Re-entry & Resiliency Plan (updated 10/14/21)
Carlow University is committed to data protection and fulfills its obligations for the protection of data under the General Data Protection Regulation (“GDPR”) as outlined in this Notice. The GDPR applies to all individuals who are European Union (“EU”) citizens and individuals, regardless of citizenship, located in the EU (“Individual”) to protect their Personal Data and manage the way organizations, including Carlow University, control and process data.
Under the GDPR, Personal Data includes any information that can be used to identify an Individual, including name, address, online number, date of birth. It also includes online identifiers including IP addresses, cookies, location data and device information. Personal Data also includes an Individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health and sex life, and sexual orientation.
Carlow University collects and processes Personal Data from Individuals only to the extent it has a legal basis to do so and as is necessary for Carlow to exercise its legitimate interests, functions and responsibilities as a private, religious, non-profit institution of higher education. This includes collecting and processing Personal Data from Individuals who are applicants for employment, collecting and processing Personal Data from Individuals who are students, parents/guardians, potential students, applicants, alumni and friends to communicate, register, enroll, administer housing, management accounts, provide academic advising, deliver education, track progress, analyze and improve programs, recruit, report regulatory information, conduct audits, maintain accreditations, identify and provide support and services, conduct research, provide reasonable accommodations and perform other related University functions.
Carlow University may disclose an Individual’s Personal Data to Third Parties who contract with the University to provide services. Personal Data may be disclosed upon an Individual’s informed consent, in emergency circumstances, for employment necessity, if public information, for bona fide archival purposes, as contractually or legally required, if de-identified and/or with University-affiliated parties.
Carlow University may send you information about University products and services as well as information from partner University-affiliated parties. You have the right the right to stop the University from contacting you for marketing purposes.
Carlow University will minimize the collection and processing of Personal Data whenever possible.
Personal Data is stored in the University’s information technology systems. Carlow University uses a combination of technical fire walls as well as physical security barriers to Personal Data. Carlow University will notify Individuals within 72 hours of a declaration of a security breach.
Personal Data will be retained and/or deleted by Carlow University in accordance with the applicable laws and best practices. Personal Data will be destroyed upon an Individual’s legitimate request unless the applicable law or policy requires otherwise.
Under the GDPR, Individuals are entitled to the following rights:
Carlow University keeps this Notice up to date and under regular review. Any updates will be included on this page. Individuals are encouraged to review the GDPR Notice periodically.
To make a request to invoke rights under the GDPR, make inquiries regarding Carlow University’s GDPR Notice or make a complaint that Carlow University has not complied with the applicable regulations regarding Personal Data, please contact Carlow University’s Data Protection Officer at: firstname.lastname@example.org
Individuals may also file a complaint with the appropriate supervisory authority in the EU.