Privacy Notice
The Culinary Institute of America (“the CIA” or “we”), a private, non-profit educational institution, presents this Privacy Notice in the interests of fairness, transparency, and accountability regarding the privacy of individuals whose personal data we collect and process (“data subjects” or “you”). Our collection and processing of your personal data is lawfully based on our legitimate interests as a private, non-profit higher education institution.
The CIA understands your use of our websites, online applications and application forms to indicate your consent to the collection, processing and use of your Personal Data as described in this Notice, except where we request active, express consent or where such consent is required by law.
The CIA collects and processes Personal Data and Personally Identifiable Information (“PII”) from and about data subjects, who may be prospective students and their family members, alumni/ae, prospective donors, donors, prospective employees, employees, restaurant patrons, food enthusiasts, conference attendees, private event clients, CIA market and store customers, and other members of the public.
The CIA will not knowingly request Personally Identifiable Information from anyone under the age of thirteen without first requesting parental consent. Our websites contain links to other sites which have their own privacy practices not under the control of the CIA. We encourage you to familiarize yourself with the privacy notices for those external sites.
1. General Practices
We will not sell your personal information. We will not disclose your personal information without your permission unless a legal exception applies (for example, in case of emergency, to protect safety on campus, or in response to a valid subpoena or court order).
We retain your information for a period of time in accordance with our legitimate interests or as needed to comply with applicable law.
We may combine your personal data with device information and location information (with your consent, where required) to serve you specifically, such as to deliver a product to you according to your preferences or restrictions, or for advertising or advertising targeting purposes.
The Computer Network Usage Policy, an internal CIA policy, governs the use of the CIA’s network and computing resources by CIA employees, contractors and students, and also addresses privacy expectations.
2. Information You Provide to Us Voluntarily
We may collect data about you when you provide it to us voluntarily, such as through your use of our websites and online applications; when you contact us directly by email, telephone, in person, or in writing; when you order goods and services; or any other means by which you voluntarily provide personal information to us.
Types of information we collect about you may include but is not limited to: name, email address, address, telephone number, payment information (for example, credit or debit card details), information about your computer (for example, your IP address and browser type), tracking information (for example, which pages you have viewed, the time you viewed them and what you clicked on), information about your mobile device (such as your geographical location), and any other information you provide when completing forms.
A. Financial Information
The CIA recognizes the sensitivity of personal financial information and accords it the additional strict privacy and security safeguards appropriate to the classification of sensitive/highly confidential. Those CIA personnel who are involved in handling financial information do so on strictly a need-to-know basis and receive appropriate training in financial information privacy and security. The CIA does not share nonpublic financial information with nonaffiliated third parties without consent.
The CIA may collect and process personal financial information only in very limited contexts for the purposes of accepting or making payment lawfully based on its legitimate interests or in support of or preparation for an agreement. In terms of accepting payment, these purposes include: accepting charitable contributions (usually through the Advancement Office), accepting payment for goods or services (such as at a CIA restaurant), and accepting payment for student educational charges (such as tuition and board, through the Student Financial and Registration Services). We may collect financial information from the credit or debit payment card if you choose to use this method of payment; or from your personal check if you choose to use this method of payment.
In the case of CIA students or prospective students, financial information about a student and/or parents may be collected as part of the process of applying for financial aid. The CIA may collect a student’s Social Security Number (“SSN”) only as the official identifier for state and federal financial aid documents and related processing. Any SSNs collected are treated with the utmost care and encrypted in transit.
The CIA also collects and processes nonpublic financial information from its employees for compensation, benefits and tax and purposes; and from independent contractors for payment and related purposes.
B. Electronic Communications
We offer various opportunities to subscribe to electronic communications. If you choose to subscribe, your email address, phone number, and/or cell phone number may be collected. With your consent, we may contact you at the telephone number that you provide to us by way of direct dial calls, autodialed and prerecorded message calls, and text messages. Through these methods we may send you information relating to our products and services, including confirmations and updates, receipts, technical notices, updates, security alerts, and support and administrative messages; and/or communicate with you about contests, offers, promotions, rewards, upcoming events, and other news about products and services offered by the CIA.
