Miami Cares About Your Privacy
We know that many people are concerned about threats to their personal privacy, from receiving junk mail to being the victim of identity theft. At Miami, protecting personal privacy is a priority, and we are taking a proactive approach to enhancing protection for visitors to our site. This site has been created to provide useful information regarding privacy and to help you determine where to get assistance. Students, faculty, staff, and other users in our community are directed to the Policy on Responsible Computing.
Miami University is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because Miami is a public institution, some information collected from the university website, including information from our server logs, e-mails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.
Miami University also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances (i.e., with the student's permission, to parents of dependent students, and in response to a valid court order). For more details on FERPA, see Part I, Chapter 12 of The Student Handbook. Although FERPA regulations apply only to students, Miami University is equally committed to protecting the privacy of all visitors to our website. Miami also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
Sharing of Information
Unless required by the Ohio Public Records Act, it is against university policy to release information gathered through the Web, such as pages visited or personalized preferences.
Miami University does, however, share information with other parties at the request of users (persons to whom the information applies). For example, the university receives test scores from testing agencies and will send transcripts to other schools at the student's request.
Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we have legal authorization to do so. Student directory information may be released without the student's written consent. Directory information includes: name, local and home address, e-mail address, userid, photo, telephone number, name and address of parent(s) or guardian(s), date and place of birth, major field of study, participation in Miami activities and sports, weight and height of members of athletic teams, dates of attendance at Miami, degrees, certificates and awards received, student classification, and the most recent previous educational institution attended. If a student does not want their directory information released, the student may request in writing that it not be released and file the request with the Office of the Registrar.
You can read more about directory information and Miami's student records policy in Part I, Chapter 12 of The Student Handbook.
Privacy and Public Records Requests
Miami complies with all laws that prohibit the release of information. This includes student education records protected by FERPA, financial information, including credit card information protected by GLBA, and personal health information protected by HIPAA.
However other information collected from the Miami website, including server log information, emails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act.
If You Send Us Personal Information
Miami's website will only collect personal information that you knowingly and voluntarily provide by, for example, sending emails, completing membership forms, registering for classes or other programs, responding to surveys, or ordering merchandise. If you provide us with personal information, we will normally respond to your inquiry, request, or order; we may also contact you to provide information about college activities, programs, membership and development opportunities, and special events that may interest you. It is university policy that confidential information you enter is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.
Miami University will only share information about you to other parties when one or more of the following conditions apply:
- We have your consent to share the information.
- We need to share your information to provide the service or product you requested.
- We need to send your information to companies who work on behalf of Miami University to provide a service or product to you.
- The information in question is considered directory information consistent with FERPA regulations.
- We need to respond to subpoenas, court orders, or any other legal process.
- We find it necessary to protect and defend the legal rights and/or property of Miami University.
Miami uses encryption to prevent third parties from accessing sensitive data, such as passwords, e-commerce information, etc. You are normally required to enter a Miami UniqueID and password when you request data about yourself or to ensure that you are a member of the university community. For example, students who want to check their grades or staff members who complete time sheets must enter their Miami UniqueID and password so the system knows who is requesting the data. This login process uses Secure Sockets Layer (SSL) so the user name and password are encrypted between the Web browser and our Web server.
Several sites within Miami University enable you to pay for products or services online with a credit card. These transactions are encrypted. Questions about security concerns involving credit card transactions may be directed to firstname.lastname@example.org.
Information Collected and Stored Automatically
If you visit our website, we automatically gather and store the following information about your visit so that we can track the use of our website to make improvements. This automatically collected information is stored and used in the aggregate only, and is not under normal circumstances used to contact you personally.
- The IP address from which you access our website
- The name of the domain from which you access the Internet (for example, aol.com, if you are connecting from an America Online account)
- The type of browser and operating system used to access our website
- The date and time you access our site
- The pages, files, documents, and links that you visit
- The Internet address of the website from which you linked to this website
Cookies are small pieces of data stored by the Web browser, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.
European Union General Data Protection Regulation ("EU GDPR") Privacy Notice
The EU GDPR provides broad privacy protections to individuals physically located in the European
Economic Area ("data subject(s)"). Under certain circumstances, the EU GDPR may apply to Miami
University's activities in the European Economic Area, for example, when a student attends a semester- long study abroad program in the European Economic Area or when a faculty member is temporarily assigned to work at Miami University's Luxembourg campus.
When subject to the EU GDPR, Miami University must comply with the regulation's core privacy principles, which principles provide that personal data shall be:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Limited to what is necessary in relation to the purposes for which they are processed;
Accurate and kept up to date;
- Retained only as long as necessary; and
Personal data is defined very broadly under the EU GDPR, and consists of any information relating to an identified or identifiable person and includes a person's name, identification number, location data, online identifier, or to one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Lawful Basis for Processing Personal Data
When subject to the EU GDPR, Miami University must have a lawful basis to process a data subject's personal data. Although there will be some instances where the processing of personal data will be pursuant to other lawful bases (e.g. processing necessary to protect the vital interests or safety of a data subject, processing related to legal action involving the university, etc.), Miami University will likely process personal data relying on one or more of the following lawful bases:
- Processing for the purposes of the legitimate interests pursued by Miami University or by a third party;
- Processing for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- Processing for compliance with a legal obligation to which Miami University is subject; and
- Processing pursuant to the consent of a data subject for one or more specific purposes.
Types of Personal Data Processed
In order for the university to achieve its core mission, it is essential and necessary for Miami University to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in the university's educational, research, and community programs. Miami University processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment; student registration; residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty, and staff; employment; applied research; program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community at-large; compliance with its internal policies, procedures, and guidelines, as well as all applicable federal, state, and local laws; and records retention.
Personal data processed by the university typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact the Office of General Counsel at email@example.com.
If a data subject refuses to provide personal data that is required by Miami University in connection with one of Miami University's lawful bases to collect such personal data, such refusal may make it impossible for Miami University to provide education, employment, research, or other requested services.
Where Miami University gets Personal Data
Miami University receives personal data from multiple sources, most often directly from the data subject or under the direction of the data subject who has provided it to a third party (e.g., application for admission to Miami University through use of CollegeNet or the Common App).
Individual Rights of the Data Subject under the EU GDPR
Subject to all other applicable laws and regulations, including all laws of the United States of America and the State of Ohio (USA), data subjects have following rights under the EU GDPR:
- To access the personal data we maintain about you;
- To be provided with information about how we process your personal data;
- To correct or modify your personal data;
- To have your personal data deleted;
- To object to or restrict how we process your personal data;
- To request your personal data to be transferred to a third party; and
- To file a complaint.
To exercise the above rights, data subjects should contact Miami University's Office of General Counsel at firstname.lastname@example.org. Miami University will consider and process a data subject's request within a reasonable period of time. Please be aware that under certain circumstances, the EU GDPR or other applicable law may limit a data subject's exercise of the above rights.
Security of Personal Data subject to the EU GDPR
Miami University will comply with all of its published data protection polices in the processing of a data subject's personal data.
Miami University keeps the data it collects for the time periods specified in the Miami University Retention Manual.
Disclaimer of Liability
Miami University is a large organization with many people sharing responsibility for the content of our website. Please help us respond to your comments and inquiries by sending them to the appropriate Miami department.
If you have questions about this Privacy Statement, or if you find Miami Web pages that do not adhere to this statement, please email us at email@example.com.