Effective Date: May 24, 2018, created in compliance with the European Union General Data Privacy Regulation (GDPR)
Barnard College Privacy Statement
Barnard College collects personally identifiable information from users and visitors to its website. The college has legitimate reasons for collecting personally identifiable information and has a responsibility for protecting it. This policy explains the types of personally identifiable information that is collected, the reasons it is collected, how it is collected, how it is used and how it is protected by the college in compliance with the GDPR.
Reason for the Policy
This policy explains the college’s use of personal data of website users and visitors and the protections it provides for that information.
Who is Responsible for this Policy
Barnard’s General Counsel is responsible for the maintenance and of this policy and for responding to any questions regarding this policy. The college reserves the right to amend this policy at any time.
Who is Governed by This Policy
This policy applies to all individuals who access, use, or control college resources. Covered individuals include, but are not limited to, students, faculty, staff, those working on behalf of the college, guests, tenants, website users and visitors, and individuals authorized by affiliated institutions and organizations.
Information Collected/Use of Collected Information
Barnard collects personally identifiable information from students, faculty and staff and other community members as necessary in the exercise of its legitimate interests, functions and responsibilities as an institution of higher education.
Barnard also collects information from website users to improve the site experience. Our web server recognizes the domain, service provider, operating system and browser used. That information is used for internal research. Some personally identifiable information provided by website users may be used to fulfill requests to participate in our programs and activities, receive services, and to respond to requests for information and so may be used to communicate with you. Barnard does not collect any personally identifiable information about users (e.g., names, email address, etc.) except when specifically provided. No personally identifiable information is required of any website user to access the website.
Third party service providers who have entered into contracts with the college to support its operations and policies may receive personal information of community members and other website users for specific authorized purposes. Information shared with such third party service providers will be subject to appropriate safeguards to prevent further unauthorized disclosure.
Barnard may use and disclose de-identified information without limitation.
Information Collected by Third Party Sites linked on Barnard’s website
In some places on the Barnard College website users may find links to third party websites. Users who open those links should be aware of the privacy policies of those sites as Barnard cannot control use of user information shared directly with third parties.
Collected Information that is Shared
Personally identifiable information will not be sold, rented, given away or traded by the college. Personally identifiable information may be shared only under the following circumstances:
- when the provider has given consent,
- in response to subpoenas or court orders, or
- for the legitimate purposes of the operation of the College’s business.
Protection of Collected Information
Barnard has appropriate physical, electronic and managerial procedures to safely maintain and help prevent unauthorized access, maintain data security, and ensure proper usage of the information collected, including secure information transmission, storage and retrieval.
Barnard uses industry-standard security technology to guarantee the confidentiality of transactions made on our website. This technology helps protect your online transaction information from access by unauthorized parties.
Protection of Privacy of Children under age 13
Barnard does not knowingly collect personal information about children under age 13 except when related to College activities or programs.
By using Barnard’s website, each user consents to the collection and use of information by the College.
Privacy of Donor Information
Barnard is committed to respecting and protecting the privacy of all donors. In collecting, using and disclosing personal information, the College seeks to establish a donor relationship and easily communicate; process donations; prepare and deliver donor tax receipts; acknowledge contributions; respond to inquiries for information about making a donation; and to meet all legal requirements.
Barnard College will not sell, rent, give away or trade or share personal information of a donor. Individual donors will be named on the College’s website or in College publications only with their express permission.
Personal Data is identifiable information such as a name, identification number, address, online identifier or specific details of an individual’s physical, hysical, physiological, genetic, mental, economic, cultural or social identity.
Personally Identifiable Information is nonpublic information relating to an individual that reasonably identifies the individual and, if compromised, could cause significant harm to that individual or to the college. Examples may include, but are not limited to, Social Security numbers, credit card numbers, bank account information, student grades or disciplinary information, salary or employee performance, donations, patient health information, information that the college has agreed to keep confidential and account passwords or encryption keys used to protect access to confidential college data.
Applicable Acts, Laws, Regulations and Laws
Electronic resource use is subject to many laws and regulations. Suspected violations of applicable law are subject to investigation by the college and possibly law enforcement officials. Among the applicable laws are:
- Family Education Rights and Privacy Act (FERPA): a federal law that protects the privacy of student education records.
- General Data Privacy Regulation (GDPR): a European Union (EU) data privacy regulation, effective May 25, 2018, protecting the personal data of EU subjects or others physically located in the EU which is collected by the college.
- Defamation: Someone may seek civil remedies if they can show that they were clearly identified as the subject of defamatory messages and suffered damages as a consequence. Truth is a defense against charges of defamation.
- Common law actions for invasion of privacy: Someone may seek civil remedies for invasion of privacy on several grounds.
- Public disclosure of private facts: the widespread disclosure of facts about a person, even when true, may be deemed harmful enough to justify a lawsuit.
- False light: a person wrongfully attributes views or characteristics to another person in ways that damage that person's reputation.
- Wrongful intrusion: the law often protects those areas of a person's life in which they can reasonably expect they will not be intruded upon.
Cross Reference to Related Policies
For questions or comments:
Office of the General Counsel, (212) 853-0700
BCIT, (212) 854-7172