PERSONAL DATA PROTECTION POLICY AT FSU PANAMA - Last Updated September 2022
INTRODUCTION AND OVERVIEW
At Florida State University, Republic of Panama Campus (FSU Panama), we understand that privacy is an important issue for our program applicants, students, employees and contractors. We take our role in protecting your privacy seriously: the following paragraphs outline our policies for doing so. Our Policy covers the treatment of all personal information that we collect when you interact with our websites and databases, submit information through our forms, and/or participate in our academic programs.
FSU Panama (referred to as "we," "us," "our" or "the company") adheres to the Personal Data Protection Law 81 (March 26, 2019) of the Republic of Panama. Law 81 is a data privacy law. Its purpose is to protect the data privacy rights of citizens in Panama and/or the personal data of individuals that is stored in Panama. The Constitution of the Republic of Panama protects personal information, and it recognizes that every individual has a right of access to his/her personal information. Additionally, the disclosure of personal information without consent is prohibited by the Panamanian Criminal Law. The Data Protection Law (Law 81 of March 26, 2019) establishes the principles, rights, obligations, and procedures that regulate the protection of personal data in the Republic of Panama for natural and legal persons.
LAW 81 of MARCH 26, 2019
The data protection principles that govern the protection of personal data under the Law No. 81 on Personal Data Protection 2019 include:
- The principle of loyalty
- The principle of purpose
- The principle of proportionality
- The principle of truthfulness
- The principle of data security
- The principle of transparency
- The principle of confidentiality
- The principle of lawfulness
- The principle of data portability.
Under Law No. 81 on Personal Data Protection 2019, you are guaranteed a variety of rights as it pertains to the protection of your personal data. These rights include:
- The right to be informed - Data subjects have the right to request that a data controller provide said data subjects with any personal data concerning them, without charge, for a period of ten days.
- The right to access - you have the right to access any personal data that a data controller may hold about you.
- The right to rectification - you have the right to request that a data controller rectify any personal data that is found to be false, inaccurate, outdated, irrelevant, incorrect, or non-appropriate,
- The right to erasure - you have the right to request that a data controller erase personal data pertaining to you on the grounds of well-founded and legitimate reasons.
- The right to object or opt-out - you have the right to refuse to provide data controllers with personal data concerning, as well as revoke any consent they may have previously given to said data controllers.
- The right to data portability - you have the right to obtain a personal copy of your personal data in a generic, structured manner in a commonly used format, that may allow for transmission or management to another custodian.
- The right to not be subjected to automated decision making - you have the right to not be subject to decision making based solely on the automated processing of their personal data, if said automated processing could produce a negative legal effect.
You may exercise these rights by contacting FSU at: ROP-Law81@fsu.edu or +507-317-0367. Questions of grievance are addressed further on in this policy.
As an educational institution, FSU may collect your personal data in several ways, including but not limited to the following examples:
- When you interact with FSU before applying or enrolling, for example when you express your interest in studying at the Republic of Panama Campus,
- When you apply for admission to FSU, or otherwise provide FSU with Information in your application for admission,
- When you complete enrollment with FSU,
- When you communicate with FSU faculty, staff, and administrators by telephone, email, text message, or use FSU websites and services,
- When you voluntarily participate in an FSU research study, FSU may collect statistics about the behavior of study participants and website traffic and may display non-personally identifiable information publicly or provide it to others for research and publication purposes; and
- From third parties, for example from your previous or current school, from testing agencies, or from employers or other individuals who may provide a reference about you.
We collect two types of information: personal information that you provide to us and non-personal information automatically collected through automated means.
Generally, and wherever possible, personal information is collected directly from you, through the application or other forms, although there may be occasions when information is collected from third parties, such as host or partner universities or a publicly maintained record.
As part of the application or inquiry process, FSU collects information from or about you including but not limited to the following:
- Your name, address, phone number, email address, and date of birth.
- FSU may also assign you a unique student identification number.
- Your telephone number for texting and email address for communications should you inquire into FSU programs and services.
- Education and employment history, such as the schools you have attended, places you have worked, courses completed, grades, standardized test scores, and other Information in your student record.
- Information about your family, academic and extracurricular interests and, with respect to financial aid, financial details. For purposes of this Privacy Notice, Information refers to all Information other than Sensitive Information that you have provided to the admissions office in your application.
As part of the application process, FSU may also collect Sensitive Information from or about you. For purposes of this Privacy Notice in accordance with Law 81, Sensitive Information is defined as the following:
- Race or ethnic origin,
- Political opinions,
- Religious or philosophical beliefs,
- Union membership,
- Data concerning health or sex life and sexual orientation,
- Criminal convictions, and
- Genetic or biometric data.
When you access our website, information of a general nature is automatically recorded. We use web analytics tools that rely on cookies, web beacons, and other automated tracking technologies to help us analyze how users interact with our website, how we can improve our website, how we can personalize your website experience and provide you with information we believe may be of interest to you. This information does not individually identify you as a person. Anonymous information of this kind is statistically evaluated by us to optimize our Internet presence and the underlying technology.
Non-personal information that we might collect automatically includes:
- The type of web browser you are using
- The operating system you are using
- The domain name of your Internet service provider.
