EU General Data Protection Regulation Privacy Notice

EU General Data Protection Regulation Privacy Notice for Human Resources

 

This is the Georgia Institute of Technology’s (Georgia Tech) Human Resources privacy and legal notice for compliance with the European Union General Data Protection Regulation (“EU GDPR”).  For more information regarding the EU GDPR, please review Georgia Tech’s EU General Data Protection Regulation Compliance Policy.

Lawful Basis for Collecting and Processing of Personal Data
Georgia Tech is an institute of higher education involved in education, research, and community development.  In order for Georgia Tech to process employee and employment transactions, it must collect, use and process this personal data. 

The lawful basis for the collection and processing of personal data by Georgia Tech’s Human Resources falls under the following category(ies): 

  • Processing is necessary for the purposes of the legitimate interests pursued by Georgia Tech or third parties in providing employment.
  • The data subject has given consent for the processing of his or her special categories of personal data for one of more specific purposes.

Types of Personal Data collected and why
In order for Georgia Tech to process employee and employment transactions, it needs to collect the following categories of personal data.

  • Name
  • Contact information including, without limitation, email address, physical address, phone number, and other location data
  • Unique personal identifiers and biographical information (e.g. date of birth)
  • Details of your education and/or employment qualifications
  • Information related to visa requirements, copies of passports and other documents to ensure compliance with U.S. laws
  • Financial information gathered for the purposes of payroll processing

The personal data collected by Georgia Tech’s Human Resources will be shared with the following third-party entity or Georgia Tech Unit for the purposes of processing, evaluating, and analyzing employee and employment transactions.

Georgia Tech Unit

Purpose

Bursar’s Office

Bursar fee deduction

Campus Recreation Center (CRC)

CRC deduction and communications

Campus Services - BuzzCard

BuzzCard deduction

GT Athletics

Season ticket deduction

Language Institute (LI)

Case management for international students, scholars, and other foreign national employees

Legal Affairs and Risk Management

Data for open records requests

Office of Development – GT Foundation

Annual Fund deduction

Office of Information Technology(OIT)

System access, building access, time reporting, and general reporting

Office Of International Education (OIE)

Case management for international students, scholars, and other foreign national employees

Parking and Transportation

Parking deduction

Third-Party Name

Purpose

American Association of University Professors

Membership dues

Aon Hewitt

Participation in salary survey

Bank of America

Pay and reconciliation data

Board of Regents of the University System of Georgia

Data Mart, Payroll Continuous Audit data

College and University Professional Association for Human Resources (CUPA-HR)

Participation in salary survey

Corporate Cost Control

Unemployment claims

Culpepper and Associates, Inc.

Participation in salary survey

Desire2Learn

Learning Management System

Equifax

I-9 processing and employment verification

Georgia United Credit Union

Credit union deduction data

Legal Club of America

Identity theft

Mercer

Participation in salary survey

PricewaterhouseCoopers (PwC)

Tax and employment consulting for overseas assignments and payments

Taleo

Employee and manager data to set up as internal users in the talent acquisition application

The Hartford

Worker’s Compensation (outside GA)

UNUM

Payments for permanent life insurance

Western Management Group

Participation in salary survey

Willis Towers Watson

Participation in salary survey

State Agencies

 

Alabama Dept. of Revenue

Tax data for employees in the state of Alabama

Arizona Dept. of Revenue

Tax data for employees in the state of Arizona

State of California Empl. Dev. Dept.

Tax data for employees in the state of California

State of Colorado – Dept. of Revenue

Tax data for employees in the state of Colorado

State of Connecticut – Commissioner of Revenue

Tax data for employees in the state of Connecticut

Georgia Department of Revenue

Tax data for employees in the state of Georgia

Georgia Department of Human Resources

Data for newly hired employees at Georgia Tech

Georgia Department of Audits and Accounts

Data requested for auditing purposes

Georgia Department of Administrative Services

Data for employees contributing to the annual State Charitable Campaign

District of Columbia Dept. of Revenue

Tax data for employees in the District of Columbia

Hawaii Department of Taxation

Tax data for employees in the state of Hawaii

Illinois Dept. of Revenue

Tax data for employees in the state of Illinois

Indiana Dept. of Revenue

Tax data for employees in the state of Indiana

Iowa Dept. of Revenue

Tax data for employees in the state of Iowa

Kansas Dept. of Revenue

Tax data for employees in the state of Kansas

Treasurer, State of Maine

Tax data for employees in the state of Maine

State of Maryland Revenue Admin. Div.

