What personal information do we collect from the people that visit our blog, website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, subscribe to a newsletter, fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To allow us to better service you in responding to your customer service requests.
- To send periodic emails regarding your order or other products and services.
How do we protect visitor information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
We do not use an SSL certificate – we do not need an SSL because we store the information on a secure server
Do we use ‘cookies’?
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled that make your site experience more efficient and some of our services will not function properly.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third party links
We do not include or offer third party products or services on our website.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en
We use Google AdSense Advertising on our website.
We have implemented the following:
• Demographics and Interests Reporting
We along with third-party vendors, such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions, and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative opt out page or permanently using the Google Analytics Opt Out Browser add on. (available for most browsers)
California Online Privacy Protection Act
According to CalOPPA we agree to the following:
- Users can visit our site anonymously
- Users are able to change their personal information by emailing us
How does our site handle Do Not Track (DNT) signals?
We honor Do Not Track signals and we do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
Does our site allow third party behavioral tracking?
It’s also important to note that we do not allow third party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
- In order to be in line with Fair Information Practices we will take the following responsive action. Should a data breach occur we will notify the users via in site notification within 7 business days
- We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business or site headquarters
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can
- Email us at email@example.com or
- Follow the instructions at the bottom of each email.
and we will promptly remove you from ALL correspondence.
“CGI”, Cummings Graduate Institute for Behavioral Health Studies, is defined as the entity that acts as the controller or processor of personal information, as explained in more detail in the sections below.
It is the responsibility of the Academic Departments, including but not limited to the Director and Assistant Director of the Doctor of Behavioral Program, Student Services and Communication Team, Finance Department and all Faculty to ensure all personal information and data is used appropriately.
The types of information we collect
CGI may collect the following types of personal and sensitive data:
- Full name
- Mailing/permanent address,
- Email address
- Telephone number
- Date of birth
- Social security number or other tax identification number (only for applicants to CGI’s academic programs)
- Information relating to education and employment history, the colleges or universities students have attended and places where students have worked, the courses students have completed, dates of study and degrees conferred, including Transcripts
- Billing & payment information (i.e. payment information, billing address, name)
- Racial or ethnic origin
- Country of Citizenship
- Copy of government issued ID
- Military Affiliation
CGI also collects information about the computers, mobile devices, or other devices used to access CGI’s technology network, such as IP address, unique device identifiers, browser types, browser languages, web pages requested, network software access, referring web pages, date, time, and duration of activity, passwords, and accounts accessed, volume of data storage and transfers, and locations of user devices when connected to CGI’s technology network. Logs of this information may be retained. CGI may contract with non-CGI service providers to help us better understand users. These non-CGI service providers are not permitted to use the information collected on CGI’s behalf except to help conduct and improve CGI’s services.
CGI uses information collected to provide services, in support of CGI’s Mission, to protect the security of CGI’s technology network, to support academic integrity, and to provide safety and security services to users, as well as to monitor, preserve, and enhance the use, functioning, and integrity of CGI’s technology network. CGI may also use information collected from the users for analysis and statistical purposes consistent with CGI’s Mission.
How CGI collects your information
CGI may collect personal data in a number of ways, for example:
- From the information provided to CGI when the user interacts with CGI before enrolling. For example, when the user expresses interest in studying at CGI.
- When the user subscribes to a CGI newsletter;
- When the user registers to attend a CGI professional development event or conference;
- When the user applies to study at CGI and completes an admission application;
- When the user completes other admissions processes and procedures;
- When the user communicates with CGI by telephone, email, or via our website. For example, in order to make an inquiry or raise concerns;
- In various other ways as the user interacts with us during their time as a student of CGI, for the various purposes set out below.
- From third parties. For example, from the user’s previous or current school, university, or employers who may provide a reference about the user or employer reimbursement/third party payments.
- The use of online surveys which may be conducted for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, answers are confidential and individual responses will not be shared with other parties. Aggregate data from surveys may be shared with external third parties.
How CGI uses information about its students
The purposes for which CGI may use personal data (including sensitive personal data) we collect during a student’s association with CGI, include:
- Recruitment and admissions;
- Academic matters, including:
- the provision of CGI’s core teaching, learning and research services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation);
- maintaining student records;
- assessing your eligibility for financial aid and scholarships, etc.
- Providing library, IT and information services;
- Non-academic matters in support of our core services, including:
- providing student support services (e.g. Operations, Student Services, and Academic Departments);
- monitoring equal opportunities;
- safeguarding and promoting the welfare of students;
- ensuring students’ safety and security;
- managing student accommodation;
- managing the use of social media;
- administering finance (e.g. fees, scholarships and tuition);
- other administrative purposes, including:
- carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice);
- promoting our services (e.g. providing information about student service);
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- Addressing and managing complaints and inquiries.
How CGI Protects Your Information
When you access your personal information, we use a secure server. Industry standard encryption (TLS) is employed before any information you input is sent to us. Furthermore, all of the data we collect is protected against unauthorized access. As effective as encryption technology is, however, no security system is completely impenetrable, so CGI cannot affirm absolute security of our systems, nor can we affirm that information you supply won’t be intercepted while being transmitted to us over the Internet.
We may retain your in your personal data for a period of 10 years after your association with CGI has come to an end. However, some information may be retained indefinitely by CGI in order to maintain the students academic record for archiving purposes.
Disclosure of Information
CGI does not disclose confidential information we collect online to individuals or entities not affiliated with CGI, except in the limited circumstances described below. Non-confidential information may be disclosed or distributed pursuant to federal laws, state laws, including Arizona’s public records laws, and ASU and Arizona Board of Regents (ABOR) policies. These laws and policies explain what information may be shared or disclosed. They also explain what information is protected as confidential.
Under the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) you have the following rights:
- Eligible students have the right to inspect and review the student’s education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
- Eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
- Schools must have written permission from the eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State law.
Once the GDPR is enforce in May 2018, you will also have the following additional rights:
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
If you have given your consent and you wish to withdraw it, please contact our Office of Operations using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
Changes to your personal data
Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You may request changes by contacting the Office of Operations, firstname.lastname@example.org or by telephone: (480) 285-1761.
Cummings Graduate Institute takes Data Privacy seriously. If an Institute Official is unable to abide by the Confidentiality of Student Records Policy, their supervisor will need to notify the Director of Operations and together the supervisor and Director of Operations will handle the manner according to the Employee Handbook.
If user data is compromised, Cummings Graduate Institute will notify the user immediately and take appropriate action to resolve the issue.