Our website uses third party tracking technologies like Google Analytics and Google Conversion Tracking. In both cases these technologies rely on the use of "cookies" and "web beacons." A cookie is a small amount of data which is sent to your browser from a web site"s computers and stored on your computer"s hard drive. Most browsers automatically accept cookies as the default setting. You can modify your browser setting to reject our cookies or to prompt you before accepting a cookie by editing your browser options. However, if a browser is set not to accept cookies or if a user rejects a cookie, some portions of the website and services may not function properly. A web beacon is an electronic image, also called a "gif," that may be used on our web pages to deliver cookies, count visits and compile statistics on usage and campaign effectiveness or in our emails to tell if an email has been opened and acted upon.
To better understand how Google may use the information collected through Google Analytics to evaluate Users" and Visitors" activity on our Site see Google Analytics Privacy and Data Sharing. You can obtain more information about cookies by visiting http://www.allaboutcookies.org
As stated above (The Information We Collect), we collect your information for:
Operations: To operate, maintain, enhance and provide all features of our programming to provide the services and information that you request and for which you contract. To operate and manage all features of the company to provide the services and information you would reasonably expect as an employee, worker or contractor.
Improvements: We use the information, other than your Data, to understand and analyze the usage trends and preferences of our visitors and users, to improve our products, services, website, and to develop new products, services, features, and functionality.
Communications: For administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations, or defamation issues related to the customer Data or Personal Data posted on the Service or to provide updates on promotions and events, relating to products and services offered by us and by third parties with whom we work.
We do not sell, rent, trade or share any information gathered with any other companies or third parties who are not directly involved in our operation or in the delivery of your program. This information is used only internally by university administrators so that they may better understand your needs and provide a better service.
Data transfer is allowed if the university or the country has comparable data security measures and standards in place, or if the place where the data is being transferred to adopts all the necessary steps to protect and meet the applicable international standards of data protection. For transfer of data the motive must be made clear, you should be notified of the transfer, the maximum amount of time that the data will be used and how they will be destroyed must be made clear. Data can only be used for the reason it was initially collected. Sensitive data cannot be transferred unless you have given express consent to do so, or it is necessary for the safeguard of your life (if you cannot expressly give consent).
As a rule, the university will not use or disclose personal information unless it is reasonably necessary and/or the person about whom the information relates is aware of and has consented to, the use or disclosure of their information. Personal information may be disclosed where an individual has consented to the disclosure, or when the disclosure is done in the best interest of the individual such as the case of a medical emergency, a serious and imminent threat to a person"s life, health or safety, a requirement under law, or authorized by law, or a requirement for an enforcement body. The university establishes contracts with third party organizations affirming that they will also uphold and abide by the same regulations and principles.
KEEPING YOUR INFORMATION SECURE
The university takes all reasonable and appropriate measures to protect your data from unauthorized access, disclosure, loss, use, modification, or other misuse. Moreover, the university also consistently destroys hard copies of personal information that is no longer required; this destruction is undertaken by secured means. Your personal information is contained behind secured networks (i.e. HTTPS) and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology by a third party.
The company will take reasonable steps to ensure that personal information is accurate. To aid this, you may request to see and correct any mistakes present in your record. Additionally, provided there is no legitimate business interest relating to the purpose for which they were collected or otherwise processed or legal requirement, you have the right to request that your personal details are removed from our records.
Such requests need to be made to our Data Protection Officer, who then will investigate the validity of the request and shall proceed to take all reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
Requests for removal will not be honored in the cases of the following:
- The removal impinges on the "right of freedom and expression"
- Removal will not allow for the delivery of contractual services, including pastoral care
- There is a corresponding legal obligation which requires processing or holding of financial, medical, housing or judicial records
- Reasons of public interest in the area of public health
- For archiving purposes in the public interest, scientific, historical research, or statistical purposes
- For the establishment, exercise or defense of legal claims
You may opt out of receiving promotional emails or text messages from us at any time by following the instructions in those emails or text messages. If you opt out, we may still send you non-promotional communications, such as messages about your account, or our ongoing employment or business relations, as well as emergency communications regarding our company operations and academic or professional development programs.
The "Autoridad de Transparencia y Acceso a la Información" (ANTAI) with the aid of "la Autoridad Nacional para la Innovación Gubernamental" (AIG) are the supervising authorities under Panamanian Law. The ANTAI regulates the procedures to attend to claims of violations or infractions.
Infractions of any of the stated obligations in the law must be made known to ANTAI, who will then apply the corresponding sanctions unless the infraction that was made corresponds to another public entity. Infractions are categorized as either light or grave infractions and are handled according to their level or severity as stated in the law. The ANTAI also has the power to order both data controllers and processors to cease their operations, should they violate the law repeatedly.
If an individual believes that their personal information has not been dealt with in accordance with the university"s policies or applicable laws and regulations, they may lodge a complaint to the Data Protection Officer in writing via email listed below. Acknowledgement will be made within 7 working days of receiving the complaint and a response provided within 30 days.
For any questions regarding the university"s compliance of personal information privacy requirements, or to request removal of personal data, please contact our Data Protection Officer at the Republic of Panama Campus.
The Data Protection Officer at FSU Republic of Panama Campus is
Alexandra Anyfanti, Ed.D.
Florida State University
Republic of Panama Campus
Jacinto Palacios-Cobos St.
City of Knowledge
Panama, Republic of Panama
Tel: + 507 317 0367 ext. 238