Privacy Notice

Introduction

Who We Are

For the purposes of this notice, Millersville University (University) acts as the “data controller.” We take on this role as the University determines how your PII is used and processed.

The Millersville University mission statement notes, “we are a community dedicated to high quality education at an exceptional value”. As such we collect and use PII that you provide or is associated with your university related activities.

For questions, requests, and complaints in regard to this privacy notice and the collection and processing of your personal data the contact information is included in the Contact Information section at the end of this notice.

Data Collected

The University collects information about you when you are provided a Millersville user account and receive an M-number, apply to attend the University or complete an employment application, create a guest account on the network, register for an event, or otherwise input information about yourself in your use of online resources. The specific information collected can be found via the join/renewal form, event registration form, etc. This information is collected transparently and voluntarily. Additionally, website usage information is collected using cookies in compliance with state regulations and the GDPR. 

We have access to any data that you voluntarily provide via email, telephone, forms, chat functions, user registration, newsletter sign-up, contests, surveys, and data that is compiled within university managed systems directly related to your university activities.

Through these means, we collect the following types of data (not inclusive)

• Full name
• Preferred name
• Email addresses (university, personal, other)
• Username
• Phone numbers (mobile, home, temporary)
• Address (permanent, temporary, university)
• Date of birth
• Information about any complaints, enquiries, and communication you make with us 
• Details on services received from us
• Location
• Photos
• Learning Activities (assignments, discussions, grades, etc.)

How We Use Your Data

Your personal data may be used for the following purposes: 

• Customization of content and user experience. 
• Identity you when you use university online resources (website, portal, learning management system, wireless network, etc.)
• Account set up and administration. 
• Conducting polls, surveys, and contests. 
• Internal research and development. 
• Legal obligations. 
• Internal audits. 
• Fulfillment of obligations outlined in any agreements with users. 
• Gathering feedback and opinions on our provided services. 
• Notification to users of changes to our services. 
• Respond to your requests and comments. 
• Process your transactions.  
• Compile grades
• Class registration
• Campus location

Legal Basis of Processing 

We process personal data for purposes of the Universities own legitimate interests, granted that those interests do not override any of the users own interests, rights, and freedoms. This legitimate interest including processing for instruction, college life, marketing, research, and development purposes.   

We also process personal data for other purposes with consent, but you have the right to withdraw consent to processing for specific purposes, as outlined below. 

Specific Data Use 

As a student or employee or affiliated third-party you are provided a user account that the conditions of the use of that account are specified in the Millersville University Responsible Use Of Information Technology Resources policy.

Personal data may be used without knowledge or consent in situations when legally required or permitted, or when personal data has been anonymized or pseudonymized so it is no longer associated with the user. This means we have removed personally identifying information so the data we’re left with cannot be tied back to you as an individual. 

How We Share Your Data

It is never the intention of the University to share personally identifiable information (PII) with third parties. Data collected during the normal course of activities related to your role with the University are shared internally as appropriate.

In the normal course of University business and operations information may be routed through a third party vendor (web hosting, order/purchase fulfillment, IT and cloud services, advisory services, and other). These parties do not retain, share, or use PII data beyond the defined purpose of fulfilling the service.

Personal data may be shared with regulators in compliance with legal regulations.

Personal data may also be shared with third parties when it is necessary to provide services to users, and/or for other legitimate interests. Third parties include service providers, professional advisors, and other members of the universities network.

Where We Process Your Data

If you are accessing University electronic resources from outside the United States, be aware you are sending personal information to our servers located in the US. 

Under certain circumstances, your personal data that we collect may be transferred to other countries for various purposes legally required by those countries.

We have implemented security measures and controls to ensure data remains appropriately protected in these jurisdictions [e.g. contractual requirements, data transfer agreements].

How Long We Store Your Data

We will only retain personal data for the duration necessary to fulfill the purposes for which it was collected. Personal data may also be retained for longer periods if it is solely for archiving purposes for regulatory requirements, analytics, research or other purposes warranted by the University.

When defining the appropriate retention length, we adhere to relevant legal requirements, such as State DOE, HIPAA, FERPA, or others.

How We Protect Your Data

Securing your data is a priority for us, while both online and offline. We have implemented appropriate safeguards to prevent personal data from being lost, misused, accessed, altered, or disclosed by unauthorized parties.

The University does not collect credit card data electronically. When making a credit card or contactless transaction the financial transaction data is encrypted and secured throughout its transmission.

Secure web access can be verified by the lock icon in your internet browser address bar and by the use of “https” at the beginning of the web address, where the “s” indicates a secure connection.

Procedures have been developed and tested to handle a potential data breach. These procedures are designed to ensure affected individuals and regulators are notified of the breach and damages can be minimized.

Your Rights Regarding Your Personal Data

We aim to maintain data that is accurate and up-to-date. Under the circumstance that your personal data changes (e.g. moving addresses), please notify us of any changes or update your data on the Millersville University portal (MAX).

In certain instances, you have the legal right to the following:

• Request correction to the personal data we have collected about you. 
• Express any concern about any data we have collected about you.  

To exercise these rights, please contact us via the email, mail, or phone information provided below in the “Contact Information” section.

External Links

On our website, you may encounter links to other websites. Be aware that we are not responsible for the content or privacy practices of these other sites. We encourage all users to read the privacy notices of any other sites that collect your personal data.

Contact Information

For any questions, concerns, or requests to exercise your rights outlined in this privacy notice, please contact us via email at privacy@millersville.edu, phone at 717-871-7777.

Changes to This Privacy Notice

This privacy notice was last updated on 08/24/2020