Kaskaskia College (KC) is a U.S.-based institution of higher learning offering credit and non-credit programs, curriculum content, and services in a traditional campus setting and through our website (collectively, the “Services”). This Privacy Statement describes the types of personal data that KC collects through this website (the “Site”), how this data is used and shared, and users’ choices concerning these data practices. Personal data means any information about a user from which that user can be identified (“Personal Data”). This Privacy Statement does not apply to any third-party sites not operated or controlled by KC, even if such sites are linked to this Site.

By providing KC with Personal Data or using KC’s Services, users agree to the data protection practices described in this Privacy Statement. If a user does not agree to this Privacy Statement, such user should not access or use KC’s Services.

Additional or different practices may apply to data collected from participants in KC-involved research studies or surveys governed by a KC Institutional Review Board, if applicable. Participants in research studies will be provided with an informed consent form, which may describe the additional or different data practices that will apply to the study and may supersede the practices set out in this Privacy Statement.

Collection of Personal Information From Site Users

KC automatically collects and/or tracks (a) the home server domain names, email addresses, type of end-user device, and type of Web browser of users to KC's this Site, (b) the email addresses of users that communicate with KC via email, post messages to KC's bulletin boards, or post messages to KCs chat groups, (c) information knowingly provided by the user in online registration forms, and (d) user-specific information on what pages users access.

KC and affiliated third parties may place Internet cookies and other technologies (i.e., tracking pixels, web beacons, etc.) on users' hard drives. These technologies can save the users' names, passwords, usernames, screen preferences, the pages of this Site that are viewed by the user, and the advertisements that are viewed or clicked by the user. When the user revisits this Site, KC and affiliated third parties will recognize the user by the Internet cookie and customize the user's experience accordingly. Internet cookies and other tracking technologies are stored on the user's hard drive and are not stored, in any form, by KC. However, KC may not have access or control over cookies and other features used by third parties, and the information practices of those third parties are not covered by this Privacy Statement. Users may decline the Internet cookie by using the appropriate feature of their Web client software, if available.

Depending on the Services utilized, KC may collect Personal Data that is voluntarily provided when inquiring about admission to KC or financial aid, enrolling in one of KC’s programs or courses, applying or being hired to work at KC, or participating in fundraising or community activities. This data may include:

• Name, title, age, and date of birth
• Part or all of Social Security Number, Tax Identification Number, Visa information, or other identification information as required by law for applicants for admission and financial aid, employees, or for validation purposes
• Student or Employee I.D. Number
• Contact information including address, city, state, postal code, country of residence and citizenship, email address, home, cellular and other contact telephone number(s)
• Emergency contact information (names, phone numbers, and email addresses)
• Academic credentials and records
• Photographs, video images, and likeness
• Records of communications between the user and KC
• Other information pertinent to specific interests and activities at KC

KC may collect other information to maintain or manage KC systems, diagnose problems, assist with a help request, or inform investigations. KC also collects information users choose to provide to KC when any “free text” box is completed in its forms.

KC asks that users not provide sensitive information, such as racial or ethnic origin, political opinions, religion, or criminal background unless specifically requested and express consent obtained.

Use Of Personal Data Collected

Personal data collected by KC will be used by KC for editorial and feedback purposes, marketing and promotional purposes, a statistical analysis of users' behavior, product/services development, and content improvement to inform advertisers as to how many users have seen or clicked on their advertisements, and to customize content and layout of KC's Site.Data on users' home servers is aggregated for internal review and then discarded. Names, postal and email addresses, and phone numbers collected may be added to KC's databases and used for future calls and mailings regarding Site updates, security notifications, new classes or services, and upcoming events.

