Home
What is the GDPR?
The General Data Protection Regulation is a European Union (EU) privacy law that applies broadly to the collection and use (i.e., “processing”) of the personal information of persons located in the European Economic Area (EEA). The EEA is composed of the EU member states1, plus Iceland, Norway, and Liechtenstein.
The GDPR seeks to strengthen the privacy rights of persons in the EEA and harmonize the various privacy laws across the EU member states. Most notably, the GDPR expands upon existing EU privacy law by expanding its scope to cover the processing of personal data by organizations outside of the EEA—including U.S. universities, such as ECU.
Who is covered by the GDPR?
Any person located in the EEA, regardless of citizenship or permanent residency, is afforded the privacy rights defined in the GDPR.
What are my GDPR privacy rights as a person in the EEA?
Under the GDPR, persons located in the EEA have the right to:
- be informed about their personal data collected by an organization, its intended use, and for how long the data will be retained;
- make informed decisions regarding an organization’s use and sharing of their data;
- review and correct the data held by an organization;
- request a copy of their personal data or have the data transferred to a third party;
- correct any errors in their personal data; and
- under certain circumstances, require the organization to delete their personal data.
Please note that these are general rights, many of which have limitations in practice. For example, it is understood that an organization cannot enter into a contract or provide a service to an individual without collecting and retaining some personal information that identifies that particular individual. Additionally, it is important to note that GDPR, and thus the rights afforded under GDPR, is only applicable to the extent ECU is processing your personal data while you are in the EEA for purposes of providing you with goods or services.
The University’s Use of Your Information
The University collects and uses “Personal Information” (i.e., any information that may be used to identify a person) to fulfill its strategic objectives, operational requirements and legal obligations. The University uses this information only for defined purposes and in a manner that respects the privacy rights of individuals.
With regard to the GDPR there are six legal bases under which an organization may collect or use Personal Information. The University uses three of those legal bases almost exclusively:
- Legitimate Interest: The use of Personal Information is necessary to pursuing the legitimate interests of the University, but with consideration given to protecting the privacy rights and freedoms of persons in the EEA.
- Contract: The use of Personal Information is necessary to fulfilling a contract between the University and persons in the EEA.
- Consent: Persons in the EEA have consented to the University’s use of their Personal Information.
The table below describes the Personal Information that we collect and why we collect it.
Purpose of Processing | Categories of Personal Information |
---|---|
As part of the graduate and undergraduate admissions process, ECU collects personal data to evaluate applications to the university. Data is collected to evaluate academic records and scores, track application payments and financial aid offers, and communicate with prospective students. | Name, address, country of origin/citizenship, contact details, date of birth, demographic information, race/ethnicity, academic history, test scores, enrollment intentions, fee payment information, financial data and other relevant information as part of the application process. |
ECU collects personal data to ensure the health and safety of ECU students, faculty and staff. Data is collected to ensure students are covered in UNC-System health insurance and have access to campus health services. Data is also collected to evaluate whether students pose a campus safety or research security risk. | Name, country of origin/citizenship, visa status, marital status, immunization records, medical history, insurance information, self-reported criminal and disciplinary history and other relevant information necessary to promote the health and safety of the individual student and campus at-large. |
Personal data is collected to provide student support services and other ancillary student services. These data are used to communicate with and register students for orientation, housing and dining options, employment opportunities, and various student activities including athletic and cultural events. | Name, home address, contact information, demographic information, local address, arrival information, student identification number and other relevant data to inform students about services, programming and support available to them. |
In order to provide a high quality experience that matches students’ expectations, ECU uses personal data to assist in the recruiting process. Personal data are collected from current and prospective students to help market and promote ECU’s educational and athletic programs. | Demographic information, geographic information, programs of interest, IP address, email address and other data that, when aggregated, assists the university in marketing and promoting its programs. |
ECU collects personal data for the purpose of fulfilling federal and state reporting and compliance requirements. Data is also collected, aggregated, and analyzed to assist administrators in understanding ECU’s strengths relative to other institutions. | Name, passport information, financial information, country of origin/citizenship, field of study, academic level, employment status, gender, demographic information, visa status, probationary and termination data. |
Personal data is collected to assist ECU in registering students, maintaining payment records, maintaining academic records and ensuring quality of educational offerings. Survey data are occasionally collected, analyzed used to improve programs. | Name, student ID number, demographic information, payment information, course registration information, academic records, and responses to survey questions regarding the quality of their experience at ECU. |
As part of the application, ongoing employment (to include leave management), and separation processes, ECU collects personal data to make personnel decisions. Data is collected to evaluate employment and academic history, communicate with potential employees regarding their application status, and assist with onboarding, ongoing employment, and separation processes. | Name, email address, physical addresses, demographic data (voluntary), education history, employment history, SSN, legal name, DOB, citizenship status, sex, leave reasons, duration, supporting medical releases / documentation (when applicable), separation reasons, separation dates, exit interview answers, visa and immigration-related information (when applicable), degree/certificate awards, transcripts (US & foreign) |
ECU collects personal data to ensure the health and safety of ECU students, faculty, and staff. Data is collected to evaluate whether employees pose various risks to campus (safety, financial, etc.) | SSN, work history, criminal history, sex, address history, toxicology report results (when applicable), driver’s license information (when applicable), driving record (when applicable) |
Personal data is collected to provide support services and ensure benefit provision. These data are used to communicate with and register employees for training and professional development opportunities. | Training courses taken, grades (if applicable), test scores (if applicable), disability and accommodation information, |
ECU collects personal data for the purpose of engaging in financial transactions with employees, including payroll and benefit administration and wage garnishment and debt collection processes, if necessary. | SSN, legal name, DOB, citizenship status, sex, physical address, email address, emergency contacts, tax status, benefits/deductions, wage garnishments, garnishment orders and amounts, debts owed to state and federal agencies |
ECU collects personal data for the purpose of fulfilling federal and state reporting, record keeping and compliance requirements. Data is also collected, aggregated, and analyzed to assist administrators in decision-making related to ECU’s workforce | Legal identification documents, SSNs, DOB, legal name, citizenship status, sex, visa information, demographic information |
Personal data is collected to ensure quality job performance. These data are used to evaluate personnel for the purposes of salary adjustments, promotion, or disciplinary action. | Performance information (to include ratings and formal coaching/disciplinary information), supervisor feedback and comments, goals, and employee responses and comments |
Personal data is collected about alumni, donors and prospective donors from a number of sources, including data you provide to us, for example when you update your alumni or donor profile, connect with us on social media, complete a donation form or register to attend ECU events. If you were a student or studied at ECU, some of your Personal Data are transferred from your student record into our alumni database. We may also collect Personal Data from publicly available sources or third-party sources that support our operations. The Personal Data collected by us, or on our behalf, is collected for the primary purpose of providing you opportunities to engage with ECU alumni, donors, and students through interactions, events and your gifts or donations. | Demographic information, geographic information, programs of interest, email address and other data that, when aggregated, assists the university in requesting, collecting and processing donations. |
Data Subject Rights Requests
You may exercise your GDPR privacy rights by submitting a “Data Subject Rights Request” through the ECU Help Desk ticketing system:
If you have a current relationship with ECU please go to the following: https://ecu.teamdynamix.com/TDClient/Requests/ServiceDet?ID=27720
If you have a past relationship with ECU please go to the following: https://ecu.teamdynamix.com/TDClient/Requests/ServiceDet?ID=30070
If you are located within the EEA and have a different inquiry regarding GDPR, then please contact us at dpo@ecu.edu.
Additional Resources
The text of the GDPR is available at https://gdpr-info.eu/.