CCCU complies with FERPA, which is a federal U.S. law that protects the privacy of student educational records, as well as any applicable state privacy laws related to the protection of student information. FERPA requires that, in certain circumstances, U.S. schools that receive certain federal funds obtain prior written consent from an eligible student or the parent or guardian of an eligible student before disclosing educational records regarding such student (“Educational Records”) to third parties. FERPA gives parents certain rights with respect to their children’s education records. Those rights transfer to the student (“Eligible Student”) when he/she reaches the age of 18 or attends a school beyond the high school level.
- Parents or Eligible Students have the right to inspect and review the student’s Educational Records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or Eligible Students to review the records. Schools may charge a fee for copies.
- Parents or Eligible Students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or Eligible Student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent/Eligible Student has the right to place a statement with the record setting forth his/her view about the contested information.
- Generally, schools must have written permission from the parent/Eligible Student to release any information from a student’s Educational Record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR §99.31):
- School officials with legitimate educational interest;
- Other schools to which a student is transferring;
- Specified officials for audit or evaluation purposes;
- Appropriate parties in connection with financial aid to a student;
- Organizations conducting certain studies for or on behalf of the school;
- Accrediting organizations;
- To comply with a judicial order or lawfully issued subpoena;
- Appropriate officials in cases of health and safety emergencies; and
- State and local authorities, within a juvenile justice system, pursuant to specific State
Schools may disclose, without consent, “directory” information such as a student’s name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents/eligible students about directory information and allow parents/eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents/eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.
- If CCCU receives a written request from a parent or Eligible Student to access the record they wish to inspect, CCCU will forward the request to the Institution to whom the records belongs. Within 30 days of the request, CCCU will provide the record to the institution, who can confirm the parent or Eligible Student’s identity and provide them access to the records. CCCU is not responsible for the disclosure of requested documents; that is the responsibility of the institution.
- If CCCU receives a written request from a parent or Eligible Student to make an amendment of the student’s education records that the parent or Eligible Student believes are inaccurate, misleading, or otherwise in violation of the student’s privacy rights under FERPA, CCCU will forward the request to the institution to whom the record belongs within 15 days of receipt. CCCU has no further responsibilities with respect to the request.
USERNAMES AND POSTINGS
Comments or other information posted by you to our forums, wikis or other areas of the Site designed for public communications or communications among registered class members may be viewed and downloaded by others who visit the Site. For this reason, we encourage you to use discretion when deciding whether to post any information that can be used to identify you to those forums (or other public or class-wide areas).
CONSENT TO PROCESSING OUTSIDE HOME COUNTRY
If you do not agree with these terms, then please do not access, browse, or register for the Site. If you choose not to provide us with certain information required to provide you with various Services offered on our Site, you may not be able to establish a user account and we may not be able to provide you with those Services.
We endeavor to limit the collection of Personal Information to what we need with respect to specific Site activities in order to satisfy business, legal, or regulatory requirements. CCCU does not currently collect financial information from you.
INFORMATION WE COLLECT AND HOW WE USE IT
We collect information, including Personal Information (described above), when you sign up for a user account, participate in online courses, send us email messages and/or participate in our public forums. We also collect certain usage information about student performance and patterns of learning. In addition, we track information indicating, among other things, which pages of our Site were visited, the order in which they were visited, when they were visited and which hyperlinks and other user interface controls were used.
We may log the IP address, operating system, and browser software used by each user of the Site, and we may be able to determine from an IP address a user’s Internet Service Provider and the geographic location of his or her point of connectivity. Various web analytics tools are used to collect this information. Some of the information is collected through cookies (small text files placed on your computer that store information about you, which can be accessed by the Site). You should be able to control how and whether cookies will be accepted by your web browser. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookies, many functions and conveniences of this Site may not work properly.
