Touted as the “most important change in data privacy regulation in 20 years,” the European Union’s General Data Protection Regulation (GDPR) was passed in April of 2016 and implemented this past May 25.
Like many organizations, Capture Higher Ed is updating and reviewing our data protections and security protocols as a result of the GDPR implementation. We are happy to report that we are fully compliant with these new privacy guidelines and want to take a moment and outline the steps we have taken to update our privacy policy.
Since 2011, Capture Higher Ed has established itself as the leading authority in the areas of AI-driven marketing automation in higher education. As a data processing partner to hundreds of colleges and universities, we treat data security and privacy rights with the utmost care and diligence.
As for the GDPR, Capture, LLC does not have any establishment or other business location within the European Union. Unless a university partner has requested it in a specific agreement, Capture does not offer goods or services to any individuals within the European Union.
Similarly, unless a university partner has requested it in a specific agreement, Capture does not collect any individual’s personal data from within the European Union, or monitor any individual’s behavior within the European Union. Unless a specific agreement provides otherwise, Capture utilizes only data that an individual data subject provided to a university partner in the course of visiting that university partner’s website or application.
While we are continuing to monitor the GDPR implementation process through our legal representatives, Capture is committed to having available the following materials for our university partners that may wish to act consistent with the GDPR:
-
- Capture’s Multi-Service Agreement (MSA) documentation has been updated, where appropriate, to reflect provisions in GDPR Article 28.3 for new contracts issued after May 25, 2018.
- Capture makes available the following, upon appropriate written request by a Capture university partner:
- An accounting of Capture’s processing activities and data categories related to personal data of a data subject;
- Documentation of Capture’s data security protocols;
- Documentation of Capture’s data security breach notification protocols;
- Documentation of Capture’s protocols to facilitate a data subject’s rights regarding his or her personal data that is within the custody of Capture;
- Documentation attesting to the activities of all 3rd party organizations that conduct data processing for Capture in order to fulfill contracted services for the university partner; and
- Documentation identifying the individual who will serve as Capture’s data protection officer, when appropriate for a university partner.
Please refer any and all questions regarding the status of our GDPR preparations to Matt Cobb.