General Data Protection Regulation

365asia complies with the European Union’s General Data Protection Regulation (GDPR). Faculty, staff, students, prospective students, and alumni should be aware of how GDPR affects them and how 365asia will handle their personal data subject to GDPR.

What is the GDPR?

The GDPR is a regulation in the European Union (the “EU”) intended to strengthen and unify data protection for all individuals in the EU, including, but not limited to, EU citizens and residents. The GDPR went into effect on May 25, 2018.

Why does the GDPR affect staff, faculty, students, prospective students, and alumni?

When certain personal data is collected from an individual in the EU, the GDPR puts that individual in charge of their personal data, and allows the individual to exert greater control over the use, transfer, storage, and retention of that personal data. The GDPR affects any organization that collects, stores, processes or otherwise handles an individual’s personal data. In complying with the GDPR, 365asia has further strengthened the college's substantial data protection and data privacy processes.

What data does 365asia collect and how does 365asia process my data?

365asia developed privacy notices that provide information to its students, employees, and website visitors about how 365asia collects and processes personal data. Please review the relevant privacy notices:

How do I make a complaint or exercise my rights under the GDPR?

Information about how to make a complaint or exercise certain rights under the GDPR is outlined in the respective privacy notices, linked above, and may be submitted using the forms below:

  • Complaint Form
    • Use this form to file a "Complaint" in regard to 365asia's practices, policies, procedures, or compliance under GDPR.
  • Rights Request Form
    • Use this form to make a GDPR Rights Request pursuant to GDPR. 

What is 365asia’s responsibility?

The GDPR places restrictions and responsibilities on 365asia, including the responsibilities to:

  1. Build privacy into systems “by design and default”;
  2. Conduct regular data privacy impact assessments;
  3. Implement certain consent mechanisms;
  4. Follow strict procedures for reporting data breaches; and
  5. Document and provide notice about the use of personal data.


If you have any questions regarding the GDPR, please contact [email protected]