Untitled Document

    Privacy Policy

    Clark University (“Clark”) is fully committed to providing an informative, useful, and engaging website for its visitors. This privacy policy sets out how Clark uses and protects any information that you give to Clark when you use Clark-controlled and operated websites as well as other information you may provide to us from time to time.

    Clark University is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website or through other mechanisms, it will only be used in accordance with this Privacy Policy.

    What We Collect
    Clark collects two kinds of information on its websites: 1) information you voluntarily supply when you visit the website and register an account, fill out a form to request information, “opt-in” for participation in a service, complete a survey, or engage with other site features; and 2) information that is collected automatically as you navigate the site.

    In addition to any personal information you actively provide to us, Clark systems automatically record certain non-personal information such as:

    • The name of the domain and host from which you access the Web;
    • The geographic location of your point of connectivity;
    • The Internet Protocol (IP) address of the computer you are using;
    • The browser used and the operating system you are using;
    • The date and time you access this site;
    • Visitor-specific information such as the pages accessed/visited, the order in which they were visited, the hyperlinks employed, and the Internet address of the website linked directly to this site.

    Clark may also collect tracking information through the use of “cookies” -- cookies are small text files that are placed on your computer to facilitate your future access to websites. Your visit remains anonymous until you knowingly identify yourself. The collected information is used for internal University purposes, and to improve the content and navigation of Clark’s overall website.

    Clark uses Google Analytics to help manage our website. Please see the Privacy and Terms pages for more information on how Google uses/maintains user information. 

    What We Do with the Information We Gather
    We use this information to understand your needs and provide you with better service. In particular, for the following reasons:

    • To answer a question you have asked;
    • To provide you with the information or service you have requested (e.g., newsletter);
    • For internal record keeping;
    • To improve our services, including performance and functionality of the website;
    • To periodically send promotional emails about University programs, events, or other information we think you may find interesting, using the email address you have provided; and
    • From time to time, we may also use your information to contact you for market research purposes.

    We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place industry standard physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

    Links to Other Websites
    Clark’s web pages may contain links to other websites of interest. However, once you use these links and leave the Clark website, you should note that we do not have control over other third-party websites. Clark is not responsible for the protection and privacy of any information that you provide while visiting third-party websites and this privacy policy does not govern such sites. You should exercise caution and look at the privacy statement applicable to the third-party websites in question.

    Links to Online Forums
    Clark makes forums, message boards, and other collaborative features available to its users. The University does not ordinarily log public chat sessions, however, any information disclosed in these areas becomes public information and you should therefore exercise caution when deciding to disclose your personal information in such places. Clark may collect such information if it has reasonable cause to suspect misuse, unlawful conduct, breach of University policy, or other reasonable cause to collect such information.

    Links to Online Surveys
    Clark employs the use of online surveys, which may be conducted on the University’s website. It is University policy that confidential information gathered in these online surveys is used only for the research purposes indicated in the survey. Unless otherwise noted on the specified survey, your answers are confidential and individual responses will not be shared with other parties. Aggregate data from surveys may be shared.

    Controlling Your Personal Information
    You may choose to restrict the use of your personal data in accordance with this Privacy Policy.
    If you have any questions or further concerns relating to how we use your personal data as described above, or if you believe that personal data we have is incorrect or incomplete, please contact us with “Privacy Request” as the subject line in writing, at:

    Clark University
    Information Technology Services
    950 Main Street
    Worcester, MA 01610
    Email: infosec@clarku.edu

    If You Are Located in the European Union (EU)
    If you are receiving services from Clark in a member state of European Union (EU), or if you are located in a member state of the European Union (EU) when you visit Clark websites, we will do our best to observe the EU General Data Protection Regulation (GDPR) and other applicable data protection laws when we process your personal information.

    Personal information relating to you from which you can be identified (such as your name and contact details, as well as other personal information about you) is called “personal data” under the GDPR.
    If you are located in the EU and we offer or provide services to you, the following additional provisions beyond the general privacy statements set forth above apply in relation to how we handle your personal data.

