GDPR Policy and Consent Notice


CV-HGS GDPR POLICY AND CONSENT NOTICE 6.1.22 1

Catholic Virtual™, a division of Hudson Global Scholars, LLC European Union
General Data Protection Regulation (GDPR) Policy
For Individuals Located in the European Economic Area

This Policy is being provided in accordance with the provisions of the European Union General Data Protection Regulation [Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data”] (“GDPR”), describes how Personal Data of students/parents/legal guardians will be processed, secured and stored by Catholic Virtual (“CV”), a division of Hudson Global Scholars, LLC (“HGS”), in its capacity as Data Controller, pursuant to Article 12 of the GDPR, and explains students’/parents’/legal guardians’ rights with regard to such Personal Data. What is “Personal Data” and “Processing”?

Under the GDPR, “Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The GDPR prohibits processing of “special categories” of Personal Data unless certain exceptions apply, because this type of data could create a more significant risk to a Data Subject’s fundamental rights and freedoms and put a Data Subject at risk of unlawful discrimination. The following data is included in “special categories” of Personal Data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (hereafter “Sensitive Personal Data”).

How and when does HGS collect Personal Data?

HGS may lawfully collect Personal Data of prospective students, and their parents/legal guardians in a number of ways for legitimate educational purposes. For example, HGS may collect Personal Data: (i) from the local school in which a student is enrolled; (ii) directly from a student/parent/legal guardian during the enrollment process; (iii) when a student/parent/legal guardian communicates with HGS by telephone, email or via its website; and (iv) when a student interacts with HGS during his/her time as a student of HGS, its divisions and/or affiliates.

What Personal Data does HGS collect from students/parents/legal guardians?

HGS may collect and keep the following types of Personal Data and other information from students/parents/legal guardians:

  1. Student Information: Name, address, date of birth, sex, passport/visa information (non-US students applying for college/university admission/credit), citizenship information (for students applying for CV-HGS GDPR POLICY AND CONSENT NOTICE 6.1.22 2 college/university admission/credit), local student identification number (if applicable) and social security number (if applicable).
  2. Parent/Legal Guardian Information: Name, address, phone number, e-mail address and credit card information (if applicable).
  3. Student Educational Record/Data Based Tracking: HGS Programs/Courses and Services selected by the student, course enrollments, course withdrawals, participation, attendance, grades and other academic information in the student’s record.
  4. Student-Teacher Communications: Calendar information and phone logs regarding courses and teacher communications, and e-mails between students and teachers.
  5. Education History: Information relating to a student’s education history, including the school(s) and other colleges or universities a student has attended, the courses a student has completed, dates of study and examination results.
  6. Classes Attended by Students: Classes attended by students are recorded for use solely by the students in the class during the period in which a student is actively enrolled in the class.
  7. Website Usage Data and Credentials: IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when HGS products and services are used and other technical information.
  8. Credentials: Passwords, password hints and similar security information used for authentication and account access.
  9. User Profile: Any combination of Personal Data that allows HGS to provide Educational Services to a Student.

HGS will only use such Personal Data for educational purposes, including the facilitation of the use of HGS programs, products and services, including courses (“Educational Services”).

Legal Bases for Collection and Processing of Personal Data:

HGS only uses Personal Data in a lawful, transparent, and fair manner. Depending on the specific Personal Data concerned and the factual context, when HGS processes Personal Data as a controller for individuals in regions such as the European Economic Area, Switzerland, and the UK, it relies on the following legal bases as applicable in the individual’s jurisdiction:

