Privacy Regulations

The Community College of Allegheny County ("CCAC" or the "College") is committed to protecting user privacy and developing technology that provides powerful and safe online experiences. This Privacy Statement applies to the College's institutional website, as well as its mobile applications together, CCAC's "Online Resources," and governs how data that is provided through those sites is collected and used. By using CCAC's Online Resources, you consent to the data practices described in this statement.

Purpose

This Privacy Statement describes the Colleges collection, use, protection and/or management of data, including Personally Identifiable Information (PII), of those individuals who visit/use the College's Online Resources.

Scope

This Statement covers all official CCAC Online Resources, and describes what information is collected, how it is used, how it is protected, and end-users' options regarding information collection and dissemination.

Regulation Protocols

CCAC collects certain data and information in order to operate its Online Resources and deliver the services users have requested. Users provide some of this information when applying for admissions, requesting more information, registering for classes or upon accepting a position with the college. When appropriate, the user may also be asked to enter PII, or other details to help with their experience

CCAC collects personally identifiable information, such as a user's email address, name, home or work address or telephone number. The College also collects anonymous demographic information, which is not unique to the user, such as ZIP code, age, gender, preferences, interests and favorites. There is also information about a user's computer hardware and software that is automatically collected by the College. This information can include: IP address, browser type, domain names, access times and referring website addresses. This information is used by CCAC for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the College's website.

CCAC will limit the collection, use, disclosure or storage of PII to that which reasonably serves the College's academic, research, or administrative functions, or other legally required purposes. Such collection, use, disclosure and storage shall comply with applicable federal and state laws and regulations, and applicable College policies, guidelines and standards The College does not sell, rent or lease its customer lists to third parties. CCAC may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party. In addition, the College may share data with trusted partners to help us perform statistical analysis, send you communications, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your PII except to provide these services, and they are required to maintain the confidentiality of any information shared.

How we protect Users' Information:

All user's PII is stored behind secured firewalls and is only accessible by a limited number of persons CCAC personnel, who are required to keep the information confidential. In addition, all sensitive/credit information the user supplies is encrypted via Secure Socket Layer (SSL) technology. The College also implements a variety of security measures when a user conducts a transaction, submits, or accesses their information to maintain the safety of the user personal information. Users must create a secure account when utilizing most services.

All financial transactions are processed through a gateway provider and are not stored or processed on CCAC servers.

What we may collect, but not limited to:

  • Full name
  • Account Username
  • Email Address
  • Device ID for app notifications (not for tracking purposes)
  • Crash data to enhance produce resiliency and assist support
  • Global Positioning System (GPS) location for maps
  • Internet Protocol (IP) address
  • Location for maps
  • Camera for QR (Quick Response) support

The college collects data to operate effectively and provide the end-user with the best experiences with our services. The end-user provides some of this information when applying for admissions, requesting more information or registering for classes, when appropriate, the user may be asked to enter PII, or other details to help with their experience.

What we do with the information:

  • To personalize your experience and to allow the college to deliver the type of content and product offerings in which the end-user is most interested.
  • To improve the website in order to better serve the user.
  • To allow the college to better serve the user in responding to customer service requests.
  • To quickly process the user transactions.
  • To send periodic emails regarding the user's classes or other services.
  • To follow up with the user after correspondence (live chat, email or phone inquiries)

Circumstances under Which Information May Be Disclosed to Third Parties:

Legal Requirements: The College may release records in response to a lawful subpoena, warrant, or court order or where such records could be required or authorized by law to be produced or lawfully requested for any other reason, including disclosure to a government agency.

  • Authorized Persons: Records may be disclosed to College officials, and authorized individuals performing work for the College who require the information for the performance of their duties.
  • Protection of College Interests: The College may disclose information contained in records to protect its legal interest when those records may be related to the actions of an individual that the College reasonably believes may violate or have violated his/her conditions of employment or threaten injury to people or property.
  • Collective Bargaining Agreements: Information may be disclosed as required under the terms of a collective bargaining agreement.
  • Emergencies: Information may be disclosed if, in the judgment of the designated custodian of such records, disclosure is necessary to protect the health, safety or property of any person.
  • Sharing excludes text messaging originator opt-in data and consent; this information will not be share with any third parties.

Users should be aware requirements of the Pennsylvania Right to Know Law, pursuant to which public agencies may be required to disclose information that meets the definition of a public record, and the requirements of the Family Educational Rights and Privacy Act (FERPA), under which personally identifiable information contained in student education records may, in certain limited circumstances, be disclosed by the College without a student's prior written consent.

