This policy was last reviewed and amended on May 25, 2018.
The college collects personal information that you send to Davidson College, or permit us to obtain from third parties, for purposes relevant to college operations in pursuit of its academic mission. Examples include information needed for student admission (including financial aid information), employment, bookstore ordering, gifts/fundraising, institutional research, and topical surveys.
We may use your user information in order to process student, financial aid, or job applications, student or employee registrations, and other services and benefits that we provide to our students, employees and other persons. Any email address, postal mailing address, phone number or other contact information you provide may be used to send you information, respond to inquiries, and/or other requests or questions. We also collect information from you when you access Davidson's website and when you subscribe to our email services.
APPLICABILITY OF THIS POLICY
This policy applies to anyone who provides or has previously provided personal information to Davidson, who authorizes Davidson to obtain data from third parties (e.g., Common Application), or who accesses Davidson College websites.
LOCATION OF SERVERS AND TRANSFER OF INFORMATION TO THE UNITED STATES
The data stored by the college are stored on campus servers in the United States or in cloud-hosted services which are largely outside the European Union. If you are located outside the United States, please note that your personal data will be transferred to and stored on a server most likely located in the United States. By submitting your personal data to the college, you consent to this transfer and to the collection, storage, processing and use of your personal data in the United States.
DATA SHARING WITH THIRD PARTY SERVICE PROVIDERS AND OTHERS
On occasion, the college may contract with outside service providers including but not limited to outside service vendors and SaaS software vendors. If necessary, the college may share personal data with the third party for completion of the services. We do not provide data to a third party for any purpose that is not directly related to college business. If data is provided to a third party, it is usable only as described in a contract defining the service agreement and must be destroyed or returned at the end of the contract according to the terms of the agreement. Before entering in to such a contract with a third party, the college reviews vendor data security practices and seeks assurances that vendors comply with relevant industry best practices or governing standards and laws where appropriate.
We may also provide your information to third parties in circumstances in which we believe that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; detect, prevent or otherwise address fraud, security or technical issues; or protect rights, property or safety. Davidson may also share information with third parties in aggregated form, after personally identifiable information has been removed, for higher education research purposes.
SITE ACTIVITY DATA AND DATA LOGGING
- Your Internet location (IP address)
- Which pages you visit on our site
- From which page you came to our site (referring site)
- Date and time
- Which software you use to visit our site and its configuration
Tracking pixels, like cookies, can be written into websites and other digital marketing materials. Pixels are used to provide analytics and insight into web traffic, digital preferences and activity. Data curated from the pixel is managed directly by the third-party platform responsible for providing the pixel (Facebook, Google, Twitter etc). You can manage what these platforms can collect about your online activity by managing your personal privacy and advertising settings within those platforms.
Beyond the Davidson.edu main web site, Davidson's servers automatically collect and log information when you use Davidson's other web sites or computer systems. Log data may include your Internet Protocol (IP) address, date and time the website or systems were used, and technical information about your devices and preferences. Log data may be used to facilitate your access to Davidson websites and services, monitor system performance, troubleshoot problems, and facilitate Davidson's response in the event of prohibited uses of computing resources, or unauthorized access to sensitive data.
SOCIAL MEDIA, ANALYTICS AND DIGITAL MARKETING
Davidson College uses online services and social media platforms to share information through organic and paid digital campaigns and to gather data for the purposes of analyzing trends, improving user experience and enhancing the accuracy of marketing campaigns. These sites and services may gather anonymous and personal data directly from you based on your online activity and personal privacy settings. Individual users are encouraged to monitor and adjust their personal privacy and security settings across the various online platforms as they deem appropriate. We have prepared a list of suggested links (PDF) for you to use if you wish to modify your privacy settings.
On occasion, the college may provide personal data to a third party social media platform or other vendor for the purpose of enhancing the accuracy of our digital marketing campaigns, for example the creation of a Facebook "custom audience".
If data is provided to a third party, it is usable only as described in a written contract or as part of the third-party terms of service agreement. Davidson College reviews data security practices and requires the third party comply with relevant industry best practices, governing standards and laws where appropriate. The terms of service for several platforms are accessible in the suggested links document.
HOW WE PROTECT YOUR DATA
The college employs a variety of technical and procedural measures to protect your information from misuse and unauthorized access. These measures include practices that limit access to your information to the fewest number of individuals who need that information for operational and strategic purposes. Davidson College implements a number of technology strategies such as firewalls, vulnerability management, log monitoring, data encryption, and other technical measures to safeguard your data from unauthorized access.
The college complies with the Children's Online Privacy Protection Act of 2013 ("COPPA"). COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. It is our policy to refrain from knowingly collecting or maintaining personally identifiable information relating to any person under the age of 13. If you are under the age of 13, please do not supply any personally identifiable information through the site. If you are under the age of 13 and have already provided personally identifiable information through the site, please have your parent or guardian contact us immediately using the information below so that we can remove such information from our files.
