This privacy statement explains how Lynn University collects, uses, and shares your personal data, and your rights in relation to the personal data we hold. It is your guide for how we collect and handle your information and governs the privacy of users who choose to provide the University with personal data in the usual course of business.
The statement sets out the different areas where user privacy is a concern and outlines the obligations and requirements of the users, the website and the website owners. Furthermore, the way this website processes, stores and protects user data and information is also detailed within this statement.
This privacy statement has been designed to assist the University in fulfilling its regulatory compliance requirements and to provide members of our campus community and third parties with information on how the University collects and processes personal information. This statement assists specifically with compliance for the following regulations:
- Gramm Leach Bliley
- Family Education Rights and Privacy Act (FERPA)
- European Union General Data Protection Regulation
Lynn University is a not-for-profit institution located in Boca Raton, Florida. Lynn University takes great strides to protect the data of any individual who interacts with the University in the usual course of business; however, nothing in this statement should be construed as a violation of the University’s state or federal requirements. Where regulations are in conflict, the University will follow federal regulations while still diligently protecting the data of all individuals regardless of their geographical location.
Information we collect
We do not collect any personal identifiable information through the Lynn.edu website and other platforms, other than in a manner described in this statement. In such instances, we will never sell or trade the information you provide to us, unless we have your consent in doing so, or if the information is needed for legal processes or for the purpose of fulfilling the legitimate business needs as required to deliver the services of the university described in this privacy statement
We may collect the following types of personal data about you:
- your name, and contact information such as address, email address and telephone number, as well as your date of birth, national insurance number (or other tax identification number) and your passport number or driver’s license details, country of domicile and your nationality. We will also allocate you a unique student identification number;
- information relating to your education and employment history, the school(s), and other colleges or universities you have attended and places where you have worked, the courses you have completed, dates of study and examination results. We will also keep records relating to assessments of your work, details of examinations taken, your predicted and actual examination grades and other information in your student record;
- information about your family or personal circumstances, and both academic and extracurricular interests, for example where this is relevant to the assessment of your suitability to receive a scholarship or in order to provide you with appropriate care;
- sensitive personal data and information about criminal convictions and offenses, including:
- information concerning your health and medical conditions (e.g. disability and dietary needs);
- certain criminal convictions (where voluntarily provided upon application to the institution or upon application for employment and
- information about your racial or ethnic origin; religion or similar beliefs;
How we collect your information
We may collect your personal data in a number of ways, for example:
- from the information you provide to us when you interact with us before attending, for example when you express your interest in studying at Lynn University;
- when you apply to study at Lynn University and complete enrollment forms and applications and when you complete other admissions procedures;
- when you communicate with us by telephone, email or via our website, for example in order to make inquiries or raise concerns;
- in various other ways as you interact with us during your time as a student, employee, donor, or third party of Lynn University, for the various purposes set out below;
- from third parties, for example from your previous or current school, university or employers who may provide a reference about you or who may sponsor your studies.
How we use your information
The purposes for which we may use personal data (including sensitive personal data) we collect during an individual’s association with us include:
- recruitment and admissions;
- for the purpose of employment or upon application;
- for the purpose of processing donations or sponsorships;
- academic matters, including:
- the provision of our core teaching, learning and research services (e.g. registration, assessment, attendance, managing progress, academic misconduct investigations, certification, graduation);
- maintaining student records;
- assessing your eligibility for loans and scholarships, etc.
- to provide services to alumni following graduation;
- providing library, IT and information services;
- non-academic matters in support of our core services, including:
- providing student support services;
- safeguarding and promoting the welfare of students;
- ensuring students' safety and security;
- managing student accommodation;
- managing the use of social media;
- managing car parking on campus;
- administering finance (e.g. fees, scholarships and loans);
- other administrative purposes, including:
- carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information (e.g. providing IT support, information about building closures or access restrictions on campus, or safety advice);
- promoting our services (e.g. providing information about summer schools, student exchanges, or other events happening on and off campus);
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- dealing with complaints and inquiries.
The basis for processing your information and how we use it
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to interact with you before you are enrolled as a student or before employment, as part of the admissions or staff recruitment process (e.g. to send you information or answer inquiries about our courses);
- to interact with you before you decide to make a donation to the University (e.g. to communicate with you regarding donor opportunities at your request);
- once you have enrolled or been employed, to provide you with the services as set out in our university policies/procedures, or contracts;
- to deal with any concerns or feedback you may have;
- for any other purpose for which you provide us with your personal data.
