Effective Date: October 5, 2023
Introduction
Columbia Southern University (“CSU” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit the website columbiasouthern.edu (the “Website”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On the Website.
- In email and other electronic messages between you and the Website.
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
- Offline, in accordance with relevant law, including, but not limited to, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA”).
It does not apply to information collected by:
- Us offline or through any other means, including on any other website, application, or service operated by CSU or any third party, including our affiliates and subsidiaries; or
- Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using the Website, you agree to this Privacy Policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of the Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
Children
Our Website is not intended for children, as defined under applicable law. Children may not provide any information to or on the Website. We do not knowingly collect personal information from children. If we learn we have collected or received personal information from a child, we will delete that information. If you believe we might have any information from or about a child, please contact us at the email address identified in the Contact Information section.
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
- By which you may be personally identified, such as name, e-mail address, and other identifiers by which you may be contacted online or offline (“personal information”);
- About your internet connection, the equipment you use to access our Website, and usage details.
We collect this information:
- Directly from you when you provide it to us.
- Automatically as you navigate the Website. Information collected automatically may include usage details, IP addresses, device identifiers, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, including applicant tracking systems and hiring software providers, former employers, educational institutions, references, and any relevant agencies.
Information You Provide to Us
The information we collect on or through our Website may include:
- Information that you provide by filling in forms on our Website, including when you contact or chat with us, share your testimonial, request information, enroll in continuing education courses, register for events, submit a participant CEU request form, submit a continuing education event approval form, submit a transfer credit appeal form, submit a transcript request service and release form, submit a petition for exceptional case, submit an admission decision appeal, submit a transcript request form, apply for a scholarship, subscribe to our newsletter, refer a friend, update your contact information, submit a student release for education records, submit a request to revoke directory information release, submit a partner information request form, or submit a proctor agreement form. This information may include your name, telephone number, address, photo, email address, information related to hosting or attending a training session with CSU (including name of conference/course, student ID number, password, name of organization/company, event or program, location, all sessions you attended at the conference, certificate of completion, whether you are 18 years of age or older, program title, program contact, begin and end date, number of program meeting days, anticipated number of participants, number of instructional contact hours, program description/ learning objective, academic level, activity type, primary instructional format, funding source, instructor’s resume, description of course, copy of program brochure or flyer, program agenda, and program director’s signature), official transcript, certificates, reasons for transfer credit appeals, GPA, answers to scholarship essay questions, partner organization information (including organization name, title, partner type, staff size, and organization information), proctor information (including student name, student ID, phone number, and email address, and proctor name, last four digits of social security number, date of birth, title, rank (if active military), degree earned, school name, employer, business address, relationship to student, work phone number, business card, and signature), TriCare card, letter from military member’s command, copy of orders, whether you are a dependent or spouse of military personnel or public safety personnel (including relationship to military/public service member, military/public service member name, military/public service member employer or military branch, and military/public service member title), letter of recommendation (including name and email address of recommender), whether you are a volunteer responder (and, if yes, signed statement from the chief or someone at the department to whom you directly report, stating that you are currently a volunteer responder), whether you are a NVFC member, videos, military ID card, current enlistment/re-enlistment contract, statement of employment, copy of employment or membership ID card, membership verification letter, CSU learning partner affiliation, degree program, referral information (including the name and email address of the friend you are referring), photo ID, date of birth, high school/GED information (including dates attended, name of high school/testing center, city, state, and date earned diploma/GED), military branch and military transcript, institutional information (including school name, city, state, dates attended, degree earned, credits earned, and information related to online attendance), name while attending school, social security number, signature, area of interest, country of citizenship, date of birth, gender, ethnic affiliation (including whether you are Hispanic), marital status, maiden name, billing address, shipping address, guardian name, payment information (including payment method, card type, credit card number, name on card, and card expiration date), whether you are active military, a veteran, or retired from the U.S. military, student or alumni status, anticipated graduation year, employer, job title, company, the subject and content of your messages, and information related to any testimonials you provide.
