Online Privacy Statement

I. Purpose

This policy discloses the practices with respect to the gathering and dissemination of information the University obtains from users of the websites of Georgia Southern University.

This policy applies to those sites for which Georgia Southern University is the operator, although software, hosting and other functions may be provided by third parties (“Service Providers”).

This Online Privacy Policy describes the type of information Georgia Southern and its Service Providers collect from visitors to our sites, what we do with that information, and how visitors can update and control the use of information provided on this Site. This policy does not necessarily describe information collection policies on other sites, such as separate sites operated by our Service Providers that we do not control. Many of the resources linked from this Web site are not maintained by Georgia Southern. Georgia Southern cannot monitor all linked resources, only those pages which fall directly within the University’s world-wide web structure. Georgia Southern is in no way responsible for the privacy practices or the content of these linked resources and the statements, views, and opinions expressed therein are neither endorsed by nor do they necessarily reflect the opinion of the University.

This policy may be changed from time to time and without further notice. Continued use of University sites after any such changes constitutes acceptance of the new terms. If a visitor does not agree to abide by these new terms or any future terms, he or she should not use the sites. These sites are not directed to children under 13 years of age, and children under 13 years of age shall not use these sites to submit any personal information about themselves.

II. Policy Statement

1. Information We Gather

Georgia Southern University may collect certain information that is automatically generated when a user visits a site, including, but not limited to, the Internet Protocol address of the originating Internet Service Provider, and information provided by “cookies” stored on your hard drive. We may also collect aggregate information about the use of the sites, including, but not limited to, which pages are most frequently visited, how many visitors we receive daily, and how long visitors stay on each page. A visitor may be prompted or required to provide certain personal information in order to access various features and information on the sites. Such information may include, among other things, name, address, and phone number. If a visitor does not want to provide such information, he or she may choose not to access those features of the sites. Any personal information provided through the sites will be protected in accordance with the provisions of this Policy.

Georgia Southern University also uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example completing a form/application. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. By continuing to use this site, you are agreeing to the use of cookies. You can opt out of this at any time by updating the ad settings within your browser or by visiting the Network Advertising Initiative opt-out page.

2. Use of Information

Georgia Southern University uses the information it collects to maintain and improve the websites and in connection with marketing activities. Some information may be shared with third party vendors that the University contracts with to complete business transactions, provide services or conduct online marketing of the University. These websites or third party vendors may also use cookies for tracking purposes.

Georgia Southern University may disclose and publish aggregate information on an aggregate basis to any party through any means, but such aggregate information will not disclose any personal information. Any information collected through these sites may also be used in aggregate by system administrators in the administration of the sites.

The University strives to maintain the privacy and accuracy of personal information. We do not actively share personal information gathered from the Sites. However, some information collected from the Sites may be subject to the Georgia Open Records Act. This means that, while we do not actively share information, in some cases we may be required by law to release information gathered from the Sites. Georgia public universities also comply with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records without student permission. For more details on FERPA, currently enrolled students at Georgia Southern should refer to the University catalog.

3. Security and Accuracy of Confidential Information

Georgia Southern cannot guarantee the personal information obtained from a visitor is accurate. In the event that there is an error in collected information, the University will attempt to correct the information upon written request.

While the University strives to protect against the loss, misuse and alteration of the information under our control through security measures we consider reasonable and appropriate, it cannot guarantee or warrant the security of the information, and if a visitor chooses to use the Sites, he or she does so at his or her own risk.

Information disclosed by visitors to the Sites in certain forums intended for public use (e.g. information, including personal information that is provided to others on bulletin boards, through blogs or in chat rooms, or social media that may be available on the Sites) can be collected and used by other visitors to the Sites.

4. Changes to this Policy

The University reserves the right to make changes to this Policy and/or the Online Privacy Statement as needed and in accordance with University and Board of Regents Policy. The current version will be made available on the University website(s). If you have questions about this Policy or you believe your personal information has been released without your consent, please contact the Office of the Vice President for Information Technology.

European Union General Data Protection Regulation (EU GDPR) Privacy Notice

Lawful Basis for Collecting and Processing of Personal Data

Georgia Southern University is an institute of higher education involved in education, research, and community development.  In order for Georgia Southern University to educate its students both in class and on-line, engage in world-class research, and provide community services, it is essential, necessary, and Georgia Southern University has lawful bases to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention. Examples of data that Georgia Southern University may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

For more information regarding the EU GDPR, please review Georgia Southern University’s EU General Data Protection Regulation Compliance Policy.

Most of Georgia Southern University’s collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by Georgia Southern University or third parties in providing education, employment, research and development, community programs.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
  3. Processing is necessary for compliance with a legal obligation to which Georgia Southern University is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.  This lawful basis pertains primarily but not exclusively to the protection of research subjects, providing medical and mental health services.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Types of Personal Data collected and why

Georgia Southern University collects a variety of personal and sensitive data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development and community outreach. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please contact the Office of Internal Audit, Risk & Compliance at kcrosby@georgiasouthern.edu.

If a data subject refuses to provide personal data that is required by Georgia Southern University in connection with one of Georgia Southern University’s lawful bases to collect such personal data, such refusal may make it impossible for Georgia Southern University to provide education, employment, research or other requested services.

Where Georgia Southern University gets Personal and Sensitive Personal Data

Georgia Southern University receives personal and sensitive personal data from multiple sources. Most often, Georgia Southern University gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to Georgia Southern University through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Georgia Southern University’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  • information about the controller collecting the data
  • the data protection officer contact information
  • the purposes and legal basis/legitimate interests of the data collection/processing
  • recipients of the personal data
  • if Georgia Southern University intends to transfer personal data to another country or international organization
  • the period the personal data will be stored
  • the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  • the existence of the right to withdraw consent at any time
  • the right to lodge a complaint with a supervisory authority (established in the EU)
  • why the personal data are required, and possible consequences of the failure to provide the data
  • the existence of automated decision-making, including profiling
  • if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filing such request with the Office of Internal Audit, Risk, and Compliance at RiskCompliance@georgiasouthern.edu.

Cookies

Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user.  Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Security of Personal Data subject to the EU GDPR

Georgia Southern University will not share your information with third parties except:

  • as necessary to meet one of its lawful purposes, including  but not limited to,
    • its legitimate interest,
    • contract compliance,
    • pursuant to consent provided by you,
    • as required by law;
  • as necessary to protect Georgia Southern University’s interests;
  • with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

Data Retention

Georgia Southern University keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules:   https://www.usg.edu/records_management/schedules/

For examples of Student Records Retention Schedules, see: https://www.usg.edu/records_management/schedules/934

For examples of Human Resources (Employment) Records Retention Schedules, see: https://www.usg.edu/records_management/schedules/930

The University’s Executive Counsel serves as the Data Protection Officer  Please email questions or concerns to:  OLA@georgiasouthern.edu