General Data Protection Regulation Notice
Effective Date: May 25, 2018
The General Data Protection Regulation (GDPR) applies to users of our websites or mobile applications who are residents of the European Union (EU) or the European Economic Area (EEA) (consisting of the European Union, Iceland, Lichtenstein, and Norway). The law sets forth a framework for various individual rights on how personal data can be used, processed, transmitted, and protected. Caltech is committed to take reasonably necessary steps to ensure that your personal data is protected consistent with GDPR requirements.
Under the GDPR, Caltech is required to have a legal basis for collecting personally identifiable information (PII) from residents of the EU and the EEA. The legal basis depends on the circumstances in which we collect and use your PII and is described more fully in the applicable privacy notice. The basis for our processing of your PII will fall into one or more of the following categories:
- It is necessary to perform and facilitate contractual duties;
- It is necessary to protect the interests of the data subject or another person;
- There is a legitimate interest in understanding how our site is being used;
- There is a legitimate interest in carrying out our business purposes;
- There is a legitimate interest in cybersecurity;
- There is a legitimate interest in meeting our obligations and enforcing our legal rights; or
- You have provided your consent.
Data that you provide to us may be transferred to, and stored at, a destination outside the EU or the EEA. For instance, this happens when it is processed or maintained by staff and/or systems operating in the United States. The information that you provide to us is stored on our secure servers or those of our service providers. We will take reasonably necessary steps to safeguard your data securely.
We will retain your PII for as long as necessary to meet the uses described in Caltech's applicable privacy notice and in compliance with business requirements and legal document retention obligations. Even where you have exercised one of the rights listed below with respect to your personal data, we may have the right to retain your personal data for various purposes, including compliance with legal obligations, the performance of tasks carried out in the public interest, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defense of legal claims.
Website or mobile application users located in the EU or EEA are provided with the following rights:
- The right to be informed about the collection and use of your personal data;
- The right to object to the processing of your personal data;
- The right to rectification of any of your personal data that is inaccurate or incomplete;
- The right to request the deletion of your personal data;
- The right to restrict or limit the ways in which we process your personal data;
- The right to transfer or obtain a copy of your personal data in an easily accessible format;
- The right to withdraw consent;
- The right to withhold consent to automated individual decision-making processes;
- The right to complain to a supervisory authority.
Please note that the above rights are not absolute. Caltech may be entitled to reject requests where certain exceptions apply. To submit a request, please contact Caltech's Privacy Manager, Tye Welch, by phone at 626.395.8633 or via email at firstname.lastname@example.org.
Caltech Privacy Notices
Caltech has privacy notices for specific situations where Caltech processes PII, including:
- Website and Mobile Application Users
- Employees and Job Applicants
- Prospective and Current Students
- Alumni and Donors
- Educational Programs
Copies of Caltech's privacy notices can be obtained by contacting Caltech's Privacy Manager.
For Additional Information about the GDPR
If you want more in depth detail about the GDPR, you can read the full text of the EU legislation [PDF].
If you have questions about Caltech's policy on Confidentiality of Private Information, this or other Caltech privacy notices, Caltech's privacy practices, or any other aspect of your privacy and the security of your PII, please contact our Privacy Manager at:
Director of Compliance
1200 E California Blvd
Pasadena CA 91125