Widener University Online Privacy Statement
Widener University is committed to delivering information services that recognize and respect users’ privacy concerns.
This Privacy Statement describes how we recognize these concerns and uphold our commitments to address them. This Privacy Statement is intended to inform you of our general policies and practices regarding our collection, use, and disclosure of the data that you submit to us and that we collect from you during your use of Widener.edu, the My.Widener.edu portal, and our online or mobile applications (“Services”). This Privacy Statement applies to all visitors of Widener University’s website and all users of the Services.
The types of data we collect may vary depending on the specific site you visit or application you use. Accordingly, this Privacy Statement is intended to be a general statement and may be supplemented by more specific privacy policies that pertain to personal data exclusively associated with a specific department, unit or function.
Additional and/or different practices may apply with respect to data collected from participants in university-based or sponsored research studies that are governed by a protocol approved by the Provost, and in those cases the provisions of the Informed Consent form will govern and may supersede those set out in this Privacy Statement.
Data We Collect
We may collect a variety of Personal Data from you when you use our Services. For purposes of this Privacy Statement, Personal Data is information about you that can be linked to you as an individual. The following Personal Data is necessary for the performance of a contract with the University, and includes:
- Name and Date of Birth
- Social Security Number (SSN) (limited uses only, as outlined in the following section)
- Widener ID Number
- Address, city, state, postal code, and country of residence
- Campus address and telephone number
- Home, cellular, and other contact telephone number(s)
- Family Education Rights and Privacy Act (FERPA) information
- Emergency contact information (names, phone numbers, and email addresses)
- Academic credentials
- Academic, leisure or other interests
Digital Personal Data We Collect
We also may collect digital Personal Data such as unique device identifiers, randomly assigned unique identifiers in cookies, mobile device name, timestamp, IP addresses, and other similar data.
For example, your web browser automatically sends us the type of computing device and operating system you are using. We may also collect and maintain the IP (internet protocol) address used by your computing device. In addition, we may collect the dates and times you access Services, URLs requested, file names sent or received, search strings, and errors generated. We collect this information to assist us in maintaining and managing our systems, diagnosing problems, assisting you with a help request, and informing investigations.
We collect Personal Data as follows:
- When you use our Services
- When you voluntarily provide it to us
- When you register and set up an account
- When you communicate with us
- When you contact us offline or submit information to us offline
- When you provide it through our website
- From publicly available sources
- From third-parties
Data Collection Technologies
We use data collection technologies to collect information about your use of our Services. Third parties, widgets, and hosted solutions that we use on our website may use the following technologies for features, services, advertising, or analytics:
Browser Cookies
Browser cookies are small pieces of data placed on your computer as you navigate websites with your browser. Browser cookies allow websites and various third-parties to distinguish your device from others by having the cookie consist of a unique identifier or other data. Cookies can have many uses, such as to target advertising, as well as to enable website functionality and for security. We use both session cookies (which expire after you close your web browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of our website may not work properly.
Social Network Widgets
Our Services may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.'
We limit the collection of Personal Data to that which is required in order to fulfill our contractual obligations and provide services to you. We also collect digital Personal Data in order to deliver and better tailor the features, performance and support of our services and Website, and to offer you additional information about our services, personalized to you, your role, and interests at Widener. Uses of some common categories of information are described below.
Use of the Widener ID Number
The Widener ID Number is used as the student identification number and, for faculty and staff, as an administrative system identifier.
Use of Social Security Numbers
Social security numbers are used for payroll and tax benefit information for students and employees, and for those students who apply for financial aid. We are required by law to collect SSNs from:
- students;
- those who are employed by and/or paid by the University; and
- individuals applying for or receiving financial aid
Use of Contact Information for Emergency/Crisis Notification
Any and all contact information you provide, such as home telephone numbers, cellular numbers, and email addresses may be used to notify you of an emergency or crisis that may affect you and/or the University community.
Your emergency contact information may be used to notify your designated emergency contact(s) of an emergency or crisis that may affect you and/or the University community.
