Privacy Policy for Highstone International University – Certificate Verification Portal

 

At Highstone International University (HIU), we recognize the critical importance of your privacy and are deeply committed to safeguarding the personal and academic information entrusted to us through our Certificate Verification Portal. This Privacy Policy outlines in detail how we collect, use, disclose, protect, and manage your data when you access or interact with our official verification platform. By using this portal, you acknowledge and consent to the practices described herein.

 

This policy is designed to comply with applicable data protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR), where relevant, and other international standards governing digital privacy and information security.

 
 

1. Information We Collect

We collect only the minimum necessary data required to perform certificate verification services effectively and securely:

 
  • Verification Inputs:
    • Certificate ID or unique verification code
    • Student’s full name
    • Date of birth or graduation year (as printed on the certificate)
    • Program of study and award details
     
  • Technical & Usage Data:
    • IP address
    • Browser type and version
    • Operating system
    • Timestamps of access and session duration
    • Device information
     
  • Voluntary Submissions:
    • Contact details (e.g., email) if you submit an inquiry or support request
    • Employer or institutional affiliation (if provided during verification)
 

⚠️ Note: We do not collect sensitive personal data (e.g., national ID numbers, financial information, health records) unless explicitly required by law or with your informed consent.

 
 

2. Purpose of Data Collection and Use

Your information is used strictly for the following legitimate purposes:

 
  • To authenticate and validate the legitimacy of HIU-issued certificates
  • To prevent fraud, forgery, and misrepresentation of academic credentials
  • To generate verification reports for authorized requesters (e.g., employers, licensing bodies)
  • To improve the functionality, security, and user experience of the verification portal
  • To respond to technical support requests or inquiries related to verification
  • To comply with legal obligations, regulatory requirements, or judicial orders
 

We do not use your data for marketing, advertising, or any unrelated commercial purposes.

 
 

3. Data Sharing and Disclosure

Highstone International University maintains strict confidentiality of all user data. Information is never sold, rented, or traded to third parties. However, limited disclosure may occur under the following circumstances:

 
  • With Your Consent: When you explicitly authorize sharing (e.g., sending a verification report to an employer).
  • To Authorized Verifiers: Verification results (limited to confirmation of authenticity, name, program, and award date) may be shared with the entity initiating the verification request.
  • Legal Compliance: If required by law, court order, or government authority.
  • Service Providers: Trusted third-party vendors (e.g., cloud hosting, cybersecurity partners) who assist in operating the portal—bound by strict confidentiality agreements and prohibited from using data for their own purposes.
  • Institutional Affiliates: Only within the HIU ecosystem (e.g., academic registry, quality assurance units) on a need-to-know basis.
 
 

4. Data Security Measures

We implement robust technical and organizational safeguards to protect your data against unauthorized access, alteration, disclosure, or destruction:

 
  • Encryption: All data transmissions are secured via TLS 1.2+ (HTTPS).
  • Access Controls: Role-based authentication and multi-factor authentication (MFA) for internal staff.
  • Regular Audits: Security assessments and vulnerability scanning conducted quarterly.
  • Secure Storage: Data is stored in encrypted databases with restricted physical and logical access.
  • Anonymization: Usage analytics are anonymized wherever possible to protect individual identity.
 

While no system can guarantee absolute security, we continuously monitor and update our protocols to meet industry best practices.

 
 

5. Data Retention Policy

Personal data collected through the verification portal is retained only as long as necessary to fulfill the purposes outlined in this policy:

 
  • Verification Logs: Retained for 24 months for audit, fraud prevention, and compliance purposes.
  • User Inquiry Data: Kept for 12 months after resolution of the support ticket.
  • Certificate Records: Academic records are maintained indefinitely in accordance with HIU’s archival policies and national education regulations—but access is strictly controlled.
 

Upon expiry of retention periods, data is securely deleted or anonymized.

 
 

6. Your Rights Regarding Your Personal Data

Depending on your jurisdiction, you may have the following rights:

 
  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete information.
  • Right to Erasure (“Right to be Forgotten”): Request deletion of your data, subject to legal and academic record-keeping obligations.
  • Right to Restrict Processing: Limit how we use your data under certain conditions.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests.
 

To exercise any of these rights, please contact our Data Protection Officer at privacy@highstoneinternational.edu with proof of identity.

 
 

7. Use of Cookies and Tracking Technologies

The Certificate Verification Portal uses minimal, essential cookies to ensure core functionality:

 
  • Session Cookies: Maintain your login state during verification.
  • Security Cookies: Protect against cross-site request forgery (CSRF).
  • Analytics (Optional): Anonymous usage statistics (e.g., page views) via tools like Google Analytics—no personal identification.
 

We do not use advertising, tracking, or third-party marketing cookies. You may disable non-essential cookies via your browser settings without affecting core verification features.

 
 

8. International Data Transfers

While Highstone International University operates globally, all verification data is processed and stored within secure data centers located in jurisdictions with adequate data protection standards. Where cross-border transfers occur, we ensure appropriate safeguards (e.g., Standard Contractual Clauses) are in place.

 
 

9. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or technological advancements. The revised policy will be posted on this page with an updated “Effective Date”. Continued use of the portal constitutes acceptance of the modified terms.

 
 
 

We are committed to addressing your inquiries promptly and transparently.

 
 

Effective Date: January 10, 2026
Last Reviewed: January 10, 2026

 

Highstone International University — Upholding Integrity, Ensuring Trust, Protecting Privacy.