OIOI Datum Tech IOIO
This Notice establishes LDC Foundation Inc D/B/A Datum Tech Academy (Datum Tech) data privacy and legal notice with respect to the gathering and dissemination of information we obtain from you on Datum Tech’s websites located at datumtech.org (“Site”) and with any applicable privacy standards and legal requirements in regard to the data collected.
Datum Tech is the operator of this Site, although software, hosting, and other functions may be provided by third parties (“Service Providers”). This Data Privacy and Legal Notice (“Notice”) describes the type of information Datum Tech and its Service Providers collect from visitors to this Site, what we do with that information, and how visitors can update and control the use of information collected by this Site.
This Notice does not necessarily describe information collection policies on other sites, such as separate sites operated by our Service Providers that Datum Tech does not control. Datum Tech does not maintain many of the resources linked from Datum Tech’s site. Datum Tech cannot monitor all linked resources, only those pages that fall directly within Datum Tech’s World Wide Web structure. Datum Tech is in no way responsible for the privacy practices or the content of these linked resources, and the statements, views, and opinions expressed therein are neither endorsed by nor do they necessarily reflect the opinion of Datum Tech. Any links to non- Datum Tech information or resources are provided as a courtesy. They are not intended to endorse, nor do they constitute an endorsement by Datum Tech of the linked materials.
This Notice may be changed from time to time and without notice. Continued use of the Site after any such changes constitutes acceptance of the new terms. Please do not use the Site if you do not agree to abide by these new terms or any future terms. This site is not directed to children under 13 years of age, and children under 13 years of age shall not use this Site to submit any personal information about themselves. [reference note below]
Note: In accordance with the Federal Trade Commission (FTC) Children’s Online Privacy Protection Rule (“COPPA”) (https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule).
When visiting the Site, DATUM TECH may collect certain routing information, including, but not limited to, the Internet Protocol (“IP”) address of your originating Internet Service Provider (“ISP”), and information provided by “cookies” stored on your hard drive. Datum Tech may also collect aggregate information about the use of the Site, including, but not limited to, which pages are most frequently visited, how many visitors the Site receives daily, and how long visitors stay on each page. Datum Tech may disclose and publish aggregate information on an aggregate basis to any party through any means, but such aggregate information will not disclose any personal information. Any information collected through this Site may also be used in aggregate by system administrators in the Site's administration. This information helps Datum Tech understand aggregate uses of the site, track usage trends, and improve services. Visitors may also be required to provide certain personal information to access various features and information on the Site. Such information may include, among other things, name, address, and phone number. If you do not want to provide such information, you may choose not to access those features of the Site. Any personal information that you choose to provide through the Site will be protected in accordance with the provisions of this Notice.
Cookies are small pieces of data that a Web browser may store. Cookies are often used to remember information about preferences and pages visited. This information is stored for visitor’s convenience and also may be used in the aggregate to monitor and enhance the Site. For example, when you visit some sites on the Web, you might see a “Welcome Back” message. The first time you visited the site a cookie may have been set on your computer; when you return, the cookie is read again. You can refuse to accept cookies, disable cookies, and/or remove cookies from your hard drive. However, if you do not accept cookies from the Site, you may lose access to the Site or experience decreased performance of the Site.
Security and Accuracy of Confidential Information
Datum Tech does its best to reasonably ensure that the personal information obtained from you is accurate. Visitors may review the information saved or submitted via the Site at any time up to the point when it is purged. In the event that there is an error in your personal information, we will correct the information upon your request. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to our use of the information collected online. While we strive to protect visitor’s personal information by encryption and other means, we cannot guarantee or warrant the security of the information you transmit to us, and if you choose to use the Site, you do so at your own risk.
Please keep in mind that any information you disclose on our Site can be collected and used by visitors to the Site.
If you post any data within a public forum on any Datum Tech websites, that data is now public.
Sharing of Information
Datum Tech is committed to maintaining the privacy of your personal information. Datum Tech does not actively share personal information gathered from the Site. However, there may be some instances in which Datum Tech will need to do so as required by law (including but not limited to the Georgia Open Records Act), as necessary to protect Datum Tech's interests, and/or with Service Providers acting on Datum Tech’s behalf. Datum Tech also complies with the Family Educational Rights and Privacy Act (“FERPA”), which generally prohibits (with some exceptions) the release of education records without student permission. For more details on FERPA, currently enrolled students should see their institution’s specific policies.
