Skip to main content

Cornell Center for Sustainable Global Enterprise Sustainable Tourism Asset Management Program Privacy Policy

Introduction

These privacy disclosures along with eCornell’s privacy policy (“Disclosures”) provide information concerning Cornell’s collection and use of data about individuals located in a Relevant Country (as defined below) when you apply for financial support for the Sustainable Tourism Destination Management eCornell course. Your Personal Data is used by the Sustainable Tourism Asset Management Program for the purpose of evaluating your qualification for related course fee discounts and by eCornell for providing you with online education and providing a certificate of completion.

For purposes of these Disclosures,

  • “Personal Data” means information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, by use of any identifier or characteristic specific to that individual.
  • “Relevant Law” means any non-U.S. jurisdiction’s personal data protection law that applies to the processing of Personal Data by Cornell.
  • “Relevant Country” means a country which has enacted a Relevant Law.
  • “In-scope Processing” means the collection, use, handling, processing or sharing of Personal Data by Cornell when those activities are within the scope of any Relevant Law.

Please note that these Disclosures apply only to In-scope Processing, and that, depending on the situation, some of the Cornell activities described below may, in the given case, not constitute In-scope Processing as that term is used in these Disclosures.

Please carefully read and understand these Disclosures before applying for the Course or related course fee discount, and contact us using the details at the bottom of these Disclosures if you have any questions or concerns about the manner in which your Personal Data is processed.

Types of Personal Data Cornell May Collect About You

We collect and process the following information, which is provided to us directly from you:

  • Name and contact details (for example, name, email, and place of residence)
  • Employment information (for example company name, email, job description, position/title, education, resume (file-upload))
  • Optional demographic information (age, race, ethnicity, gender identity)

In addition, our application software collects the IP address and date and time of application submission indirectly.

 

How Cornell May Use Your Personal Data

We use your Personal Data for the following reasons:

  • To evaluate your eligibility for financial support to take the Sustainable Tourism Destination Management course at no cost.
  • To register you for the Sustainable Tourism Destination Management course.
  • To communicate with applicants regarding the status of their application.
  • To communicate with accepted applicants about additional related opportunities through the Sustainable Tourism Asset Management Program.
  • To inform outreach to attract a diverse applicant pool.

We may share your Personal Data with internal application evaluators.  Name and email address are shared with eCornell to register students for the course, and will be handled in accordance with eCornell’s privacy policy.  Aggregated and anonymized demographic data may be shared with funders The Travel Foundation and Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ).  If you give consent, we will retain name and email address to inform you of future educational opportunities.

We process your Personal Data for the purposes described above, consistent with the legal bases recognized by the Relevant Law in each Relevant Country, which may, include, for example:

  • To pursue our legitimate interests (for example, providing educational offerings and course fee discounts);
  • To process transactions requested by you and meet our contractual obligations (for example, registering you for an online education course);
  • As necessary for compliance with a legal obligation; or
  • On the basis of your consent, where applicable. You are able to remove your consent at any time. You can do this by contacting the Sustainable Tourism Asset Management Program at stamp@cornell.edu; however, if you withdraw your consent to the use and sharing of your Personal Data or request its deletion, we may no longer be able to provide you with the course, or some or all of the related services.

How we store your personal information

Your Personal Data is securely stored.

Cornell takes appropriate security measures according to industry standards including physical, managerial, organizational, and technical safeguards designed to protect your Personal Data and prevent unauthorized access to, disclosure, use, modification, damage or loss of information. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Cornell strives to use commercially reasonable means to protect Personal Data, Cornell cannot guarantee its absolute security. More information is available in Cornell’s Information Security Policy, Policy 5.10.

Cornell deletes or anonymizes Personal Data when it is no longer needed for the purposes for which it was collected, unless required or allowed by policy or law to keep it for a longer period. More information regarding data retention and disposal of Personal Data is provided in Cornell’s Retention of University Records Policy, Policy 4.7.

We keep name and contact information, employment information, and optional demographic information for two years. We will then dispose your information by deleting the information from the survey software and internal systems.  Your name, email address, place of residence, and job type may be retained for longer periods to provide you with information about additional opportunities with the Sustainable Tourism Asset Management Program. Your name and email address may be retained for longer periods in accordance with eCornell’s privacy policy, for purposes such as verifying course completion.

Location of Processing and International Data Transfers

Cornell University is located in the United States and is subject to U.S. and New York law.  If you provide Personal Data to Cornell University, you will be transmitting your data to personnel in the United States and your data generally will be hosted on U.S. servers and might be transmitted to or accessed from the United States or other jurisdictions outside of the Relevant Country when necessary for business or other valid purposes.  Such jurisdictions might have different data protection laws, or even no relevant laws.

Rights and Choices You May Have and How to Exercise Them 

Upon your reasonable and good faith request, we will provide you with information about whether we hold any of your Personal Data as part of our In-scope Processing, to the extent required and in accordance with Relevant Law.  In certain cases, you may also have a right under Relevant Law, with respect to your Personal Data collected and used in our In-scope Processing, to:

  • obtain a copy of your Personal Data in an easily accessible format;
  • request that we correct or update any of your Personal Data that is inaccurate;
  • restrict or limit the ways in which we use your Personal Data;
  • object to the processing of your Personal Data;
  • request the deletion of your Personal Data; and
  • request that we transmit your Personal Data to another party.

If you wish to make a data subject rights request in accordance with the Relevant Law in your country or have other questions or concerns related to your rights under the Relevant Law in your country, fill out the Contact Us form.  To avoid taking action regarding your Personal Data at the direction of someone other than you, we may ask you for information verifying your identity.

Cornell University will review the request and act as it discerns appropriate. Cornell’s ability to respond to your request may be governed by multiple laws, some of which may grant you certain rights to your data, others of which may prevent Cornell from fulfilling your request.

If our In-scope Processing as to your Personal Data is solely based on your consent, in certain cases you may also have the right under a Relevant Law to withdraw your consent to our processing.  If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in these Disclosures, or otherwise limit our use of your Personal Data or request its deletion, we may no longer be able to provide you some or all of the related services.

Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent or requested that we delete your Personal Data, if we have a legal basis to do so.  For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure or to safeguard our rights or the rights or safety of others.

How to complain:

If you have any complaints regarding our privacy practices, you may be able to make a complaint to your national data protection authority, supervisory authority, or other legal authority.

 

Contacts:

For more information about Cornell’s privacy practices, please visit https://privacy.cornell.edu.  If you have any questions, comments, requests or concerns about these Disclosures or other privacy-related matters, you may contact us at:

Online:       Contact Us

Address:    Cornell University

Attention: University Privacy, University Compliance Office

395 Pine Tree Road, Suite 330

Ithaca, NY 14850

Last Updated: August 29, 2024