- Information you provide when you create or use a myCSU account or apply for admission. This information may include your username, password, name, email address, mobile telephone number, degree level, area of interest, program, whether you are a U.S. citizen, date of birth, sex, marital status, maiden name, race, whether English is your primary language, state of residency, social security number, home address, country of citizenship, whether you are a nonresident alien of the United States, whether you received a high school diploma or general education diploma, name of high school, high school city and state, graduation date, GED city and state, GED certificate date, university name, dates attended, degree awarded, graduation date, and name as it appears on transcript, certificate name, date, and name as it appears on certificate, whether you are affiliated with the U.S. military, CSU partner/CSEG Alliance Organization, current employer, job title, how you heard about us, and whether an educational representative helped you (and, if so, which one).
- Information that you provide when you apply for employment with CSU. This information may include your resume, cover letter, name, email address, college transcript, telephone number, address, other names under which you have attended school or been employed, whether you are 18 years or age or older, whether you are currently employed at CSU (and, if yes, your current job title and department), whether you have ever been employed by CSU (and, if yes, your dates of employment and reason for leaving), whether you are related to any current CSU employee (and, if yes, their name and their relationship to you), whether you have a valid driver’s license (if required for the position), how you learned about this employment opportunity at CSU, whether you are eligible to work in the United States, whether you now or in the future require sponsorship for employment visa status, start date, what category of employment you prefer, which schedules you are available, whether you have been given a job description or had the essential functions of the job explained to you (and whether you understand these essential functions), whether you are able to perform the essential functions of the job with or without reasonable accommodation, educational information (including information related to institutions attended, whether you graduated (and, if no, the number of years left to graduate), degrees received, major, other credentials/ licenses/ professional affiliations, etc., which are relevant to the job(s) for which you are applying, work history (including job title, employer name, city, state, start date, end date, employment type, number of hours per week (if part-time), supervisor’s name, title, and telephone number, primary duties, and reasons for leaving), gender, ethnicity/race, veteran status, graduate credit hours, statement of teaching philosophy, military and volunteer commitments, signature, and any other documents you choose to upload.
- Your search queries on the Website.
- Records and copies of your correspondence (including email addresses), name, company name, telephone number, and how you heard about us, if you contact or chat with us.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your use of our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer, mobile device, and internet connection, including your IP address, operating system, browser type, and the device’s unique device identifier.
We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). For information on your choices for opting out of behavioral tracking on the Website and how we respond to web browser signals and other mechanisms that enable users to exercise choice about behavioral tracking, see Choices About How We Use and Disclose Your Information.
The information we collect automatically helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
The technologies we use for this automatic data collection may include:
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
- Web Beacons. Pages of the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit CSU, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, recording the popularity of certain Website content and verifying system and server integrity).
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications on the Website are served by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and devices and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Website and its content to you.
- To provide you with information, products, or services that you request from us.
- To understand how users interact with our Website and gauge user interest.
- To improve our Website and customize and optimize your experience.
- To conduct marketing and advertising activities.
- To collect and process applications for employment.
- To maintain the Website and troubleshoot problems.
- To fulfill any other purpose for which you provide it.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us.
- To notify you about changes to our Website or any products or services we offer or provide though it.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may also use your information to contact you about our own and third parties’ goods and services that may be of interest to you. If you do not want us to use your information in this way, please see Choices About How We Use and Disclose Your Information.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
We may disclose personal information that we collect or you provide as described in this Privacy Policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business, including: data analytics providers (including Lucky Orange; to opt out of being tracked by Lucky Orange technologies, please visit the Lucky Orange Privacy Statement, advertising networks, consumer reporting bureaus, chat feature providers, customer relationship management platforms, educational partners, HR and payroll solution providers, marketing platforms (including Constant Contact; for information about how Constant Contact uses personal information, please visit Constant Contact’s Data Notice, tag management systems, social networks (including links to our Facebook, Instagram, LinkedIn, and Twitter pages), technology providers, video sharing platforms (including YouTube; for more information about YouTube’s collection of information, see Google’s privacy policy, social bookmarking services (please note that we may share information with AddThis, including for the purposes specified in the Oracle privacy policy, and web mapping platforms (please note that CSU may include Google Maps features and content. Google Maps may collect users’ IP address, latitude and longitude coordinates, and search terms. For more information, please visit Google’s privacy policy.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of CSU’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by CSU about our users is among the assets transferred.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our agreements with you.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of CSU, our customers, or others.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We do not respond to Do-Not-Track signals at this time; however, we have enabled mechanisms to provide you with the following control over your information:
- Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of the Website may then be inaccessible or not function properly.