USE AND DISCLOSURE TO THIRD PARTIES
Among other things, we and the educational institutions and other leading global members that provide courses through CCCU (the “Members”) may use the information about you collected through the Site (including your Personal Information) in connection with the following. In cases where we share or disclose your Personal Information: (1) the third party recipients are required to handle the Personal Information in a confidential manner and to maintain adequate security to protect the information from loss, misuse, unauthorized access or disclosure, alteration, and destruction; and (2) we will only disclose and share the Personal Information that is required by the third party to fulfill the purpose stated at the time of collection. Stated purposes may include the following:
- To enable the Members to provide, administer, and improve the courses.
- To help us and the Members improve CCCU offerings, both individually (e.g., by course staff when working with a student) and in aggregate, and to individualize the experience and to evaluate the access and use of the Site and the impact of CCCU on the worldwide educational community.
- For purposes of scientific research, particularly, for example, in the areas of cognitive science and education.
- For the purpose for which you specifically provided the information, for example, to respond to a specific inquiry or provide you with access to the specific course content and/or services you select.
- To track both individual and aggregate attendance, progress and completion of an online course, and to analyze statistics on student performance and how students learn.
- To monitor and detect violations of any CCCU policies (such as honor codes) as well as other misuses and potential misuses of the Site.
- To publish information, but not Personal Information, gathered about CCCU access, use, impact, and student performance.
- To send you updates about online courses offered by CCCU or third party content providers, other events, to send you communications about products or services of CCCU, CCCU affiliates, or selected business partners that may be of interest to you, or to send you email messages about Site maintenance or updates.
- To archive this information and/or use it for future communications with you.
- To maintain and improve the functioning and security of the Site and our software, systems, and network.
- As otherwise described to you at the point of collection or pursuant to your consent.
We will share information we collect with the Members, and we and the Members may share this information (including Personal Information) with third parties as follows:
- With service providers or contractors that perform certain functions on our or the Members’ behalf, including processing information that you provide to us on the Site, processing purchases via third party providers, and other transactions through the Site, operating the Site or portions of it, providing or administering courses, or in connection with other aspects of CCCU or Member services.
- With other visitors to the Site, to the extent that you submit comments, course work, or other information or content (collectively, “Postings“) to a portion of the Site designed for public communications; and with other members of the CCCU class of which you are a member, to the extent you submit Postings to a portion of the Site designed for viewing by those class members. We may provide your Postings to students who later enroll in the same classes as you, within the context of the forums, the courseware, or otherwise. If we do re-post your Postings originally made to non-public portions of the Site, we will post them without your real name and e-mail (except with your express permission), but we may use your username without your consent.
- For purposes of scientific research, particularly, for example, in the areas of cognitive science and education. However, we will only share Personal Information about you for this purpose to the extent doing so complies with applicable law and is limited to the Personal Information required to fulfill the purposes stated at the time of collection.
- As otherwise described to you at the point of collection or pursuant to your consent.
- For integration with third party services. For example, videos and other content may be hosted on YouTube and other websites not controlled by CCCU.
In addition, we may share aggregated information that does not personally identify you with the public and with third parties, including but not limited to researchers and business partners.
LINKS TO OTHER WEBSITES
CCCU has a program designed to protect Personal Information in its possession or control. This is done through a variety of privacy and security policies, processes, and procedures, including administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Personal Information that it creates, receives, maintains, or transmits. Nonetheless, no method of transmission over the Internet, or method of electronic storage, is 100% secure; and therefore, CCCU cannot guarantee its absolute security.
CCCU programs are not available to individuals under 18. We do not knowingly collect personal information from children under 18. If we become aware that an individual under 18 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us using the contact information below.
If you have privacy concerns, have disclosed data you would prefer to keep private, or would like to access the information we maintain about you, please contact us at [insert email address].
GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
CCCU is committed to safeguarding the privacy of all personal data provided by students, employees, alumni, and other constituents, as well as contractors (collectively “data subjects”).
Effective May 25, 2018, the European Union (“EU”) General Data Protection Regulation (“GDPR”) placed additional obligations on organizations that control or process personally identifiable information about persons in Europe. The GDPR is designed to protect the privacy of data concerning a natural person that is collected or processed in or transferred out of the EU, and to regulate the data privacy practices of entities that offer goods or services in the EU. In its capacity as a data controller, CCCU collects, uses, and discloses data subjects’ information according to the following policy.
