Please ensure Javascript is enabled for purposes of 网站的可访问性 General Data Protection Regulation (GDPR) | 火博体育-火博体育
跳到主要内容
Logo of 火博体育

General Data Protection Regulation (GDPR)

GDPR标志
General Data Protection Regulation (GDPR)

GDPR概述

《火博体育官网》是一项隐私法,适用于在欧盟境内或从欧盟收集的个人信息。, or that is related to goods or 服务 offered in the EU, or that involves the monitoring of individuals in the EU.


So, how does this affect us at UWF?

尽管这是一项欧盟法规,但它有可能对美国经济产生重大影响.S. 系统. 有三大类数据最有可能受到影响. These are; (1) data collected on students from the EU (e.g., international students), (2) human resources data (e.g., staff or faculty living or working overseas), and (3) marketing data (e.g.从对UWF感兴趣的欧盟潜在学生那里收集的数据).

GDPR的主要原则

The GDPR establishes seven key principles:

个人资料必须以合法、公平及透明的方式处理

Personal data must be collected for specified, 明确和合法的目的,并且不以与这些目的不相容的方式进一步处理

个人资料必须足够, 有关及限于就处理资料的目的而言是必要的

Personal data must be accurate and, where necessary, kept up to date

个人资料的保存形式,必须使资料当事人的识别时间不超过处理个人资料的目的所必需的时间

处理个人资料的方式必须确保个人资料的适当安全性

Controllers (see Important Terms) are responsible for, and must be able to demonstrate compliance with the GDPR principles

GDPR术语

The following terms are essential components of the regulation

个人资料

‘个人资料’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, 直接或间接, in particular by reference to an identifier such as a name, 识别号码, 位置数据, an online identifier or to one or more factors 具体的 to the physical, 生理, 遗传, 精神, 经济, cultural or social identity of that natural person

处理

“处理”是指对个人数据或对个人数据集进行的任何操作或一组操作, whether or not by automated means, 比如收藏, 记录, 组织, 构建, 存储, 适应或改变, 检索, 咨询, 使用, 通过传播披露, dissemination or otherwise making available, 对齐或组合, 限制, 擦除或销毁

同意

‘同意’ of the data subject means any freely given, 具体的, 对数据主体的意愿作出知情和明确的指示, by a statement or by a clear affirmative action, 表示同意处理与他或她有关的个人资料

控制器/数据控制器

‘Controller’ means the natural or legal person, 公共权力, 机构或其他组织, 单独的或与他人一起的, determines the purposes and means of the processing of personal data

您作为数据主体的权利

在任何时候,当UWF拥有或处理您的个人数据时,您, 资料当事人,拥有以下权利:

进入权

作为数据主体,您有权要求获得我们所持有的有关您的信息的副本.

改正权

作为资料当事人, 您有权更正我们持有的有关您的不准确或不完整的数据.

被遗忘的权利

作为资料当事人, 在某些情况下,你可以要求我们从记录中删除你的个人资料. 

Right to Restriction of 处理

在某些情况下,您有权限制处理您的个人资料.

可携性权

作为资料当事人, 您有权要求我们将您的个人信息转移到其他机构.

反对权

作为资料当事人, 您有权反对某些类型的处理,例如直接营销. 

反对权 to Automated 处理, Including Profiling

作为资料当事人, 您有权接受自动处理或分析的法律效力.

司法覆核权

如果火博体育根据任何“数据主体的权利”拒绝了您的请求," we will provide you with a reason why. 

UWF GDPR隐私声明

The following site contains the standard UWF GDPR隐私声明. 请记住,许多部门已经发布了他们自己的、针对单位的通知. 

http://volamdolong.com/go/legal-and-consumer-info / eu-gdpr -隐私-请注意/

 

 

常见问题

Answers to Frequently Asked Questions (常见问题)

  • Any collection of personal data must have a clearly defined purpose, which is prominently publicized, and the data cannot be 使用d for any other purpose
  • Do not collect any more data than absolutely necessary
  • Consumers must be informed when personal data is being collected
  • Personal data is kept for only as long as necessary
  • Delete data where it is no longer necessary
  • Effectively secure all personal data being collected
  • Maintain documentation on your data processing activities
  • Ensure all sub-contractors and vendors adhere to GDPR rules

任何部门, 办公室, 系统, 和/或收集的函数, 使用, 或存储欧盟内部或来自欧盟或与欧盟个人有关的信息, fall under the scope of the regulation and may be impacted.