Google Analytics collects personal data through the Website, including through the use of cookies. For information about how Google Analytics collects and processes data, please visit Google's privacy and terms. To opt out of having your information used by Google Analytics, please visit Google Analytics Opt-out page. For more information, please visit Google’s privacy policy.
Additionally, third parties, including Google (through, for example, our use of Google Analytics Advertising Features, including Dynamic Remarketing), may place and read cookies on your browser, or use web beacons to collect information in connection with ad serving on or through the Website, including for the purposes of showing our ads on sites across the internet. Our partners will collect personal information for personalization of ads and may use first-party cookies or other first-party identifiers and third-party cookies and other third-party identifiers for personalized and non-personalized advertising and measurement. Ad serving may be based on users’ visits to our Website or other websites on the Internet, and your activity may be tracked over time and across websites. For information about how Google collects, shares, and uses data, please visit Google's privacy and terms. You can opt out of Google’s use of cookies or device identifiers by visiting the Google Ads Settings web page. For more information, please visit Google’s privacy policy. You can opt out of a third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.
Microsoft collects or receives personal information from our users or us to provide Microsoft Advertising (including through individual end user tracking and data sharing with third parties for advertising and marketing purposes). For more information, please visit the Microsoft Privacy Statement.
We use the Meta Pixel to analyze user activity on our Website for remarketing and behavioral targeting. The Meta Pixel is triggered when you perform certain activities on the Website and aids us in displaying Facebook ads to Facebook or Instagram users who have visited our Website, or Facebook or Instagram users who share certain characteristics with visitors to our Website. Meta and other third parties may use cookies, web beacons, and other storage technologies to collect information from the Website and from other internet websites and use that information for the purposes of targeting ads and providing measurement services. Meta may track your activity over time and across websites. For more information about the data Meta collects, please visit Meta’s privacy policy. For specific information about Meta Pixel, please visit About Meta Pixel. For more information about ad targeting and exercising your choice to opt out of the collection and use of information for ad targeting, please visit Facebook Help Center, or opt out using the WebChoices tool.
The Website also uses TikTok Business Products that involve TikTok's access to or storage of information on your device, including but not limited to the TikTok Pixel or other similar tracking technologies (such as access to data using pixels, cookies, APIs, SDKs, etc.) to collect information about how users use the Website. Information collected through such tools is used to provide measurement services and/or to target ads. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI's website. You can also visit the Digital Advertising Alliance’s website, to use its Consumer Choice Tools, or control the use of device identifiers by using your device’s settings.
We have also contracted with Yahoo to monitor certain pages of our Website for the purpose of reporting web traffic, statistics, advertisement “click-throughs,” and/or other activities on our Website. Where authorized by us, Yahoo may use cookies, web beacons, and/or other monitoring technologies to compile anonymous statistics about our Website visitors. However, if you choose, you may opt out from Yahoo’s collection of such information outside of the Yahoo distribution network, by clicking on the following link. - Promotional Offers from CSU. If you do not wish to have your information used by CSU to promote our own or third parties’ products or services, you can opt out by sending us an email stating your request to datasecurityofficer@columbiasouthern.edu. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions or click “unsubscribe” in the relevant communication. Please note that, even if you unsubscribe from certain email correspondences, we may still need to email you with information relating to important transactional or administrative information.
- Targeted Advertising. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads (including ads served using non-cookie technologies) from members of the NAI on the NAI's website.
- You can also visit the Digital Advertising Alliance’s website, to use its Consumer Choice Tools. Users in the European Union and United Kingdom ("UK") can visit the European Digital Advertising Alliance opt-out page.
California residents may have additional personal information rights and choices. Please see our CCPA Privacy Policy for more information. Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: datasecurityofficer@columbiasouthern.edu. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Accessing and Correcting Your Information
You may send us an email at registrar@columbiasouthern.edu to request access to, correct, or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
International Data Transfers
When you use the Website and provide information through the Website, we may transfer your information to a destination outside your jurisdiction, including to the United States. The United States has not received a finding of "adequacy" from the EU under Article 45 of the GDPR (or other analogous international data protection regulations, such as the UK GDPR). CSU relies on the safeguards set forth in Article 46 of the GDPR or derogations for specific situations set forth in Article 49 of the GDPR in order to transfer personal information across international borders.
