Rosalind Franklin University - Privacy Notice
Your privacy is important to Rosalind Franklin University (“RFU”, or “we”), and we are committed to respecting it. This notice describes how we collect, use, process, protect, and share information from members of the RFU community and members of the public.
- Website Privacy
RFU’s website collects two categories of information: (1) personal information the user chooses to submit, such as a name and email address when you fill out a form, and (2) information automatically collected from a user’s browser when on the RFU website, including browser type, device type, operating system information, approximate geolocation, and session statistics. The second category of information is collected by the third party servicers listed below, collected anonymously, and is used to improve website services and deliver advertising.
Any personally identifiable information we collect through RFU’s website is securely stored under standard and industry-wide procedures.
Here is a list of the third party service providers used by RFU and their respective privacy notices:
- Google Analytics - https://policies.google.com/privacy
- SiteImprove - https://www.siteimprove.com/privacy/privacy-policy/
- Pingdom - https://www.solarwinds.com/legal/privacy
- YouVisit - https://www.youvisit.com/privacy.php
- Technolutions Slate - https://technolutions.com/privacy-policy
- Categories of Personal Information RFU Collects and Uses:
In addition to the technical information collected through the RFU website, RFU collects several categories of personal information in a variety of ways. Personal information is any information that relates to an identified or identifiable individual. In general, we collect and use the following categories of information at an institutional level:
- Prospective students: Personal and family information related to the application and financial aid process, including supporting documentation, identification and contact information; including information data related to ethnic origin, if the prospective student wants to disclose such data.
- Students: The information submitted as prospective and admitted students, including information related to their academic record, their academic performance, and video images on campus. Student educational records are protected by the Family Educational Rights and Privacy Act of 1974 (“FERPA”). Please see RFU’s Reference Guide to FERPA.
- Faculty and staff: Identification, contact information, biographic information, information related to remuneration, to benefits, to family members, and information related to performance at work.
- Visiting scholars and exchange students: Identification, contact information, biographic information, and possibly data related to health.
- Subjects of our research projects: As needed, identification and contact information, together with all information that is produced and observed in relation to the subject as part of the research project.
- Alumni: Identification, contact information, and donor information.
- Patients of RFU’s Health Clinics: Identification, contact information, and data related to health and billing.
- Customers of RFU’s Clinical Immunology Laboratory: Identification, contact information, and data related to health and billing
- How We Use Personal Data
We only use personal information for legitimate and specific purposes and to facilitate the various operations of RFU. In general, we use personal information in the following ways:
- To facilitate admission and provide higher education services for our undergraduate and graduate students and prospective students.
- To manage the employment of our faculty members and staff.
- To facilitate the visits to our campus for visiting scholars and exchange students.
- To deliver the course material, facilitate engagement, and track attendance and completion for subscribers of our online courses.
- To facilitate the attendance of persons who register for conferences, symposia, and other events.
- To keep alumni engaged in our community.
- For the purposes of delivering healthcare to our Health Clinic patients.
- To facilitate laboratory testing and deliver the results to patients and third-party contractors.
- To enable participation of individuals who take part in our research projects.
- To support website performance and enhance user experience for visitors of our website.
- Video images recorded by our video security system to ensure our community members’ physical security and to protect our property.
- Legal Bases for Processing – Legitimate Interests
Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:
- Necessity to enter or for the performance of a contract (ex: for online applications you submit; for the information provided when enrolling; for the payment information we process for tuition or other services).
- Necessity for our legitimate interests or those of third parties (ex: our legitimate interest to maintain a community for alumni; our legitimate interest to provide healthcare services and laboratory testing);
- Consent (ex: for the research projects you may participate in; for processing of special categories of personal data).
- Your Rights
If RFU is collecting or processing your personal data, you are entitled to the following rights, which RFU strives to facilitate in a timely manner:
- Rights to confirm, access, correct, and other requests — You have the right to obtain information about the personal data we process about you as well as a copy of the data. Additionally, and under certain circumstances, you may have the right to correct or update any of your personal data that is inaccurate, to request the deletion of your personal data, to restrict or limit the ways in which we use your data, and to request transfer of your personal data to another party.
- Right to object — You have the right to follow opt-out instructions in our marketing emails and to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner according to our legal obligations.
- Right to withdraw consent — You have the right to withdraw your consent at any time for all data processing operations that are consent-based and we will stop those processing operations subject to certain legal limitations. In some cases, you can do this by discontinuing use of the services at RFU. This may include closing all of your online accounts with the university and to request that your personal data be deleted.
When you make requests based on the rights listed above, you may be asked for further personal information to confirm your identity and it will be used solely for the purpose of responding to your request
- Retention Period
Personal data is kept on record at RFU only as long as necessary for the purposes it was collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
- International Data Transfers
When you interact with RFU either directly or through a third party, your personal information is transferred to the United States. RFU relies on appropriate or suitable safeguards or specific derogations recognized under data protection laws including the GDPR. In particular, we rely on your explicit consent for some of the data transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (e.g., for the transfer of personal data necessary for your application for admission to the university).
- Notice Updates
This privacy notice may be periodically updated.
If you have any concerns or questions regarding your personal data use, please email firstname.lastname@example.org. We will respond to your request in a timely manner and will do our best to address your concern. However, if you are a citizen of the EU/EEA/UK or are currently located there, and you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of GDPR. You also have the right to submit a complaint in the EU/EEA/UK Member State of your residence, place of work or of an alleged infringement of GDPR.