Learn how Cecil College protects your personal information. Review our privacy practices, data collection policies, and your rights as a student, visitor, or website user.
Cecil College Privacy Notice
This Privacy Notice ("Notice") applies to the personal information that Cecil College ("Cecil", the "College", "we", "us", or "our") collects when you visit our main website (www.cecil.edu), other official Cecil web properties that link to this Notice, our mobile applications, and through digital communications such as email subscriptions and online forms (together, the "Sites").
This Notice explains the types of personal information we may collect, how we use that information, when and why we may share it with others, the steps we take to protect it, and your rights and choices regarding your personal data. It also outlines how you can contact us with questions about our privacy practices.
Our privacy practices are designed to comply with applicable laws and may vary depending on the jurisdiction in which you access our services. This Notice does not apply to information collected from or about current or former College employees, contractors, or student workers in the context of their employment or official capacity, unless specified otherwise. It also does not apply to the privacy practices of third-party websites that may be linked from our sites. We encourage you to review the privacy policies of those third-party websites separately.
I. Information We Collect
Cecil may collect personal information from you when you visit our websites, use our services, communicate with us, or participate in College programs and activities. This information may be collected directly from you, automatically through your interaction with our systems, or from third parties acting on your behalf (such as educational platforms or application services).
The types of personal information we collect include, but are not limited to:
-
Information You Provide Directly
- Contact information such as your name, mailing address, email address, and phone number.
- Login credentials including usernames and passwords associated with your College account.
- Academic details, including application materials, enrollment status, course schedules, grades, transcripts, and degrees earned.
- Financial information such as tuition payments, financial aid details, scholarships, billing, and tax documentation.
- Employment-related data for faculty, staff, and student workers, including resumes, performance reviews, and benefit selections.
- Health or accessibility information voluntarily shared for services such as disability accommodation or health-related campus requirements.
- Communications and inquiries submitted through forms, surveys, emails, or direct messages.
-
Information We Collect Automatically
- IP address, browser type, operating system, and device identifiers.
- Dates and times of your visits, and pages or services accessed.
- Clickstream data and usage logs that help us understand user behavior and improve services.
- Geographic location inferred from IP address or mobile device settings, where permitted.
-
Information from Third Parties
- Data provided by educational technology vendors, financial aid processors, or testing services when you apply or enroll.
- Information from background checks or identity verification services where required.
- Public records or information obtained through government or legal channels when relevant to compliance.
This information helps Cecil College deliver academic and administrative services, comply with legal obligations, enhance user experiences, and protect the security of our digital environments.
II. How We Use Your Information
We use your personal information to conduct Cecil College’s educational mission and provide services supporting your experience as a student, employee, or visitor. The specific ways we use your information include:
| Categories of Personal Information we collect | We may collect this Personal Information from or about you when… | We collect this Personal Information so that we may… | Types of third parties that may receive this Personal Information |
|---|---|---|---|
| Identification & Contact Info | You apply for employment or enroll as a student | Verify identity, communicate, and onboard | HR systems, payroll processors, benefits providers |
| Employment Application Data | You submit a job application | Evaluate candidates and make hiring decisions | Hiring platforms, HR systems |
| Employee Relations & HR Admin | You are employed and undergo performance evaluations or HR actions | Manage performance, resolve disputes, ensure compliance | HR systems, executive HR leadership |
| Government & Legal Compliance | You provide documentation for employment eligibility | Comply with federal and state regulations | Government verification systems, legal compliance platforms |
| Financial & Banking Data | You enroll in payroll or benefits | Process payroll and manage deductions | Financial institutions, retirement plan administrators |
| Benefits Enrollment & Administration | You enroll in health or other benefit plans | Administer employee benefits | Insurance providers, benefits platforms |
| Technology & System Access | You are granted access to institutional systems | Manage access to IT systems and ensure security | IT administrators, system access platforms |
| Training & Compliance Tracking | You are assigned mandatory training | Track compliance with safety and regulatory requirements | Training vendors |
| Payroll & Tax Reporting | You receive compensation or benefits | Report income and manage tax obligations | Tax authorities, retirement plan administrators, auditors |