Individuals in the European Economic Area ("EEA") and the UK may request a copy of applicable Article 46 agreements by contacting us at: datasecurityofficer@columbiasouthern.edu.
Your Rights
To the extent required by law, CSU provides you with:
- reasonable access to the personal information collected through the Website;
- the ability to review, correct, export, and delete such personal information; and the ability to restrict processing of your personal information, or object to its processing.
When the processing of your personal information is based on your consent, you have the right to withdraw your consent at any time, but this will not affect any processing we have already performed. If you withdraw your consent, refuse to provide certain information, or provide inaccurate information, you may not be able to access or utilize all of the features or content available on or through the Website, and we may not be able to fulfill your requests for products or information.
Please contact us using any of the methods identified in the Contact Information section if you would like to exercise your individual rights. We may need to obtain or confirm certain personal information in order to accommodate your request. We will not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Individuals in the EEA and UK: In addition to the above rights, you also have the right to lodge a complaint with a supervisory authority (EEA) or the Commissioner (UK) if you believe we have processed your personal information in a manner inconsistent with your privacy rights. We kindly request that you contact us first so that we may address your concern.
Data Security and Retention
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We retain your information for as long as needed: (i) to conduct business with you; (ii) as needed for the purposes outlined in this Privacy Policy; and (iii) as necessary to comply with our legal obligations, resolve disputes, and enforce any agreements.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you in accordance with applicable law. The date the Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.
Contact Information
To ask questions or comment about this Privacy Policy and our privacy practices, contact us at:
Columbia Southern University
c/o Data Security Officer
P.O. Box 3110
Orange Beach, AL 36561
or via email at: datasecurityofficer@columbiasouthern.edu
CCPA Privacy Policy
Last Updated: August 8, 2023
California Residents
The following disclosures are made pursuant to the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (“CCPA”). These disclosures supplement any privacy notices we previously or contemporaneously provided to you, including any California-specific privacy notice provided to you if you are an employee of CSU.
Right to Know
California residents have the right to be informed of the categories and specific pieces of personal information collected about them, including sensitive personal information, collected, used, and disclosed, the categories of sources from which that information is collected, whether that information is sold or shared, the categories of third parties to whom that information has been disclosed, the business or commercial purposes for collecting and using each category of personal information, and the intended retention period for each category of personal information.
The below chart reflects the categories of personal information we have collected from California residents during the past twelve months, the categories of sources from which the information was collected, the business or commercial purpose for which the information was collected, the categories of third parties to whom we disclosed that information, and our anticipated retention period for each category of information.
| Personal Information Category set forth in Cal. Civ. Code § 1798.140 | Source(s) of Personal Information Collection | Business or Commercial Purpose(s) for Collection/Use | Third Parties, Service Providers, and Contractors Receiving Personal Information Category | Retention Period |
|---|---|---|---|---|
| Personal identifiers, including real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, social security number, or other similar identifiers. | Directly from you; indirectly from you as you navigate or use our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers; educational institutions; relevant agencies; references. For job applicants: directly from you; applicant tracking systems and hiring software providers; former employers. |
Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you; perform analytics. For job applicants: Asses your application; satisfy legal obligations. |
Affiliates; data analytics providers; advertising networks; consumer reporting bureaus; chat feature providers; customer relationship management platforms; educational partners; HR and payroll solution providers; marketing platforms; tag management systems; social networks; technology providers; video sharing platforms; social bookmarking services; web mapping platforms. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| California Customer Records Personal Information (Cal. Civ. Code § 1798.80(e)), including name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, etc. | Directly from you; educational institutions; relevant agencies; references. For job applicants: directly from you; recruiters; applicant tracking systems and hiring software providers; former employers. |
Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you. For job applicants: Process your application; satisfy legal obligations. |
Affiliates; data analytics providers; advertising networks; consumer reporting bureaus; chat feature providers; customer relationship management platforms; educational partners; HR and payroll solution providers; marketing platforms; tag management systems; social networks; technology providers; social bookmarking services. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Characteristics of protected classifications under California or federal law. | Directly from you; indirectly from you as you navigate or use our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers; educational institutions; relevant agencies. For job applicants: directly from you; applicant tracking systems and hiring software providers. |
Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you; meet our legal obligations; perform analytics. | Affiliates; data analytics providers; advertising networks; consumer reporting bureaus; chat feature providers; customer relationship management platforms; educational partners; HR and payroll solution providers; marketing platforms; tag management systems; social networks; technology providers; video sharing platforms; social bookmarking services. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Directly from you; indirectly from you as you navigate or use our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers. | Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you; meet our legal obligations; maintain transaction records; perform analytics. | Affiliates; data analytics providers; advertising networks; chat feature providers; customer relationship management platforms; educational partners; marketing platforms; tag management systems; social networks; technology providers; video sharing platforms; social bookmarking services; web mapping platforms. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Biometric information. | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information about individual interactions with an Internet website, application, or advertisement. | Indirectly from you as you navigate or use our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers. | Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; verify, maintain, improve, upgrade, or enhance a service or device that is owned or controlled by us; identify and repair errors; advertise or marketing to you; perform analytics. | Affiliates; data analytics providers; advertising networks; chat feature providers; customer relationship management platforms; marketing platforms; tag management systems; social networks; technology providers; video sharing platforms; social bookmarking services; web mapping platforms. | Barring any legally required additional retention period, up to two years. |
