Securing your personal data is our top priority. This policy will explain who we are, the reasons and processes used to collect your data, with whom and how much we share your data with providers of our services, and your rights involving our handling of your personal data.
Who are we?
The controller within the meaning of the General Data Protection Regulation of the European Union are College of English Language Inc. and California School of Languages, two private limited companies incorporated in San Diego and Santa Monica, California, USA.
Which personal data do we collect from you? Personal data means any information that can help to identify a person. We may collect, use, and store different types of personal data. Most of the collection will happen during your application process for a language course either directly or through one of our educational agents worldwide.
- Personal data: e.g. name, nationality, gender, title, date of birth, mother tongue, home address, phone number, email address, emergency contact information
- Financial data: e.g. bank statements, credit card details
- Health/dietary data: e.g. health information, dietary requirements
- Academic data: e.g. your level of English, academic results Performance data: e.g. grades and test results earned during your course
- Attendance data: e.g. attendance in class
Why do we collect personal data from you? And how do we use it?
We need to collect certain data from you to provide our services to you. Without certain data, it would be impossible for us to offer our services to you.
- To place you in an appropriate class, we must know your level of English
- To issue an I-20 and apply for a student visa, we must have a bank statement and passport copy, according to the legal requirements of SEVIS
- To place you in an appropriate host family, we must know any dietary or other health requirements
- To follow US visa regulations, we need to document the attendance of our students
With whom do we share it?
To provide our services, we need to share some parts of your personal data with our providers, partners, and regulatory authorities. Generally speaking we only share the necessary data.
E.g. if you have booked an arrival transfer, we must send your name, arrival details, and accommodation address to our transfer provider. We don’t send any information about your return to them (unless you have also booked a return transfer).
|Recipient||Personal Data Shared||Reasons for Sharing|
|Our teams||All personal data necessary to organize your stay||To enable our team to organize our services for you|
|Accommodation providers||Personal data, including name, date of birth, gender, nationality, mother tongue, dietary information (if mentioned), medical information/special needs (if mentioned)||To enable our accommodation providers to organize the accommodation for you (if applicable)|
|Transportation providers||Name, arrival and departure details (if applicable), accommodation address||To enable our transportation providers to organize the transfer for you (if applicable)|
|Activity providers||Name, date of birth, gender||To enable our activity providers to organize the activities for you (if applicable)|
|Student insurance providers||Name, date of birth, gender, address, arrival and departure dates||To provide you with the booked insurance (if applicable)|
|College/University partner||Personal data including name, date of birth, gender, nationality, level of English||To organize your transfer to the college/university (if applicable)|
|Approved test centers||Name, date of birth, gender, address||To book the exam for you (if applicable)|
|US Immigration and Customs Authorities||Name, date of birth, gender, address, financial data, passport copy, attendance records||To issue the I-20 for you (if applicable)|
|Regulatory authorities||Any data requested per law||To fulfill our legal obligations|
|Educational agents||Dates of your extensions||To keep them informed about changes of your booking (if applicable)|
What is the legal basis of using your personal data?
We only use your personal data where the laws allow us to do so. We may legally use your personal data for one or more of the following:
- Where it’s necessary to fulfill our legal obligations. (e.g. financial statement to issue I-20)
- Where we need to collect data to enter into a contract with you (e.g. name, home address, etc.)
- Where we have legitimate interests as an organization and where your personal privacy is only affected in a minor way (e.g. performance monitoring which helps us giving you the best possible service)
- Where you have given us your consent. You may withdraw your consent at any given time.
How long do we keep your personal data?
We keep your personal data no longer that it’s necessary for our legitimate purposes and legal obligations. This means we will keep information about your bookings for up to 10 years. After this we will delete or anonymize your data to the extent that it’s technically feasible. Whenever the law requires us to keep your data longer, we must do so to comply with our legal obligations.
Which are your legal rights regarding your data?
- Right to access your data: You have the right to know which personal data of you we have in our records.
- Right to data portability: You have the right to request a copy of the personal data in our records. This data can be transferred to you, or a third party you have chosen, in a structured, commonly used machine-readable format. Note that this right only applies to automated information for which you initially provided us consent to use or where we used the information to fulfill a contract with you.
- Right to correct your data: You have the right to request to correct your data if it are incomplete or inaccurate.
- Right to delete your data: You have the right to request to delete your data where there is no reason for us to keep it. This right is limited as there might be legal obligations requiring us to keep your data. In such case, we will inform you immediately.
- Right to object data processing: You have the right to object to us using your data where we use it for our organizations legitimate interest.
- Right to restrict data processing: You have the right to restrict/suspend further use of your personal data. This means that we can keep your data but cannot use it in the future. This can be requested for a variety of reasons, e.g. if you think that we have inaccurate/incomplete data and we need to verify its accuracy or if you want us to keep the data, even if we don’t need it any longer.
- Right to withdraw consent: At any time you can withdraw your given consent to use your data for a specific purpose. This will not affect the lawfulness of any use of your data before withdrawing your consent. The removal of your consent may prevent us from providing you our services in full. In such case, we will inform you immediately.
How can you contact us about your data?
Upon request you can review, update, and correct the personal information that you provided to us. To get more information and access to your data, please contact us in writing.
You can write to:
CEL San Diego
233 A Street, Suite 400, 4th floor
San Diego CA 92101
CEL Santa Monica
320 Wilshire Boulevard
Santa Monica CA 90401
We have physical and electronic safeguards (e.g. firewalls, encryption etc.) in place to protect your data against misuse or loss. In addition, we have strict procedures to ensure that your data is protected and its access restricted to the necessary minimum. Only employees who need the information are given access to the data they need to organize your stay with us.