Commitment to Privacy
This policy addresses the use of Personal Information collected, used, processed and disseminated by Irvine University.
Irvine University (Irvine) is committed to maintaining the privacy and security of any collected confidential or highly sensitive Personal Information from students, faculty, staff, alumni and others (aka data subjects) who share information with Irvine.
Lawful Basis for Collecting and/or Processing Personal Data
Irvine University has a lawful basis to collect and process personal data. Most of the university’s collection and processing of personal data falls under the following categories:
Security via Encryption
Irvine University maintains physical, electronic, and procedural safeguards to protect against the loss, misuse or alteration of the information under its control. Safeguards include restricted access to computer systems and paper files, firewalls, encryption (for electronic safeguards) and secure authentication methods.
For example: when either: a) the university’s online admission application; or b) form for payments asks a data subject to enter personally identifiable information for online transactions, that electronic/digital information is protected using Secure Sockets Layer protocol (SSL encryption). Any information supplied by the data subject is encrypted when it is sent from the subject’s browser to the university’s server. To learn more about SSL encryption, visit the Verisign Resource Center: https://www.verisign.com/en_US/security-services/resource-center/index.xhtml
Likewise, when student performance information is evaluated in either the university’s Student Information System (SIS) or the Global Academic Portal (GAP), the information is encrypted by SSL protocols.
Data Protection and Integrity
Irvine University protects all personal data and sensitive personal data that it collects or processes for a lawful basis. Any personal data and sensitive personal data collected or processed by Irvine University are:
All collection, storage, and maintenance of centrally-managed institutional data are appropriately managed and maintained by centrally-administered institutional systems and processes.
Data Authorization and Access
Access to institutional data in its many forms is vital to the successful operation of the university. Faculty, staff, students and authorized university parties need appropriate access to university data in support of legitimate university business functions. Likewise, all users authorized to access institutional data are obligated to appropriately use and effectively protect institutional data. Authorization is granted based on the classification of university data to be accessed, the individual’s roles and responsibilities, and need-to-know.
University data are categorized as follows:
As an institution of higher education, Irvine University collects, stores, and processes sensitive data in conducting its day-to-day business operations and is therefore subject to various information security and privacy laws that regulate the access, use, and handling of that information. The following includes, but is not limited to, specific laws and regulations that are included in this classification:
European Economic Area (EEA) Data Subject Rights
If an individual is only located in the EEA, that person has the following rights with regard to their Personal Data:
You may request details of your Personal Information that we hold. We will confirm whether we are processing your Personal Information and we will disclose supplementary information including the categories of Personal Information, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding Personal Information transfers to non- EEA countries, subject to the limitations set out in applicable statutes, regulations and other laws.
We will comply with your request to edit and update incorrect Personal Information promptly.
At your request, we will delete your Personal Information promptly if:
We will inform any third parties we might have shared your Personal Information with of your deletion request.
We will decline your request for deletion if processing of your Personal Information is necessary:
At your request, we will limit the processing of your Personal Information if:
In so far as it is practicable, Irvine University will notify you of any correction, deletion, and/or limitation on processing of your Personal Information.
At your request, Irvine University will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if: (i) you provided the university with Personal Information; (ii) the processing of your Personal Information is based on your consent or required for the performance of a contract; or (iii) the processing is carried out by automated means.
Where Irvine University processes your Personal Information based upon its legitimate interest then you have the right to object to this processing.
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given us your explicit consent or where the information is necessary for a contract with us.
You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting, using, and sharing of your Personal Information up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use your information that has been fully anonymized and does not personally identify you.
If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
If you wish to contact Irvine University in connection with the exercise of your rights listed above, please contact the university’s Data Protection Officer, Victor Nguyen: firstname.lastname@example.org. The university will respond to your written request without unreasonable delay and in accordance with any deadlines imposed by law. Unless the university notifies you at the time of your request, we will not charge any fee in connection with the exercise of your rights.
This policy applies to the cookies used by Irvine University when a data subject visits Irvine University’s main website (www.irvine.edu).
Cookies can be adjusted or disabled, and this policy provides you with instructions to do so.
A cookie is a file designed to contain a small amount of user and website information stored on a user’s computer. The file interacts with the user and the website to provide a webpage tailored to the user through its awareness of information held within the file. Cookies also have the ability to carry all or parts of the information stores within the file to other websites that the user may visit.
Irvine University uses third-party, session and persistent cookies and similar technology to collect aggregate (non-personal) information about site usage, and to help the university remember the user and his/her preferences when they revisit the site. These cookies may stay on the user’s browser into the future until they expire or the user deletes them. Irvine University also uses technology to remember the user the next time they log in. Some of these cookies are erased when the user closes their browser window and some persist for a long time. More information about cookies and how they work is available at www.allaboutcookies.org
The cookies used on the Irvine University site may include, but are not limited to, the following:
The user can change their cookie settings by reviewing their internet browser’s cookie options. Popular browsers may help the user better understand their cookie options. Typically, such information can be found under the browser’s “Help,” “Preferences,” or “Options” menus, such as:
Irvine University keeps your personal information for as long as needed to fulfill the particular purpose for which it was collected. The university may also retain records if legally required or to fulfill a legitimate interest.
For more information regarding how Irvine University collects and processes your Personal Information, or if you have any complaints, please contact the university’s Data Protection Officer, Victor Nguyen: email@example.com
The Data Protection Officer is responsible for enforcing this policy, to ensure data protection and compliance with all applicable laws, such as the EU GDPR. Individuals determined to have violated this policy are subject to sanctions imposed using the procedures set forth in applicable university policies and handbooks.
The effective date of this policy is the date of its public posting by the university, which is January 13, 2020.