American University (“University”) is committed to safeguarding and maintaining the privacy of your personal information. In providing its website and services, the University must collect and use (or process) personal data about visitors. This Privacy Notice describes practices related to the collection and processing of personal information when users visit the University’s websites.
For purposes of clarity, “processing” as used in this notice includes the collection, use, storage, transmission, disclosure, and destruction of personal information. This Privacy Notice applies to all information collected by the University and its third-party service providers, including but not limited to websites and applications that post a link to this Privacy Notice.
By continuing to use and interact with University websites and providing your personal information, you are accepting the terms of this Privacy Notice.
In general, American University collects and processes two types of information through its websites: (1) information voluntarily provided by you in order to receive requested information and/or services, and (2) information automatically collected upon your navigation to one of its websites.
Information You Provide
The University collects information which you provide, such as when you: request information; use a device to interact with a website; create an account; log in; register for courses, programs, or activities; complete a web form; add or update your account information; or otherwise interact or communicate with the University (including via its websites or other electronic means). The University then processes the information you provide.
Information Automatically Collected
When you use University websites, they automatically collect information about the devices you use to do so (e.g., computers, tablets, mobile phones, etc.). The University collects your device identifier, web browser, IP address, and browsing information via “cookies” and “web beacons.” The University also automatically collects information about how you use the websites, such as what you have searched for and viewed on the websites. The information automatically collected will be associated with any personal information you have provided.
Cookies and Other Technologies Used by The University and Third-Party Service Providers
The University collects information automatically through various means such as cookies and web beacons.
- Web Beacons
American University uses web beacons to collect data from individuals who interact with American University websites. These technologies, which are often small, transparent images, when loaded collect information about the requestor. This could include your IP address, and the date and time a website was accessed. Web beacons work in conjunction with cookies so if cookies are disabled, we are unable to collect unique information about you.
Processing Your Information
The University processes personal data for a variety of reasons, including to:
- Carry out operations and manage the educational, research, and administrative needs of the University community;
- Improve its websites and services;
- Respond to your requests or inquiries;
- Provide newsletters, articles, service or safety alerts/announcements, event invitations, and other information that we believe may be of interest to you;
- Request gifts and donations;
- Analyze your use of University websites and perform other market research activities, such as interest-based advertising, targeted advertising, and online behavioral advertising in order to determine the content that would be of interest to you;
- Comply with and meet legal obligations, enforce agreements, and protect the health, safety, rights, and/or property of the University and its community; and/or
- Prevent, investigate, and take actions regarding unlawful or criminal activity (including fraud or other misconduct), security or technical concerns, or unauthorized access to or use of the University’s data, users’ personal information, and University data systems.
The University will process your personal data consistent with the consent you have provided for a stated purpose, or as necessary to: (i) advance the University’s legitimate interests, (ii) perform a contract with you (or for your benefit) or fulfill a request you have made, (iii) comply with a legal obligation, and/or (iv) to protect the vital interest of you or another person.
How Information is Shared
The University may share your personal data with its third-party service providers to provide services or to support the University’s activities. These activities include, for example, online course support for students, benefit services for faculty and staff, or study abroad and international educational or teaching opportunities. The University’s third-party service providers are not authorized to disclose personal data except as necessary to perform services on the University’s behalf or to comply with legal requirements. In certain instances, in order to provide services and to support University’s activities, or as required by law, the University may share your personal data among other departments. In all of these instances, the information provided to the third-party service provider or other department will be limited to the extent necessary to provide the user-requested information and/or services, or as required by applicable law enforcement agencies.
Third-Party Websites and Content
University websites may contain links to other websites as a convenience to you. These websites typically operate independently from the University’s websites and if you decide to use these links, you will leave the University’s website. The University is not responsible for the privacy practices or the content of such other websites and does not make any representations or endorsements about them. If you decide to leave the University’s website and access any third-party website, we strongly suggest you review the privacy notices or policies of that third-party website, as the University’s policies will no longer govern. You should review the applicable terms and policies, including privacy and information gathering practices, of these third-party sites.
Your Personal Accounts
Although the University has security measures in place to protect personal data you provide to it, you are encouraged to take steps on your own to protect your information by, for example, logging out of online applications, closing all web browsers after use of a website, and keeping your account and passwords confidential. You should be aware that any information you post or disclose in news groups, forums, message boards, and similar contexts may become public. You should always exercise caution before disclosing any personal data or other information in such contexts.
Retention of Information and Security
Personal data you provide to the University will be retained in accordance with the University’s record retention schedule, applicable laws, or until such time the service requested is no longer available. The University maintains administrative, technical, and physical safeguards to protect against loss, misuse, unauthorized access, disclosure, alteration, or destruction of the information you provide when visiting or using University websites. The University implements appropriate security measures to promote the confidentiality, integrity, and availability of any information in the possession (or control) of the University. The University utilizes Transport Layer Security (TLS) encryption technology for instances where American University websites process your personal information. The purpose of TLS is to protect your information from being viewed by an unauthorized person. Additionally, some features on American University websites may enable credit card transactions in order for you to purchase goods and services. American University subcontracts the processing of online transactions to third-party services providers that comply with the Payment Card Industry Data Security Standard (PCI DSS).
Rights for Individuals in the European Economic Area (EEA)
If you reside in a member state of either the European Union or European Free Trade Association that is a party to the EEA Agreement (collectively, EU Residents), you have the right to access personal information the University has collected about you for the purpose of reviewing, modifying, correcting or requesting erasure of your information. You may also have the right to request a copy of your information. Further, you may also request that the University restrict or stop processing your information. Finally, you may object to communications, direct marketing, or automated processing of your personal information.
To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.
If you wish to exercise these rights, please contact us at the address included under the “Contact” section, below. To protect the personal information the University holds, the University may also request further information to verify your identity when exercising these rights. Upon a request to erase information, the University will maintain a core set of personal information to ensure we do not contact you inadvertently in the future, as well as any information necessary for archival or other legal purposes. We may also retain financial information for legal purposes, including United States Internal Revenue Service compliance. Additionally, in the event of an actual or threatened legal claim, the University may retain your information for purposes of establishing, defending against, or exercising your rights with respect to such claim.
By providing information directly to the University, you consent to the transfer of your personal information outside of the EEA to the United States. Please note that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.
Children and Minors
If you are a US resident under the age of 18 or an EU Resident and under the age of 16, please do not provide any personal information on this website or through any of its features, unless authorized by parental consent. For more information, US residents may consult the Children’s Online Privacy Protection Act, and EU Residents may consult the General Data Protection Regulation.
If you believe that the University has collected personal information about a child or minor, please contact us immediately, at the address included under the “Contact” section below, so that the University can take appropriate action.
If you wish to ask questions, raise concerns, or make a report with respect to this Privacy Notice or regarding how American University processes personal information, please contact us at GDPR@american.edu
Updates to this Privacy Notice
The University may modify this Privacy Notice from time to time, in its sole discretion. We recommend you read the Notice periodically. If we make any significant changes to this Privacy Notice that increase the University’s rights to use personal information that we previously collected about you, we will obtain your consent through an email to your registered email address or by prominent posting on the University’s websites. If the University intends to further process collected personal information for a purpose other than that for which the information was collected, prior to that further processing, the University shall provide you with information on that other purpose with additional information necessary to ensure fair and transparent processing.
Last updated September 2020