The GDPR applies to entities both inside and outside the EU. In addition, the regulations apply to data about anyone present in the EU, regardless of whether they are a citizen or permanent resident of an EU country; for example, GDPR includes U.S. persons when their personal data is collected, stored and used in the EU or transferred from the EU.
The GDPR defines “personal data” as follows:
“…any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (including information that is manually or automatically read, such as an IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
This policy describes CCCU’s measures to manage and protect personal data that may be subject to the GDPR.
CATEGORIES OF DATA
To provide services to students and employees, administer its programs, and perform contractual obligations, CCCU may collect, process, and transfer various types of personal data, including but not limited to: name; application information; attendance; academic records; employment records; contact information, including phone numbers, email addresses, and mailing addresses; and date of birth.
The GDPR requires personal data to be processed lawfully, fairly and in a transparent manner, limited only to the data which is necessary, maintained for accuracy, stored only for the length of time required or needed, and safeguarded for unauthorized disclosure. Processing includes performing a task with the personal data such as collection, recording, storage, alteration, retrieval, disclosure by transmission, dissemination, or otherwise making the data available.
The legal bases under the GDPR which permit CCCU to collect and process personal data include, but are not limited to, the following: (1) the data subject has given consent to the processing for a specific purpose; (2) the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which CCCU, as controller of the data, is subject; (4) the processing is necessary in order to protect the vital interests of the data subject or another natural person, (5) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in CCCU; or (6) processing is necessary for the legitimate interests pursued by CCCU or by a third party, except where such interests are overridden by the interest of the fundamental rights and freedoms of the data subject which require protection of the personal data.
SPECIAL CATEGORIES OF DATA
Personal data revealing ethnic origin, health, criminal convictions and offenses, and certain other sensitive matters (collectively, “Sensitive Data” as defined by the GDPR) may be requested by CCCU. With the exception of criminal convictions, data subjects are not obligated to provide Sensitive Data and do so on a voluntary basis. CCCU makes every effort to process Sensitive Data only with data subjects’ consent. In some circumstances, health information may be required under state or federal law in order for CCCU to provide services, or in the interest of public health and safety. Subject to the above limitations, data subjects may revoke their consent regarding Sensitive Data at any time.
DATA SUBJECT RIGHTS
Subject to limitations established by legal requirements, CCCU Policies, and regulatory guidelines, data subjects have the right to:
- Access their personal data that we process;
- To rectify inaccuracies in personal data that we hold about them;
- To have their details removed from systems that we use to process their personal data;
- To restrict the processing of their personal data in certain ways;
- To obtain a copy of their personal data in a commonly used electronic form;
- To object to certain processing of their personal data by us; and
- To request that we stop sending them direct marketing communications.
CCCU will act to fulfill such rights as promptly and as fully as possible.
When necessary to conduct its functions, CCCU may transfer personal data outside of the EU and may share personal data with third party organizations within and outside of the EU. Where we share personal data, we will require that there are appropriate safeguards in place to protect the personal data. Safeguards include but are not limited to: requiring third parties to be members of the U.S. Privacy Shield, data security contract provisions, and anonymization of data.
RETENTION OF PERSONAL DATA
Personal data will be retained by CCCU in accordance with applicable federal and state laws, regulations, and accreditation guidelines, as well as CCCU policies. Personal data will be destroyed when no longer required for CCCU services and programs, upon request or after the expiration of any applicable retention period, whichever is later. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of information given the level of sensitivity, value and critical importance to CCCU.
In the event that there is a data breach involving covered personal data of students, employees, alumni, or venders, CCCU will notify the appropriate supervisory authorities within 72 hours, where feasible, after becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of data subjects. Furthermore, CCCU will also notify individual data subjects of a data breach regarding their personal data if the breach is likely to result in a high risk to their rights and freedoms. The notification to data subjects will include the nature of the breach and recommended steps the data subject should take in order to mitigate potential adverse effects. Initial notification may be general in nature and supplemented as additional information becomes known.
Date of last update: January 6, 2021