General Data Protection Regulation Notice

The General Data Protection Regulation (GDPR) applies to users of the California Institute of Technology’s Division of Engineering and Applied Science (EAS) websites who are located in the European Union (EU) or the European Economic Area (EEA) (consisting of the European Union, Iceland, Lichtenstein, and Norway) at the time personal information (Personal Information) is collected. The law sets forth a framework for various individual rights on how Personal Information can be used, processed, transmitted, and protected. EAS is committed to taking reasonable necessary steps to ensure that your Personal Information is protected consistent with GDPR requirements. If you want more in depth detail about the GDPR, you can read the full text of the EU legislation.

Legal Basis

Under the GDPR, EAS is required to have a legal basis for collecting Personal Information from individuals located in the EU and the EEA. The legal basis depends on the circumstances in which we collect and use your Personal Information and is described more fully in the applicable privacy notice. The basis for our processing of your PII will fall into one or more of the following categories:

  • It is necessary to perform and facilitate contractual duties;
  • It is necessary to protect the interests of the data subject or another person;
  • There is a legitimate interest in understanding how our site is being used;
  • There is a legitimate interest in carrying out our business purposes;
  • There is a legitimate interest in cybersecurity;
  • There is a legitimate interest in meeting our obligations and enforcing our legal rights; or
  • You have provided your consent.

International Transfers

Data that you provide to us may be transferred to, and stored at, a destination outside the EU or the EEA. For instance, this happens when it is processed or maintained by staff and/or systems operating in the United States. The information that you provide to us is stored on our secure servers or those of our service providers. We will take reasonable necessary steps to safeguard your Personal Information securely.

Data Retention

We will retain your PII for as long as necessary to meet the uses described in EAS’s applicable privacy notice and in compliance with business requirements and legal document retention obligations. Even where you have exercised one of the rights listed below with respect to your PII, we may have the right to retain your Personal Information for various purposes, including compliance with legal obligations, the performance of tasks carried out in the public interest, archiving purposes in the public interest, scientific or historical research purposes, statistical purposes, or the establishment, exercise, or defense of legal claims.

Your Rights

Website users located in the EU or EEA are provided with the following rights:

  • The right to be informed about the collection and use of your PII;
  • The right to object to the processing of your PII;
  • The right to rectification of any of your PII that is inaccurate or incomplete;
  • The right to request the deletion of your PII;
  • The right to restrict or limit the ways in which we process your PII;
  • The right to transfer or obtain a copy of your PII in an easily accessible format;
  • The right to withdraw consent;
  • The right to withhold consent to automated individual decision-making processes; and
  • The right to complain to a supervisory authority.

Please note that the above rights are not absolute. EAS may be entitled to reject requests where certain exceptions apply. To submit a request, please contact Caltech’s Privacy Manager, Tye Welch, by phone at 626.395.8633 or via email at gdprcaltech.edu.

Caltech Privacy Notices

Caltech, including EAS, has specific privacy notices covering the following:

Contact Information

If you have questions about this privacy notice, Caltech’s policy on Confidentiality of Private Information or other EAS or Caltech privacy notices, Caltech’s privacy practices, or any other aspect of your privacy and the security of your Personal Information, please contact our Privacy Manager at:

Tye Welch
Director of Compliance
Caltech
1200 E California Blvd
Pasadena CA 91125
Phone: 001.626.395.8633
gdprcaltech.edu