1.0 STATEMENT OF POLICY
Loyola Marymount University (LMU) is committed to protecting personal privacy and the responsible use of information collected and processed by the University. The University complies with all applicable privacy legislation including the Federal Educational Rights Privacy Act (FERPA), California’s Online Privacy Protection Act of 2003 and the General Data Privacy Regulation (GDPR).
Collect or Process Data
Collection, storage, recording, organizing, structuring, adaptation or alteration, consultation, use, retrieval, disclosure by transmission/dissemination or otherwise making data available, alignment or combination, restriction, erasure or destruction of personal data, whether or not by automated means.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Identified or Identifiable Person
An identified or identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Examples of identifiers include but are not limited to: name, photo, email address, identification number such as LMU ID#, LMU Account (User ID), physical address or other location data, IP address or another online identifier.
Processing of personal data is lawful if such processing is necessary for the legitimate business purposes of the data controller/processor, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Any information relating to an identified or identifiable person (the data subject).
A natural or legal person, public authority, agency or other body who processes personal data on behalf of the controller.
3.0 DATA COLLECTED
As a Controller and Processor of data, Loyola Marymount University collects various types of information from prospective employees and students as well as existing employees and students, alumni, alumnae, prospective donors, volunteers, donors, contractors, those participating in LMU-sponsored events or services and others expressing interest in or about LMU.. This information may include full name, address, phone number, email address or any other information required and necessary to provide a service to the individual or establish a business relationship with the University.
The university utilizes Web analytics and metrics analysis systems. As a condition of accessing LMU.edu and LLS.edu web sites, web visitor information is collected by our web servers and content management systems. This information generally includes, but is not limited to, the following:
- the Internet domain of the web visitor (including IP address)
- the web page(s) or service(s) requested by the web visitor
- the web browser software, version and operating system
- the date/time of the web visit
- the originating web site that linked the web visitor to LMU.edu or LLS.edu
The university generally uses this information to analyze and predict trends in Web traffic and to make improvements and enhancements to the Web presence. The information is generally presented in aggregate form; however, the university may utilize an individual’s tracking information in the rare event of a security breach or other investigation.
The university retains Web-server logs and/or analytics reports indefinitely.
Web visitors are hereby notified that Web page requests and data transmitted from the visitor’s computer to university systems may be intercepted or discerned by third parties. The University employs the use of security encryption (SSL) on Web pages in which personally identifiable information is submitted, but does not provide any guarantees on information in-transit to university systems.
4.0 USE OF INFORMATION COLLECTED
Loyola Marymount University (LMU) has a lawful basis to collect and process personal data. Most of LMU’s collection and processing of personal data will fall under the following categories:
- Processing necessary for the purposes of the legitimate interests pursued by LMU or by a third party, such as applying for admission, enrolling in courses and providing services to employees, students, and alumni)
- Processing necessary for compliance with a legal obligation to which LMU is subject.
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes, including but not limited to receiving information or services from LMU.
Cookies are small pieces of information that are stored by the user's browser on the hard drive of your computer. Loyola Marymount University utilizes temporary and long-lasting session cookies in certain portions of its website to manage your interaction activities, such as online orientation completion and to provide convenience or personalized features to save you time. One has the ability to accept or decline cookies via browser preferences. If cookies are declined, some transactions or processes may not be completed.
6.0 DISCLOSURE TO THIRD PARTIES
We may disclose personally-identifying information to third parties as follows:
Consent. We may use and disclose your Information to third parties if we have your consent to do so.
Parents and Guardians. In some cases, we may share your Information with a parent or guardian if necessary to properly complete the admissions process or in the event of an emergency or with consent or legal authorization.
Service Providers. We may use third parties to support our operations. In such cases, we may share your personally identifying information with such third parties who are obligated to safeguard it from unauthorized disclosure.
University Affiliated Programs. We may share your Information with third parties that are affiliated with the University for the purpose of contacting you about goods, services, or experiences that may be of interest to you.
Research and Studies. We may share your Information with third parties that study student and employee demographics or other topics related to higher education. We may also share your Information with third parties that conduct research or develop products or services designed to improve services and other higher education functions.
Required or Authorized by Law. We may share your Information with third parties to the extent we are required to do so by law, court order, or subpoena.
Emergency Circumstances. We may share your Information with third parties if, in our sole judgment, such disclosure is necessary to protect the health, safety, or property of any person or the safety of the University’s premises and property.
De-Identified and Aggregate Information. We may collect, use and disclose Sensitive Information or other Information about our students and applicants in de-identified or aggregate form without limitation.
7.0 YOUR RIGHTS
You have certain rights regarding your Personal Data, subject to data protection laws. These may include the following rights:
- to access your Personal Data held by us (right to access);
- to rectify inaccurate Personal Data and ensure it is complete (right to rectification);
- to erase/delete your Personal Data to the extent permitted by other legal obligations (right to erasure; right to be forgotten);
- to restrict our processing of your Personal Data (right to restriction of processing);
- to transfer your Personal Data to another controller to the extent possible (right to data portability);
- to object to any processing of your Personal Data carried out on the basis of our legitimate interests (right to object). Where we process your Personal Data for direct marketing purposes or share it with third parties for their own direct marketing purposes, you can exercise your right to object at any time to such processing without having to provide any specific reason for such objection;
- not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects ("Automated Decision-Making"); Automated Decision-Making currently does not take place on our websites;
- to the extent we base the collection, processing and sharing of your Personal Data on your consent, to withdraw your consent at any time, without affecting the lawfulness of the processing based on such consent before its withdrawal.
You may exercise these rights by contacting: LMU’s Information Security Officer via email at firstname.lastname@example.org. To protect the personal information held, you may be asked to verify your identity when exercising these rights. If your Information and Sensitive Information was created within or transferred from the European Union, you may also be able to file a complaint with the appropriate supervisory authority in the European Union.