We may also process your personal data because it is necessary for the performance of our tasks carried out in the public interest or because it is necessary for our or a third party's legitimate interests. In this respect, we may use your personal data for the following:
- to provide you with educational services which may not be set out in our policies or procedures but which are nevertheless a part of our academic and educational mission;
- to provide you with services usually provided by an employer which may not be set out in our University policies, procedures, or contracts which are nevertheless a part of our mission and regular course of business;
- to monitor and evaluate the performance and effectiveness of the university, including by training our staff or monitoring their performance;
- to maintain and improve the academic, corporate, financial, estate and human resource management of the university;
- to promote equality and diversity throughout the university;
- to seek advice on our rights and obligations, such as where we require our own legal advice;
- recovering money you owe to us;
- for fundraising purposes.
We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:
- to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws and safeguarding requirements;
- for the prevention and detection of crime;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
We may also process your personal data where:
- it is necessary for medical purposes (e.g. medical diagnosis, provision of health or social care or treatment, or a contract with a health professional);
- it is necessary to protect your or another person’s vital interests; or
- we have your specific or, where necessary, explicit consent to do so.
Where we store your personal data and how we secure it
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us. By submitting your personal data, you agree to this transfer, storing or processing.
Once we have received your information, we will use strict policies, procedures and security features to try to prevent unauthorized access. We have security in place such as firewalls, backup and other appropriate technical security measures. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement, as well as the University’s technical and organizational security policies, procedures and measures.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
Sharing your information with others
For the purposes referred to in this privacy notice and relying on the bases for processing as set out above, we may share your personal data with certain third parties. You are given the opportunity to opt out of some of these data sharing arrangements, for example when you register with us, but you should carefully consider the possible impact of doing this. Unless an opt-out is in place, we may disclose limited personal data to a variety of recipients including:
- our employees, agents and contractors where there is a legitimate reason for their receiving the information, including:
- third parties who work with us to provide student accommodation;
- third parties who work with us to provide employee benefits and health care;
- third parties who work with us to provide student support services (e.g. counseling);
- those with an interest in tracking student progress and attendance, including:
- student sponsors (e.g. the Student Loan Company, research sponsors);
- current or potential education providers (for example, where you take part in an exchange program as part of your course);
- current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
- professional and regulatory bodies in relation to the confirmation of qualifications, professional registration and conduct and the accreditation of courses;
- government departments and agencies where we have a statutory obligation to provide information;
- crime prevention or detection agencies;
- parents, guardians, and next-of-kin (where there is a legitimate reason for disclosure in compliance with FERPA);
- third parties conducting surveys
If personal data is transferred to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements or by relying on certification schemes. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting The Chief Information Officer at firstname.lastname@example.org. Moreover, we contractually require agents, service providers, and affiliates who may process your personal data to provide the same level of protections for personal data as required by Lynn University.
Once the GDPR comes into force in May 2018, you will also have the following additional rights:
- to be notified if we intend to transfer your personal data to another country or international organization and the identity of the recipients of your personal data;
- to be notified of the period your personal data will be stored;
- to access and require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data subject to the retention periods of applicable federal law and the University’s Record Retention policy;
- to require us to restrict our data processing activities and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal;
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights;
- to be notified of the existence of any automated decision-making regarding the use of your personal data, including meaningful information about the logic involved and its significance and consequences of such processing;
- to be notified if the collected personal data will be further processed for a purpose other than that for which it was collected;
- to file a complaint with the appropriate supervisory authority in the European Union if you feel we have not complied with applicable foreign laws regulating information created in the European Union that is transferred out of the European Union to the University.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Withdrawal of consent
If you have given your consent and you wish to withdraw it, please contact our Chief Information Officer at email@example.com. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
Like many other institutions and organizations, some sections of the Lynn University website use third-party services to track web-browsing patterns to help us better understand how our website is being used. The information is generated by the use of “cookies” and includes data in order to compile website activity and other material relating to navigating throughout our site.
What are cookies?
Cookies are a small text file that is placed on your device, used to collect data and assist in your experience with websites.
You have a variety of tools to control cookies, including browser controls to block and delete cookies. You should check with your provider or with your preferred browser on how to disable cookies. Your browser choice and disabling cookies may impact your experience with our website.
Links to other websites
The Lynn University website(s) may contain links to other websites not affiliated with the University. We are not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.
Lynn University keeps the data it collects in accordance with the retention periods of applicable federal law and the University’s Record Retention Policy. Your information will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value and criticality to the University.
Chris Boniforti, Chief Information Officer, has been designated as the University’s point of contact for questions or concerns related to the privacy and protection of your data. If you have questions or concerns about this privacy notice or how we process your personal data, you may contact Chris Boniforti by email at firstname.lastname@example.org or by mail at 3601 N Military Trail, Boca Raton FL 33431.
To request access to the personal data we hold about you, you may contact Chris Boniforti by email at email@example.com or by mail at 3601 N Military Trail, Boca Raton FL 33431.
Changes to this Privacy Statement
Lynn University has the discretion to update this privacy statement at any time. When we do, we will revise the updated date at the bottom of this page. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. It is your responsibility to review this privacy statement periodically and become aware of modifications.