Mount St. Joseph University Privacy Policy

Effective Date: October 20, 2022

Mount St. Joseph University (the “University”) is committed to the privacy of its community and guests.  This Privacy Policy explains the types of personal data the University collects and how that data is used.

Who You Can Contact About This Policy

For questions or actions related to this Policy, please contact the University’s Vice President of Compliance, Risk, and Legal Affairs/General Counsel, Paige Ellerman, at Paige.Ellerman@msj.edu.

Related Policies

This Policy is governed by the University’s “Terms of Use” which are incorporated herein by reference, including the limitations of liability set forth therein.

University students and employees are subject to additional standards regarding technology, website, and email usage, as set forth in the applicable University Employee Handbook, University Student Handbook, and other University internal policies and procedures (“Internal Policies”). As to University students and employees: (i) in the event of a conflict between those Internal Policies and this Policy, the Internal Policies shall prevail; and (ii) this Policy shall supplement, rather than replace, such Internal Policies.

How and What Information The University Collects

Information Voluntarily Provided

The University collects personal information that you voluntarily provide when you use the University’s website (“Website”) and related services, applications, and functionality (“Services”). The University also collects personal information from third parties whom you have directed to provide information to the University. For example, the University may collect personal and sensitive information about you in connection with your application for admission to the University and other voluntary submissions you make to the University via the Website and Services, such as your name, social security number, address, contact information, work history, criminal history, transcripts, and other information and records, which may be sent by you and/or other third parties on your behalf. Among such personal information, you may disclose “sensitive information” about your religious or philosophical beliefs, information about your race or ethnic origin, age, disabilities, veteran status, gender or gender identity, and sexual orientation.

Publicly Facing Technology Services

The University’s publicly facing technology services collect personal information you provide voluntarily, such as when completing applications and forms, sending emails, registering for classes or other programs, responding to surveys, and filing complaints.

Information Automatically Collected

The University collects certain information about you automatically which does not specifically identify you or contain personal information, when you use or interact with the Website and Services. For example, the University may collect your IP address, domain information, browser and operating system information, usage data (including the date and time you access the Website and Services), and location data.

Cookies and Tracking Features; Do-Not-Track Signals

Cookies are small pieces of data stored by a web browser on your local computer or mobile device, used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive. The University collects your personal and other information through cookies and other tracking features, such as targeting cookies/marketing cookies, social media cookies, beacons/pixels/tags, click redirects, and social media plugins (through features such as a “Like” button, and widgets, such as a “Share” button). The University does not currently respond to Do-Not-Track browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

How the University Uses Your Information

The University uses your personal information to administer and offer the Website and Services, to operate its programs, and to improve its practices and enhance user experiences with such Website and Services. In any event, the University processes your information in accordance with applicable law and as reasonably necessary in connection with its programs and services as a higher educational institution. Processing such personal data of its students, employees, applicants, research subjects, alumni, and others involved in the University’s programs and services may be done, without limitation, in connection with:

  • Academic admissions and enrollment
  • Student registration
  • Residence life
  • Delivery of classroom, on-line, and education programs
  • Administration and oversight of recreation programs
  • Student organizations
  • Student affairs activities
  • Student and employee complaints
  • Distribution of grades, materials, and other communications by and among students, faculty, and staff
  • Research
  • Program development and analysis
  • Hiring and employment
  • Provision of clinic services
  • Engagement with the community at-large
  • Compliance with its internal policies, procedures, and guidelines
  • Compliance with all applicable federal, state, and local laws and rules of accrediting entities
  • Records retention

If you provided consent for the University to process your personal information, you may request to withdraw your consent at any time by contacting Paige.Ellerman@msj.edu. Withdrawing your consent will not affect the lawfulness of the processing before its withdrawal, nor when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent. Some data required to be held for legal or accreditation reporting purposes cannot be withdrawn. The University shall have a reasonable amount of time in which to review and implement your request. Withdrawing your consent or refusing to provide personal data that is required by the University may make it impossible for the University to provide certain services.

Sharing Personal Data

The University shares personal data with other parties when one or more of the following conditions apply:

  • We have previously notified you that sharing the information is necessary or will occur
  • We have your express or implied consent to share the information
  • We determine a reasonable need to share your information to provide the service you requested
  • We determine a reasonable need to send your information to companies who provide a service or product to you on behalf of the University
  • Third party vendors of the University in connection with a legitimate business or organizational purpose (e.g., enhancing the Website and Services or providing services in connection with the University’s other offerings and obligations)
  • The information is student directory information
  • To respond to subpoenas, court orders, or any other legal requirements
  • When it is necessary to protect and defend the legal rights and/or property of the University
  • To protect your safety and/or the public’s safety.

In certain circumstances, the University may be required by law to disclose personal or other information provided to us through our Website or Services.

Statutory Compliance

The University complies with, when applicable: (i) the Family Educational Rights and Privacy Act (“FERPA”); (ii) the Health Insurance Portability and Accountability Act (“HIPAA”); (iii) the Jeanne Clery Disclosure of Campus Security Policy and Campus Crime Statistics Act (“Clery Act”); and (iv) other applicable laws. The University will disclose your personal information as it deems reasonably necessary to comply with the foregoing.

How Long the University Keeps Your Information

The University generally complies with its Records Retention and Document Destruction Policy, as the same may be updated from time to time by the University in its sole discretion.

Linking

The Website and related Services may link to third-party websites which are not controlled by the University or subject to this Policy. The University shall have no liability for your interactions with third party websites or any damages resulting therefrom.

European Union General Data Protection Regulation (“GDPR”)

GDPR provides broad privacy protections to individuals physically located in the European Economic Area (“EEA”) (“data subject(s)”). The following sections only apply when the University is subject to GDPR with respect to certain data, and only to the applicable data subject(s):

A. GDPR Lawful Bases for Processing Personal Data

The University must have a lawful basis to process a data subject’s personal data. The following lawful bases will apply to most processing activities:

  • For purposes of the legitimate interests pursued by the University or by a third party;
  • For performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • For compliance with a legal obligation to which the University is subject; and
  • Pursuant to the consent of a data subject for one or more specific purposes.

B. GDPR Individual Rights of the Data Subject

Subject to all other applicable laws and regulations, including all laws of the United States and the State of Ohio, where legally applicable, certain data subjects have the following rights under the GDPR, when GDPR applies:

  • To access the personal data we maintain about you;
  • To be provided with information about how we process your personal data;
  • To correct or modify your personal data;
  • To have your personal data deleted;
  • To object to or restrict how we process your personal data;
  • To request your personal data to be transferred to a third party; and
  • To file a complaint.

Under certain circumstances, the GDPR or other applicable laws may limit a data subject’s exercise of the above rights. To exercise the above rights, data subjects should contact Paige.Ellerman@msj.edu. Exercising these rights is not a guarantee of a requested outcome.

How The University Protects Information

The University takes appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information it processes. However, despite safeguards and efforts to secure your information, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. To the maximum extent permitted by applicable law, the University cannot and does not promise or guarantee that unauthorized third parties will not be able to defeat its security and improperly collect, access, steal, or modify your information. Transmission of personal information to and from our Website Services is at your own risk, to the extent permitted by applicable law.

Amendments

The University may amend this Policy at any time and from time to time, in its sole discretion. All such amendments will be in effect as of the date such amended version is posted on the University’s Website.