  1. Educational Contract: When HGS enters into a contract directly with a student (or his/her parent/legal guardian if the student is under the age of 16) or with a student’s local school to provide Educational Services to a student (“Educational Contract”), HGS processes the student’s/parent’s/legal guardian’s Personal Data on the basis of this Educational Contract in order to (i) prepare, enter into and perform the Educational Contract in order to provide the student with the HGS Educational Services (which includes billing, compliance with contractual obligations, and related administration and support); (ii) develop, test, and improve the HGS Educational Services and troubleshoot Educational Services and features; and (iii) ensure authentication, integrity, security, and safety of accounts, activity, and HGS Educational Services, including detecting and preventing malicious conduct and violations of HGS’s terms and policies or the terms and policies of its third-party service providers, prevent or investigate bad or unsafe experiences, and address security threats. If HGS does not collect and process such Personal Data for these purposes, HGS may not be able to provide the student with its Educational Services;
  2. Consent: HGS relies on the explicit consent of students, and/or their parents/legal guardians (on their own behalf and/or on behalf of any students under the age of 16) in order to provide the Educational Services to students.
  3. Legal Obligations: HGS processes Personal Data to comply with all applicable United States Federal and State Laws and Regulations and applicable European Union Laws and Regulations (hereafter collectively referred to as “Laws and Regulations”) for the provision of Educational Services to students, through HGS and its Divisions, HGS’s affiliates, and HGS’s Partner Schools, including but not limited to HGS accreditation authorities and applicable US State Departments of Education; to respond to valid legal requests from, and other communications with, competent public, governmental, judicial, or other regulatory authorities; to investigate or participate in civil discovery, litigation or other adversarial legal proceeding; to comply with Laws and Regulations related to the safety and security of students, and to comply with the legal obligations to which it is subject as a legal entity in the State of Delaware, US with offices in the state of Maryland, US. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) and compliance with privacy Laws and Regulations; and
  4. HGS’s (or others') Legitimate Educational Interests: HGS processes Personal Data of students/parents/legal guardians based on such legitimate educational interests to; (i) ensure authentication, integrity, security, and safety of accounts, activity, and HGS Educational Services, including detecting and preventing malicious conduct and violations of HGS’s terms and policies or the terms and policies of its third-party providers, prevent or investigate bad or unsafe experiences, and address security threats (iv) comply with Laws and Regulations, codes of practice, guidelines, or rules applicable to HGS and respond to requests from, and other communications with, competent public, governmental, judicial, or other regulatory authorities, as well as to meet HGS’s corporate and social responsibility commitments, protect HGS’s rights and property and the rights of HGS’s customers, resolve disputes, and enforce agreements.

Why does HGS request the Consent of Students/Parents/Legal Guardians to the use of Personal Data?

Consent of the student or, if the student is under the age of 16, the student’s parent/legal guardian is a legal basis upon which HGS relies to comply with GDPR. Consent is required before HGS collects, processes or discloses Personal Data of the student and/or of the student’s parent/legal guardian in order for the student to receive Educational Services through HGS. In accordance with GDPR, such consent must be freely given, specific, informed and an unambiguous indication of the student’s/parent’s/legal guardian’s agreement to the processing of the student’s/parent’s/legal guardian’s Personal Data. The refusal to allow HGS to collect and process such Personal Data may make it impossible to provide Educational Services and comply with applicable Laws and Regulations governing HGS. Such Personal Data is processed and used by HGS, its employees, consultants, third-party agents and third-party service providers solely for educational purposes. HGS does not sell Personal Data or sell advertising based on anonymized Personal Data.

How does HGS use Student/Parent/Legal Guardian Personal Data?

HGS processes the Personal Data collected from students/parents/legal guardians during their association with HGS to conduct the following lawful and legal purposes:

  1. Provision of Educational Services: HGS processes the Personal Data of students/parents/legal guardians to provide Educational Services to students, through HGS and its Divisions, HGS affiliates, and HGS Partner School, including but not limited to (i) recruitment and admissions; (ii) academic matters (i.e., registration, grading, attendance, managing progress, academic misconduct investigations, certification(s), and graduation); (iii) maintaining student records; and (iv) for non-academic reasons including: (A) safeguarding and promoting the welfare of students; (B) ensuring students' safety and security; (C) financial matters (i.e., administering fees and tuition payments), and (D) matriculation, graduation, degree, and transcript information.
  2. Legal Reasons: HGS processes the Personal Data of students/parents/legal guardians to comply with all applicable Laws and Regulations for the provision of Educational Services to students, through HGS and its Divisions, HGS’s affiliates, and HGS’s Partner Schools, including but not limited to HGS accreditation authorities and applicable US State Departments of Education; to respond to valid legal requests from, and other communications with, competent public, governmental, judicial, or other regulatory authorities; to investigate or participate in civil discovery, litigation or other adversarial legal proceeding; to comply with Laws and Regulations related to the safety and security of students, and to comply with the legal obligations to which it is subject as a legal entity in the State of Delaware, US with offices in the state of Maryland, US. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity (“fraud and abuse detection”) and compliance with privacy Laws and Regulations.

