Privacy Information

Notwithstanding any language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, guarantee, warranty or contract of any kind. The data contained herein is for informational purposes only and is not represented to be error free and is subject to change at any time. Any links to non-University of North Georgia information are provided as a courtesy. They are not intended to nor do they constitute an endorsement by the University of North Georgia of the linked materials.

General Data Protection Regulation Privacy Notice

The University of North Georgia (UNG) is an institution of higher education involved in education, research, and community engagement. For UNG to educate its students, engage in world-class research, and provide community services, it is essential and necessary that UNG collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs.

The European Union General Data Protection Regulation (“EU GDPR”) broadly applies to data about people who reside in the European Union or data about individuals when it is transferred from the EU. The EU GDPR limits when and how personal data can be collected, stored, processed, and used. It also provides these individuals with certain rights related to their personal data, including notice or consent, rights of access, and in some cases, requests for deletion.

UNG may be a data “Controller” or “Processor” with regard to certain activities as defined under the EU GDPR. UNG is committed to protecting the rights of individuals in compliance with the EU GDPR.

Definitions

Controller: Controllers are responsible for decisions about the collection, use, and protection of personal data.

Personal data:  Under the EU GDPR, personal data is defined as any information relating to an identified or identifiable natural person. An identifiable natural person is an actual person (not a corporation or other business entity) who can be identified, directly or indirectly, by reference to:

  • Any identifiers, such as name, ID numbers, location data, online identifier; or
  • Factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Processor:  Processors are responsible for processing, analyzing, storing, and deleting personal data on behalf of the Controller.

Special Categories of Personal Data:

Any data that:

  • Reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership;
  • Is genetic data or biometric data sufficient to uniquely identify a natural person; and/or
  • Is concerning a natural person’s sex life or sexual orientation.

Lawful Basis for Collecting and Processing of Personal Data

UNG has lawful basis to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and public service programs. The lawful basis includes, without limitation: admission; registration; delivery of classroom, online, and study abroad education; grades; communication; employment; applied research; development; program analysis for improvements; and records retention.

Most of UNG’s collection and processing of personal data will fall under the following categories:

  • Processing that is necessary for the purposes of the legitimate interests pursued by UNG or third parties in providing education, employment, research and development, and public service.
  • Processing that is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract. 
  • Processing that is necessary for compliance with a legal obligation to which UNG is subject.
  • Processing for which the data subject has given consent for UNG to use his or her personal data for one or more specific purposes.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases. This basis will be identified for each application.

Types of Personal Data Collected and How it Will be Used

UNG collects a variety of personal data to meet lawful basis, as referenced above. Most often the data is used for admission to academic programs, enrollment, participation in educational programs, job hiring, provision of medical services, participation in research, development, and public service.

The information we hold about you may include the following:

  • Personal details such as name, title, address, telephone number, email address, marital status, nationality, date of birth, photograph, household income, parental status, details of dependents;
  • Emergency contact information;
  • Insurance number (where you have voluntarily provided it);
  • Education and employment information (including the school(s), college(s), and other educational locations you have attended; places where you have worked; the courses you have completed; dates of study and examination results);
  • Other personal background information collected during the admission process, e.g. your socioeconomic classification, and details of your parents’ occupation and education;
  • Examination records (including records relating to assessments of your work, details of examinations taken, and your predicted and actual examination grades);
  • Information captured in your student record, including progression, achievement of milestones and progression reports;
  • Visa, passport, and immigration information;
  • Fees and financial support record (including records relating to the fees paid, student loan information and financial support, scholarships, and sponsorship);
  • Supervision, teaching, and tutorial activities; and training needs analysis and skills acquisition records;
  • Placement and internship record or study at another institution as an established component of your course of studies, or career development opportunity;
  • Information about your engagement with University support services or University facilities;
  • Information about your use of library facilities, including borrowing and fines;
  • Information about disciplinary actions (including academic misconduct), dispensations from regulations, and any appeals and complaints raised;
  • Attendance at University degree and award ceremonies and other University events; 
  • Information about your use of our information and communication systems, including CCTV and building access information;
  • We may also process the following "special categories" of more sensitive personal data:
    • Information about your sex and gender identity;
    • Information about your race or ethnicity and religious beliefs;
    • Information about your health, including any disability and/or medical condition;
    • Information about criminal convictions and offenses, including proceedings or allegations.

If you have specific questions regarding the collection and use of your personal data, please contact the University’s Data Protection Officer at privacy@ung.edu

Where UNG Acquires Personal Data

UNG receives personal data from multiple sources. Most often, UNG acquires this data directly from the data subject or under the direction of the data subject who has provided it to a third party.

