information, they should send an email request to the Policy and Compliance Office at compliance@cgi.edu.
Forms
At this time, there are no student forms associated with this policy.
Approvals/Revision History
Policy was revised on: August 16, 2025
Policy was approved by: Amanda Harrison, Chief Operating Officer