Kent State at Ashtabula Privacy Statement
Web Privacy Statement
Kent State University is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because Kent State is a public institution, some information collected from the university website, including information from our server logs, e-mails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.
Kent State University also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances (i.e., with the student's permission, to parents of dependent students, and in response to a valid court order). For more information on FERPA at Kent State University, go to https://www.kent.edu/registrar/ferpa. Although FERPA regulations apply only to students, Kent State University is equally committed to protecting the privacy of all visitors to our website. Kent State also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
Sharing of Information
Unless required by the Ohio Public Records Act, it is against university policy to release information gathered through the Web, such as pages visited or personalized preferences.
Kent State University does, however, share information with other parties at the request of users (persons to whom the information applies). For example, the university receives test scores from testing agencies and will send transcripts to other schools at the student’s request.
Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we have legal authorization to do so. Student directory information may be released without the student's written consent. Directory information includes: name, local and home address, e-mail address, userid, photo, telephone number, name and address of parent(s) or guardian(s), date and place of birth, major field of study, participation in Kent State activities and sports, weight and height of members of athletic teams, dates of attendance at Kent State, degrees, certificates and awards received, student classification, and the most recent previous educational institution attended. If a student does not want their directory information released, the student may request in writing that it not be released and file the request with the Office of the Registrar.
You can read more about directory information and Kent State's student records policy here: https://www.kent.edu/policyreg/operational-procedures-and-regulations-regarding-collection-retention-and-dissemination
Privacy and Public Records Requests
Kent State complies with all laws that prohibit the release of information. This includes student education records protected by FERPA, financial information, including credit card information protected by GLBA, and personal health information protected by HIPAA.
However other information collected from the Kent State website, including server log information, emails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act.
If You Send Us Personal Information
Kent State's website will only collect personal information that you knowingly and voluntarily provide by, for example, sending emails, completing membership forms, registering for classes or other programs, responding to surveys, or ordering merchandise. If you provide us with personal information, we will normally respond to your inquiry, request, or order; we may also contact you to provide information about college activities, programs, membership and development opportunities, and special events that may interest you. It is university policy that confidential information you enter is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.
Kent State University will only share information about you to other parties when one or more of the following conditions apply:
- We have your consent to share the information.
- We need to share your information to provide the service or product you requested.
- We need to send your information to companies who work on behalf of Kent State University to provide a service or product to you.
- The information in question is considered directory information consistent with FERPA regulations.
- We need to respond to subpoenas, court orders, or any other legal process.
- We find it necessary to protect and defend the legal rights and/or property of Kent State University.
Kent State uses encryption to prevent third parties from accessing sensitive data, such as passwords, e-commerce information, etc. You are normally required to enter a Kent State FlashLine username and password when you request data about yourself or to ensure that you are a member of the university community. For example, students who want to check their grades or staff members who complete time sheets must enter their Kent State FlashLine username and password so the system knows who is requesting the data. This login process uses Hypertext Transfer Protocol Secure (HTTPS) so the user name and password are encrypted between the Web browser and our Web server.
Several sites within Kent State University enable you to pay for products or services online with a credit card. These transactions are encrypted. Questions about security concerns involving credit card transactions may be directed to email@example.com
Information Collected and Stored Automatically
If you visit our website, we automatically gather and store the following information about your visit so that we can track the use of our website to make improvements. This automatically collected information is stored and used in the aggregate only, and is not under normal circumstances used to contact you personally.
- The IP address from which you access our website
- The name of the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account)
- The type of browser and operating system used to access our website
- The date and time you access our site
- The pages, files, documents, and links that you visit
- The Internet address of the website from which you linked to this website
Cookies are small pieces of data stored by the Web browser, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.
European Union General Data Protection Regulation ("EU GDPR") Privacy Notice
The EU GDPR provides broad privacy protections to individuals physically located in the European Economic Area ("data subject(s)"). Under certain circumstances, the EU GDPR may apply to Kent State University's activities in the European Economic Area, for example, when a student attends a semester- long study abroad program in the European Economic Area or when a faculty member is temporarily assigned to work at Kent State University's Florence, Italy campus.
When subject to the EU GDPR, Kent State University must comply with the regulation's core privacy principles, which principles provide that personal data shall be:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Limited to what is necessary in relation to the purposes for which they are processed;
Accurate and kept up to date;
- Retained only as long as necessary; and
Personal data is defined very broadly under the EU GDPR, and consists of any information relating to an identified or identifiable person and includes a person's name, identification number, location data, online identifier, or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Lawful Basis for Processing Personal Data
When subject to the EU GDPR, Kent State University must have a lawful basis to process a data subject's personal data. Although there will be some instances where the processing of personal data will be pursuant to other lawful bases (e.g. processing necessary to protect the vital interests or safety of a data subject, processing related to legal action involving the university, etc.), Kent State University will likely process personal data relying on one or more of the following lawful bases:
- Processing for the purposes of the legitimate interests pursued by Kent State University or by a third party;
- Processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing for compliance with a legal obligation to which Kent State University is subject; and
- Processing pursuant to the consent of a data subject for one or more specific purposes.
Types of Personal Data Processed
In order for the university to achieve its core mission, it is essential and necessary for Kent State University to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in the university's educational, research, and community programs. Kent State University processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment; student registration; residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty, and staff; employment; applied research; program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community at-large; compliance with its internal policies, procedures, and guidelines, as well as all applicable federal, state, and local laws; and records retention.
Personal data processed by the university typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact us via firstname.lastname@example.org.
If a data subject refuses to provide personal data that is required by Kent State University in connection with one of Kent State University's lawful bases to collect such personal data, such refusal may make it impossible for Kent State University to provide education, employment, research, or other requested services.
Where Kent State University gets Personal Data
Kent State University receives personal data from multiple sources, most often directly from the data subject or under the direction of the data subject who has provided it to a third party (e.g., application for admission to Kent State University through use of CollegeNet or the Common App).
Individual Rights of the Data Subject under the EU GDPR
Subject to all other applicable laws and regulations, including all laws of the United States of America and the State of Ohio (USA), data subjects have following rights under the EU GDPR:
- To access the personal data we maintain about you;
- To be provided with information about how we process your personal data;
- To correct or modify your personal data;
- To have your personal data deleted;
- To object to or restrict how we process your personal data;
- To request your personal data to be transferred to a third party; and
- To file a complaint.
To exercise the above rights, data subjects should contact us via email@example.com. Kent State University will consider and process a data subject's request within a reasonable period of time. Please be aware that under certain circumstances, the EU GDPR or other applicable law may limit a data subject's exercise of the above rights.
Security of Personal Data subject to the EU GDPR
Kent State University will comply with all of its published data protection polices in the processing of a data subject's personal data.
Kent State University keeps the data it collects for the time periods specified in the Kent State University Record Retention Schedule.
Disclaimer of Liability
Kent State University is a large organization with many people sharing responsibility for the content of our website. Please help us respond to your comments and inquiries by sending them to the appropriate Kent State department.
If you have questions about this Privacy Statement, or if you find Kent State Web pages that do not adhere to this statement, please email Director of Web Services and Interactive Media Lin Danes at firstname.lastname@example.org.