首先,您需要确定您的区域或功能受GDPR影响的程度. In order to get the ball rolling, you should start by reflecting on the following questions and statements:

  • 对你的部门/办公室/职能/研究如何与欧盟互动进行分析.
    • Is there any personal data involved?
    • Do you monitor individuals in any way?
    • Are there any financial transactions with individuals in the EU?
    • What is your legal basis for collecting information?
    • Do your procedures need to be updated?
  • What are the ways someone in the EU could access you?
    • 接触点是什么?
  • 想想我们的供应商, 服务, and internal and external websites that are 使用d to reach into the EU.
  • 检查你的合同.
  • 询问供应商和第三方是否符合GDPR要求(或者他们计划如何符合要求)

对违规行为的处罚可以是警告、罚款2000万欧元,也可以是最高罚款 UWF年收入的4%.

GDPR将分析定义为“任何形式的个人数据自动处理,包括使用个人数据来评估与自然人有关的某些个人方面, 特别是分析或预测有关自然人在工作中的表现的某些方面, 经济形势, 健康, 个人喜好, 利益, 可靠性, 行为, 位置或移动”.

  • 奥地利
  • 比利时
  • 保加利亚
  • 克罗地亚
  • 塞浦路斯
  • 捷克共和国
  • 丹麦
  • 爱沙尼亚
  • 芬兰
  • 法国
  • 德国
  • 希腊
  • 匈牙利
  • 爱尔兰
  • 意大利
  • 拉脱维亚
  • 立陶宛
  • Luxemberg
  • 马耳他
  • 荷兰
  • 波兰
  • 葡萄牙
  • 罗马尼亚
  • 斯洛伐克
  • 斯洛文尼亚
  • 西班牙
  • 瑞典
  • 联合王国

可能的影响和解决方案

下表描述了某些领域可能受到GDPR的影响,并提供了可能的GDPR解决方案. Please take note that these "solutions" do not represent legal guidance. 本资源和网页仅旨在提供信息,应被视为帮助您了解法规的工具.

GDPR Possible Impacts and Solutions
业务流程 & 的潜在影响Possible Solutions (suggestions to be discussed internally)

研究/技术转让:

     •与欧盟教授或大学的合作和协议涉及收集或共享个人信息
     • Studies on EU individuals that involve personal information
     •涉及在欧盟收集的个人信息的人类受试者研究

      • Additional grant/contract cla使用, 扩展同意文件, 具体的 consideration in IRB review
     • Internal process to handle withdrawn consent
     • Limit receipt of identifiable data

Note that de-identified data is not GDPR, but if it can be re-identified (i.e., there is a key) then it is GDPR

Faculty, Staff, and Students in or from the EU/ Human Resources:

     •Correspondence containing personal information with individuals in the EU, or faculty/ staff/ students that will reside in the EU
     •Exchanging salary or tax information
     •Conducting background checks on individuals in the EU

      •通知,签署的同意书,大学政策中GDPR的具体覆盖范围
     •Coordination with third party vendors who process data

火博体育, Financial Aid, Registrar, Online Education:

     •Correspondence containing student personal information, 来自欧盟学生或家长的成绩单或财务信息
     •Program Application monitoring

 •通知,签署的同意书,大学政策中GDPR的具体覆盖范围
•Coordination with third party vendors who process data
•General GDPR 请注意 in the General Announcements

留学(包括交换项目和在欧盟做研究的学生):

     •包含在欧盟参加项目的个人学生个人信息的信件
     •SOS保险

      •通知,签署的同意书,大学政策中GDPR的具体覆盖范围
     •Coordination with third party vendors who process data
     •General GDPR 请注意 in the General Announcements

第九条/附注:

     •跟踪和报告在欧盟发生的事件(特别是当其中一方不是学生时)

      •在可能的情况下签署同意书. 通知,签署的同意书,大学政策中GDPR的具体覆盖范围
     •Document approach to potential conflicts up front
     •General GDPR 请注意 in the General Announcements

University Advancement/ Development/ Alumni:

     •收集, 存储, and sharing personal and financial information in or from the EU, or relating to individuals in the EU

      •Signed consent where practical, internal process to respond to requests. 隐私政策中的GDPR
     •Coordination with third party vendors who process data

风险管理:

     •共享和接收个人信息,包括与国际SOS

      •Signed consent, 隐私 请注意s. Coordination with third party vendors who process data

国际学生:

     •与在欧盟的学生或家长讨论个人信息或签证信息

      •通知,签署的同意书,大学政策中GDPR的具体覆盖范围
     •Coordination with third party vendors who process data
     •General GDPR 请注意 in the General Announcements

机构的通信:

     •欧盟教师、员工或学生的公开故事或照片

      •在实际情况下同意
     •Internal process to review and respond to take down requests

信息技术:

     •Designated individual as POC for GDPR.
     •Data loss/ breach may require 请注意 to individual within 72 hours

      •Specific scan/procedure for EU individuals following breach
     •Internal process to review and respond to take down requests

 

额外的GDPR资源

The following are resources that should help provide you with a better understanding of the regulation; 具体的ally, 它和U有什么关系.S. 高等教育机构.