» Privacy Policy

Section 1: Privacy Policy 

POLICY STATEMENT

This policy describes Chapman University's data protection strategy to comply with multiple regulations, including the European Union General Data Protection Regulation ("EU GDPR").

REASON FOR THE POLICY

In order for Chapman to educate its international and domestic students, engage in world-class research, and provide community services, it is essential and necessary, and Chapman has a lawful basis, to collect, process, use, and/or maintain the personal data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs.  These activities include, without limitation, admission, registration, delivery of classroom and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention.

The EU GDPR imposes obligations on entities, like Chapman, that collect or process personal data about people in the European Union ("EU").  The EU GDPR applies to personal data collected or processed about anyone located in the EU, regardless of whether they are a citizen or permanent resident of an EU country.

POLICY

Lawful Basis for Collecting or Processing Personal Data

Chapman has a lawful basis to collect and process personal data.  Most of Chapman's collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by Chapman or by a third party.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  3. Processing is necessary for compliance with a legal obligation to which Chapman is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Data Protection & Governance

Chapman protects all personal data and sensitive personal data that it collects or processes for a lawful basis. Any personal data and sensitive personal data collected or processed by Chapman is:

  1. Processed lawfully, fairly, and in a transparent manner
  2. Collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes
  3. Limited to what is necessary in relation to the purposes for which they are collected and processed
  4. Accurate and kept up to date
  5. Retained only as long as necessary
  6. Secure

Sensitive Personal Data & Consent

Chapman obtains consent before it collects or processes sensitive personal data.

Individual Rights

Individual data subjects covered by this policy will be afforded the following rights:

  1. information about the controller collecting the data
  2. the data protection officer contact information (if assigned)
  3. the purposes and lawful basis of the data collection/processing
  4. recipients of the personal data
  5. if Chapman intends to transfer personal data to another country or international organization
  6. the period the personal data will be stored
  7. the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  8. the existence of the right to withdraw consent at any time
  9. the right to lodge a complaint with a supervisory authority (established in the EU)
  10. why the personal data are required, and possible consequences of the failure to provide the data
  11. the existence of automated decision-making, including profiling
  12. if the collected data are going to be further processed for a purpose other than that for which it was collected

Section 2: Chapman Privacy Practices

Chapman University Use of Personal Information

Chapman University recognizes the importance of protecting the integrity, confidentiality, and availability of personal information. Consequently, we have instituted the set of information practices and rights described below. Please note that this page offers some links to external sites, to which these privacy practices and rights do not apply.

What Personal Information Does Chapman University Hold? How Is It Obtained?

We collect basic personal information (such as Name, Organization name, Organization state, Contact information, Job title, Postal address, E-mail address, Phone, Personal URL, Academic major/minor) ONLY if you provide it to us voluntarily through e-mail, electronic forms, surveys, inquiries, or otherwise.

Other information that may be held includes but is not limited to:

  1. Emergency Contact Information
  2. Special Needs Information; as in a speaker or faculty member at a Chapman University event or that of one of its affiliates (we maintain biographical information used in the event)
  3. Online programs as well as evaluation results submitted by attendees after your session(s). If you participate in a secured SharePoint Team Web site, we collect site access and contribution information.

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses persistent cookies to analyze how users use this site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators, and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Learn more about Google's Privacy Policy and the Google Analytics Terms of Service.

Cookies

We use cookies to help manage secure web site sessions such as online forms or surveys. A cookie is a piece of data that is either maintained only for the duration of a particular session visit or is stored on the user's computer to support future visits. By continuing to browse on Chapman websites or by clicking "accept all cookies," the user agrees to the storing of first- and third-party cookies on user device to enhance site navigation, analyze site usage, and assist in Chapman marketing efforts. 

Session cookie – This type of cookie is used to enhance and make more efficient the user's experience during a site visit. Once the user closes the browser, the cookie terminates.

Persistent cookie – This type of cookie stores a small text file on the user's hard drive for an extended period of time to remember visit activity that will help make subsequent visits more efficient. Persistent cookies can be removed by following the user's Internet browser help directions.

How Does Chapman University Secure Your Personal Information?

The personal information we collect is stored in databases and files that are protected by passwords and firewalls. In addition, online forms used for financial transactions are secured with SSL encryption technology to ensure the safety of sensitive information transmitted through them.

How Does Chapman University Use Your Personal Information?

We use anonymous, aggregated data about Web site visitors' site usage and technical capabilities as well as about HTML message opening and click-through rates to improve online services and communications.

How Does Chapman University Handle Legally Issued Subpoenas and Law Enforcement Agency Requests?

Chapman University may disclose personal information if we are required to do so to comply with the law or with legal process.

Is credit card / transaction information secure on this Web site?

We care about the safety and security of your transaction. We use SSL (Secure Sockets Layer) to communicate with your browser software when you register with us online. SSL is the industry standard security protocol, which makes it extremely difficult for anyone else to intercept your credit card or other information that you send us.