    We may collect personal data about you for one or more of the following purposes:

    • To respond to inquiries from you, process any application you submit relating to studying at Clark University, on a Study Abroad program and/or you register for another service that we offer;
    • To set up and administer our agreement with you, if you enroll as a student and/or wish to participate in one of our programs and/or receive other services;
    • To consider you for employment, if you apply for a job/position at the University;
    • To be able to effectively manage the University and administer its programs and to be able to look after you as well as other students;
    • To comply with any existing legal obligations or to manage legal issues or claims that may arise;
    • To keep you informed about Clark and related news and events, but only if we have your consent and are sending you information about goods or services that are the same as those you have previously shown interest in (and subject to you being able to opt-out of further communication at any time);
    • To provide direct marketing to you, but in relation to electronic marketing only where we have your consent in accordance with applicable law or are sending you information about goods or services that are the same as those you have previously inquired about or purchased (and subject to you being able to opt-out of further direct marketing at any time); or
    • To respond to any issues, request, or questions that you raise with us.

    We may also process personal data of EU residents in the following situations:

    • If you apply to work for Clark University and are located at one of our locations in the EU, we may need to process your personal data in connection with your job application and transfer that personal data to Clark University servers located in the United States;
    • If you inquire and/or apply to study at one of our partner schools or programs located in the EU, we may need to process your personal data in connection with your application to that partner school or program and transfer that personal data to Clark University servers located in the United States.

    The Lawful Basis on Which We Collect Data
    The lawful grounds under which we collect and use this personal data are where:

    • You have freely provided your specific, informed and unambiguous consent;
    • We have agreed to provide services to you, to set up and perform our contractual obligations and/or enforce our contractual rights;
    • We need to use your personal data for our legitimate interests in being able to manage Clark’s operations, its courses and its programs. We will pursue these interests in a way that respects your legal rights or freedoms and, in particular, your privacy rights;
    • We need to use your personal data to comply with a legal obligation or for the purpose of the University being able to establish, exercise or defend legal claims; and/or
    • We need to use personal data to protect your vital interests or those of someone else (for example, in a medical emergency or if there is an urgent welfare issue).

    If you provide us with any ”special category” personal data about you, which under the GDPR includes information in relation to your health, religious/political or philosophical beliefs, racial/ethnic origin, sex life/sexual orientation, in addition to the above, we will use this 'special category' data in the following circumstances:

    • We have your explicit consent – for example, to send you details of University interest groups or support resources that you may be interested in, if you are, have been or you become a student and/or alumni;
    • The data is needed by us to comply with applicable employment, social security or social protection laws;
    • To protect your vital interests or those of someone else, as noted above;
    • You have clearly publicized such information; and/or
    • We need to use such special category data in connection with a legal claim.

    Disclosing Your Personal Data
    Third party suppliers (called “processors”) may process your personal data on Clark University’s behalf, in accordance with our contractual agreements. For example, this may be to provide business support such as IT infrastructure, data or website hosting, payment services, professional advice (e.g. legal advice) and/or to protect the University (and our students or employees) from fraud or other criminal behavior.

    We may also disclose your personal data to third parties external to the University who make their own determination as to how they use your personal data and for what purpose(s) (called “controllers”). This may include EU-based partner universities and educational institutions in support of our Study Abroad/Away programs. Clark’s study abroad/away programs and locations are listed on the Clark University website at http://www.clarku.edu/undergraduate-admissions-study-abroad-and-away, http://www2.clarku.edu/offices/leir/ and https://www2.clarku.edu/school-of-professional-studies/about/campusesabroad.cfm.

