Carlow University is committed to data protection and fulfills its obligations for the protection of data under the General Data Protection Regulation (“GDPR”) as outlined in this Notice.  The GDPR applies to all individuals who are European Union (“EU”) citizens and individuals, regardless of citizenship, located in the EU (“Individual”) to protect their Personal Data and manage the way organizations, including Carlow University, control and process data.

Personal Data

Under the GDPR, Personal Data includes any information that can be used to identify an Individual, including name, address, online number, date of birth.  It also includes online identifiers including IP addresses, cookies, location data and device information.  Personal Data also includes an Individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health and sex life, and sexual orientation.

Use of Personal Data

Carlow University collects and processes Personal Data from Individuals only to the extent it has a legal basis to do so and as is necessary for Carlow to exercise its legitimate interests, functions and responsibilities as a private, religious, non-profit institution of higher education. This includes collecting and processing Personal Data from Individuals who are applicants for employment, collecting and processing Personal Data from Individuals who are students, parents/guardians, potential students, applicants, alumni and friends to communicate, register, enroll, administer housing, management accounts, provide academic advising, deliver education, track progress, analyze and improve programs, recruit, report regulatory information, conduct audits, maintain accreditations, identify and provide support and services, conduct research, provide reasonable accommodations and perform  other related University functions.

Carlow University may disclose an Individual’s Personal Data to Third Parties who contract with the University to provide services.  Personal Data may be disclosed upon an Individual’s informed consent, in emergency circumstances, for employment necessity, if public information, for bona fide archival purposes, as contractually or legally required, if de-identified and/or with University-affiliated parties.

Carlow University may send you information about University products and services as well as information from partner University-affiliated parties.  You have the right the right to stop the University from contacting you for marketing purposes.

Carlow University will minimize the collection and processing of Personal Data whenever possible.

Security, Data Retention and Destruction

Personal Data is stored in the University’s information technology systems. Carlow University uses a combination of technical fire walls as well as physical security barriers to Personal Data.  Carlow University will notify Individuals within 72 hours of a declaration of a security breach.

Personal Data will be retained and/or deleted by Carlow University in accordance with the applicable laws and best practices. Personal Data will be destroyed upon an Individual’s legitimate request unless the applicable law or policy requires otherwise.


Information about Carlow University’s use of cookies can be found in Carlow University’s Privacy Notice. For further information about cookies, visit 

Individual’s Rights under the GDPR

Under the GDPR, Individuals are entitled to the following rights:

  • The right to access- Individuals have the right to request a copy of their Personal Data from Carlow University.  Upon a receipt of a valid request, Carlow will provide access to the Individual within 30 days. Carlow University may charge a fee for this service.
  • The right to rectification- Individuals have the right to request that Carlow University correct any errors in their Personal Data that they believe is incorrect. Carlow will have 30 days to correct any verified incorrect data.
  • The right to erasure- Under certain circumstances and conditions, Individuals have the right to request that Carlow University erases or de-identifies an Individual’s Personal Data within 30 day of a valid request.
  • The right to object to or restrict the processing- Under certain circumstances and conditions, Individuals have the right to object to or restrict the processing of Personal Data. Carlow will respond to such request within 30 days.
  • The right of data portability- Under certain circumstances and conditions, Individuals have the right to request the transfer of their Personal Data to another organization/individual or directly to the Individual. Carlow will respond to such request within 30 days.

Changes to this Notice

Carlow University keeps this Notice up to date and under regular review.  Any updates will be included on this page. Individuals are encouraged to review the GDPR Notice periodically.


To make a request to invoke rights under the GDPR, make inquiries regarding Carlow University’s GDPR Notice or make a complaint that Carlow University has not complied with the applicable regulations regarding Personal Data, please contact Carlow University’s Data Protection Officer at:

Individuals may also file a complaint with the appropriate supervisory authority in the EU.

© Copyright 2024 Carlow University. All rights reserved.