About Your Data
American Councils for International Education: ACTR/ACCELS, Inc., and its affiliated offices around the world (American Councils
, we
, us
, or our
) based at 1828 L Street NW, Suite 1200, Washington, DC 20036-5136, United States of America, would like to inform you about how we may collect, use, and store your personal data.
Applicable Regulation
American Councils respects your privacy and endeavors to adhere to all applicable regulations concerning the processing and free movement of personal data.
For Citizens and Residents of the EEA
American Councils adheres to the GDPR.
For Citizens and Residents of Albania
American Councils adheres to Law no. 9887/2008 of Albania on the Protection of Personal Data, as amended (amended upon Law no.48/2012 and Law no.120/2014) and the relevant secondary legislation approved by the Commissioner for Protection of Personal Data.
For Citizens and Residents of Armenia
American Councils adheres to the Law of the Republic of Armenia Number HO-49-N on Protection of Personal Data adopted on 18 May 2015. / 2015 թվականի մայիսի 18-ին ընդունված «Անձնական տվյալների պաշտպանության մասին» Հայաստանի Հանրապետության օրենքի/ՀՀ-49-Ն.
For Citizens and Residents of Bosnia and Herzegovina
American Councils adheres to the Law on the Protection of Personal Data of Bosnia and Herzegovina and the General Regulation on the Protection of Personal Data of the European Union - GDPR 2016/6795. / Zakonom o zaštiti ličnih/osobnih podataka Bosne i Hercegovine i Općom/Opštom uredbom o zaštiti ličnih/osobnih podataka Europske/Evropske unije- GDPR 2016/679.
For Citizens of Kazakhstan
American Councils adheres to the Law of the Republic of Kazakhstan dated 05/21/2013 No. 94-V On Protection of Personal Data.
/ Қазақстан Республикасының 21.05.2013 жылғы №94-V "Жеке деректермен оларды қорғау туралы" заң.
For Citizens and Residents of Kosovo
American Councils adheres to Law No. 06/L-082 of Kosovo on the Protection of Personal Data, as amended, and relevant secondary legislation.
For Citizens and Residents of Montenegro
American Councils adheres to the Law on Personal Data Protection of Montenegro (Official Gazette of Montenegro No. 79/08 of 23.12.2008, 70/09 of 21.10.2009, 44/12 of 09.08.2012, 022/17 of 03.04.2017). / Zakonom o zaštiti podataka o ličnosti Crne Gore ( Sl. list Crne Gore br. 79/08 od 23.12.2008, 70/09 od 21.10.2009, 44/12 od 09.08.2012, 022/17 od 03.04.2017).
For Citizens and Residents of North Macedonia
American Councils respects your privacy and adheres to the Law on Personal Data Protection of the Republic of North Macedonia and the General Data Protection Regulation (EU) 2016/679 / Законот за заштита на лични податоци на Република Северна Македонија и Општата регулатива на ЕУ за заштита на податоци (ЕУ) 2016/679.
For Citizens and Residents of Serbia
American Councils adheres to the Law on Personal Data Protection (Official Gazette of RoS,
No. 87/2018) / Zakon o zaštiti podataka o ličnosti Republike Srbije (Sl. glasnik RS
, br. 87/2018) (Law on Personal Data Protection of Serbia
).
For Citizens and Residents of Taiwan
American Councils adheres to the Personal Data Protection Act 2015 of Taiwan, as amended.
What Is the Legal Basis for Collection, Use, and Storage of Personal Data?
American Councils uses explicit consent under applicable regulations to process personal data.
For Citizens and Residents of the EEA
The applicable regulations are article 6(1)(a) of the GDPR and, for health-related data, article 9(2)(a) of the GDPR.
For Citizens and Residents of Serbia
The applicable regulations are articles 15 and 17 of the Law on Personal Data Protection of Serbia.
Who Will Have Access to the Data?
We may share your personal data with various American Councils' offices, affiliated organizations, and third-party business partners. Our third-party business partners may include program funders, service providers, and others located outside of the EEA or your country, in the United States of America, and throughout the world that work with us to deliver American Councils-related programs and services to you. All third-party business partners that we share your personal data with are expected to comply with applicable regulations and privacy requirements. We strive to ensure that such third parties will only share this information with other organizations or individuals that are working with them to deliver American Councils-related programs and other services.
What Risks May I Have if My Personal Data Is Sent Outside the EEA or My Country?
Different laws and legislation exist on personal data protection and information security outside the EEA and your country. There is a chance that your personal data will be requested by government authorities. This may have consequences for the protection of your personal data. The U.S. Government may, for example, invoke laws and legislation to oblige American Councils to provide access to the personal data of the program.
