EU General Data Protection Regulation Privacy Notice for Whitworth University
This privacy notice applies to Whitworth University for compliance with the European Union’s ("EU") General Data Protection Regulation ("GDPR"). This privacy notice applies to personal data that Whitworth University collects or processes about individuals while they are located in the EU, regardless of whether they are a citizen or permanent resident of an EU country. "Personal data" means any information relating to an identified or identifiable student, parent/guardian of a student, employee, alumnus/a, donor or other member or prospective member of the Whitworth community.
The purpose of the GDPR is to protect all EU citizens from privacy and data breaches by allowing citizens to maintain control of the personal data kept and processed by organizations, which includes Whitworth University. The GDPR also protects the personal data of individuals, regardless of citizenry, who are residents in the EU.
Whitworth University is committed to safeguarding the privacy of personal data. This privacy notice outlines the collection, use and disclosure of personal information provided to the university by students, prospective students, parents/guardians, faculty and staff, alumni and other members of our community. When information is submitted to Whitworth, its data processing partners, or if you use the university's websites and other services, you consent to the collection, use and disclosure of that information as described in this privacy notice.
University Use of Information
Whitworth collects and processes personal data ("information") from individuals only as necessary in the exercise of the university's legitimate interests, functions and responsibilities as a private, non-profit institution of higher education. For example, Whitworth also collects and processes information from individuals who are applicants for employment positions. Information collected from students or student applicants is used to register or enroll persons in the university, provide and administer housing to students, manage a student account, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruitment, regulatory reporting, auditing, maintenance of accreditation, and other related university processes and functions. Whitworth also uses information to conduct general demographic and statistical research to improve university programs, to identify appropriate support services or activities, provide reasonable accommodations, enforce university policies or comply with applicable laws. Whitworth may share information with third parties who have entered into contracts with the university to perform functions on behalf of the university, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
Third Party Use of Sensitive Information
We may disclose your sensitive information and other information as follows:
- Consent: We may disclose information if we have your consent to do so.
- Emergency Circumstances: We may share your information when necessary to protect your interests in the event you are physically or legally incapable of providing consent.
- Employment Necessity: We may share your information when necessary for administering employment or social security benefits in accordance with applicable law or any applicable collective bargaining agreement, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
- Public Information: We may share your information if you have manifestly made it public.
- Archiving: We may share your information for archival purposes in the public interest, and for historical research and statistical purposes.
- Performance of a Contract: We may share your information when necessary to administer a contract you have with the university.
- Legal Obligation: We may share your information when the disclosure is required or permitted by international, federal, and state laws and regulations.
- Service Providers: We use third parties who have entered into a contract with the university to support the administration of university operations and policies. In such cases, we share your information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
- University-Affiliated Programs: We may share your information with parties that are affiliated with the university for the purpose of contacting you about goods, services, charitable giving or experiences that may be of interest to you.
- De-Identified and Aggregate Information: We may use and disclose information in de-identified or aggregate form without limitation.
We implement appropriate technical and organizational security measures to protect your personal data when you transmit it to us and when we store it on our information technology systems.
All personnel who have access to your personal data have received thorough training stressing the need to keep your personal data secure. Further, other university-related entities with which your personal data may be shared are strictly required to undertake data security practices and measures which meet current professional standards.
Whitworth University utilizes cookies to track how you use this website, to personalize your site experience, and to deliver relevant advertisements after you leave the university website. A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
Retention and Destruction of Your Information
Your information will be retained by the university in accordance with applicable state and federal laws, and the applicable retention periods in the university's records management policy. Your information will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value and criticality to the university.
You have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your information in accordance with all applicable laws. The erasure of your information shall be subject to applicable state and federal laws, and the applicable retention periods in the university's records management policy. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of the university's use of the information prior to receipt of your request.
Information created in the European Union will be transferred out of the European Union to the university. If you feel the university has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.
Updates to This Policy
We may update or change this policy at any time. Your continued use of the university's website and third-party applications after any such change indicates your acceptance of these changes.
Last Updated: May 25, 2018