Privacy Policy Statements for the Georgia Film Academy (GFA) Covid Compliance Course
By using this website, you agree to the following statements about privacy:
USG and the Georgia Film Academy
The Georgia Film Academy (GFA) is a collaborative effort of the Board of Regents of the University System of Georgia (USG) and Technical College System of Georgia supporting workforce needs of the film and digital entertainment industries.
As detailed in Section 3 below, the USG Privacy Policy is meant for the USG website and other websites for USG institutions. As part of the USG, GFA will follow the USG privacy policy for the Georgia Film Academy Online (georgiafilmacademy.online) course website, as specified in Section 3 below and at the following USG privacy policy links:
https://www.usg.edu/siteinfo/web_privacy_policy
The USG Privacy Policy specifies certain limitations about sharing certain kinds of personal information. The GFA Online Privacy Policy for the GFA Online course website (georgiafilmacademy.online) supplements the USG Privacy Policy and its applicability to the GFA Online course website (georgiafilmacademy.online) by adding clarifying statements about personal data, privacy, and sharing personal data with third parties in Sections 1 and 2 of the GFA Online Privacy Policy below.
In no instance will the Georgia Film Academy ever sell access to any user’s or learners’ personal data or learning data produced from enrollments or interactions with the Georgia Film Academy Online course website (georgiafilmacademy.online).
Section 1. GFA Online Website Privacy Policy
In addition to honoring the USG privacy policies detailed in Section 1 above, the Georgia Film Academy (GFA) also honors the following privacy policies for the Georgia Film Academy Online (georgiafilmacademy.online) course website:
1. What information do we collect and what do we do with it?
When you enroll as a student or subscriber (“learner”) on our site or related courses, as part of the enrolling process, we collect the personal information you give us such as your name and email address.
Email marketing: we may send you emails about our site and related course(s), registration, course content, your course progress or other updates. We may also use your email to inform you about changes to the course, survey you about your usage, or collect your opinion.
LMS Administration and Learning Data Reporting: Using a Learning Management System (LMS), we will track your personal learning data (e.g. course engagement data about log in dates and progress through a course, performance data on quizzes, course completion certificates, etc.). Please see ‘Third Party Services’ below for more details on which specific parties may access course data or learning data reports, what they may do with it, and under what conditions.
2. How do you get my consent?
When you create an account, provide us with personal information to become a learner on our site, enroll in a course, or participate in the course, you imply that you consent to our collecting your name and email address and using it for that specific reason, and for marketing or communicating to you by email about new course launches on Georgia Film Academy Online.
If we ask for your personal information for a secondary reason, like any other marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by emailing us at [email protected] or mailing us at:
The Georgia Film Academy
University System of Georgia,
270 Washington Street, SW,
Atlanta, Georgia 30334
3. Disclosure
We may disclose your personal information if we are required by law to do so or if you violate our Terms and Conditions:
https://www.georgiafilmacademy.online/pages/terms
4. Thinkific
Our course and site is hosted by Thinkific Labs Inc. (“Thinkific”). They provide us with the online course creation platform (Learning Management System) that allow us to make our courses available to you.
Your data is stored through Thinkific’s data storage, databases and the general Thinkific application. They store your data on a secure server behind a firewall.
Payment:
If you make a purchase on our site, we may use a third party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.
For more insight, you may also want to read Thinkific’s Terms of Service here https://www.thinkific.com/resources/privacy-policy/ or Privacy Statement here https://www.thinkific.com/resources/terms-of-service/ .
5. Third Party Services
For learning management system administration purposes, the Georgia Film Academy may work with hired consultants, contractors, or subcontractors who work on online courses available on www.georgiagfilmacademy.online For example, your name, email, course engagement data, and learning data will be accessible to a Learning Management System (LMS) Administrator or any consultant, contractor, or subcontractor performing LMS administration duties on behalf of or in partnership with the Georgia Film Academy. This party may share reports about courses and learners’ learning data directly with the Georgia Film Academy.
Third Party Film Industry Partners:
The Georgia Film Academy is a collaborative effort of the University System of Georgia and Technical College System of Georgia supporting workforce needs of the film and digital entertainment industries.
Film and digital entertainment organizations who partner with the Georgia Film Academy may encourage or require their staff, production crew members, or on-screen talent (actors and actresses) to take courses on the Georgia Film Academy Online website. In such conditions, such a partner may request to see course-level reports or reports about an individual’s learning data (e.g. course completion certificates), for individuals who work for that partner. We may provide such a partner with course-level reports or learning data reports about individual learners, but only about individual leaners or groups of learners who work for that particular partner.
Third-party Technology Services Providers:
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Once you leave our course website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.
