You are here

MassBay Community College Data Privacy Policy

GDPR Data Policy for Citizens of European Union - at MassBay

Data Protection statement for those seeking information and/or applying for admission - PDF

Instituted on May 25, 2018

MassBay Community College is committed to protecting your private information on the web. MassBay's website ( and the MassBayGo mobile app is maintained by the Office of Marketing and Communications, in collaboration with the Office of Information Technology.

Any personal information we collect through the college’s website (, the MassBayGo mobile app, or via our third-party vendors, is used solely for internal College purposes, such as responding to your questions or inquiries, sending you information about the College, or gathering attendee information for a College event.

The College may automatically collect non-personal information, such as IP addresses or your geo-location, to collect statistical information about our website and to better understand our website and mobile app users to improve our own processes and outreach to our prospective and current students and other users.

MassBay Community College does not sell or share personally identifiable or confidential user information collected on our website with any third party, unless required to by law.

For additional information, please visit our page on Student Information and Confidentiality Policy.

Data Protection statement for those seeking information and/or applying for admission

This Data Protection Statement (“policy statement”) provides information about why personal information is being requested from you and how it will be used by Massachusetts Bay Community College. This policy statement is provided in compliance with the General Data Protection Regulations (“GDPR”) issued by the European Union (“EU”) and effective on May 25, 2018. The GDPR protects the personal information of EU citizens and residents and provides a single set of rules for international businesses and organizations, including institutions of higher education, that process this data. The GDPR applies exclusively to the processing of “personal information” that is obtained from you while you are physically located in an EU member state, regardless of your nationality or citizenship. The GDPR does not apply to personal information obtained from you when you are located outside of the EU.

  • What is “personal information”? “Personal information” means any information which relates to or identifies you as an individual including, but are not limited to, name, email, phone numbers, IP address, photo, and educational, financial, employment-related, and health data.
  • What does it mean to “process” personal information? Processing is any operation performed on personal information, such as collecting, destroying, recording, organizing, storing, altering, or disclosing.
  • What personal information will be processed? The College will process the information you provide when you request additional information from the College and/or submit your admission application together with the supporting documents requested to complete your application.
  • What is the purpose and legal basis of the processing? The College will process your personal information for the purposes of identifying you, processing your request for information or application for admission, verifying the information provided, reaching an admission decision, and communicating that outcome and/or other feedback.  The College may also process your information for the following statutory obligations, contractual necessity and/or public interest purposes: Admission decisions are made on a case-by-case basis and are not the result of automated decision-making.
    • To confirm immigration status;
    • For affirmative action and equal opportunity monitoring;
    • To prevent or detect fraud or other criminal activity;
    • To confirm elementary and secondary education record;
    • To assist in providing reasonable accommodations for a disability;
    • To provide information as required by applicable law; and
    • For research and statistical purposes, but only in a non-identifiable, aggregate format.
  • Who will process my personal information? For the purposes stated above, during the admission process your personal information will be processed by and shared with the following: The College may subsequently identify other departments or external parties who will process your personal information as you progress through the application process.
    • Admissions Office;
    • Financial Aid Office;
    • International Studies Office;
    • Student Services Office;
    • Registrar’s Office;
    • Disability Services if an accommodation is requested;
    • Institutional Research;
    • Student and Exchange Visitor Program Designated School Official;
    • Governmental bodies when required by law;
    • State authorities in order to perform one or more statutory duties; and
    • Third-parties providing specific services to, or on behalf of, the College.
  • How is my personal information used if I am accepted? Once you are accepted and begin attending the College your personal information is no longer covered by the GDPR. As a student at the College, your personal information shall be processed in accordance with the Family Educational Rights and Privacy Act (“FERPA”), a U.S. federal law.  To learn about your rights under FERPA, please visit If your acceptance to the College is for an on-line course or program only, and you remain in an EU member state while participating in the course or program, the GDPR shall continue to apply to the processing of your personal information.
  • How can I access my personal information? You have the right to access the personal information that is held about you by the College.  You also have the right to ask the College to correct any inaccurate personal information it holds about you. In order to access your personal information, please contact the Office of the Registrar —
  • How long is my personal information kept? The College shall retain and store personal information in accordance with applicable U.S. state and federal law. If you are accepted, your personal information will be kept as part of your student record for the duration of your studies and, where applicable, a prescribed period of time thereafter.  If you are unsuccessful, your information will be normally kept for at least 2 years after the completion of the application process.
  • Who can I contact if I have any questions? If you have any questions about this policy statement, the College’s compliance with the GDPR, or the processing of your personal information, please contact the Office of the Registrar:
    phone: (781) 239-2550 (Wellesley Hills
    fax:  (781) 239-2525 

    phone: (508) 270-4050 (Framingham)
    fax:  (508) 872-4067
  • How do I report a complaint? If you are not happy with the way your information is being handled, or with the response received from the College, please contact:

Marcus Edward
Vice President of Finance and Administration
Records Access Officer
Massachusetts Bay Community College
50 Oakland Street
Wellesley Hills, MA 02481

  •  If the College fails to adequately address your concerns? You have a right to file a complaint with the Massachusetts Department of Higher Education at:

  • Policy Statement updates? This policy statement was issued on May 18, 2018.  It will be reviewed as necessary and at least annually. Any changes to the policy will be posted on this landing page of the MassBay website.