| Termination & Offboarding | You leave employment | Close accounts, deactivate benefits, document exit | HR systems, IT administrators, retirement vendors |
| Admissions | You apply to the college | Evaluate eligibility and process applications | Admissions systems, reporting tools |
| Records & Registration | You register for courses or submit academic records | Manage enrollment and academic progress | Academic departments, registrar systems |
| Procurement | A department requests goods or services | Purchase and pay for goods/services | Financial systems, procurement platforms, vendors |
| Accounts Payable | A vendor submits an invoice | Process payments and maintain financial records | Payment processors, financial institutions |
| Bursar's Office (AR) | You make tuition payments or receive aid | Track payments and managing student accounts | Loan services, financial aid systems |
| Finance & Administration | Financial records are created or audited | Oversee budgets, manage grants, ensure compliance | Auditors, banks, grant agencies |
| Student Services | You access health, wellness, or academic support | Support student well-being and academic success | Health providers, academic support platforms |
| Data Analytics & Reporting | You complete surveys or interact with systems | Analyze trends and support decision-making | Analytics platforms, internal reporting tools |
| Financial Aid | You apply for financial aid | Determine eligibility and disburse funds | Federal and state aid agencies, scholarship platforms |
| Learning Management Systems | You participate in courses | Deliver instruction and track academic progress | Learning management systems, educational tool providers |
| Continuing Education & Workforce Development (CEWD) | You register for CEWD programs or submit payments | Manage enrollment and process payments | Workforce systems, financial systems, grant agencies |
Cecil does not use personal information to make automated decisions that have legal or similarly significant effects on individuals. Should such technology be used in the future, it will be subject to appropriate safeguards and transparency measures.
We only use your personal information for purposes consistent with this Notice unless we obtain your consent or are otherwise permitted or required by law.
III. When We Share Your Information
We may share your personal information with third parties in limited circumstances, when necessary to fulfill the purposes outlined in this Privacy Notice or as required by law. These disclosures are governed by confidentiality agreements and applicable regulations designed to protect your information.
We may share your information with:
-
Service Providers and Vendors: We may share your information with trusted vendors who provide services on our behalf, such as:
- Cloud storage and IT infrastructure providers.
- Learning management systems and educational platforms.
- Payment processors and billing services.
- Software providers for communications, accessibility tools, and analytics.
- These third parties are only permitted to use your information to perform specific tasks and are required to protect your data in accordance with our contracts and privacy standards.
-
Legal and Regulatory Bodies: We may disclose your information to government agencies, regulators, law enforcement, or courts when:
- Required by federal, state, or local law.
- Responding to subpoenas or legal requests.
- Cooperating with audits, investigations, or legal claims.
-
Academic or Strategic Partners: We may share data with accredited academic institutions, research organizations, or educational partners to support collaborative programs, transfers, or articulation agreements, provided appropriate data use agreements are in place.
-
Emergency Situations and Safety: Your information may be shared with emergency responders or relevant officials to protect your health, safety, or the security of the Cecil community.
We do not sell or rent your personal information to third parties for marketing or commercial purposes, but it may be shared anonymously for gathering certain statistics or metrics. All disclosures are limited to what is necessary and are done with your privacy and security in mind.
IV. Your Privacy Rights
Depending on the laws that apply to you, you may have several rights regarding your personal information. These may include the right to:
- Access the personal information Cecil holds about you.
- Correct or update inaccurate or incomplete information.
- Request the deletion of information no longer necessary for College purposes.
- Restrict or object to certain types of data processing, including use for communications.
- Withdraw any consent you have previously provided.
- Receive a copy of your data in a structured, commonly used format (data portability).
You may exercise these rights through official Cecil channels, from www.cecil.edu or by emailing mpia@nullcecil.edu. To help protect your information, we will ask you to verify your identity before processing your request.
If you authorize someone else to act on your behalf, we will request written documentation of that authorization.
Please note that certain requests may be limited by applicable legal or institutional recordkeeping requirements.
V. How We Protect Your Information
Cecil takes the security of your personal data seriously. We use a layered approach that includes administrative, technical, and physical safeguards designed to protect your information against unauthorized access, use, or disclosure.