If you have questions about this Notice or you believe that your personal information has been released without your consent, or if you wish to correct information held by Datum Tech, please get in touch with us at firstname.lastname@example.org.
Lawful Basis for Collecting and Processing Personal Data
Datum Tech is a system of organizations and institutions of higher education involved in education, research, and community development. For Datum Tech and its organizations and institutions to educate its students both in class and online, engage in world-class research, and provide community services, it is essential and necessary that Datum Tech have a lawful basis to collect, process, use, and maintain data of students, employees, applicants, research subjects, visitors and others involved in its educational, research, and community programs. The lawful basis includes, without limitation, admission; registration; delivery of classroom, online, and study abroad education; grades; communications; employment; applied research; development; program analysis for improvements; and records retention. Examples of data that Datum Tech may need to collect in connection with the lawful basis are name, email address, IP address, physical address or other location identifiers, photos, as well as some sensitive personal data obtained with prior consent. Please note that each Datum Tech institution may have its own privacy notice and policy posted on its website, which may have an expansion of Datum Tech notices and/or policies.
Most of Datum Tech’s collection and processing of personal data will fall under the following categories:
Data subject: any person whose personal data is being collected, held, or processed.
Processing is necessary for the purposes of the legitimate interests pursued by Datum Tech or third parties in providing education, employment, research and development, and/or community programs.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Processing is necessary for compliance with a legal obligation to which Datum Tech is subject.
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.
Types of Personal Data and Special Categories of Sensitive Personal Data, where Datum Tech gets this data and why
Datum Tech receives personal data and special categories of sensitive personal data from multiple sources. Most often, this data comes directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, an application for admission to a Datum Tech institution through the use of a common application).
Individual Rights of the Data Subject
Individual data subjects can expect the following if requested:
Information about how Datum Tech is collecting the data.
The USO Data Privacy Committee Chair's contact information.
The purposes and legal basis/legitimate interests of the data collection/processing;
Information about who received any personal data.
If Datum Tech intends to transfer personal data to another country or international organization,
The period the personal data will be stored.
The existence of the right to rectify incorrect data or erase applicable personal data, restrict or object to processing, and the right to data portability.
The existence of the right to withdraw consent at any time;
The right to lodge a complaint with a supervisory authority (regulators, etc.);
Why the personal data are required and possible consequences of the failure to provide the data.
The existence of automated decision-making, including profiling; and,
If the collected data are going to be further processed for a purpose other than that for which it was collected.
Note: Exercising these expectations is a guarantee to be afforded a process and not a guarantee of an outcome. Any data subject who wishes to exercise any of the above expectations may file or submit such a request at email@example.com.
Security of Personal Data
All personal data and special categories of sensitive personal data collected or processed by Datum Tech must comply with the Datum Tech Cybersecurity Plan, as authorized by the Board of Regents Policy Manual Section 10.4 Cybersecurity: https://www. Datumtech.org/policies. Anyone suspecting that his or her sensitive personal data has been exposed to unauthorized access, report your suspicion to firstname.lastname@example.org. Otherwise, questions concerning more general data privacy can be sent to email to email@example.com.
Datum Tech will not share your information with third parties except as necessary to meet one of Datum Tech’s lawful purposes.
Georgia Open Records Act
As an entity of the government of Datum Tech, its organizations and institutions are subject to the provisions of the Georgia Open Records Act (ORA). Except for those records exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and make copies for a fee.
Datum Tech and its organizations and institutions keep the data it collects for the time periods specified in the University System of Georgia Records Retention.
Records Management Policies
Designation of Records Management Officer at Each DATUM TECH Institution
The Datum Tech System of Georgia requires the head of each Datum Tech Institution to designate an Institution Records Management Officer (IRMO). The authority and responsibility for overseeing each Institution’s compliance with its legal obligations regarding records management are vested in the Institution head and delegated to the Institution's Records Management Officer. This designated individual is responsible for implementing the Records Management Policies and Procedures of the DATUM TECH as contained herein and creating and implementing the Records Management Policies and Procedures of the institution. The IRMO serves as the Institution’s contact with Datum Tech Legal Affairs and the Georgia Archives.