Rights of the Data Subject Under the EU GDPR

If you are an individual data subject under the EU GDPR, you may obtain the following information and exercise the following rights:

  • the identity and the contact details of the Controller and, where applicable, the Controller’s representative;
  • the contact details of UNG’s GDPR Compliance Program;
  • an explanation of the purposes and legal basis/legitimate interests of the data collection/processing;
  • the identification of the recipients of the personal data;
  • notice if UNG intends to transfer personal data to another country or international organization;
  • notice of the time period that the personal data will be stored;
  • the right to access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability;
  • the right to withdraw consent at any time, if processing is based on consent;
  • the right to lodge a complaint with a supervisory authority (established in the EU);
  • an explanation of why the personal data are required, and possible consequences of the failure to provide the data;
  • notice of the existence of automated decision-making, including profiling; and
  • notice if the collected data are going to be further processed for a purpose other than that for which the information was collected.

Exercising these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by submitting a Data Subject Request (DSR) Form.

 

Information We May Collect Automatically

To the extent permitted by law, UNG and our third-party vendors may supplement the information we collect from and about you with information from other sources, such as publicly available information about your online and offline activity from social media services, commercially available sources, and information from other business partners.

  • IP Address and Other Identifiers: When you access and interact with our website or programs, UNG and our third-party providers may collect information about your visits to permit you to connect to and obtain the services and to understand the frequency with which specific visitors visit various parts of our site. For example, we may collect your Internet Protocol (“IP”) address, which identifies the computer or third party that you use to access our services, or information about your browser type, authentication identifiers, and other software and hardware information. If you access the UNG website through a mobile or other device, we may collect your mobile device identifier, geolocation data (including your precise location), or other transactional information for that device. We may combine this information with other information that we have collected to make our services and our communications to you more targeted to your interests.
  • Social Media Information and Content: If you access or log-in to our site through a social media service or connect a service to a social media service, the information we collect may also include your user ID and/or user name associated with that social media service, any information or content you have permitted the social media service to share with us, such as your profile picture, email address or friends lists, and any information you have made public in connection with that social media service. When you access our sites through social media services or when you connect a service to social media services, you are authorizing UNG to collect, store, and use such information and content in accordance with this Privacy Statement and UNG Privacy Policies.
  • Cookies: Our services may also use cookies, small text files that are stored on a user’s computer and allow websites to remember information about users. UNG and our third parties use cookies for a variety of purposes, including to enhance the quality of our sites. We use transient (also called “session ID”) cookies to provide continuity from page to page. A session ID cookie expires when you close your browser. We also use persistent cookies. Persistent cookies allow your browser to be recognized when you return after your first visit to that part of our site. Cookies allow us to personalize your return visits to our site. You have the choice to set your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.) It is up to you whether to allow us to send you cookies. Please note that by blocking any or all cookies, you may not have access to certain features, content, or personalization available through our site.
  • Web Beacons and Other Tracking Technologies: The site may use other tracking tools, including so-called “pixel tags,” “web beacons,” “web bugs,” “clear GIFs,”etc. (collectively “Web Beacons”) to collect user activity information about your activities on our site. These are small electronic images embedded in web content (including online ads) and email messages and are ordinarily not visible to users. Like cookies, web beacons enable us to track pages and content (including ads) accessed and viewed by users. Also, when we send HTML-formatted (as opposed to plain text) emails to you, web beacons may be embedded in such emails to allow us to monitor readership levels so that we can identify aggregate trends and individual usage to provide our audiences with more relevant content or offers. Web beacons in emails may recognize activities such as when an email was opened, how many times an email was forwarded, which links in the email were clicked on, etc. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
  • Third-Party Tracking: Third parties that support UNG by serving advertisements or providing services, such as allowing you to share content or tracking aggregate usage statistics of our site, may also use these technologies to collect similar information when you interact with our services (such as websites and emails). These third parties may also use these technologies, along with activity information they collect, to recognize you across the devices you use, such as a mobile device and a laptop or other computer. UNG does not control these third-party technologies and their use is governed by the privacy policies of third parties using such technologies. 

Information Contained in User Content

Some parts of our site may allow users to post or transmit messages, comments, screen names, computer files, and other materials. You should be careful about what personal information you choose to make public through these services.

Information from Other Sources

To the extent permitted by law, UNG and our third party vendors may supplement the information we collect from and about you with information from other sources, such as publicly available information about your online and offline activity from social media services, commercially available sources, and information from other business partners.

Security of Personal Data Subject to the EU GDPR

UNG is committed to ensuring the security of your information. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information collected online. All personal data collected or processed by UNG under the scope of the EU GDPR will comply with the security controls and systems and process requirements and standards as set forth in UNG’s data protection safeguards.

Sharing Your Information

UNG will not share your information with third parties except as necessary to meet one of UNG’s lawful purposes, including but not limited to:

  • legitimate interest;
  • contract compliance;
  • pursuant to consent provided by you;
  • as required by law, including Georgia’s Open Records Act;
  • as necessary to protect UNG’s interests; or
  • with third parties acting on our behalf who have agreed to protect the confidentiality of the data.

Data Retention

Data collected by UNG is collected for the time periods specified by the current retention schedule.

Changes to this Privacy Notice

UNG may, in its discretion, periodically update this EU GDPR Privacy Notice.