Some U.S. Government Laws and Legislation Related to Personal Data Protection and Information Security
| Legislation | Risks |
|---|---|
|
CLOUD Act (in force since 23-Mar-2018) |
Despite being American legislation, the CLOUD Act may affect European citizens. Under this law, companies may be obliged to provide information about non-U.S. citizens directly to the U.S. Government. In order to increase your privacy, only coded data will be sent and all data is encrypted in transit and at rest. |
|
PRISM (in force since 2007) |
PRISM is a digital program that can collect personal data from large U.S. Internet companies. It is a tool that analyses data to find irregularities about a certain person. It is also used to collect data about people outside the U.S. In order to increase your privacy, only coded data will be sent and all data is encrypted in transit and at rest. |
|
USA Freedom Act (in force since 2015) |
Under certain circumstances, U.S. authorities have access to personal data stored outside the U.S. This must concern a U.S organization. In order to increase your privacy, only coded data will be sent and all data is encrypted in transit and at rest. |
Foreign Intelligence Surveillance Act (FISA) Section 702 |
Under certain circumstances, U.S authorities have access to information concerning the conduct of the foreign affairs of the U.S. Under this law, U.S authorities may require electronic communication service providers to give information, facilities, or assistance, as required. In order to increase your privacy, only coded data will be sent and all data is encrypted in transit and at rest. |
How Long Will the Data Be Stored?
Your personal data will be retained by American Councils as referenced in our Data Retention Policy. Unidentifiable statistical data regarding you may be retained indefinitely.
American Councils' Retention Policies for Prospective Program Applicants
| Record Type | Must Keep For | Must Delete After |
|---|---|---|
| Applicant Data (Statistical) | Forever | Never |
| Applicant Data | Six (6) Months | One (1) Year After Application Deadline |
| Participant Records (Statistical Data and Grades) | Forever | Never |
| Participant Records | Six (6) Months After the Completion of the Program | One (1) Year After the Completion of the Program |
Your Options Regarding the Use of Your Personal Data
You have various options regarding the use of your personal data. For Citziens and Residents of the EEA, these are your various rights under the GDPR. For Citizens and Residents of Serbia, these are your various rights under the Law on Personal Data Protection of Serbia.
Withdraw Consent for the Use of Your Personal Data
You can always withdraw your consent for the use of your personal data. This applies to this program and also to the storage and use of these personal data for future use, such as for alumni purposes. Apart from the personal data we are obliged to store in compliance with legal obligations, your personal data will be deleted or anonymized after you have withdrawn your consent for the use of your personal data.
For Citizens and Residents of Serbia: Withdrawal of consent shall not affect the permissibility of processing based on consent before its withdrawal.
Access Your Personal Data
You can always access the personal data we, or parties using personal data about you on our behalf, have about you. You will then, within one (1) month, receive an overview of all the personal data we have about you, together with an explanation of why we keep those.
Have Personal Data Amended
If personal data used by us, or by parties using personal data on our behalf, are incorrect or incomplete, you can submit a request to have these personal data updated.
Have Personal Data Deleted
In some cases, you can ask to have personal data deleted. For example, this can be done if personal data is no longer needed for the program, if you withdraw your consent, if your personal data is being wrongly used or if your personal data needs to be deleted because of a legal obligation we need to comply with.
Stop the Use of Personal Data
You can always stop the use of your personal data. You may, for example, make a request to have your personal data amended if your personal data is being wrongly used, but you do not (yet) want your personal data to be deleted, or for defense of your legal rights.
Have Your Personal Data Transferred
You can always request transfer of your personal data to another organization.
Object to the Use of Your Personal Data
In some cases, you can object to the use of personal data.
For Citizens and Residents of Serbia: File a Complaint with the Data Protection Authority
For Citizens and Residents of Serbia: You can file a complaint with the Office of the Commissioner for Information of Public Importance and Personal Data Protection of Serbia (see contact information below.)
Making a Request or Asking a Question
If you want to exercise any of the options above, you need to submit a request. You can do this by contacting American Councils via the contact details listed below. You will receive a response within 30 days. For Citizens and Residents of the EEA: You may also ask questions related to your GDPR rights.
By Postal Mail:
Chief Information OfficerAmerican Councils for International Education
1828 L St NW Ste 1200
Washington DC 20036-5136
United States of America
By Email:
privacy@americancouncils.orgAdditionally, contact information for American Councils' affiliated offices around the world, including in the EEA, can be found at:
https://www.americancouncils.org/field-officesContacting the Relevant Data Protection Authority
If you have contacted American Councils and are not satisfied with how your complaint has been handled, then you can also contact the Data Protection Authority in your country, if one exists.
For Citizens and Residents of the EEA
You can find the relevant name and contact details under: https://edpb.europa.eu/about-edpb/about-edpb/members_en
For Citizens and Residents of Serbia
You can contact the Office of the Commissioner for Information of Public Importance and Personal Data Protection at office@poverenik.rs and +381 11 3408 900. Additional information can be found at: www.poverenik.rs/sr-yu/naslovna.html
Last updated: August 2023