EU General Data Protection Regulation Privacy Notice

This is the Georgia Institute of Technology’s (Georgia Tech) College of Engineering privacy and legal notice for compliance with the European Union General Data Protection Regulation (“EU GDPR”). 

For more information regarding the EU GDPR, please review Georgia Tech’s EU General Data Protection Regulation Compliance Policy.

Lawful Basis for Collecting and Processing of Personal Data

Georgia Tech is an institute of higher education involved in education, research, and community development.  In order for the College of Engineering at Georgia Tech to provide education, conduct student and faculty recruitment, conduct development and direct marketing activities for the College of Engineering, engage in outreach programs for STEM education, process College of Engineering corporate sponsorship applications for scholarships, fellowships and other awards and conduct College of Engineering mentoring programs (hereinafter, collectively, the “Programs and Activities), it must collect, use and process this personal data.

The lawful basis for the collection and processing of personal data by Georgia Tech’s College of Engineering falls under the following categories:

  • Processing is necessary for the purposes of the legitimate interests pursued by Georgia Tech or third parties in providing the Programs and Activities.
  • The data subject has given consent to the processing of his or her special categories of sensitive personal data for one or more specific purposes. 

Types of Personal Data collected and why

In order for the College of Engineering at Georgia Tech to provide the Programs and Activities, it needs to collect the following categories of personal data:

  • Name
  • Contact information including, without limitation, email address, physical address, phone number, and other location data
  • Unique personal identifiers and biographical information (e.g. date of birth)
  • Photographs of you
  • Details of your education and/or employment qualifications
  • Information related to visa requirements, copies of passports and other documents to ensure compliance with U.S. laws
  • Financial information gathered for the purposes of administering fees and charges, loans, grants, scholarships, etc.

The personal data collected by Georgia Tech’s College of Engineering will be shared as follows: 

Georgia Tech Unit

Purpose

Office of International Education

Case management for international students, scholars, and employees located outside the United States.

Office of Human Resources

Information for employment related processes.

Office of the Registrar

To support student enrollment and academic advising in assisting students make progress toward graduation; Degree auditing for the purpose of degree completion.

Georgia Tech Academic Units  

Communication with and about prospective applicants.

Georgia Tech Academic Units 

Communication with and about enrolled students in the context of the pursuit of a degree/program of study.

Office of Scholarships and Financial Aid

Processing of applications for financial aid for College of Engineering programs.

Office of Undergraduate and Graduate Admissions

For the purpose of applicant recruitment and admission.

Office of Development

Fundraising and endowment activities.

Office of Undergraduate Education, Office of Academic Effectiveness, Center for 21st Century Universities, Strategic Consulting

To provide basic student contact, demographic, and enrollment information in support of conducting surveys, collecting information, and receiving input from Institute constituents in order to analyze and improve courses, programs, and effectiveness of campus offerings.

Division of Student Life

To assist with providing students with the resources in support of their educational pursuit; discussions concerning matters handled by the Office of Student Integrity.  

Institute Diversity, Equity & Inclusion (IDEI)

To provide targeted populations for the purpose of IDEI program and events.

Georgia Tech Research Institute

In connection with students working and/or employed on restricted sponsored research projects; faculty dual appointment roles.

Office of Information Technology

Systems access and security compliance for students working on restricted sponsored research projects.

Bursar’s Office

In connection with student employment or assessing tuition and fee waivers.

Office of Graduate Education and Faculty Development

Information for employment related processes.

The Office of Institutional Research and Planning and the Office of Enterprise Data Management are responsible for the development, maintenance and storage of data resources to support the strategic planning and policy-making processes at Georgia Tech, and data is shared with these offices. 

Third-Party Name

Purpose

Georgia Tech Foundation

In connection with the processing of student scholarship information.

College of Engineering Corporate Sponsors

To provide information about scholarship recipient(s) to Corporate Sponsor.

Georgia Tech Research Corporation

In connection with students working on restricted sponsored research projects.

Survey Platforms and Vendors

For the purpose of administering surveys to the Georgia Tech community.

Georgia Tech Alumni Association

For the purpose of communicating about activities and programing facilitated by Georgia Tech Alumni Association.

 Georgia Tech is a unit of the Board of Regents of the University System of Georgia (the “BOR”), and data is shared with the BOR and its employees.

FERPA

The Family Educational Rights and Privacy Act (FERPA) provides that “Directory Information” is information not generally considered harmful or an invasion of privacy if disclosed. Directory Information is considered public information, but the categories of information that comprise Directory Information also comprise “personal data” under the EU GDPR. Please review Georgia Tech's definition of Directory Information for further information, including how to prohibit the release of Directory Information.

Where Georgia Tech gets Personal Data and Special Categories of Sensitive Personal Data

Georgia Tech receives personal data and special categories of sensitive personal data from multiple sources. Most often, Georgia Tech gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for undergraduate admission to Georgia Tech through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Georgia Tech’s EU General Data Protection Regulation Compliance Policy will be afforded certain individual rights.  

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the Office of Enterprise Data Management at eugdpr@edm.gatech.edu

Cookies

Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication.   For information related to how Georgia Tech uses cookies, refer to Georgia Tech’s Privacy and Legal Notice.  

Georgia Open Records Act

As a state university, Georgia Tech is subject to the provisions of the Georgia Open Records Act  (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee. The ORA requires that Georgia Tech produce public documents within three business days. For more information on Georgia Tech’s ORA compliance, please visit the Open Records Act page on the Legal Affairs website

Security of Personal Data subject to the EU GDPR

All personal data and special categories of sensitive personal data collected or processed by Georgia Tech under the scope of the Georgia Tech EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171 as set forth in the Georgia Tech Controlled Unclassified Information Policy.

Data Retention

Georgia Tech follows the guidelines specified in the University System of Georgia Records Retention Schedules. Applicable record categories include but are not limited to: 

If a data subject refuses to provide personal data that is required by Georgia Tech in connection with one of Georgia Tech’s lawful bases to collect such personal data, such refusal may make it impossible for Georgia Tech to provide education, employment, research or other requested services. 

If the EU GDPR applies to the collection of your personal data and you have specific questions regarding the collection and use of your personal data, please contact the Office of Enterprise Data Management at eugdpr@edm.gatech.edu