    We may also provide your personal data to third parties from time to time. We will only provide your personal data for the specific purpose of providing additional services to you and we provide the minimum amount of data that is required to offer such services. However, if you then make further arrangements with those third-party controllers with whom you deal, they may handle your data in accordance with their own chosen procedures. You should review the relevant privacy policies of these organizations to understand how they may use your personal data. Other than as set out above, we will treat your personal data as private and will not disclose it to third parties without your knowledge. The exceptions are in relation to legal proceedings or where we are legally required to provide your data to a court, regulator or similar person and are legally prevented from telling you.

    In all cases, third parties are required to only use your personal data for lawful purposes and in compliance with applicable data protection laws.

    Transferring Your Data
    By interacting with Clark’s website and explicitly providing Clark with your personal data, you acknowledge that your personal data may be transferred to Clark University and stored on computers, servers and/or in files in the United States. Please note US federal and state laws, are not at present, considered to meet the same legal standards of protection for personal data as European Union law. However, in order to safeguard your personal data, we only transfer data from the EU to the US under a contract or another appropriate mechanism that is approved under applicable law and that protects that data to the same standards that you would expect in Europe.

    Keeping Your Personal Data
    Clark University retains your personal data for no longer than is necessary for the purposes for which it was processed; is necessary to perform our obligations to you (or to enforce or defend legal claims); or, as is required by applicable law. We have a data retention and erasure policy that sets out the different periods for which we retain data for the relevant purpose it was collected and used. The data retention schedule is available at https://web.clarku.edu/policies/detailpolicy.cfm?pid=73.

    The criteria we use for determining data retention periods is based on various legislative requirements; the purpose for which we hold data and whether retaining the data is needed in connection with that purpose; and further specific guidance issued by relevant regulatory authorities on data retention/erasure including, but not limited to, EU regulatory authorities. Personal data that is no longer required by Clark is either destroyed, erased and/or anonymized so that you can no longer be identified from it.

    Clark employs appropriate technical and administrative security controls to protect against access to your personal data by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. Clark also endeavors to take all reasonable steps to protect personal data from external threats such as malicious software or hacking. However, there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us.

    Your Personal Data Rights
    Under the GDPR, those EU residents with whom we deal have various data protection rights, which are as follows:

    • The right to be informed of how your personal data are being used - this right is usually fulfilled by the provision of 'privacy notices' as described above;
    • The right of access to your personal data - accessing personal data in this way is usually known as making a “subject access request” or SAR;
    • The right to have your inaccurate personal data rectified;
    • The right to have your personal data erased where appropriate - known as the right to be forgotten;
    • The right to restrict the processing of your personal data pending its verification or correction
    • The right to receive copies of your personal data in a machine-readable and commonly-used format - known as the right to data portability;
    • The right to object to processing (including profiling) of your personal data unless we have a compelling legitimate reason for doing so (e.g. a legal obligation);
    • The right to object to direct marketing and to opt-out of anything you might have previously opted-in to;
    • The right not to be subject to a decision based solely on automated decision-making using your personal data.

    Usually we will respond to a SAR request within 30 days. For a complex or numerous requests, we may require an additional 60 days to respond. We may deny or charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate specific information you seek. You should note that certain legal exemptions may also apply to what we can disclose in response.

    If you would like to exercise any of the rights set out above, please contact us at the address below. We may need to ask for evidence to verify your identity before we can fully respond.

    If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to a data protection supervisory authority in your EU country of residence.

    Controlling Your Personal Information
    You may choose to restrict the use of your personal data in accordance with this privacy policy.
    If you have any questions or further concerns relating to how we use your personal data as described above, or you believe that personal data we have is incorrect or incomplete, please contact us with “EU Data Request” as the subject line:

    Clark University
    Information Technology Services
    950 Main Street
    Worcester, MA 01610
    Email: infosec@clarku.edu

    We will promptly deal with your request.

    Created on: May 25, 2018
    Last Reviewed: July 30, 2018

    Authored by: VP for Information Technology and CIO

    Reviewed by:
    Information Technology Services
    Marketing and Communications
    Strategic Information Technology Committee

    Approved by: Information Security and Privacy Council

View Official Policy in PDF