Tax data for employees in the state of Maryland

Massachusetts Department of Revenue

Tax data for employees in the state of Massachusetts

Michigan Dept. of Treasury

Tax data for employees in the state of Michigan

Mississippi State Tax Commission

Tax data for employees in the state of Mississippi

Missouri Department of Revenue

Tax data for employees in the state of Missouri

Nebraska Department of Revenue

Tax data for employees in the state of Nebraska

New Jersey Department of Revenue

Tax data for employees in the state of New Jersey

New Mexico Taxation & Revenue

Tax data for employees in the state of New Mexico

New York Dept. of Revenue

Tax data for employees in the state of New York

North Carolina Dept. of Revenue

Tax data for employees in the state of North Carolina

Ohio Dept. of Taxation

Tax data for employees in the state of Ohio

Regional Income Tax Agency (Ohio)

Tax data for employees in the state of Ohio

Oklahoma Tax Commission

Tax data for employees in the state of Oklahoma

Bureau of Business Trust Tax Funds – PA Dept. of Rev.

Tax data for employees in the state of Pennsylvania

Berkheimer Tax Administrator

Tax data for employees in the state of Pennsylvania

South Carolina Dept. of Revenue

Tax data for employees in the state of South Carolina

Virginia Dept. of Taxation

Tax data for employees in the state of Virginia

State of Wisconsin Department of Revenue

Tax data for employees in the state of Wisconsin

Federal Agencies

 

Social Security Administration

W2s filed annually and adjustments as needed

Internal Revenue Service

Tax data

Other Agencies

 

Garnishment agencies (various state courts)

 Garnishment data

Child Support (various agencies)

 Child support data

If you have specific questions regarding the collection and use of your personal data, please contact the Office of Enterprise Data Management. If a data subject refuses to provide personal data that is required by Georgia Tech in connection with one of Georgia Tech’s lawful bases to collect such personal data, such refusal may make it impossible for Georgia Tech to provide education, employment, research or other requested services.

Where Georgia Tech gets Personal and Sensitive Personal Data
Georgia Tech receives personal and sensitive personal data from multiple sources. Most often, Georgia Tech gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for undergraduate admission to Georgia Tech through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

  1. Individual data subjects covered by Georgia Tech’s EU General Data Protection Regulation Compliance Policy will be afforded the following right
  2. information about the controller collecting the data
  3. the data protection officer contact information
  4. the purposes and legal basis/legitimate interests of the data collection/processing
  5. recipients of the personal data
  6. if Georgia Tech intends to transfer personal data to another country or international organization
  7. the period the personal data will be stored
  8. the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  9. the existence of the right to withdraw consent at any time
  10. the right to lodge a complaint with a supervisory authority (established in the EU)
  11. why the personal data are required, and possible consequences of the failure to provide the data
  12. the existence of automated decision-making, including profiling
  13. if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.
Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with the Office of Enterprise Data Management at eugdpr@edm.gatech.edu       

Cookies
Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user.  Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Security of Personal Data subject to the EU GDPR
All personal data and sensitive personal data collected or processed by Georgia Tech under the scope of the Georgia Tech EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of NIST Special Publication 800-171 as set forth in the Georgia Tech Controlled Unclassified Information Policy.

Georgia Open Records Act

As a state university, Georgia Tech is subject to the provisions of the Georgia Open Records Act (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee. The ORA requires that Georgia Tech produce public documents within three business days. For more information on Georgia Tech’s ORA compliance, please visit the Open Records Act page on the Legal Affairs website.

Data Retention
Georgia Tech keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules.

For examples of Human Resources (Employment) Records Retention Schedules, click here.