| Geolocation data | Indirectly from you; devices you use to access our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers. | Protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you. | Affiliates; data analytics providers; advertising networks; marketing platforms; tag management systems; social networks; technology providers; video sharing platforms; social bookmarking services; web mapping platforms. | Barring any legally required additional retention period, up to one year. |
| Sensory data including audio, electronic, visual, thermal, olfactory, or similar information. | Directly from you. | Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you. | Affiliates; educational partners; technology providers. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Professional or employment-related information. | Directly from you; data analytics providers; social networks; advertising networks; educational institutions; relevant agencies; references. For job applicants: directly from you; applicant tracking systems and hiring software providers; former employers. |
Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you. For job applicants: Process your application. |
Affiliates; data analytics providers; advertising networks; consumer reporting bureaus; chat feature providers; customer relationship management platforms; educational partners; HR and payroll solution providers; marketing platforms; tag management systems; social networks; technology providers; social bookmarking services. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. For job applicants: Barring any legally required additional retention period, up to 1 year for non-hired applicants. |
| Non-public education information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 C.F.R. Part 99) | Directly from you; educational institutions; relevant agencies; references. For job applicants: directly from you; applicant tracking systems and hiring software providers; former employers. |
Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors; advertise or market to you. For job applicants: Process your application. |
Affiliates; data analytics providers; advertising networks; consumer reporting bureaus; chat feature providers; customer relationship management platforms; educational partners; HR and payroll solution providers; marketing platforms; tag management systems; social networks; technology providers; social bookmarking services. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. For job applicants: Barring any legally required additional retention period, up to 1 year for non-hired applicants. |
| Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Indirectly from you; devices you use to access our Website; data analytics providers; social networks; advertising networks; internet or mobile service providers. | Advertise or market to you; perform analytics; maintain, improve, upgrade, or enhance a product or service. | Affiliates; data analytics providers; advertising networks; customer relationship management platforms; marketing platforms; tag management systems; social networks; technology providers; social bookmarking services. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Sensitive Personal Information Category as set forth in Cal. Civ. Code § 1798.140 | Sources from which Information was Collected | Purposes for Collection; Use | Third Parties, Service Providers, and Contractors Receiving Personal Information | Retention Period |
|---|---|---|---|---|
| Social security number, driver’s license number, state identification card, or passport number. | Directly from you; applicant tracking systems and hiring software providers. | Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors. For job applicants: Process your application; fulfill our legal obligations. |
Affiliates; educational partners; technology providers. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. For job applicants: Barring any legally required additional retention period, up to 1 year for non-hired applicants. |
| Account access credentials (user names, account numbers, or card numbers combined with required access code, security code or password to access an account). | Directly from you; indirectly from you as you navigate or use our Website; internet or mobile service providers. | Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors. | Affiliates; technology providers. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. |
| Precise geolocation (location within a geographical area of a circle with a radius of 1850 feet or less). | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Racial or ethnic origin. | Directly from you; applicant tracking systems and hiring software providers. | Provide you with our Website; communicate with you; protect and secure our environment; verify, maintain, improve, upgrade, or enhance a product or service; identify and repair errors. For job applicants: Process your application; fulfill our legal obligations. |
Affiliates; technology providers. | The length of your business relationship with us plus any legally required additional retention period for this category of personal information following conclusion of your business relationship with us or until no longer required for institutional processing purposes. For job applicants: Barring any legally required additional retention period, up to 1 year for non-hired applicants. |
| Religious or philosophical beliefs. | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Union membership. | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Genetic Data. | We do not collect. | We do not collect. | Not applicable. | Not applicable. |
| Mail, email, or text messages where the content is not directed to us. | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Unique identifying biometric information. | We do not collect. | Not applicable. | Not applicable. | Not applicable. |
| Personal information collected and analyzed concerning health. | We do not collect. | We do not collect. | Not applicable. | Not applicable. |
| Personal information collected and analyzed concerning sex life, or sexual orientation. | We do not collect. | We do not collect. | Not applicable. | Not applicable. |
Right to Limit Use and Disclosure of Sensitive Personal Information
We do not collect or process sensitive personal information for the purpose of inferring characteristics about consumers. We also do not disclose sensitive personal information for purposes other than those specified in section 7027(m) of the CCPA regulations promulgated by the California Privacy Protection Agency. Therefore, we do not offer consumers the option to limit the use of their sensitive Personal Information.