Certain privacy laws require that KC set out the lawful grounds on which it relies to collect, use, disclose, and otherwise process Personal Data. To the extent such laws apply, in general, KC’s lawful basis to collect, use, disclose, maintain, and otherwise process Personal Data is to provide or prepare to provide Services to users. Depending on the Services utilized, examples of KC’s specific, lawful purpose(s) may include:

• To process applications for admission to KC, employment, and enrollment in courses and programs
• To fulfill public safety obligations to our faculty, staff, and students
• To deliver and administer students’ education, record the details of studies (including any placements with external organizations for internships or coursework taken at another institution), and determine/confirm academic achievements (e.g., results, prizes)
• To provide facilities and resources (e.g., IT, sport, libraries, accommodation, career counseling)
• To operate security, governance, disciplinary (including plagiarism and academic misconduct), complaint, audit and quality assurance processes and arrangements
• To support training, medical, safety, welfare, and religious requirements
• To compile statistics and conduct research for internal and statutory reporting purposes
• To fulfill and monitor KC responsibilities under EEO, immigration, and public safety legislation
• To administer HR-related processes, including those relating to payroll, benefits administration, performance/absence management, disciplinary issues, and complaints/grievances
• To notify KC-designated emergency contact(s) of an emergency or crisis that may affect the College community
• To prevent fraud or criminal activity, misuses of KC Services, and ensure the security of KC IT systems, architecture, and networks
• To (a) comply with legal and contractual obligations and legal processes, (b) respond to requests from public and government authorities, (c) enforce KC terms and conditions, (d) protect KC operations, (e) protect rights, privacy, safety or property, and/or that of KC or others; and (f) allow KC to pursue available remedies or limit the damages that it may sustain
• To perform tasks in the public interest to promote access to higher education and to inform prospective students, parents, and the public of the educational opportunities at KC

Sharing and Disclosure of Personal Data

KC may share Personal Data outside KC in the following circumstances:

• Vendors and Service Providers: To assist KC in business operations needs and to perform certain services, Personal Data may be shared with third-party providers of hosting, email communication and support services, analytics, marketing, advertising, employee background checks, administrative and technical services (including Amazon Web Services and Google in the United States, both certified to the Privacy Shield), providers of recruitment models, providers of degree verification services and electronic transcript for delivery. Following KC’s instructions, these parties may access, process, or store Personal Data while performing their duties for KC. They are contractually prohibited from using or sharing Personal Data provided by KC for any purpose other than providing their services.
• If required to do so by law pursuant to valid legal process, applicable regulation, or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend rights or property of KC or others (iii) act in urgent circumstances to protect personal or public safety, or (iv) protect KC against legal liability.

KC may share Personal Data within KC in the following circumstances:

• For the purposes described in this Privacy Statement, notably for delivery, personalization, and improvement of Services at KC.
• To satisfy local, state, and federal laws and regulations or further KC’s legitimate interests in providing and improving services.
• To further the advancement of knowledge through research and academic pursuits and providing employment opportunities.

Cookies

Most web browsers include a “help” section on the toolbar. Please refer to this section in your web browser for information on how to get notified when you receive a new cookie and how to turn cookies off. Please note that if a user rejects, turns off, or blocks cookies, some parts of this Site may not function correctly. Also, blocking cookies will not stop third parties from collecting IP addresses, data stored in “Flash” cookies, and certain other types of technical information that may uniquely identify users’ browsers.

Digital Marketing

Users can control whether companies serve online behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: https://www.aboutads.info/choices. The DAA opt-out requires that cookies not be blocked in a user’s browser. If located in the European Union, visit the European Interactive Digital Advertising Alliance’s Your Online Choices opt-out tool.

As an alternative to the DAA opt-out, users can also elect to block browser cookies from first parties (such as those from the KC Site) and browser cookies from third parties (such as advertisers) by using the cookie-blocking options built into your browser software. Note that some third parties involved in advertising operations may maintain their own proprietary consumer databases that allow them to personally identify or track website users. Other third parties have proprietary technologies to determine what additional devices users may use and where they can display relevant advertisements.

Security

KC takes reasonable administrative and technical steps to protect data, including Personal Data, from loss, misuse, and unauthorized access. Refer to other policies as needed.

Retention

KC will retain Personal Data as needed pursuant to the legitimate purpose(s) identified in this Privacy Statement (KC policies) and applicable law.