You may remove yourself from any public CIA contact list by unsubscribing on the email’s subscription management page via a link at the bottom of each email or a STOP code in text messaging. You must unsubscribe from each list you wish not to receive emails or text messages from. More information about communicating your preferences can be found further in this Notice.
The CIA’s Admissions Office periodically sends text messages to communicate with individuals interested in enrolling in one of the Culinary Institute of America’s undergraduate certificate, undergraduate, or graduate degree programs. These text messages will be used to provide information on upcoming events and announcements, as well as important admissions and financial aid reminders. Generally, subscribers will receive no more than eight messages a month. However, text messages may be sent more often during key recruitment times of the year.
The CIA’s Office of Advancement periodically sends emails for the purpose of communication to persons with existing relationships with the CIA, as well as fundraising campaigns. These emails will be identified as coming from the CIA’s Office of Advancement, Alumni Office, and the CIA’s Office of Annual Giving, respectively. Recipients of these emails can opt out at any time by following the procedures outlined in this Notice.
C. Social Media
The CIA uses social media, which may allow you to connect and share your actions, comments, content, and information publicly or with friends. Please remember that any information that is disclosed in these areas becomes public and consider the privacy concerns of yourself and others when choosing what to share in social media. Our social media platforms contain their own privacy practices outside of the scope of this policy which we do not control. Please contact those sites and services directly to learn about their privacy practices. Use caution when deciding to disclose your personal information.
D. Surveys
We occasionally conduct optional surveys. We use the data from survey responses to better target content to our audiences.
E. Registration Forms
We offer online registration for CIA events, such as admissions information, courses, conferences, and restaurant reservations. Registration features invite you to voluntarily provide personal information, which may include contact information (name, telephone number and/or email address).
We may partner with third party service providers who collect this information for us. If you provide personal information at one of those websites, you are subject to the privacy policy of the operator of that website, not our Privacy Policy.
F. Information Request Forms
We use information request forms that invite you to voluntarily provide personal information such as names, addresses, and telephone numbers. We may send text messages to cellular telephone numbers within our database so that interested individuals can be contacted by one of our representatives. By providing a cellular telephone number, you agree to be contacted by the CIA on your cellular telephone by such means. You may change your mind and decline to be contacted in this manner by contacting us at the information below.
G. Data from Third Parties
Where permitted or authorized by law, we may receive information about you from third-party databases or services that provide information about business people and companies, or from third parties from whom we have purchased information (including an individual’s name). We may combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, prospective students or donors, and provide information about opportunities, products and services that may be of interest to you.
H. Use of Personal Data
We may use your personal information for the following purposes: to provide you with the opportunities, information, services, products, and functionality offered on our websites; to fulfill your requests, including but not limited to making reservations, paying for services, joining email lists, sending CIA gift cards to recipients that you designate; to communicate with you about your account or your use of our websites and online applications, services, products and/or functionality; to respond to, or follow up on, your comments and questions; to provide customer service otherwise; to communicate with you about special offers and other marketing communications; to communicate with you about employment opportunities; to operate and improve our websites and online applications, products, services, and functionality; to process and deliver contest entries and rewards; to authenticate your credit or debit card account information, if applicable; to personalize your experience on our websites and online applications; in combination with other information we may get from third parties, to help understand your needs and to provide you with better service; to perform statistical analysis; to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity; to comply with our policies, procedures and legal obligations; to support our education mission and administrative operations; and as otherwise consented to by you and as required or permitted by applicable law.
3. Information Automatically Collected from Use of Our Websites
A. Cookies
A text file called a “cookie” may be placed in the browser files of your computer when you visit our websites or online applications. Although cookies themselves do not contain personal information, they provide information about your user session, including site interaction and, your general geographic area. Cookies tell us about how people use the site and help us make it better, for example, by counting the number of visitors to our websites to see how visitors move around when they are using it to help us improve the way our site works. Or cookies can remember your preferences or whether you are logged into the site. Cookies can be stored for varying lengths of time on your device’s browser. Session cookies are deleted from your computer or device when you close your web browser. Persistent cookies will remain stored on your device until deleted by you or until they reach their expiry date.