Right to Opt Out of Sharing for Cross-Context Behavioral Advertising
In the past twelve months we have used data about your activities on our online properties to serve you ads on online properties owned or controlled by third parties. In the past twelve months, we have provided the following categories of information to affiliates, advertising networks, data analytics providers, customer relationship management platforms, marketing platforms, social networks, social bookmarking services, tag management systems, video sharing platforms, and web mapping platforms for this purpose:
- Personal identifiers, such as unique personal identifier, online identifier, internet protocol address, device information and identifiers, and unique advertising identifiers and cookies; Internet and other electronic network activity information; geolocation information; inference data; characteristics of protected classifications under California or federal law; commercial information; professional or employment-related information; and non-public education information.
If you would like to opt out of this sharing, you may exercise your right by modifying your cookie settings.
Right to Opt Out of Sale
While we do not sell personal information in exchange for monetary consideration, we do share personal information for other benefits that could be deemed a “sale,” as defined by the CCPA. The CCPA broadly defines “sale” in a way that may include actives such as the delivery of targeted advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior. In the past twelve months, we have provided the following categories of information to affiliates, advertising networks, data analytics providers, customer relationship management platforms, marketing platforms, social networks, social bookmarking services, tag management systems, video sharing platforms, and web mapping platforms in ways that could be considered a “sale” under California law:
- Personal identifiers, such as unique personal identifier, online identifier, internet protocol address, device information and identifiers, and unique advertising identifiers and cookies; Internet and other electronic network activity information; geolocation information; inference data; characteristics of protected classifications under California or federal law; commercial information; professional or employment-related information; and non-public education information.
We disclosed these categories of information to these third parties in order to market and advertise our products and services; perform analytics; and to maintain, improve, upgrade, or enhance our products or services.
We have no actual knowledge of selling the personal information or the sensitive personal information or minors under 16 years of age.
California residents have the right to opt out of the “sale” of their personal or sensitive personal information.
If you would like to opt out of such disclosures, you may exercise your right by modifying your cookie settings.
Right to Delete Personal Information
You have the right to request the deletion of your personal information, subject to certain exceptions.
Right to Correct Inaccurate Personal Information
You have the right to request the correction of any inaccurate personal information that we maintain about you.
Right to Access
You have the right to request the categories and specific pieces of personal information we have collected about you.
Right of Non-Retaliation and Non-Discrimination
You have the right to exercise the privacy rights conferred to you under the CCPA without receiving retaliatory or discriminatory treatment. CSU does not retaliate or discriminate against your for exercising the privacy rights conferred to you under the CCPA.
Exercising Your Rights
To exercise your rights, you may contact us via email at: datasecurityofficer@columbiasouthern.edu. Requesters will need to provide us with personal information in order to verify their identity and residency, including name, email address, and state of residence. We will compare the information you provide with our internal records. The personal information that we use to verify identity and residency will not be used for any other purpose.
You may authorize an agent to submit a request on your behalf if you provide the authorized agent with written permission signed by you. CSU may require you to verify your identity directly with us and confirm that you provided the authorized agent with permission to submit a request on your behalf.
Contact Information
If you have questions or concerns about our privacy practices, contact us at: datasecurityofficer@columbiasouthern.edu.