How does HGS keep Personal Data safe?

Personal Data of students/parents/legal guardians will be protected in accordance with all applicable Laws and Regulations, including the GDPR, FERPA, and other applicable European Union and US State and Federal laws regarding the privacy of such Personal Data. HGS will only disclose Personal Data or provide access to such Personal Data in compliance with GDPR, FERPA, and other applicable US State and Federal laws, and HGS will require third parties that contract with it and have access to such information to do the same. HGS will not use Personal Data to target a student/parent/legal guardian for advertising, or sell or use such Personal Data to create profiles about a student (other than for purposes of the student’s education in an HGS course or program). All HGS students are provided a unique password to access online courses. It is the student’s responsibility to keep his/her password in confidence.

To reduce the risk of unauthorized access to student data, maintain data accuracy, and ensure the correct use of information, HGS has put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure Personal Data and other information it collects. HGS also uses Secure Sockets Layer (“SSL”) protocol on student account information and registration pages to protect Sensitive Personal Data. Student Personal Data and other information is contained behind secured networks and is only accessible by a limited number of HGS employees, contractors, third-party agents and third-party service providers who have special access rights to such systems, and are required to keep the information confidential. All transactions are processed through a gateway provider and are not stored or processed on HGS servers. HGS’s website is scanned on a regular basis for security holes and known vulnerabilities in order to make the use of the HGS site as safe as possible.

How long does HGS keep student Personal Data?

HGS retains Personal Data in accordance with the requirements of its Partner Schools (including students’ local schools), third-party service providers and applicable Laws and Regulations governing the provision of its Educational Services. HGS has a legal obligation to permanently retain the Personal Data deemed to be part of the student’s permanent record under applicable Laws and Regulations.

Does HGS share Personal Data?

Personal Data of students/parents/legal guardians may be provided to third parties as required by US State or Federal law. To the extent that third party service providers assist HGS in the provision of online Educational Services, those service providers are provided the minimum amount of data required to perform the tasks for which they have been engaged, consistent with applicable Laws and Regulations, including GDPR and FERPA. The third-party service providers have no independent rights to such data and have agreed to maintain the confidentiality of the data, to use it solely for the purpose of performing the school-based tasks for which they have been engaged and to safeguard the data as required by law and by contract. As permitted by the applicable Laws and Regulations, HGS may share Personal Data with other companies in order to improve the academic performance of HGS courses or programs or so that HGS may offer its Educational Services to students. Additionally, Personal Data is shared with the following entities/persons with a legitimate educational purpose and need to know:

  • HGS’s CEO, administrative team, and professional staff;
  • Other professionals who have a legitimate educational or legal interest in student data as designated by the CEO;
  • School officials, administrators, teachers and teaching facilitators with legitimate educational interest;
  • Educational institutions, organizations or home-based education programs which already have access to the student’s educational records;
  • Other schools to which a student is transferring;
  • Specified officials for audit or evaluation purposes;
  • Accrediting organizations;
  • Specified attorneys/officials/courts to comply with a judicial order or lawfully issued subpoena;
  • Appropriate officials in cases of health and safety emergencies; and
  • An agent representative of the student or family.

Recorded classes are available to all students in the class, as well as to teachers, facilitators and administrators of partner schools during the period in which a student is actively enrolled in the class.

Do HGS Sites use “cookies”?