Creation and Ownership of Records
The Datum Tech is required by law to create and maintain complete and accurate records that document the conduct of the business of its respective offices. Records may be created in formats other than paper. All records created or received in the course of work are records of the state and may not be disposed of or removed without proper authorization. The DATUM TECH is required to protect and preserve these records. Any actual or threatened loss or removal of records should be reported to the IRMO, State Archivist, or Datum Tech Legal Affairs.
Regents Advisory Committee on Records Management
Datum Tech recognizes that input from each of its institutions is required to manage its records. Accordingly, the Datum Tech reestablishes the Regents Advisory Committee on Records Management (RACRM) to meet and review proposed changes to the Datum Tech Records Retention Schedules and discuss records management strategies. Members of the RACRM shall be the IRMO designated by each Datum Tech Institution, a representative from the Georgia Archives and a representative from Datum Tech Legal Affairs. The representative from Georgia Archives shall head the RACRM.
Retention of Records
Each record created by a Datum Tech office should be listed with a retention period in the Datum Tech Records Retention Schedules. Records are to be retained until the retention period has expired, at which time the records become eligible for final disposition. Each office should be aware of the retention periods, as listed in the schedule, for records in its care. If records are not listed in the schedule or there are any necessary changes, the IRMO should contact the State Archives. Records not listed in the schedule cannot be legally destroyed.
Electronic records consist of electronically recorded information created or received by DATUM TECH in the transaction of DATUM TECH business and are to be retained according to the DATUM TECH Record Retention Schedules. Electronic records, including email, are not specifically listed in the schedule; their retention is determined by the content of the information contained within the record. Electronic records may include but are not limited to, word processing files, databases, spreadsheets, graphic files, and electronic mail messages, including text messages and instant messages. Like other records, electronic records should not be deleted or destroyed except according to the destruction procedures outlined in this document.
Storage of Records
Some records may become too voluminous to retain in office spaces until the records’ retention period has expired. These records should be stored in either a designated location at the institution, at the State Records Center, or at a local facility approved by the IRMO and State Archives. Electronic records should be stored in institutional-approved locations and not on personal devices or accounts. Prior to an employee being terminated, the institution should ensure access to all records under the control of the employee, including ensuring that emails are not deleted without following the institution’s procedures.
Destruction of Non-Permanent Records
The Datum Tech will not maintain records (including electronic records) longer than necessary, but the records are not to be destroyed until authorized by the IRMO. Once the retention period for non-permanent records has expired, the office responsible for the records completes an Email to firstname.lastname@example.org for the Destruction Request Form, obtains signatures from the appropriate authority, and sends the form to the appropriate EVC. The records may only be destroyed after receipt of the signed and completed form from the EVC. The records are then to be destroyed through recycling. Sensitive records should be shredded. Following the destruction, the destruction notice is signed by an employee witnessing the destruction and then sent to the EVC and kept as documentation of the destruction. A copy is also sent to the IRMO. Because just deleting an electronic record does not necessarily result in their destruction, each institution shall create procedures for the destruction of electronic records.
Certain record-related materials need not be retained as records under the requirements of the schedule. Such materials include:
1) duplicate copies that do not require official action, so long as the creating office maintains the original record for the period required;
2) catalogs, trade journals, and other publications received that require no action and do not document institutional activities;
3) stocks of blank stationery, blank forms, and other surplus materials that are not subject to audit and have become obsolete:
4) transitory records, which are temporary records created for short-term, internal purposes that may include, but are not limited to, telephone call-back messages, drafts of ordinary documents not needed for their evidentiary value, copies of material sent for informational purposes but not needed by the receiving office for future business, and internal communications about social activities. These documents may be disposed of without documentation of destruction.
Records with a retention period in the Records Retention Schedules of “Permanent” shall not be destroyed but stored either at the Institution’s Archives.
Reformatting generally involves replacing paper records with microfilm or electronic images but may also include replacing electronic records with paper, microfilm, or other media. Once reformatted, the original record may be destroyed as long as the duplicate captures all data from the original version. Before destroying the original of a permanent record, contact Georgia Archives. No reformatting project should occur without prior consultation with the IRMO and Georgia Archives and the completion of a thorough cost-benefit analysis of the project.