Privacy Notices

Below is Augusta University's privacy and legal notice for both its website and for compliance with the European Union General Data Protection Regulation ("EU GDPR").

Website

What we collect and why

Augusta University collects information from individuals or entities when they access any Augusta University website. Information that is collected from this contact is the date and time of the website access along with the web page(s) visited. In addition, Augusta University may also collect any information that it receives from your web browser, including browser type and version, and operating system. This information helps us understand aggregate uses of our site, track usage trends, and improve our services.

Cookies

Cookies are files that many websites transfer to users' web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user. Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Security

Our office is committed to ensuring the security of your information. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information collected online.

Sharing your information

We will not share your information with third parties except:

• as required by law;
• as necessary to protect Augusta University's interests;
• as necessary to further Augusta University's research efforts pursuant to approvals from appropriate data stewards and the IRB; and/or
• with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

Links to other websites

This site may contain links to other website not affiliated with Augusta University. We are not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.

European Union General Data Protection Regulation (EU GDPR) Privacy Notice

Lawful Basis for Collecting and Processing of Personal Data

Augusta University is an institute of higher education involved in education, research, and community engagement. In order for Augusta University to educate its students both in class and online, engage in world-class research, and provide community services, it is essential, necessary (and Augusta University has lawful bases) for Augusta University to collect, process, use, and maintain data of it's students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, online, and study abroad education, grades, communications, employment, applied research, development, program analysis for improves, and records retention. Examples of data that Augusta University may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

Most of Augusta University's collection and processing of personal data will fall under the following categories:

1. Processing is necessary for the purpose of the legitimate interests pursued by Augusta University or third parties in providing education, employment, research and development, community programs.
2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps ate the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
3. Processing is necessary for compliance with a legal obligation to which Augusta University is subject. This lawful basis pertains primarily but not exclusively to compliance with state and federal laws. Examples are providing enrollment data to the U.S. Department of Education and providing employment and payroll data as required by the U.S. Internal Revenue Service.
4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes. This lawful basis pertains primarily but not exclusively to the protection of research subjects, providing medical and mental health services.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Types of Personal Data collected and why

Augusta University collects a variety of personal and sensitive data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development and community outreach. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please submit a Data Subject Request.

If a data subject refuses to provide personal data that is required by Augusta University in connection with one of Augusta University's lawful bases to collect such personal data, such refusal may make it impossible for Augusta University to provide education, employment, research or other requested services.

Where Augusta University gets Personal and Sensitive Personal Data

Augusta University receives personal and sensitive personal data from multiple sources. Most often, Augusta University gets this data directly from the data subject, or under the direction of the data subject who has provided it to a third party (for example, application for admission to Augusta University through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Augusta University's EU General Data Protection Regulation Compliance will be afforded the following rights:

1. information about the controller collecting the data
2. the data protection officer contact information
3. the purposes and legal basis/legitimate interests of the data collection/processing
4. recipients of the personal data
5. if Augusta University intends to transfer personal data to another country or international organization
6. the period the personal data will be stored
7. the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
8. the existence of the right to withdraw consent at any time
9. the right to lodge a complaint with a supervisory authority (established in the EU)
10. why the personal data are required, and possible consequences of the failure to provide the data
11. the existence of automated decision-making, including profiling
12. if the collected data are going to be further processed for a purpose other than that for which it was collected

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filing such request with Compliance, Ethics & Risk Management at privacy@augusta.edu.

Security of Personal Data subject to the EU GDPR

All personal data and sensitive personal data collected or processed by Augusta University under the scope of the Augusta University EU General Data Protection Regulation Compliance must comply with the security controls and systems and process requirements an standards of Augusta University policies.

We will not share your information with third parties except:

• as necessary to meet one of its lawful purposes, including but not limited to,
  • its legitimate interest,
  • contract compliance,
  • pursuant to consent provided by you,
  • as required by law;
• as necessary to protect Augusta University's interests;
• with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

Data Retention

Augusta University keeps the data it collects for the time periods specified in the University System of Georgia Records Retention Schedules: https://www.usg.edu/records_management/schedules/.

For examples of Student Records Retention Schedules, see https://www.usg.edu/records_management/schedules/934.

For examples of Human Resources (Employment) Records Retention Schedules, see https://www.usg.edu/records_management/schedules/930.

Information We Use on Our Mobile App

The Jag Mobile application enables users to easily find all needed resources — including searching the directory, seeking employee engagement activities, reserving conference spaces, accessing campus/offices with a digital card, finding various locations, and using timeless and actionable notifications. Augusta University uses either the device's geographical coordinates (latitude and longitude) or its proximity to a specific Bluetooth beacon to determine if a push notification should be sent to the device or user. In all cases, location information or Bluetooth beacon proximity is solely used to determine if a push notification should occur. That information is never used for any other purpose, nor is it retained beyond its use.