Cookies

The College's Online Resources utilize "cookies" to help personalize online experiences. The purpose of a cookie is to tell the Web server that a user has returned to a specific page within the College's Online Resources. This simplifies the process of recording personal information, such as billing addresses, shipping addresses, and s the like. When a user returns to the same College website, the information previously provided can be retrieved, so users can easily use the Online Resources features that you have customized.

Users have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but users can usually modify your browser setting to decline cookies. If a user chooses to decline cookies, they may not be able to experience fully the interactive features of the Online Resource they visit.

Children's Privacy (COPPA)

The College's does not specifically market to or knowingly collect PII of anyone under the age of 13. If a parent or guardian becomes aware that a child under the age of 13 has provided the College with PII data, they should contact the College for removal of such information. If the College becomes aware that it has collected PII from anyone under the age of 13 without verification of parental consent, the College will take steps to remove that information from its servers.

Changes to Privacy Statement

The College may update the Privacy Statement and protocols periodically. When this occurs notifications will be publicly displayed prior to the change becoming effective. Users are advised to review the Colleges published Privacy Statement periodically for changes and updates. Changes to this Privacy Statement are effective as of the date revised or updated statement is posted on the College's website.

Links to other Websites

The College's Online Resources may contain links to other websites that are not operated/controlled by the College. If a user clicks on a third party link, they will then be directed to that third party's site, and will no longer be subject to the protocols set forth in this Privacy Statement. The College recommends that users to review the privacy policy of every site they visit.

Mobile Apps

Signal Vine

All individuals who submit an admissions application, apply for financial aid, register for classes, or become a College employee, will be automatically enrolled into a text messaging application called Signal Vine. This application enrolls users into various communication tracks based on their affiliation with the College (ex: Registration—reminders for important dates concerning registration). A text message will be sent to the cell phone on record (standard messaging rates apply) to notify users of enrollment into each communication track and will contain an opt-out clause.

CCAC Emergency Alerts (RAVE)

All individuals who submit an admissions application, apply for financial aid, register for classes, or become a College employee, will also be automatically enrolled into an emergency alert application system called Rave. The college is using Rave, which includes both Rave Alerts and the Rave Guardian app, to provide efficient communication in the event of an emergency or campus closure. Emergency alerts will automatically be sent to student and employee email accounts. Those wishing to receive alerts via voice/voicemail or text message (standard messaging rates apply) in addition to email notification, must enable these services within the Rave application. Users may also choose to opt-out of emergency alert services. Personal settings can be accessed by logging into the Rave application and clicking on "My Account". Students are automatically removed from the application 30 days from the end of the last attended term if not registered for a future term. Employees are removed upon the last day of employment.

Tracking Technologies

A JSON Web Token (JWT) is used for authentication and is stored on the device for 30 days or until the user logs out of the app.

Some of third party vendors utilized tracking technologies to enhance end-users experience. You can view their policies here:

https://help.helpjuice.com/en_US/gdpr/privacy-policy
https://help.helpjuice.com/en_US/gdpr/terms-of-service

Transfer of Data

User information, which may include PII, is generally processed at the College's operating offices, and other College campus locations where the parties involved in the processing are located. This means that this information may be transferred to and/or maintained on end-points located out of a user's home state, country, and/or governmental jurisdiction. Information will be transferred within the accordance of federal, state and local laws. By using our services, users are consenting to the College's processing of the users information as set forth in this Privacy Statement.

CANSPAM Act

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out penalties for violations.

The College may collect the user's email address in order to:

  • Send information, and respond to inquiries, and/or other requests or questions
  • Send the user additional information related to our program and/or service
  • Market to our mailing list or continue to send emails to users associated with the College after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

  • Utilize clear and concise subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honor opt-out/unsubscribe requests as quickly as possible.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time the user would like to unsubscribe from receiving future emails, the user can follow the link and send an email to help@servicedesk.ccac.edu for the process to unsubscribe

Definitions

For the purpose of this Privacy Statement:

Account—means a unique account a user creates to access College services

Cookies—A cookie is a text file that is placed on the hard disk of the device utilized by a user to access the College's web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

JSON Web Tokens—Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. In authentication, when the user successfully logs in using their credentials, a JSON Web Token will be returned and must be saved locally.

Online Resources—College website, mobile apps and other College-owned and operate web based applications and services.

Personal Data—any information that relates to an identified or identifiable individual Personally Identifiable Information (PII) - as described in U.S. privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

User/You—means the individual accessing or using CCAC's Online Resources

Last Updated: May 10, 2023