Changes To Privacy Statement and Right To Contact User

KC reserves the right to change these Terms of Use and this Privacy Statement at any time by notifying users of the new or revised Privacy Statement. As allowed by law, KC reserves the right to contact Site users regarding account status and changes to these Terms of Use, this Privacy Statement, other KC privacy policies and procedures, or any other policies or agreements relevant to Site users.

Users Located in The European Union

Users located in the European Union are also directed to the Supplemental Statement for Users in the European Union, which sets out specific rights related to Personal Data and should be read together with this Privacy Statement and Terms of Use.

Supplemental Statement for Users in The European Union

In addition KC’s Privacy Statement describing what Personal Data KC collects from users and why and how this data is used, this Supplemental Statement describes additional rights provided to users of the Site from locations in the European Union (“EU”) (for these purposes, reference to the European Union or EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway) (“EU Users”) and should be read together with KC’s Privacy Statement and Terms of Use.

Rights of EU Users

Subject to EU law, and specifically the General Data Protection Regulation (“GDPR”), EU Users may have the following rights in relation to Personal Data:

• Right of access: If requested, KC will confirm whether it processes an EU User’s Personal Data and, if so, provide a copy of that Personal Data along with certain other details. If additional copies are required, KC may charge a reasonable fee.
• Right to rectification: If Personal Data is inaccurate or incomplete, EU Users may ask that KC correct or complete it. If KC shares such Personal Data with others, and if requested, where possible and lawful to do so, KC will also tell EU Users with whom it shared such Personal Data so EU Users can contact them directly.
• Right to erasure: EU Users may request erasure of Personal Data in some circumstances, such as where KC no longer needs it or if an EU User withdraws consent. If KC shares such Personal Data with others, KC will alert them to the need for erasure where possible. If requested, and where possible and lawful to do so, KC will also tell EU Users with whom it shared such Personal Data so EU Users can contact them directly.
• Right to restrict processing: EU Users may request to restrict or ‘block’ the processing of their Personal Data in certain circumstances, such as where an EU User contests the accuracy of the data or objects to KC processing it. KC will inform such EU users before any restriction on processing is lifted. If KC shares such Personal Data with others, KC will tell them about the restriction where possible. If requested, and where possible and lawful to do so, KC will also tell EU Users with whom it shared such Personal Data so EU Users can contact them directly.
• Right to data portability: EU Users have the right to obtain their own Personal Data from KC. KC will provide Personal Data in a structured, commonly used, and machine-readable format.
• Right to object: EU Users may request that KC stop processing their Personal Data.
• Rights in relation to automated decision-making: EU Users have the right to be free from decisions based solely on the automated processing of their Personal Data unless this is necessary in relation to a contract or EU Users provide explicit consent to this use.
• Right to withdraw consent: EU Users have the right to withdraw that consent at any time, but this will not affect any processing of data that has already occurred.
• Right to lodge a complaint with the data protection authority: If EU Users have a concern about KC’s privacy practices, including the handling of their Personal Data, EU Users can report it to the data protection authority that is authorized to hear those concerns.

Rights Request

EU Users may request access to and removal of information and records pertaining to such EU Users stored in KC systems. EU Users may exercise these rights by contacting KC at privacy@kaskaskia.edu.

KC requires that such requests be made in writing and include the following information:

• EU User’s name and role (e.g., applicant, student, or employee);
• contact information, including email and postal addresses;
• the item(s) of information the EU User wishes to access or remove, including, if known, the URL or the location of data to be removed; and
• the reason for requesting access to, or removal of, the information.

There are some instances where KC may deny a request to remove information. For example, KC may decline to remove the following types of information, including, but not limited to:

• information required to be maintained by KC as part of student or employment records, pursuant to local, state, or Federal law or regulation, or in the performance of contractual obligations
• information compiled in reasonable anticipation of, or for use in a civil, criminal, or administrative action or proceeding

If a request is denied, KC will send a written explanation explaining the reason for the denial and a notification of the EU User’s right to file a written statement of disagreement. KC may also provide a right to have the denial reviewed. If KC is unable to act within the time under applicable law, KC will provide notification of the delay and the date by which KC will complete action on the request.

Exercising these rights is a guarantee of being afforded a process and not a guarantee of an outcome.