Westmont College European Union General Data Protection Regulations Privacy Notice
Westmont College is committed to safeguarding the privacy of its website visitors and registered users of its various servers. This notice informs you how we as the data controller will treat your personal data when we act as controller or processor of your data when it is governed by the European Union General Data Protection Regulation (GDPR).
Information We Collect and Process
Westmont collects information related to you and your identity (personal data). By “processing”, we mean the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of this information whether or not by automated means. Westmont stores the personal data it collects and processes that is essential for its operations for an indefinite period; and engages in the routine review of the stored data to determine the non-essential data that may be permanently deleted from its servers. Personal data Westmont collects and processes includes but is not limited to:
- Personal information: your name; username or sign-on details; password; areas or topics of interest; and photograph (if you or another user posts a photo on the Service).
- Demographic information: gender; age/date of birth; nationality; salutation; job title, company information, education, work experience and other professional information; and language preferences.
- Contact information: postal address; telephone and/or mobile number; and email address.
- Consent records: time-stamped records of any consents you may have given, together with means of consent and any related information (e.g., the subject matter of the consent).
- Purchase and payment details: records of purchases and prices; invoice records; payment records; billing address; payment method; cardholder or accountholder name; payment amount; and payment date.
- Enrollment details: where you interact with us in your capacity as a student, your student identification number, courses taken and grades, academic standing, class rank, enrollment level.
Lawful Grounds upon Which Westmont May Process Personal Data
Westmont may process your personal data on any of the following lawful grounds:
- Contractual Necessity: when processing is necessary for the performance of a contractual obligation
- Legal Obligation: when necessary for the fulfillment of our legal obligations
- Vital Interests: when necessary to protect your vital interests or the vital interests of another individual
- Public Interests: when necessary to protect the public interest or to perform a task on behalf of the public interest or in the exercise of any institutional official authority
- Legitimate Institutional Interests: when necessary for any legitimate interest of the institution except where your interests or fundamental rights override those legitimate interests (especially if you are a minor)
- Consent: when you provide explicit consent to the processing of your personal data for one or more specific purposes
Cookies and Other Tracking Technologies We Use
We May Share Collected Information About You
We may disclose your information to other entities for legitimate institutional purposes including operating College services and providing services to you, in accordance with applicable law. In addition, we may disclose your information to:
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- outside professional advisors (such as accountants, auditors, or lawyers), subject to binding contractual obligations of confidentiality;
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security;
- any relevant third party provider, where we use third party advertising, plugins or content; and
This policy covers information collected through the following websites and mobile applications with whom the college has existing third party agreements including but not limited to the following categories:
- Collaboration, email, and productivity applications
- Customer Relationship Management
- Emergency alerting systems
- Event management systems
- Learning Management
- Reporting tools
- Social media systems
- Student Information Systems
Security of Collected Information
The Westmont Plan for the Security of Confidential Information describes precautions we take to prevent loss, misuse or alteration of your personal data. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet. We will store all the personal data you provide or that we collect about you on secure servers.
You are responsible for keeping your passwords confidential.
Transfers of Collected Information
We are located in the United States. By submitting your personal data via any Westmont web site or various servers and software systems, you transfer your personal data to us. Westmont and data processors it contracts operate secure data networks protected by industry standard firewall and password protection systems. Only authorized individuals have access to the information you provide. All security and privacy policies are periodically reviewed and enhanced as necessary.
You Have Rights Associated with Your Information
Data Rectification - You are entitled to have any inadequate, incomplete or incorrect personal data corrected (that is, rectified).
Data Access - You have the right to request access to your personal data (including receiving a copy thereof) as well as additional information about the processing.
Right to Revoke Consent - If we ever process your personal data on the lawful ground of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Data Portability – if ever we rely (as the lawful ground for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party (such as your employment contract), and the personal data is processed by automatic means, you have the right to receive all such personal data which you have provided us in a structured, commonly used and machine-readable format, and also to require that it be transmitted to another controller where this is technically feasible.
Right to Erasure – You are entitled to have your personal data erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see “Lawful Grounds” above) or where personal data is unlawfully processed, provided that applicable law does not provide otherwise.
Right to Restriction of Processing – you have the right to restrict the processing of your personal data (that is, allow only its storage):
- where you contest the accuracy of the personal data, until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the personal data;
- where we no longer need your personal data for the purposes of the processing, but you require such personal data for the establishment, exercise or defense of legal claims; or
- where you have objected to processing justified on legitimate interest lawful grounds (see “Lawful Grounds” above), pending verification as to whether we have compelling legitimate grounds to continue processing.
Where your personal data is subject to restriction we will only process it with your consent or for the establishment, exercise or defense of legal claims.
Right to Object to Processing (including profiling) Based on Legitimate Interest Grounds – where we rely upon legitimate interests to process personal data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal data for the establishment, exercise or defense of legal claims, or applicable law requires otherwise.
Right to Object to Direct Marketing (including profiling) – you have the right to object to our use of your personal data for direct marketing purposes (including profiling).
Right to Lodge a Complaint - You have the right to lodge a complaint if you consider that the processing of your personal data violates applicable law.
To lodge a complaint or to exercise any of your rights with respect to your personal data processed by Westmont or if you have any questions about this GDPR Data Privacy Notice or our treatment of your personal data, please send us an email at:
or write us and send your correspondence by post to:
Westmont College Information Technology
c/o John Rodkey, Director of Servers and Networks
955 La Paz Road
Santa Barbara, CA 93018
We commit to resolve complaints about your privacy and our collection or use of your Personal Data.
Changes to this Notice