ºÚÁÏÍø

Web Privacy Statement

ºÚÁÏÍø is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because Kent State is a public institution, some information collected from the university website, including information from our server logs, e-mails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.

ºÚÁÏÍø also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances (i.e., with the student's permission, to parents of dependent students, and in response to a valid court order). For more information on FERPA at ºÚÁÏÍø, go to our FERPA page. Although FERPA regulations apply only to students, ºÚÁÏÍø is equally committed to protecting the privacy of all visitors to our website. Kent State also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).

Sharing of Information

Unless required by the Ohio Public Records Act, it is against university policy to release information gathered through the Web, such as pages visited or personalized preferences.

ºÚÁÏÍø does, however, share information with other parties at the request of users (persons to whom the information applies). For example, the university receives test scores from testing agencies and will send transcripts to other schools at the student’s request.

Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we have legal authorization to do so. Student directory information may be released without the student's written consent. Directory information includes: name, local and home address, e-mail address, userid, photo, telephone number, name and address of parent(s) or guardian(s), date and place of birth, major field of study, participation in Kent State activities and sports, weight and height of members of athletic teams, dates of attendance at Kent State, degrees, certificates and awards received, student classification, and the most recent previous educational institution attended. If a student does not want their directory information released, the student may request in writing that it not be released and file the request with the Financial, Billing and Enrollment Center.

You can read more about directory information and Kent State's student records policy on our Policy Register page.

Privacy and Public Records Requests

Kent State complies with all laws that prohibit the release of information. This includes student education records protected by FERPA, financial information, including credit card information protected by GLBA, and personal health information protected by HIPAA.

However other information collected from the Kent State website, including server log information, emails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act.

If You Send Us Personal Information

Kent State's website will only collect personal information that you knowingly and voluntarily provide by, for example, sending emails, completing membership forms, registering for classes or other programs, responding to surveys, or ordering merchandise. If you provide us with personal information, we will normally respond to your inquiry, request, or order; we may also contact you to provide information about college activities, programs, membership and development opportunities, and special events that may interest you. It is university policy that confidential information you enter is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.

ºÚÁÏÍø will only share information about you to other parties when one or more of the following conditions apply:

• We have your consent to share the information.
• We need to share your information to provide the service or product you requested.
• We need to send your information to companies who work on behalf of ºÚÁÏÍø to provide a service or product to you.
• The information in question is considered directory information consistent with FERPA regulations.
• We need to respond to subpoenas, court orders, or any other legal process.
• We find it necessary to protect and defend the legal rights and/or property of ºÚÁÏÍø.

Encryption

Kent State uses encryption to prevent third parties from accessing sensitive data, such as passwords, e-commerce information, etc. You are normally required to enter a Kent State FlashLine username and password when you request data about yourself or to ensure that you are a member of the university community. For example, students who want to check their grades or staff members who complete time sheets must enter their Kent State FlashLine username and password so the system knows who is requesting the data. This login process uses Hypertext Transfer Protocol Secure (HTTPS) so the user name and password are encrypted between the Web browser and our Web server.

Several sites within ºÚÁÏÍø enable you to pay for products or services online with a credit card. These transactions are encrypted. Questions about security concerns involving credit card transactions may be directed to pcicompliance@kent.edu

Information Collected and Stored Automatically

If you visit our website, we automatically gather and store the following information about your visit so that we can track the use of our website to make improvements. This automatically collected information is stored and used in the aggregate only, and is not under normal circumstances used to contact you personally.

• The IP address from which you access our website
• The name of the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account)
• The type of browser and operating system used to access our website
• The date and time you access our site
• The pages, files, documents, and links that you visit
• The Internet address of the website from which you linked to this website

Cookies

Cookies are small pieces of data stored by the Web browser, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.

Some ºÚÁÏÍø Web servers use cookies. For example, cookies are used so you will not have to repeatedly enter user names and passwords when you go to different parts of the website.

Linking

Within our website there are links to non-Kent State websites. When you link to third-party websites, you leave Kent State's website and no longer will be subject to our privacy policy. ºÚÁÏÍø is not responsible for the privacy practices or the content of non-Kent State websites, and such links are not intended to be an endorsement of those sites nor their content.