Cookies are pieces of information that a website places on the hard drive of a user’s computer when he/she visits the HGS website. Cookies may involve the transmission of information from HGS to website users and from website users directly to HGS, to another party on HGS’s behalf, or to another party in accordance with its privacy policy. HGS Sites may use cookies to bring together information it collects about students/parents/legal guardians. Students/parents/legal guardians can choose to have their computer warn them each time a cookie is being sent, or they can choose to turn off all cookies. Students/parents/legal guardians do this through their browser settings. If students/parents/legal guardians turn cookies off, they will not have access to many features that make use of HGS sites more efficient and some HGS website services may not function properly.

Does HGS use Students/Parents/Legal Guardians Personal Data in automated decision-making, including profiling?

The GDPR limits HGS’s right to use the Personal Data of students/parents/legal guardians for predictive purposes as part of an automated decision-making process, including profiling. Such a process uses the Personal Data of students/parents/legal guardians, such as preferences, interests, behavior, locations, and personal movement, to make an analytically-determined decision, instead of a personalized, individual decision. The GDPR limitation does not apply when such automated decision-making is necessary for the performance of a contract to which students/parents/legal guardians are, or will be, a party, such as the Educational Contract described on Page 2 of this Policy, and would include automated grading of some tests and delivery of grades based on algorithms and communication in regard to academic performance related to the provision of Educational Services by HGS. HGS primarily will rely upon personalized, individual decision-making and does not intend to use Personal Data in automated decision-making processes. However, if HGS uses automated decision-making processes, as defined by GDPR, HGS will take all necessary steps to do so in a compliant manner.

Does HGS use De-identified and Aggregate Data of Students/Parents/Legal Guardians?

HGS occasionally aggregates information in a way that is designed to make it impracticable to use that data to identify a particular person. HGS also sometimes maintains individual data records with personal identifiers removed in a manner that is impracticable to relink it to any specific individual. HGS does not consider such “De-Identified Data” to be Personal Data. HGS does not attempt to re-identify information that has been de-identified.

Transfer of Personal Data:

HGS uses its technical infrastructure in the United States to deliver various Educational Services. In order to fulfill its Educational Contracts with students and deliver the Educational Services, HGS will need to transfer Personal Data to the United States, and possibly to other jurisdictions outside of a student’s home country.

HGS Compliance with GDPR:

All Personal Data provided by students/parents/legal guardians, and provided by any entity who possess such Personal Data of students/parents/legal guardians and lawfully discloses such Personal Data to HGS, and all further Personal Data generated during the relationship of a student/parent/legal guardian and HGS will be processed and handled by HGS in accordance with HGS’s applicable policies and procedures, with the applicable Laws and Regulations, including the GDPR, and with the principles of fairness, lawfulness, transparency, purpose limitation, accuracy, storage limitation, integrity and confidentiality and accountability, as well as with the utmost protection of privacy. All Personal Data of students/parents/legal guardians will be collected and processed automatically and/or manually in compliance with the provisions of the applicable Laws and Regulations, including the GDPR, and by adopting the appropriate data protection measures. Sensitive Personal Data will only be requested and processed if required by college/university affiliates of HGS for enrollment of the student in college/university courses.

What Controls do Students/Parents/Legal Guardians have over the Personal Data supplied to HGS?

Students/parents/legal guardians have the ability to access, review and modify their Personal Data through the student information system as allowed by the relevant Laws and Regulations, including the applicable accreditation authorities and applicable US Departments of Education.

Students’/Parents’/Legal Guardians’ Rights with Respect to Personal Data:

Under the GDPR, students/parents/legal guardians have a number of rights with respect to their Personal Data, including the right to information which is the purpose of this Policy and Consent Notice. Students/parents/legal guardians have the right, in certain circumstances, to request: (i) access to their Personal Data, (ii) rectification of mistakes or errors and/or erasure of their Personal Data, (iii) that HGS restrict processing, and (iv) that HGS provide their Personal Data to them in a portable format. In certain circumstances, students/parents/legal guardians also may have the right to object to HGS’s processing of their Personal Data.