Some of the safeguards we use include:
- Limiting access to systems and data to authorized users only.
- Encrypting sensitive information during transmission and storage.
- Using secure login and authentication tools.
- Regularly monitoring network activity to detect and prevent threats.
- Conducting periodic staff training on data privacy and security best practices.
In the event of a data breach, Cecil follows established response procedures and may notify affected individuals in accordance with applicable laws and College protocols.
VI. Children’s Privacy
Cecil websites and services are primarily intended for individuals aged 13 and older. We do not knowingly collect or solicit personal information from children under the age of 13 without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA).
If you believe that we may have collected personal data from a child under 13 without appropriate consent, please contact us immediately. We will take steps to investigate the concern and delete the information as required.
Some academic programs or campus events may involve children or minors in educational activities, summer camps, or dual enrollment. In such cases, the College follows additional safeguards, permission forms, and data handling protocols in accordance with legal and institutional requirements.
VII. Cookies and Tracking Mechanisms
When you visit College websites, we may use cookies and similar tracking technologies to help operate our sites and improve your experience. Cookies are small text files placed on your device that help websites recognize your device and remember certain information about your visit.
We use cookies and other tracking tools to:
- Ensure secure and reliable access to your Cecil accounts and online tools.
- Enable functionality such as course registration, financial aid services, or learning platforms.
- Understand how visitors use our websites so we can improve navigation, content, and performance.
- Potentially perform targeted advertising to visitors.
- Monitor website traffic and troubleshoot technical issues.
Some cookies are essential to the functioning of our services, while others are used to gather aggregated analytics or support accessibility features. We do not use cookies to serve targeted advertising or track users for commercial profiling.
You can control cookie settings through your browser preferences. Most browsers allow you to block or delete cookies, though some features on College websites may not work properly without them.
In compliance with applicable laws, we honor browser enabled "Do Not Track" (DNT) and Global Privacy Control (GPC) signals where supported. These signals indicate a user’s preference to opt out of certain types of data tracking.
For more information about how cookies work and how to manage them, visit the help section of your web browser or consult third-party cookie management tools.
VIII. How Long We Keep Your Information
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, including academic, administrative, legal, and compliance-related functions. The specific retention period may vary depending on the type of information and applicable regulatory or policy requirements.
For example:
- Student records are maintained according to academic and accreditation standards.
- Employment records are retained in accordance with labor laws and College HR policies.
- Financial records follow retention periods defined by tax and audit regulations.
When information is no longer needed, we securely delete, anonymize, or archive it using methods designed to protect confidentiality and prevent unauthorized access. We periodically review our data holdings and retention schedules to ensure compliance with applicable law and best practices.
IX. Changes to this Notice
Cecil may update this Privacy Notice periodically to reflect changes in our practices, legal requirements, or the services we provide. Any material updates will be posted on this page along with the effective date.
If significant changes are made that affect how we handle your personal information, we will make reasonable efforts to notify you in advance, such as by posting a notice on our website homepage, sending an email, or other appropriate means.
We encourage you to review this Notice regularly, so you stay informed about our privacy practices.
X. Contact Us
If you have any questions, would like to make a complaint, voice a concern or have questions about College privacy practices, please contact:
Cecil College
Email: mpia@nullcecil.edu
Phone: (410) 287-1054
Cecil College GDPR Statement
This notice provides certain required information to persons located in the European Union ("EU"), a European Economic Area ("EAA") member state, or Switzerland. Before Cecil College collects any personal information from you, you are entitled to information under Regulation (EU) 2016/679 (commonly known as the EU General Data Protection Regulation, or the "GDPR").
Purposes and Legal Basis for Processing Personal Information
Cecil College will only process your personal information for lawful purposes under the GDPR related to Cecil College’s business and educational purposes and arising from your relationship with Cecil College. Cecil College will collect and process your personal information for the purposes of identifying you, processing your request for information or application for admission, verifying the information provided, reaching an admission decision, and communicating that outcome and/or other feedback. The College may also process your information for the following statutory obligations, contractual necessity and/or public interest purposes: for affirmative action and equal opportunity monitoring; to prevent or detect fraud or other criminal activity; to confirm elementary and secondary education record; to assist in providing reasonable accommodations for a disability; to provide information as required by applicable law; and for research and statistical purposes, but only in a non-identifiable, aggregate format, or where the College has a legitimate interest in doing so. When Cecil College cannot rely on either of such legal grounds, it will seek your prior consent.
