General Data Protection Regulation

The European Union General Data Protection Regulation is a set of regulations that govern the use of personal data collected by an organization. These regulations apply to individuals that apply or are accepted to the College within the European Union.

• Individuals may request the details of their personal information that the College stores, the purpose it is used for, its data retention policies, and the security safeguards in place to protect said data.
• The College will comply with requests to edit and/or correct personal information. Requests to delete or limit processing of personal data will be reviewed and processed as practical within legal guidelines governing the College.
• Individuals may obtain a copy of their personal data in a standard format.
• Individuals will be notified of any breach of security in a timely manner.
• An individual can request to be forgotten if an individual withdraws consent given to process the individual’s data. The College reserves the right to retain such data as required by law, in pursuit of legal action, to monitor fraud, or for performance of a task in pursuit of the public interest, contractual obligations, and legitimate business interests. This applies only to EU residents and non-EU citizens living in an EU member state.
• All individuals have the right to question, seek advice, or complain about the use of their data.
• All communication and requests should be sent to privacy@pct.edu.

Pennsylvania College of Technology continues to work towards GDPR compliance. Some of the steps include:

• Developing a risk-based GDPR compliance strategy
• Performing and cataloging a data inventory
• Updating its consent process
• Creating an online process to request to be forgotten
• Providing GDPR education resources and training to the College’s employees

Any information related to an individual that can identify someone directly or indirectly. Examples of identifiers include names, identification numbers (such as Social Security Number), age, gender, nationality, race, physical addresses, email address, photos or IP addresses. 

Any organization that collects to serve the business need of an individual. All data collected must serve a business purpose and be used to serve the individual. Data collected is must be secured in a reasonable method to minimize any unauthorized access to personal data.

Any 3rd party entity that shares information with to process data on behalf of the data controller. The data processor must ensure the same reasonable level of data compliance and security as the data controller provided by the data controller.