Links
When you click on links on our course site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
6. Security
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Cookies
We may collect cookies or similar tracking technologies. This means information that our website’s server transfers to your computer. This information can be used to track your session on our website. Cookies may also be used to customize our website content for you as an individual. If you are using one of the common Internet web browsers, you can set up your browser to either let you know when you receive a cookie or to deny cookie access to your computer.
We may use cookies to recognize your device and provide you with a personalized experience.
We may also use cookies to attribute visits to our websites to third-party sources and to serve targeted ads from Google, Facebook, Instagram and other third-party vendors.
We may also use automated tracking methods on our websites, in communications with you, and in our courses and services, to measure performance and engagement.
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Web Analysis Tools
We may use web analysis tools that are built into the Georgia Film Academy or Georgia Film Academy Online websites to measure and collect anonymous session information.
7. Age of Consent
By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence.
8. Changes to this Privacy Policy
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If our site or course is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information email us at [email protected] or by mail at:
The Georgia Film Academy
University System of Georgia,
270 Washington Street, SW,
Atlanta, Georgia 30334
Section 2. Thinkific Website Privacy Policy
Our courses and website are hosted by Thinkific Labs Inc. (“Thinkific”), and we honor the Thinkific Privacy Policy and expect all users, learners, and third parties to also honor the Thinkific Privacy Policy, Thinkific GDPR Data Processing Addendum (DPA), and Thinkific LMS Features for course creators to collect user consent and honor GDPR privacy protections, as detailed at the websites linked immediately below in this section:
https://www.thinkific.com/privacy-policy/
https://www.thinkific.com/dpa/
https://support.thinkific.com/hc/en-us/articles/360030721613-GDPR-Data-Processing-Addendum
https://support.thinkific.com/hc/en-us/articles/360030355694-The-GDPR-and-Course-Creators
Section 3. USG Privacy Policy
Data Privacy Policy and Legal Notice
This Privacy Policy sets forth the University System of Georgia’s (“USG”) policy and legal notice with respect to the gathering and dissemination of information we obtain from you on USG’s website located at usg.edu (“Site”) and with respect to compliance (where applicable) with the European Union’s General Data Protection Regulation (“EU GDPR”).
USG is the operator of this Site, although software, hosting and other functions may be provided by third parties (“Service Providers”). This Privacy Policy and Legal Notice (“Policy”) describes the type of information USG and its Service Providers collect from visitors to this Site, what we do with that information, and how visitors can update and control the use of information provided on this Site.
This Policy does not necessarily describe information collection policies on other sites, such as separate sites operated by our Service Providers that we do not control. Many of the resources linked from this Site are not maintained by USG. USG cannot monitor all linked resources, only those pages that fall directly within USG world-wide web structure. USG is in no way responsible for the privacy practices or the content of these linked resources, and the statements, views, and opinions expressed therein are neither endorsed by nor do they necessarily reflect the opinion of the USG. Any links to non-USG information or resources are provided as a courtesy.
They are not intended to nor do they constitute an endorsement by USG of the linked materials.
This Policy may be changed from time to time and without further notice. Your continued use of the Site after any such changes constitutes your acceptance of the new terms. If you do not agree to abide by these new terms or any future terms, please do not use the Site. This site is not directed to children under 13 years of age, and children under 13 years of age shall not use this Site to submit any personal information about themselves.
Information We Gather
When you visit the Site, we may collect certain routing information, including, but not limited to, the Internet Protocol (“IP”) address of your originating Internet Service Provider (“ISP”), and information provided by “cookies” stored on your hard drive. We may also collect aggregate information about the use of the Site, including, but not limited to, which pages are most frequently visited, how many visitors we receive daily, and how long visitors stay on each page. We may disclose and publish aggregate information on an aggregate basis to any party through any means, but such aggregate information will not disclose any personal information. Any information collected through this Site may also be used in aggregate by system administrators in the administration of the Site. This information helps us understand aggregate uses of our site, track usage trends, and improve our services. You may also be required to provide certain personal information in order to access various features and information on the Site. Such information may include, among other things, your name, address, and phone number. If you do not want to provide such information, you may choose not to access those features of the Site. Any personal information that you choose to provide through the Site will be protected in accordance with the provisions of this Policy.
Cookies
Cookies are small pieces of data that may be stored by a Web browser. Cookies are often used to remember information about preferences and pages you have visited. This information is stored for your convenience and also may be used in the aggregate to monitor and enhance the Site. For example, when you visit some sites on the Web you might see a “Welcome Back” message. The first time you visited the site a cookie may have been set on your computer; when you return, the cookie is read again. You can refuse to accept cookies, can disable cookies, and remove cookies from your hard drive. However, if you do not accept cookies from the Site, you may lose access to the Site or experience decreased performance of the Site.
