Data Privacy Notice 

Introduction 

This data privacy notice discloses the privacy practices of Shippensburg University in accordance with privacy regulations, such as the General Data Protection Regulation (GDPR) and other federal, state and local regulations and is in accordance with the Shippensburg University Computing and Information Network Usage Policy.

This notice intends to help you understand what personally identifiable information (PII) data is collected, how it is used, and what control you have over it. This notice applies solely to data collected by Shippensburg University. This notice will define the following:  

  1. What personal data is collected. 
  2. How personal data is collected, used, shared, stored, and otherwise processed. 
  3. The security procedures implemented to protect your data. 
  4. Your choices and rights regarding the use of your data. 
  5. How you can contact us for issues such as to correct inaccuracies of your data or to request the removal of your personal data. 

Please read the following privacy notice to understand the processing, collection, sharing, protection, and your rights associated with your personal data.  

Who We Are 

For the purposes of this notice, Shippensburg University (University) acts as the “data controller.” We take on this role as the University determines how your PII is used and processed.  

The Shippensburg University mission includes “Student learning and personal development through highly effective and innovative teaching, complemented by a wide variety of out-of-class experiences”. As such we collect and use PII that you provide or is associated with your university related activities.

For questions, requests, and complaints in regard to this privacy notice and the collection and processing of your personal data the contact information is included in the Contact Information section at the end of this notice.   

Data Collected 

The University collects information about you when you are provided a Shippensburg user account and receive an SUID number, apply to attend the University or complete an employment application, create a guest account on the network, register for an event, or otherwise input information about yourself in your use of online resources. The specific information collected can be found via the join/renewal form, event registration form, etc. This information is collected transparently and voluntarily. Additionally, website usage information is collected using cookies in compliance with state regulations and the GDPR.

We have access to any data that you voluntarily provide via email, telephone, forms, chat functions, user registration, newsletter sign-up, contests, surveys, and data that is compiled within university managed systems directly related to your university activities.

Through these means, we collect personal data including but not limited to the following: 

  • Full name
  • Preferred name
  • Email addresses (university, personal, other)
  • Username
  • Phone numbers (mobile, home, temporary)
  • Address (permanent, temporary, university)
  • Date of birth
  • Social Security Number
  • Information about any complaints, enquiries, and communication you make with us 
  • Details on services received from us
  • Location
  • Photos
  • Learning Activities (assignments, discussions, grades, etc.)

How We Use Your Data 

Your personal data may be used for the following purposes: 

  • Customization of content and user experience.
  • Identity you when you use university online resources (website, portal, learning management system, wireless network, etc.)
  • Account set up and administration
  • Conducting polls, surveys, and contests 
  • Internal research and development
  • Legal obligations
  • Internal audits
  • Fulfillment of obligations outlined in any agreements with users 
  • Gathering feedback and opinions on our provided services
  • Notification to users of changes to our services
  • Respond to your requests and comments
  • Process your transactions
  • Compile grades
  • Class registration
  • Campus location

Legal Basis of Processing 

We process personal data for purposes of the Universities own legitimate interests, granted that those interests do not override any of the users own interests, rights, and freedoms. This legitimate interest including processing for instruction, college life, marketing, research, and development purposes.   

We also process personal data for other purposes with consent, but you have the right to withdraw consent to processing for specific purposes, as outlined below. 

Specific Data Use 

As a student, employee or affiliated third-party you are provided a user account that the conditions of the use of that account are specified in the Shippensburg University Computing and Information Network Usage Policy.

Personal data may be used without knowledge or consent in situations when legally required or permitted, or when personal data has been anonymized or pseudonymized so it is no longer associated with the user. This means we have removed personally identifying information so the data we’re left with cannot be tied back to you as an individual. 

How We Share Your Data 

It is never the intention of the University to share personally identifiable information (PII) with third parties. Data collected during the normal course of activities related to your role with the University are shared internally as appropriate.

In the normal course of University business and operations information may be routed through a third party vendor (web hosting, order/purchase fulfillment, IT and cloud services, advisory services, and other). These parties do not retain, share, or use PII data beyond the defined purpose of fulfilling the service.  

Personal data may be shared with regulators in compliance with legal regulations.  

Personal data may also be shared with third parties when it is necessary to provide services to users, and/or for other legitimate interests. Third parties include service providers, professional advisors, and other members of the universities network. 

Where We Process Your Data 

If you are accessing University electronic resources from outside the United States, be aware you are sending personal information to our servers located in the US. 

Under certain circumstances, your personal data that we collect may be transferred to other countries for various purposes legally required by those countries

We have implemented security measures and controls to ensure data remains appropriately protected in these jurisdictions [e.g. contractual requirements, data transfer agreements]. 

How Long We Store Your Data  

We will only retain personal data for the duration necessary to fulfill the purposes for which it was collected. Personal data may also be retained for longer periods if it is solely for archiving purposes for regulatory requirements, analytics, research or other purposes warranted by the University as specified by the university data retention policy.

When defining the appropriate retention length, we adhere to relevant legal requirements, such as State DOE, HIPAA, FERPA, or others.

How We Protect Your Data 

Securing your data is a priority for us, while both online and offline. We have implemented appropriate safeguards to prevent personal data from being lost, misused, accessed, altered, or disclosed by unauthorized parties. 

The University does not collect credit card data electronically. When making a credit card or contactless transaction the financial transaction data is encrypted and secured throughout its transmission.

Secure web access can be verified by the lock icon in your internet browser address bar and by the use of “https” at the beginning of the web address, where the “s” indicates a secure connection.  

Procedures have been developed and tested to handle a potential data breach. These procedures are designed to ensure affected individuals and regulators are notified of the breach and damages can be minimized. 

Your Rights Regarding Your Personal Data 

We aim to maintain data that is accurate and up-to-date. Under the circumstance that your personal data changes (e.g. moving addresses), please notify us of any changes or update your data on the Shippensburg University myShip portal.  

In certain instances, you have the legal right to the following:  

  • Request correction to the personal data we have collected about you. 
  • Express any concern about any data we have collected about you. 

To exercise these rights, please contact us via the information provided below in the “Contact Information” section.  

External Links 

On our website, you may encounter links to other websites. Be aware that we are not responsible for the content or privacy practices of these other sites. We encourage all users to read the privacy notices of any other sites that collect your personal data.  

Contact Information  

For any questions, concerns, or requests to exercise your rights outlined in this privacy notice, please contact the Associate Vice President of Enrollment Management at 717-477-1235.

Changes to This Privacy Notice  

This privacy notice was last updated on 8/5/2020. 

Any changes to this privacy notice can be found on our website at www.ship.edu/privacy