BILLING AND CREDIT CARD INFORMATION
To enable payment via our merchant services provider, credit card information collected by Davidson College is only used to process your transaction. Credit card information will only be shared with third parties who are contracted with Davidson College to complete the purchase transaction (e.g., those who help fulfill orders and process credit card payments). Credit card information is not stored on Davidson College servers. For recurring draft donors, we do store bank account numbers and financial institution routing numbers to complete monthly transactions.
RIGHTS FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA
You have the right in certain circumstances to (1) access your personal information; (2) to correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling. To the extent applicable, the EU's General Data Protection Regulation provides further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.
If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when exercising these rights. Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for archival purposes. We may also need to retain some information for legal purposes, including to comply with US government laws and regulations (e.g., US IRS compliance). In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against or exercising our rights with respect to such claim.
If you provide information directly to Davidson College from the European Economic Area (EEA), you consent to the transfer of your personal information outside of the EEA to the United States. You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.
You are under no statutory or contractual obligation to provide any personal data to us (other than personal data provided in connection with your status as a Davidson College student or employee, if applicable).
The information found on the Davidson College website provides links to external websites located outside the ‘davidson.edu' domain. Davidson College is not responsible for the privacy practices or the content of the external websites to which we link.
ALUMNI, DONOR, AND FRIENDS OF THE COLLEGE DATA
In addition to the general privacy provisions above, the following information applies to the personal data of alumni, donors, and friends of the college:
PERSONAL INFORMATION WE COLLECT
The college may collect, use, store and transfer the following personal information:
- Biographical and contact information - addresses, phone numbers, email addresses, and social media contact information
- Demographic information - names, gender, birth and death dates, photograph, religious affiliation and ethnicity (solely if you choose to provide religious affiliation and ethnic information)
- Student information obtained from Davidson College records - degrees, majors, sports participation, awards, clubs and activities
- Employment information - company names, job titles, and industry information
- Family information - spouse/partner names, children's names and birth dates, and familial relationships
- Alumni information - event attendance, volunteer interests, organization affiliations, committee participation, awards and honors
- Donor information - giving information regarding any donation which is made, including wealth assessment information and indicators of your interest in giving
- Analytical information - aggregated information related to web visitor activity, social media activity, and email marketing actions
We consider our relationship with alumni, donors, and friends of the college to be lifelong. This means that we will maintain a record for you until such time as you tell us that you no longer wish us to keep in touch. You may also make changes to communication preferences by contacting the Office of Alumni and Family Engagement at email@example.com or 704-894-2411.
HOW WE USE YOUR PERSONAL INFORMATION
We use your personal information for a number of legitimate purposes, all in support of Davidson College and its mission. Specifically, we use your personal email to:
- Keep you updated with information about Davidson College
- Provide alumni services
- Provide access to the Online Community Website (see additional information below)
- Fundraise for Davidson College
- Send you information about events and volunteer activities
- Conduct philanthropic preference research to inform our fundraising strategy and target our communications
- Perform administrative tasks and for internal record keeping purposes
- Create and analyze aggregated (fully anonymized) information for statistical research purposes in support of our educational mission.
PERSONAL DATA IN THE ONLINE COMMUNITY WEBSITE
The Online Community website contains secured and unsecured web pages. Secured pages require a login to access and are only available to registered Community Members with valid user names and passwords. Community Members are defined as anyone with a record in the college's relationship management database who have registered for secured access and been granted a user name and password. Access to secured pages is granted after a validation process is completed, usually within 72 business hours. Sensitive information such as individual giving history is visible only to that individual if he/she has secured access. Because contact information is available to registered members, the college encourages you to make informed choices about what is visible through the Online Community by registering for secured access. If you need assistance completing the user registration form or do not want your contact information to be visible to registered members, please contact the Office of Alumni and Family Engagement at firstname.lastname@example.org or 704-894-2411.
DAVIDSON COLLEGE EMPLOYEES AND VOLUNTEERS
Davidson College maintains personal information about constituents in the database of record. Depending on the responsibilities of a college employee, this information may be visible to staff members. Contact information may be shared with volunteers or student employees for the purposes of outreach regarding gatherings, college-related fundraising activities or networking opportunities. The college outlines privacy expectations with all staff and student employees as well as volunteers and requires information be used for the described purpose only.
PROSPECTIVE STUDENT DATA
In addition to the general privacy provisions above, the following information applies to the personal data of student applicants:
- Personal data of prospective students, collected either from the prospective student or from third parties with the prospective student's consent (for example, College Board) is used by the college to communicate information about Davidson College and its prospective student events and programs.
- Personal data provided by student applicants during the application process is used by the college to process the application for admission to Davidson College, and is therefore used in the performance of related services to be provided to the student applicant. This data is processed exclusively for Davidson College institutional purposes, connected or related to student application activities carried out by Davidson College. Student applicants consent to the college sharing certain information with the U.S. Department of Education.
