GDPR Privacy Notice

 

GDPR Privacy Notice

 

OVERVIEW

The University of Southern Mississippi ("USM") is committed to protecting the privacy of personal data. In compliance with the General Data Protection Regulation (GDPR) effective as of May, 2018, we are issuing this notice to outline how we collect, use and disclose personal and special category data provided by students, faculty, applicants, alumni, donors, research subjects and any and all other individuals disclosing personal and/or special category data, which is subject to the GDPR. 

This notice addresses how USM processes your personal data if you are an individual with rights under the General Data Protection Regulation (GDPR).  

 

DEFINITIONS

Data controller

General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and harmonizes data privacy laws across Europe, to protect and empower all EU citizens with data privacy while also reshaping the way organizations across the region approach data privacy.  For additional information about the GDPR see the EU Data Protection page.

Personal data is defined as any information relating to a person who can be directly or indirectly identified in particular by reference to specific data collected or provided by you. Examples include name, email address, IP address, and identification number. 

Sensitive personal data includes race, genetic data, ethnic origin, religious or philosophical beliefs, health data, sexual orientation, biometrics, and criminal convictions.

For other pertinent definitions see the Article 4 of the GDPR.

HOW USM USES YOUR DATA

Data (both personal and sensitive in nature) is collected and may be shared both internally and externally (i.e. with third party vendors contracted to perform functions for USM who are subject to both confidentiality as well as safeguarding measures focused on preventing unauthorized disclosure) in order to satisfy contractual, statutory, or public interest purposes, including, but not limited to:

  • Responding to initial requests for information about the University
  • Recruiting, evaluating and managing those applying for or admitted to programs (in-person or online)
  • Registering and advising individuals
  • Designing and implementing education programs as well as services, activities or to provide reasonable accommodations
  • Facilitating participation in study abroad programs
  • Monitoring academic progress
  • Assessing and improving educational offerings using both general demographics as well as statistical research
  • Meeting state and federal reporting requirements and to comply with applicable laws
  • Enforcing University policies
  • Processing applications for employment
  • Completing audits
  • Maintaining accreditation
  • Processing financial aid requests including reporting to appropriate federal and state government agencies
  • Managing student accounts
  • Assisting with the completion of visa sponsorship for study, work or research at USM, as appropriate to comply with applicable immigration laws
  • Assigning or facilitating housing requests for those residing on campus while enrolled
  • Exercising scientific and historical research 
  • Maintaining relationships with alumni or donors through notifications of services, donations, fundraising as well as other functions
  • Archiving purposes in the public interest
  • Having entities affiliated with the University contact you about goods, services or other information that may be of interest to you

 

ANONYMIZATION AND PSEUDONYMIZATION OF DATA  

Data that has been de-aggregated or de-identified can be shared without any limits being placed on such a disclosure. 

 

INDIVIDUALS ABLE TO EXERCISE RIGHTS UNDER GDPR  

The GDPR provides the aforementioned rights only to those individuals who:

Have resided and can verify their residency in the EU (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK) at a time during which their data would have been processed by the data controller (i.e. USM).

Any request to exercise rights under the GDPR will require that the individual provide documentation:

  • verifying their identity; and 
  • verifying their residency in the EU. 
NOTE:   Request by domestic students cannot be honored as the law is only applicable to EU residents who have been residents in the EU at the time the data controller in this case USM as been processing their data. 

 

LEGAL BASIS FOR PROCESSING DATA  

Data indicated above are being processed based on one of the following legal basis:

  • Performance of a contract or performance of steps prior to entry into a contract
  • Legitimate interests (as a higher education institution) or the legitimate interest of a third party
  • To comply with a legal obligation based on a disclosure being required or if permitted by law (state, federal or international)
  • Consent (for purposes of research)
  • To protect the vital interest of the individual if one is legally/physically unable to consent
  • In the public interest (to facilitate performing such tasks as teaching and research)

 

AUTOMATED DECISION-MAKING 

We will not utilize your personal information to carry out any wholly automated decision-making that affects you.