If HGS requested, and a student/parent/legal guardian, as applicable, provided explicit consent for the processing of a student’s/parent’s/legal guardian’s Personal Data (or where a parent or legal guardian provided consent on a student’s behalf because he/she is under the age of 16) and HGS is processing the student’s Personal Data for “information society services” (as defined in the GDPR [generally, online services that a student/parent/legal guardian pays for]), the student (or his/her parent or legal guardian, as applicable) has the right (in certain circumstances) to withdraw that consent at any time. However, withdrawal of consent will not affect the lawfulness of the processing before such consent was withdrawn. If a student/parent/legal guardian would like more information about, or would like to exercise any of these individual rights, he/she may contact HGS’s Data Protection Officer (contact information below).

Questions/Concerns/Complaints:

If a student/parent/legal guardian has questions, concerns or complaints about how HGS is using a student’s/parent’s/legal guardian’s Personal Data, HGS may be able to resolve such complaints, and HGS requests that the student/parent/legal guardian, as applicable, contact its Data Protection Officer. Students/parents/legal guardians also have the right to lodge a complaint with the applicable Supervisory Authority if a student/parent/legal guardian believes that HGS has not complied with the requirements of the GDPR with regard to a student’s/parent’s/legal guardian’s Personal Data, or if a student/parent/legal guardian is not happy with the response a student/parent/legal guardian receives from HGS regarding a student/parent/legal guardian complaint.

Relevant HGS Contacts:

HGS may be “controller” and also may be a “processor” (as those terms are used in the GDPR) of Personal Data of students/parents/legal guardians for the purposes of the GDPR.

The Data Controller, under the GDPR is HGS. The Data Protection Officer, under the GDPR responsible for the safety obligations related to the automatic processing of Personal Data of students/parents/legal guardians, is HGS’s Chief Information Officer. The form to contact the Data Protection Officer can be accessed using the following link DATA-PROTECTION-OFFICER.

Other inquiries may be addressed to:
Hudson Global Scholars, LLC
Attn: Chief Information Officer/Chief Academic Officer
7151 Columbia Gateway Drive, Suite C
Columbia, Maryland 21046


Catholic Virtual™, a division of Hudson Global Scholars, LLC European Union General Data Protection Regulation (GDPR) Consent Notice For Individuals Located in the European Economic Area This Consent Notice (“Notice”) is being provided in accordance with the provisions of the European Union General Data Protection Regulation [Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data”], describes how Personal Data of students/parents/legal guardians will be processed by Catholic Virtual (“CV”), a division of Hudson Global Scholars, LLC in its capacity as Data Controller, pursuant to Article 12 of the GDPR, and explains Your rights with regard to such Personal Data.

Definitions:

Consent under the GDPR - any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.

Data Controller - the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Educational Services – includes educational programs, products, and services, including courses, supplied by HGS.

GDPR – the European Union General Data Protection Regulation [Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data”].

HGS – includes Hudson Global Scholars, LLC, its Divisions and its K-12 educational affiliates.

Personal Data - any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing - any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Sensitive Personal Data – Personal Data that may put a Data Subject at risk of unlawful discrimination, including but not limited to racial or ethnic origin, political opinions, and religious or philosophical beliefs. You - as used in this Notice, “You” means the student on his/her own behalf, the student’s parents/legal guardians on behalf of the student (for students under the age of 16); and the parent/legal guardians on their own behalf.

Image

Learn How Catholic Virtual Can Partner with Your School

Learn how Catholic Virtual can help your school deliver high-quality online education designed for Catholic schools.
Partner With Us

Let Us Help You

We can help you find the right online learning solution for your school or family. Complete this form and we will contact you right away.

Or, Contact Us by Phone

U.S.: 1-772-783-1178
Int'l: 1-772-293-9657

Image

Let Us Help You

We can help you find the right online learning solution for your school or family. Complete this form and we will contact you right away.

Or, Contact Us by Phone

U.S.: 1-772-783-1178
Int'l: 1-772-293-9657

Image

    Fill out the form below:

    We promise to keep your information private. By providing your telephone number and submitting this form, you are consenting to be contacted by SMS text message. Message & data rates may apply. You can reply STOP to opt-out of further messaging.

    Accreditations and affiliations ensuring a world-class online and blended education

    ImageImage