European Union General Data Protection Regulation ("EU GDPR") Privacy Notice

General

The EU GDPR provides broad privacy protections to individuals physically located in the European Economic Area ("data subject(s)"). Under certain circumstances, the EU GDPR may apply to ºÚÁÏÍø's activities in the European Economic Area, for example, when a student attends a semester- long study abroad program in the European Economic Area or when a faculty member is temporarily assigned to work at ºÚÁÏÍø's Florence, Italy campus.
When subject to the EU GDPR, ºÚÁÏÍø must comply with the regulation's core privacy principles, which principles provide that personal data shall be:

• Processed lawfully, fairly and in a transparent manner;
• Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
• Limited to what is necessary in relation to the purposes for which they are processed;
  Accurate and kept up to date;
• Retained only as long as necessary; and
• Secure.

Personal data is defined very broadly under the EU GDPR, and consists of any information relating to an identified or identifiable person and includes a person's name, identification number, location data, online identifier, or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.

Lawful Basis for Processing Personal Data

When subject to the EU GDPR, ºÚÁÏÍø must have a lawful basis to process a data subject's personal data. Although there will be some instances where the processing of personal data will be pursuant to other lawful bases (e.g. processing necessary to protect the vital interests or safety of a data subject, processing related to legal action involving the university, etc.), ºÚÁÏÍø will likely process personal data relying on one or more of the following lawful bases:

• Processing for the purposes of the legitimate interests pursued by ºÚÁÏÍø or by a third party;
• Processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
• Processing for compliance with a legal obligation to which ºÚÁÏÍø is subject; and
• Processing pursuant to the consent of a data subject for one or more specific purposes.

Types of Personal Data Processed

In order for the university to achieve its core mission, it is essential and necessary for ºÚÁÏÍø to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in the university's educational, research, and community programs. ºÚÁÏÍø processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment; student registration; residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty, and staff; employment; applied research; program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community at-large; compliance with its internal policies, procedures, and guidelines, as well as all applicable federal, state, and local laws; and records retention.
Personal data processed by the university typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact us via data-privacy@kent.edu.
If a data subject refuses to provide personal data that is required by ºÚÁÏÍø in connection with one of ºÚÁÏÍø's lawful bases to collect such personal data, such refusal may make it impossible for ºÚÁÏÍø to provide education, employment, research, or other requested services.

Where ºÚÁÏÍø gets Personal Data

ºÚÁÏÍø receives personal data from multiple sources, most often directly from the data subject or under the direction of the data subject who has provided it to a third party (e.g., application for admission to ºÚÁÏÍø through use of CollegeNet or the Common App).

Individual Rights of the Data Subject under the EU GDPR

Subject to all other applicable laws and regulations, including all laws of the United States of America and the State of Ohio (USA), data subjects have following rights under the EU GDPR:

• To access the personal data we maintain about you;
• To be provided with information about how we process your personal data;
• To correct or modify your personal data;
• To have your personal data deleted;
• To object to or restrict how we process your personal data;
• To request your personal data to be transferred to a third party; and
• To file a complaint.

To exercise the above rights, data subjects should contact us via data-privacy@kent.edu. ºÚÁÏÍø will consider and process a data subject's request within a reasonable period of time. Please be aware that under certain circumstances, the EU GDPR or other applicable law may limit a data subject's exercise of the above rights.

Security of Personal Data subject to the EU GDPR

ºÚÁÏÍø will comply with all of its published data protection polices in the processing of a data subject's personal data.

Data Retention

ºÚÁÏÍø keeps the data it collects for the time periods specified in the ºÚÁÏÍø Record Retention Schedule.

Disclaimer of Liability

The information contained in this policy explains the Internet privacy policy and practices that ºÚÁÏÍø has adopted for its official Web pages. In legal terms, it shall not be construed as a contractual promise, and the university reserves the right to amend it at any time without notice. Neither ºÚÁÏÍø nor any of its units, programs, employees, agents, or individual trustees shall be held liable for any improper or incorrect use of the information described and/or contained in the university website and assumes no responsibility for anyone's use of the information.

Comments/Questions

ºÚÁÏÍø is a large organization with many people sharing responsibility for the content of our website. Please help us respond to your comments and inquiries by sending them to the appropriate Kent State department.

If you have questions about this Privacy Statement, or if you find Kent State Web pages that do not adhere to this statement, please email Executive Director of Digital Communications, University Communications & Marketing Lin Danes at ldanes@kent.edu.