We have partnered with the commercial Internet financial service, TouchNet to handle credit card transactions, and we do not store credit card information after the transaction is processed. See TouchNet's privacy policy.

What Other Exceptions Are There?

Chapman University reserves the right to use personal information in its database to identify the source of any inappropriate use of information resources managed by the association, including but not limited to: offensive or illegal postings to online discussion lists, collaboration sites, and other communication vehicles; denial of service actions; unauthorized use of online services and network infrastructure; misuse or unauthorized use of the Chapman University name, logo, or other representations of the association; and to protect the personal safety and privacy of our members, online users, and the public under the policies and practices described above.

This is the privacy policy for the Common App which we use for undergraduate students to apply to Chapman:
https://www.commonapp.org/privacy-policy

This is the privacy policy on PCTAS which we use for students to apply to Chapman’s Physical Therapy doctorate program:
http://www.ptcas.org/PrivacyPolicy/

This is the legal notice LSAC which we use for students applying to Chapman’s Law School:
http://www.lsac.org/aboutlsac/policies/privacy-policy

This is the privacy policy for Star Rez which we use for Residence Life’s Housing Request system:
https://www.starrez.com/legal/privacy

This is the privacy policy for OrgSync which we use for Student & Campus Life's clubs and organizations:
http://www.orgsync.com/legal/privacy

This is the privacy center for PowerSchool which we use for new student inquiries, campus visits and VIP pages for prospective students:
https://www.powerschool.com/privacy-statement-overview/

Student Email Accounts

Office 365 and Gmail are the official student email accounts for all University email communications with its students. For student email services, the University has contracted with Microsoft as the provider of Office 365 and Google as the provider of Gmail (collectively “the Providers”).

Under the Providers’ terms of service, the University may respond to a third party’s request for student email records. A “Third Party Request" means a request from a third party for records related to a student’s Gmail or Office 365 account or other student related Provider service records. Third Party Requests include, but may not be limited to, a search warrant, court order, subpoena, litigation discovery or legal preservation hold request, other valid legal order, or a written consent from the student permitting disclosure. If the University receives a Third Party Request, it may interface with Microsoft or Google to obtain or preserve the requested records or direct the requestor to contact the Provider or the student directly.

Similarly, the University may also preserve a student’s Office 365 or Gmail records and other student related Provider service records by way of the Provider’s interface when the University receives notice of a disciplinary or other matter involving the student, a claim, potential litigation or other legal duty to preserve the records.

While students may use University provided Office 365 and Gmail accounts for personal communications, students are reminded that the primary purpose of the accounts are for University related communications.

Is my Student email account secure and private?

As stated above, Office 365 and Gmail are the official student email accounts for all University email communications with its students.

The University provides Office 365 and Gmail to students to support the educational, research, and public service missions of the University. The Chapman University Computer and Network Acceptable Use Policy applies to these Microsoft and Google online education services. In addition, all Microsoft and Google apps usage are governed by their own terms of service that all Chapman users are required to abide by.

Student email and account data may include personally identifiable information from the student’s education records that are subject to the Family Educational Rights and Privacy Act ("FERPA"). To the extent that student data includes FERPA records, Microsoft and Google acting as the Providers will each be considered a "School Official" (as that term is used in FERPA and its implementing regulations) and will comply with FERPA.

Both Microsoft and Google provide additional settings and tools within the account that let you protect your data and privacy.

Read more about the security and privacy for Microsoft and Google at:

Google Policies: https://www.google.com/policies/
Microsoft Policies: https://www.microsoft.com/en-us/trustcenter/Security/Office365Security

What should I do if I have questions?

If you have questions about our privacy policy, please contact servicedesk@chapman.edu.

Consent

By using this site, you signify your consent to Chapman University's on-line privacy policy. If you do not agree to this policy, please do not use this site. We reserve the right, at our discretion, to update, change, modify, add, or remove portions of this policy from time to time.

This Privacy Policy has been developed with the recognition that Internet technologies are rapidly evolving and that underlying standard business models are still not well established. Accordingly, this Privacy & Security Statement is subject to change. Any such changes will be posted on this page.

Reporting Copyright Infringements

In accordance with Title II of the Digital Millennium Copyright Act (DMCA), Chapman University has designated an agent DMCA-agent@chapman.edu to receive notification of a claim of copyright infringement for the Chapman University network domain. To report a claim of possible copyright infringement, please refer to our DMCA Notification Agent page.

OFFICE RESPONSIBLE FOR POLICY

Name of Office: Information Services & Technology

Contact information for questions about this policy: privacy@chapman.edu

WEBSITE ADDRESS FOR THIS POLICY

https://www.chapman.edu/campus-services/information-systems/policies-and-procedures/privacy-policy.aspx

WHO APPROVED THIS POLICY

Senior Staff member submitting the policy: Helen Norris

Date approved: August 13th, 2019

______________________________

President

 

PUBLICATION DATE

Effective: August 19th, 2019