A cookie file cannot read data off a hard disk or read cookie files created by other websites.
Cookies set by the website you are visiting are called “first-party cookies.” Cookies may be set by parties other than us. These “third-party cookies” may, for example, originate from websites such as YouTube, LinkedIn, Facebook, or other sites the CIA partners with for services such as recruiting, marketing, advertising, social media, etc. You may block the placement of cookies by changing your browser setting pertaining to cookies. This setting can also be changed to provide a notification when a cookie file is placed. Our website may require some cookies to be accepted in order for certain forms and account logins to function. In those cases, third party cookies may be blocked, but you may encounter problems if all cookies are blocked. We understand that you consent to the placement of cookies on our website if you do not change your browser settings as described above. You may change your browser settings to block cookies at any time.
B. Aggregated Tracking Information
We may gather anonymous statistics using Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to help us analyze the use of our site. We do not correlate this information with identifiable data about you. We use aggregated tracking information to determine which areas are preferred by users and to tailor our content to users’ needs. This may include some website search terms entered, the city associated with user IP addresses, and actions taken, but this tracking information is not associated with individual website and online application users.
Cookies and pixel tags may be set by third-party vendors we partner with to collect anonymous user behavior statistics about users who came from their platforms or used embedded features (such as viewing videos) and engaged in activities on our website. We may also include tracking in emails to understand whether messages have been opened, acted on, or forwarded.
We do not share aggregated tracking information with any third party, with the following exceptions: to a contractor engaged to conduct collection or processing for our legitimate interests; in accordance with the law or valid legal process; or to protect the personal safety of our websites and online application users or the public.
C. Advertising
Some of our websites use Google Ads conversion tracking, Google remarketing and Google Signals. These services also use cookies and similar technologies to measure the performance of advertisements on Google and the websites that participate in the Google Display Network. Google allows for the creation of custom audience lists for advertising based on the geographic, demographic, and interest-based reports of our website visitors, however the users remain anonymous. Google Signals collects visitation information and associates it with Google account information from signed-in users who have consented to this association for ad personalization. This Google information is used for cross-device reports that provides aggregated and anonymous insights into users’ cross-device behaviors.
Our websites may also use advertising cookies and tools to provide analytics data on users who visit our websites from ads served from their platforms, such as Bing, Facebook, LinkedIn, TikTok and other media partners.
Users can opt out of third party interest-based advertising by visiting the Network Advertising Initiative’s deactivation website at www.networkadvertising.org/choices/.
4. Communication Preferences and Opting Out
You may at any time change your preferences about which if any email communications you would like to receive.
Upon receipt of an opt-out request, we will update our records as promptly as practical. Note, however, that you may receive additional communications after requesting removal while we process your request. Additionally, information may exist in multiple lists within our system, and our technology limits the processing of opt-out requests to the specific list source. For this reason, we recommend that you adjust your email preferences within the unsubscribe list which you will be directed to after choosing the “Manage your preferences” link, rather than opting out completely. We will continuously assess our responsiveness to opt-out requests with respect to new technologies, business practices and our visitors’ needs.
To opt out from CIA communications and unsubscribe from an email list, you may choose from the following methods:
- Choose the “Manage your preferences” link at the bottom of any CIA email; or
- Send an email to webmaster@culinary.edu and specify which type of communication you wish to discontinue; or
- Write a request to: Webmaster, The Culinary Institute of America, 1946 Campus Drive, Hyde Park, NY 12538; or
- Complaints about privacy may be made via the CIA’s confidential Hotline at 845-905-4477 or CIAHotline@culinary.edu.
5. Medical/Treatment/Health Information
The CIA is not a covered entity or business associate under the Health Insurance Portability and Accessibility Act (HIPAA) or the Health Information Technology for Economic and Clinical Health (HITECH) Act. Health information is provided to the CIA by students and employees for public health, safety, and/or treatment purposes. The CIA handles health information in strictest confidence, with respect for individual autonomy, and with appropriate safeguards for sensitive information as required by law and CIA policy.
