Georgia College & State University Data Privacy and Legal Notice

Below is the Georgia College & State University’s (Georgia College or GCSU) data privacy and legal notice for both its website and for compliance with the European Union General Data Protection Regulation (EU GDPR). If you have a question or would like more information please contact

Data Privacy and Legal Notice

This Notice establishes GCSU's data privacy and legal notice with respect to the gathering and dissemination of information we obtain from you on GCSU’s websites located at (Site) and with any applicable privacy standards and legal requirements in regard to the data collected.

GCSU is the operator of this Site, although software, hosting and other functions may be provided by third parties (Service Providers). This Data Privacy and Legal Notice (Notice) describes the type of information GCSU and its Service Providers collect from visitors to this Site, what we do with that information, and how visitors can update and control the use of information collected by this Site.

This Notice does not necessarily describe information collection policies on other sites, such as separate sites operated by our Service Providers that GCSU does not control. Many of the resources linked from GCSU’s site are not maintained by GCSU. GCSU cannot monitor all linked resources, only those pages that fall directly within GCSU’s World Wide Web structure. GCSU is in no way responsible for the privacy practices or the content of these linked resources, and the statements, views, and opinions expressed therein are neither endorsed by nor do they necessarily reflect the opinion of GCSU. Any links to non-GCSU information or resources are provided as a courtesy. They are not intended to endorse nor do they constitute an endorsement by GCSU of the linked materials.

This Notice may be changed from time to time and without notice. Continued use of the Site after any such changes constitutes acceptance of the new terms. If you do not agree to abide by these new terms or any future terms, please do not use the Site. This site is not directed to children under 13 years of age, and children under 13 years of age shall not use this Site to submit any personal information about themselves. *

Information Collected

When visiting the Site, GCSU may collect certain routing information, including, but not limited to, the Internet Protocol (IP) address of your originating Internet Service Provider (ISP), and information provided by “cookies” stored on your hard drive. GCSU may also collect aggregate information about the use of the Site, including, but not limited to, which pages are most frequently visited, how many visitors the Site receives daily, and how long visitors stay on each page. GCSU may disclose and publish aggregate information on an aggregate basis to any party through any means, but such aggregate information will not disclose any personal information. Any information collected through this Site may also be used in aggregate by system administrators in the administration of the Site. This information helps GCSU understand aggregate uses of the site, track usage trends, and improve services. Visitors may also be required to provide certain personal information in order to access various features and information on the Site. Such information may include, among other things, name, address, and phone number. If you do not want to provide such information, you may choose not to access those features of the Site. Any personal information that you choose to provide through the Site will be protected in accordance with the provisions of this Notice.


Cookies are small pieces of data that may be stored by a Web browser. Cookies are often used to remember information about preferences and pages visited. This information is stored for visitor’s convenience and also may be used in the aggregate to monitor and enhance the Site. For example, when you visit some sites on the Web you might see a “Welcome Back” message. The first time you visited the site a cookie may have been set on your computer; when you return, the cookie is read again. You can refuse to accept cookies, disable cookies, and/or remove cookies from your hard drive. However, if you do not accept cookies from the Site, you may lose access to the Site or experience decreased performance of the Site.

Security and Accuracy of Confidential Information

GCSU does its best to ensure that the personal information obtained from you is accurate. You may review the information saved or submitted via the Site at any time up to the point when it is purged from the flat file or database. In the event that there is an error in your personal information, we will correct the information on your request.

We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to our use of the information collected online. While we strive to protect your personal information by encryption and other means, we cannot guarantee or warrant the security of the information you transmit to us, and if you choose to use the Site, you do so at your own risk.

Please keep in mind that the information disclosed by you on our Site in certain forums –for example, information, including personal information, that you may provide to others on bulletin boards, through blogs or in chat rooms that may be available on the Site –can be collected and used by visitors to the Site.

Sharing of Information

GCSU is committed to maintaining the privacy of your personal information. GCSU does not actively share personal information gathered from the Site. However, there may be some instances in which GCSU will need to do so as required by law (including but not limited to the Georgia Open Records Act), as necessary to protect GCSU interests, and/or with Service Providers acting on GCSU’s behalf. GCSU also complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits (with some exceptions) the release of education records without student permission. For more details on FERPA, currently enrolled students should see their institution’s specific policies.


If you have questions about this Notice or you believe that your personal information has been released without your consent or if you wish to correct information held by GCSU, please contact us at

European Union General Data Protection Regulation (EU GDPR) Privacy Notice

Lawful Basis for Collecting and Processing of Personal Data

GCSU is an institute of higher education involved in education, research, and community development.  In order for GCSU to educate its students both in class and on-line, engage in world-class research, and provide community services, it is essential, necessary, and GCSU has lawful bases to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention. Examples of data that GCSU may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

For more information regarding the EU GDPR, please review Georgia College’s EU General Data Protection Regulation Compliance Policy.

In addition, Georgia College & State University units may have their own EU GDPR-compliant Privacy Notice posted on their website.

Most of Georgia College & State University’s collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by Georgia College or third parties in providing education, employment, research and development, community programs.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 
  3. Processing is necessary for compliance with a legal obligation to which Georgia College is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.  

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Types of Personal Data collected and why

GCSU collects a variety of personal and sensitive data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development and community outreach. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations.   If a data subject refuses to provide personal data that is required by GCSU in connection with one of GCSU’s lawful bases to collect such personal data, such refusal may make it impossible for GC to provide education, employment, research or other requested services.  

Where Georgia College & State University gets Personal Data and Special Categories of Sensitive Personal Data

GCSU receives personal data and special categories of sensitive personal data from multiple sources. Most often, GCSU gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to GCSU through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Georgia College & State University’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  • information about the controller collecting the data
  • the data protection officer contact information
  • the purposes and legal basis/legitimate interests of the data collection/processing
  • recipients of the personal data
  • if Georgia College intends to transfer personal data to another country or international organization
  • the period the personal data will be stored
  • the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  • the existence of the right to withdraw consent at any time
  • the right to lodge a complaint with a supervisory authority (established in the EU) , why the personal data are required, and possible consequences of the failure to provide the data
  • the existence of automated decision-making, including profiling
  • if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the


Please see the description above of “cookies” within the Privacy Policy, which is incorporated and applies equally here in regard to the EU GDPR.

Security of Personal Data

All personal data collected or processed by GCSU under the scope of the FERPA complies with the security controls and process requirements set forth in the Georgia College FERPA Student Rights declaration and FERPA Student Rights Notification.

We will not share your information with third parties except:

  • as necessary to meet one of its lawful purposes, including  but not limited to,
    • its legitimate interest,
    • contract compliance,
    • pursuant to consent provided by you
    • as required by law;
    • as necessary to protect Georgia College’s interests;
    • with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

Georgia Open Records Act

As a state university, GCSU is subject to the provisions of the Georgia Open Records Act (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee.  For more information on Georgia College’s ORA compliance, please visit the Open Records Act page on the Legal Affairs website. 

Data Retention

GCSU keeps the data it collects for the time periods specified in the University System of Georgia Records Retention

Graduate Program Advertising

This site is being monitored by one or more third-party monitoring software(s), and may capture information about your visit that will help us improve the quality of our service. You may opt-out from the data that is collecting on your visit through a universal consumer options page located at

Copyright Infringement

Pursuant to 17 U.S.C. Sec. 512(c)(2), notice of claims of copyright infringement should be directed to the Office of Legal Affairs.  For additional copy-right related information, please send an email to

*Data Privacy and Legal Note: In accordance with the Federal Trade Commission (FTC) Children’s Online Privacy Protection Rule (“COPPA”).