 

SECURITY MEASURES  

Appropriate technical and organizational security measures are in place aim to protect data when transmitted and once stored in systems which we directly control and systems which we control through a third-party vendor.

 

COOKIES AND OTHER TECHNOLOGY 

USM websites use cookies, which are small data files that are placed on your computer when you visit a site to identify you and personalize your visit for maximum enjoyment. The cookie file contains information such as a user ID to track pages visited. Any personal information contained in a cookie is only the information supplied directly by you.  

 

RETENTION AND DESTRUCTION OF DATA 

USM retains your data pursuant to applicable state and federal law, and in adherence to the specific retention periods that apply to such data.

If a request is entered for data destruction, it will only be processed if doing so does not contradict state or federal law, including but not limited to, data retention rules.

If subject to the previous paragraph, it is determined that data destruction (exercising right to be forgotten) is not barred by federal, state (including data retention rules), any destruction of data shall be conducted in the manner that best preserves and ensures the confidentiality of the information based on the sensitivity, value and how critical the data is to the University. 

 

Rights Available Under GDPR

  • Right to request access
  • Right of data portability
  • Right to restrict processing
  • Right to erase
  • Right to rectify 
  • Right to object

 

Click here for additional information rom the Information Commissioner's Office (ICO) regarding exercising the rights listed above.

Please note that the University is subject to federal and state laws, including but not limited to the Family Educational Rights and Privacy Act, that may require that we request, process and retain and report on certain types of data.  These legal obligations may also affect actions we would be permitted to take in response to a request to exercise your GDPR data rights, especially the right to have your data erased.    

For generally information on this rights, please see the Information Commissioner's website

 

Impact of Retention Periods

Erasure of data shall be subject to the retention periods of applicable state and federal law. USM adheres to specific records retention schedules. 

See the Information on Records Retention Schedules page for additional information.

 

Impact of Withdrawing Consent

If you have provided consent to the use of your data and USM is not processing your data under any other legal basis, you have the right to withdraw consent; and USM will no longer be able to process your data (i.e. effective as of the data said request is received). 

Withdrawal of consent does not affect the lawfulness of the University's use of the data prior to receipt of your request to withdraw consent.

 

Data Transfer

Data created in the European Union may be transferred out of the European Union to the University. If such a transfer occurs, the University will adhere to the requirements of the General Data Protection Regulation to ensure that adequate technical and organizational controls are in place.  If the transfer involves USM’s third-party vendors, USM will monitor the transfer to ensure that adequate technical and organizational controls are implemented.  

 

Sharing of Personal Data

Your personal information may be shared with relevant staff as needed. 

For purposes of enrollment, providing services, or in compliance with legal requirements, your data may be shared with external organizations, including, but not limited to:

  • Agencies of the State of Mississippi
  • Agencies of the United States Government
  • Non-governmental partners
  • Those funding/lending your monies for enrollment  
  • Providers of any external/collaborative learning and training placements
    or fieldwork opportunities
  • Auditors, examiners, and assessors external to the institution
  • Relevant professional or statutory regulatory bodies
  • University student organizations, clubs, and societies relative to your membership in such organizations
  • Local authorities
  • As needed, police and other law enforcement
  • As needed, entities affiliated with The University (e.g. The USM Foundation)
  • Companies or entities providing services to or on behalf of The University
Use of Information Following Graduation
After you graduate a core record of your studies is retained indefinitely so that the details of your academic achievements can be confirmed and for statistical or historical research. Your contact and core personal details are passed to the Alumni office while you are still a student so that you can be added to the alumni database.  

Complaint

If you feel the University has not complied with applicable foreign laws regulating such data, you can contact us at the email address listed above.  Alternatively, you can file a complaint with the appropriate supervisory authority in the European Union.  To find the appropriate authority, view the Data Protection Authority list.

Questions

E-mail GDPRrequests@usm.edu

Need information on how to submit a request- see the bottom of our GDPR page

Updates to Notice

This notice may be updated or changed at any time.  Continued use of the USM website after any updates to the notice affirms your acceptance of any changes to the notice. This page was last updated in June 18, 2018.