Security and Accuracy of Confidential Information
USG does its best to ensure that the personal information obtained from you is accurate. You may review the information saved or submitted via the Site at any time up to the point when it is purged from the flat file or database. In the event that there is an error in your personal information, we will correct the information on your request.
We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to our use of the information collected online. While we strive to protect your personal information by encryption and other means, we cannot guarantee or warrant the security of the information you transmit to us, and if you choose to use the Site, you do so at your own risk.
Please keep in mind that the information disclosed by you on our Site in certain forums – for example, information, including personal information, that you may provide to others on bulletin boards, through blogs or in chat rooms that may be available on the Site – can be collected and used by visitors to the Site.
Sharing of Information
USG is committed to maintaining the privacy of your personal information. We do not actively share personal information gathered from the Site. However, there may be some instances in which we will need to do so as required by law (including but not limited to the Georgia Open Records Act), as necessary to protect USG interests, and/or with Service Providers acting on our behalf. USG also complies with the Family Educational Rights and Privacy Act (“FERPA”), which generally prohibits (with some exceptions) the release of education records without student permission. For more details on FERPA, currently enrolled students should see their institution’s specific policies.
Questions
If you have questions about this Policy or you believe that your personal information has been released without your consent or if you wish to correct information held by USG, please contact us at: https://www.usg.edu/contact.
EU GDPR Privacy Notice
Lawful Bases for Collecting and Processing of Personal Data
USG is a system of institutions of higher education involved in education, research, and community development. In order for USG and its institutions to educate its students both in class and online, engage in world-class research, and provide community services, it is essential, necessary, and USG and its institutions have lawful bases to collect, process, use, and maintain data of students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, online, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention. Examples of data that USG and its institutions may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent. Please note that individual USG institutions may have their own EU GDPR privacy notices and policies posted on their websites.
Most of USG’s (including its institutions’) collection and processing of personal data will fall under the following categories:
Processing is necessary for the purposes of the legitimate interests pursued by USG or third parties in providing education, employment, research and development, community programs.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Processing is necessary for compliance with a legal obligation to which USG is subject.
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.
Types of Personal Data collected and why
USG and its institutions receive personal data and special categories of sensitive personal data from multiple sources. Most often, this data comes directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to a USG institution through use of a common application).
Where USG gets Personal Data and Special Categories of Sensitive Personal Data
USG and its institutions receive personal data and special categories of sensitive personal data from multiple sources. Most often, this data comes directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to a USG institution through use of a common application).
Individual Rights of the Data Subject under the EU GDPR
Individual data subjects covered by the EU GDPR(http://www.policylibrary.gatech.edu/legal/eu-general-data-protection-regulation-compliance-policy) will be afforded the following rights:
- information about the controller collecting the data;
- the data protection officer contact information;
- the purposes and legal basis/legitimate interests of the data collection/processing;
- information about who received any personal data;
- if USG or one of its institutions intends to transfer personal data to another country or international organization;
- the period the personal data will be stored;
- the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability;
- the existence of the right to withdraw consent at any time;
- the right to lodge a complaint with a supervisory authority (established in the EU);
- why the personal data are required and possible consequences of the failure to provide the data
- the existence of automated decision-making, including profiling; and,
- if the collected data are going to be further processed for a purpose other than that for which it was collected
Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome. Any data subject who wishes to exercise any of the above-mentioned rights may do so by making such request at [email protected].
Cookies
Please see the description above of “cookies” within the Privacy Policy, which is incorporated and applies equally here in regard to the EU GDPR.
Security of Personal Data subject to the EU GDPR
All personal data and special categories of sensitive personal data collected or processed by USG must comply with USG Cybersecurity Plan, as authorized by the Board of Regents Policy Manual Section 10.4 Cybersecurity: https://www.usg.edu/policies. Anyone suspecting that his or her sensitive personal data has been exposed to unauthorized access, report your suspicion to [email protected]. Otherwise, questions concerning GDPR can be forwarded to [email protected].
We will not share your information with third parties except as necessary to meet one of its lawful purposes, including but not limited to:
- its legitimate interest;
- contract compliance;
- pursuant to consent provided by you;
- as required by law;
- as necessary to protect USG and/or its institutions’ interests; and/or,
- with service providers acting on our behalf who have agreed to protect the confidentiality of the data.
Georgia Open Records Act
As an entity of the government of the State of Georgia, the USG and its institutions are subject to the provisions of the Georgia Open Records Act (ORA) (http://legal.gatech.edu/sites/default/files/images/186385699r1.pdf) except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee.
Data Retention
USG and its institutions keep the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules: https://www.usg.edu/records_management/schedules/.