THE EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR)
The European Union General Data Protection Regulation, or GDPR (EU 2016/679), is a regulation concerning the collection, protection and processing of personal data provided by an individual ("data subject") while in a European Union Member State, regardless of citizenship or residency. Therefore, the terms and conditions contained in the Regulation and detailed in this Notice only apply while an individual is physically present in one of the EU Member States. Complete information is available on the European Commission website.
Grand Valley State University continues to be committed to conducting the collection and processing of personal data with integrity and in compliance with applicable data protection laws. This Privacy Notice, required under the GDPR, presents information about how the University collects, uses and protects personal data you provide as a prospective student or applicant to the university
A. Data Controller Contact Information
Grand Valley State University serves as the Data Controller and determines the purposes and means of processing your personal data. The individual below serves as the primary contact for GDPR compliance related to prospective students and applicants to the university and is responsible for responding to questions about this Notice and requests to exercise a data subject's rights.
Admissions & Recruitment Office
Associate Vice President for Admissions & Recruitment
300 Student Services Building
1 Campus Drive
Allendale, MI 49401
(616) 331 2025
B. Purposes for Collecting and Using Data
The Admissions Office uses the data collected to create a record that allows the university to interact with you as part of the admissions process before you are enrolled as a student. The information is also used to process your application for admissions.
C. Sharing and Transferring Data
GVSU may share your data with other units around the university that have a business reason to use or access the data.
D. Data Retention
Data is retained in accordance with University policy and as required under applicable U.S. laws and regulations.
E. Sensitive Data
Grand Valley State University collects, stores, and uses personal information that you provide to us and information we collect about you to interact with you as a prospective student or applicant to GVSU. In addition the university may process your information for other legitimate interests related to the admissions process such as
- for outreach and marketing efforts,
- to provide services to you,
- to complete general university reporting
- to fulfill other university responsibilities or purposes
F. Rights of the Data Subject
While in the EU you will be able to exercise your rights as a data subject described in Article 15-22 of the GDPR: right of access to your personal data, right to correct that data, right to have the data erased, right to restrict processing, right to data portability, right to object to processing, right to withdraw consent, the right not to be subject to automated decision-making, and the right to lodge a GDPR-related complaint with an EU Supervisory Authority. Please note that the University is subject to federal and state laws, including but not limited to the Family Educational Rights and Privacy Act, that may require that we request, process and retain and report on certain types of data. These legal obligations may also affect actions we would be permitted to take in response to a request to exercise your GDPR data rights, especially the right to have your data erased.
G. Importance of Data
If the data is not provided, we cannot create a student record which could affect our ability to communicate with you through the application process and your ability to enroll at Grand Valley State University.
H. Data Protection
The University has put in place reasonable physical, technical and administrative safeguards designed to prevent unauthorized access to or use of information collected online.