"Personal information" means any information which relates to or identifies you as an individual including, but are not limited to, name, email, phone numbers, IP address, photo, and educational, financial, employment-related, and health data.
Processing is any operation performed on personal information, such as collecting, destroying, recording, organizing, storing, altering, or disclosing.
For the purposes stated above, during the admission process your personal information will be processed by and shared with the following:
- Admissions Office;
- Financial Aid Office;
- Student Affairs Office;
- Registrar’s Office;
- Access and Disability Resources if an accommodation is requested;
- Data Analytics & Reporting;
- Student and Exchange Visitor Program Designated School Official;
- Governmental bodies when required by law;
- State authorities in order to perform one or more statutory duties; and
- Third-parties providing specific services to, or on behalf of, the College.
Once you are accepted and begin attending the College your personal information is no longer covered by the GDPR. As a student at the College, your personal information shall be processed in accordance with the Family Educational Rights and Privacy Act ("FERPA"). If your acceptance to the College is for an on-line course or program only, and you remain in an EU member state while participating in the course or program, the GDPR shall continue to apply to the processing of your personal information.
Rights of Residents of the European Union (EU)
If you use the College website and reside in the EU, EAA, or Switzerland, you are entitled by law to access, correct, amend, or delete personal information about you that we hold. A list of these rights is below. Please note that these rights are not absolute and certain exemptions apply.
- The right to access. You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we collect and process. When making a request, please provide an accurate description of the personal information you want access to.
- The right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- The right to erasure. You have the right to ask us to erase your personal information in certain circumstances, including: (i) when your personal information is no longer necessary for the purposes for which it was collected or processed, or (ii) your personal information must be erased to comply with a legal obligation in EU Union or Member State law.
- The right to restrict processing. You have the right to ask us to restrict the processing of your personal information in certain circumstances, including: (i) when the accuracy of the personal information is brought into question, or (ii) when we no longer need the personal information for purposes of the processing but you require such personal information for the establishment, exercise, or defense of a legal claim.
- The right to object to processing. You have the right to object to processing of your personal information.
- The right to data portability. You have the right to ask that we transfer the personal information you gave us from one organization to another, or give it to you.
- The right to lodge a complaint with the supervisory authority. If you believe your rights under the GDPR have been violated, the GDPR gives you the right to file a complaint with the supervisory authority. A list of Supervisory Authorities is available here: https://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- Other. You are afforded any additional rights, not otherwise specified herein, by the GDPR.
To exercise these rights please contact us at mpia@nullcecil.edu. For your protection, we may need to verify your identity before responding to your request. In the event that we refuse a request under rights of access, we will provide you a reason as to why.
Right to Withdraw Consent
If Cecil College obtains your written consent to collect and process your personal data, you can subsequently withdraw such consent as to any further processing of such data by contacting us at mpia@nullcecil.edu.
Cross-Border Transfers of Personal Information
Personal information that you provide while in the EU, an EAA member state, or Switzerland will be transferred to the United States. The GDPR permits such transfer when necessary for the performance of a contract between you and Cecil College, if Cecil College obtains your explicit consent to such transfer, or if it is Cecil College’s legitimate interest to transfer the personal information. The laws in the United States may not be as protective of your privacy as those in your location. However, when transferring personal information to and processing personal information in the United States, Cecil College will implement appropriate safeguards and process the personal information in accordance with the terms of this Privacy Policy. By using our website, you agree to the transfer and processing of your personal information to the United States.
Retention of Your Personal Information
We will retain your personal information until the personal information is no longer necessary to accomplish the purpose for which it was provided. We may retain your personal information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations, to protect you, other people, and us from fraud, abuse, an unauthorized access, as necessary to protect our legal rights, or for certain business requirements.