6. Additional Notice for California Residents
California residents who provide “personal information” (as defined in the California Consumer Privacy Act) in obtaining products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year. To obtain this information, please contact us by sending a letter or calling us at the contact information above.
7. Additional Notice for EU Data Subjects
This section applies if you are a data subject located in the European Union (EU). The EU General Data Protection Regulation (GDPR), effective May 24, 2018, is a complex piece of legislation which may in some cases conflict with U.S., state, or other privacy laws and rules. The CIA will approach any conflict of laws on a case-by-case basis.
The CIA is the data controller for the processing of your personal data on the lawful basis of our legitimate interests in most cases, and possibly on other permitted lawful bases depending on the context of the data collection and processing, such as the contractual basis or legal obligation. The person serving in the role of data protection officer is the CIA’s vice president—chief of staff and information technology, who can be reached at 845-451-1380; or The Culinary Institute of America, 1946 Campus Drive, Hyde Park, NY 12538 U.S.; or CIAHotline@culinary.edu. Subject to the GDPR, you have the following rights in relation to your personal data:
- Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a free copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee. The CIA may use all reasonable measures to verify the identity of a data subject who requests access.
- Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to have it rectified or completed. The CIA will take reasonable steps to ensure that inaccurate personal data will be corrected or deleted.
- Right to erasure: You may ask us to delete or remove your personal data and we will do so in some circumstances, such as where we no longer need it (we may not delete your data when other interests outweigh your right to deletion).
- Right to restrict processing: You may ask us to restrict or block the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or object to us processing it. We will tell you before we lift any restriction on processing.
- Right to data portability: You have the right to obtain your personal data from us if the processing was based on consent or for the performance of a contract. If this applies, we will give you your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
- If we are relying on a legitimate interest to process your personal data—unless we demonstrate compelling legitimate grounds for the processing; or
- If we are processing your Personal Data for direct marketing.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your personal data, including profiling, that affect you, unless such processing is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent to such processing.
- Right to withdraw consent: If we rely on your consent as the lawful basis on which to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on your prior consent or the lawfulness of processing that does not require consent under the GDPR. To withdraw consent: (1) send an email to webmaster@culinary.edu; or (2) write a request to: Webmaster, The Culinary Institute of America, 1946 Campus Drive, Hyde Park, NY 12538; or; (3) fax a request to: 845-905-4037.
- Special categories of personal data: The CIA will process such data sensitive data from an EU data subject (for example, from a student EU data subject) only with consent and only for public health, safety, social care, or treatment purposes; to protect the vital interest of the data subject; or for another purpose permissible under the GDPR.
- Right to complain: If you wish to complain about the CIA’s privacy practices under the GDPR, you may contact the EU Information Commissioner’s Office (ICO) in the United Kingdom. Their website offers information about how to submit a complaint.
8. Information Security
To ensure appropriate security and confidentiality of personal data, including the prevention of unauthorized access to or use of personal data and the equipment used for processing, the CIA has a comprehensive information privacy and security program which is reviewed and enhanced regularly. Nonetheless, perfect security of information provided to the CIA cannot be guaranteed. Visitors to our websites should use reasonable care in disclosing personal data online, and persons interested in communicating with the CIA may choose other means than the Internet to do so. For more information about our information privacy and security programs, please contact the vice president—chief of staff and information technology at 845-451-1380.
9. Privacy Policy Updates
This privacy statement will be continuously assessed with respect to new technologies, business practices and our visitors’ changing needs. The CIA may change its privacy practices from time to time. If we make any changes, we will update this privacy notice accordingly (the date of the most recent change is displayed at the bottom of this notice).
10. Contacting the Website
If you have any questions about this privacy statement, the practices of the website, or your dealings with the website, you may contact:
Webmaster
The Culinary Institute of America
1946 Campus Drive
Hyde Park, NY 12538-1499
webmaster@culinary.edu
Last updated on September 13, 2022
Contact Us
The Culinary Institute of America