- Applicants may, but are not required, to provide race and ethnic origin in admission materials for consideration in a holistic review of the application. If voluntarily shared, this information could be used for aggregate reporting purposes and/or for research purposes. By sharing this information voluntarily, applicants consent to the college using the data for these purposes.
STUDENT FINANCIAL AID DATA FOR ADMISSION APPLICANTS
In addition to the general privacy provisions above, the following information applies to the personal data of student admission applicants who apply for financial aid:
- Personal data provided by student applicants during the admission application process is used by the college in the processing of applications for financial aid (need-based, merit, athletic, etc.) at Davidson College, and is therefore used in the performance of related services to be provided to the student applicant. This data is processed for Davidson College institutional purposes as well as for federal, state and private aid purposes, connected or related to student aid application activities carried out by Davidson College. Student aid applicants consent to the college sharing certain information with the U.S. Department of Education, state aid authorities, and private aid entities, and receiving data from those sources provided by student aid applicants and/or parents/guardians.
- Aid applicants are required to provide sensitive personally identifiable information for consideration in review of aid applications. Within federal and state guidelines, this information will be used for reporting purposes and/or for research purposes. By sharing this information, applicants consent to the college using the data for these purposes.
In addition to the general privacy provisions above, the following information applies to the personal data of enrolled students:
- The college may collect, use, store, and transfer student data. Student education records are subject to the college's FERPA Policy and the college follows FERPA regulations with regards to data sharing. The college uses student data to fulfill contractual obligations related to providing academic services, and to fulfill obligations established by any applicable law.
- Medical records regarding your health conditions are kept strictly confidential by the Student Health and Counseling Center and are not disclosed without your written consent. The Student Health and Counseling Center requires that you provide your immunization history to confirm that you have received the vaccinations required for enrollment at Davidson College. You are encouraged to provide additional health information that can assist the Student Health and Counseling Center to address your health needs. Further, a student with a disability has the right to request academic and non-academic accommodations ensuring equal access to courses, course content, programs, services, and facilities. Students are not required to disclose their disability status; however, if they are seeking accommodations relative to their disability, they are responsible for making a written request to the Office of Academic Access and Disability Resources and providing the appropriate current documentation.
- Student data may be shared for legitimate educational purposes to designated school officials and third parties as permitted by FERPA regulations and other applicable laws. Students may, but are not required, to provide sensitive data, such as race and ethnic origin. If voluntarily shared, this information could be used to identify and communicate specific programming interests, for reporting purposes, and/or for research purposes. By sharing this information voluntarily, students consent to the college using the data for these purposes.
STUDENT FINANCIAL AID DATA FOR ENROLLED STUDENTS
In addition to the general privacy provisions above, the following information applies to the financial aid data of enrolled students:
- The college will collect, use, store, and transfer student financial aid data. Student education records are subject to the college's FERPA Policy. The college uses student aid data to fulfill contractual obligations related to providing eligible funding, and to fulfill obligations established by any applicable law.
- Students applying for and receiving certain types of aid are required to provide sensitive personally identifiable information, such as legal name, date of birth, Social Security number, and financial data. If provided, this information is used to identify and communicate specific programming interests; fulfill legal requirements; for reporting purposes; and/or for research purposes. By sharing this information, students consent to the college using the data for these purposes.
JOB APPLICANT DATA
In addition to the general privacy provisions above, the following information applies to the personal data of job applicants:
- An application submitted by a job applicant for a specific position becomes part of the recruitment file for that position. The college will use the application information only for consideration of the applicant's candidacy for each specific position for which it is submitted. For this purpose, the college will distribute the information to persons and parties affiliated with the search. The application is not searchable or viewable by other employers or recruiters, and the college does not sell the application to any third party.
- Personal data provided by job applicants during the application process is used by the college to process the application for employment at Davidson College, and is therefore used in the performance of related services to be provided to the job applicant.
- All job applicants are required to submit to a criminal, work history, and education background check, as set forth in detail in the background checking policy.
In addition to the general privacy provisions above, the following information applies to the personal data of employees of the college:
- The college may collect, use, store, and transfer employee data. Employee files are considered the property of the college. The college uses employee data to fulfill contractual obligations related to employment, and to fulfill obligations established by any applicable law.
- Employees may, but are not required, to provide sensitive data, such as race and ethnic origin. If voluntarily shared, this information could be used to identify and communicate specific programming interests, for reporting purposes, and/or for research and internal auditing purposes. By sharing this information voluntarily, employees consent to the college using the data for these purposes.
- During the course of employment, college staff may have access to Protected Health Information (PHI) as necessary to process benefits and fulfill contractual obligations related to employment. Any PHI, whether oral, written, photographic, or electronic, shall be maintained in a manner that ensures its privacy and security.
- All employees are advised that criminal, work history and education background checks are a condition of continued employment with the college, as set forth in detail in the background checking policy.