How long is personal data stored?
The Personal Data we collect as described above that is necessary for the performance of a contract is stored for as long as the University is obligated to offer agreed upon services.
Except as otherwise stated in this Privacy Statement, we do not sell, rent, or share your Personal Data with third parties. We may disclose your Personal Data to:
- departments within the University;
- third parties involved in assisting the University in providing services, including but not limited to employee background checks, administrative services, and technical services;
- local, state and/or Federal agencies, pursuant to valid legal process; and
- other parties as we deem reasonably necessary in order to protect and defend our rights, or the rights or safety of third parties
How Personal Data is Shared Within Widener
We use your Personal Data primarily to enable delivery, personalization, and improvement of services at Widener. Personal Data may be shared with other departments and business units at the University to the extent necessary to deliver and improve services offered or to satisfy local, state and federal laws and regulations.
How Personal Information Data is Shared Outside Widener
We may share your Personal Data with others outside of the University, such as third-party providers, vendors, and others acting on behalf of the University, for a variety of purposes, for example, to the extent necessary to deliver, improve, and tailor services to you. Third parties who receive Personal Data are generally contractually prohibited from using or sharing Personal Data for any purpose other than providing services to users. We ensure that third parties comply with all applicable laws and regulations. Widener does not sell Personal Data to third-party data brokers. The University may share Personal Data pursuant to valid legal processes, to detect, prevent or investigate fraud or system or network security issues, or to protect the safety or rights of the university and other third parties.
Sharing Cookies and Digital Personal Data with Third Parties
The University has relationships with authorized third-party providers whose services are accessed through the my.Widener.edu portal or other web services. In order to facilitate your access to these services, the University may automatically send one or more of your cookies to the third-party site or service so that you may access third-party services without re-entering your Widener user ID and password, or other required information, each time.
We use the information we get from web analytics tools such as Google Analytics to improve the user experience or our website. These tools collect data such as browser information, operating system, and page views through the implementation of session cookies or persistent cookies. Each tool creates a persistent cookie on your web browser to identify you as a unique user. The cookie is only used by Widener University and/or the software publisher of the respective tool. The software publisher’s ability to use and share information collected about your visits to Widener University websites is restricted by each software publisher’s Terms of Use and Privacy Policies.
Digital Marketing and Ad Networks
We may sometimes use "interest-based" advertisements also known as "online behavioral advertising." Online behavioral advertising is advertising that is directed to you based, at least in part, on your Internet browsing behavior across websites and over time. Although we do not share Personal Data with the third parties that conduct interest-based advertising operations on our behalf, these third parties and their affiliates do collect certain information as a result of their javascript "tags" and other technologies being used on our website. The information that they collect includes the names of web pages you view (URL's), unique identifiers, your IP address, timestamp, and certain types of digital Personal Data. A longer list of some of the technologies used for advertising and other purposes on our website and in our mobile apps are listed under the "Technologies Used" section.
Third Parties May Collect Personal Data from Other Sources
Some third parties involved in advertising operations may maintain their own proprietary consumer databases that allow them to personally identify or track website visitors. Other third parties have proprietary technologies to determine what additional devices you may use, on which it can display relevant advertisements.
Do-Not-Track
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Our website does not alter its behavior or change its services when it receives a “do-not-track” flag or signal from your browser.
Your Privacy and Ad Choices
You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out feature, located at: http://www.aboutads.info/choices/. The DAA opt-out requires that cookies not be blocked in your browser.
As an alternative to the DAA opt–out, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in "Flash" cookies, and certain other types of technical information that may uniquely identify your browser.
Email Messages
If you send us email, we may share your email address and message content with others inside the University, and with persons and organizations outside the University, to the extent it is necessary to process and/or address your inquiry, or serve your needs. Email addresses and message content may also be shared inside the University as deemed necessary by the University for disciplinary investigation. The University may also share your email address and message content with others outside the University to the extent necessary to comply with legal investigations and/or to protect the University’s rights and interests.
Forwarding Email: Students’ Private Email Address
If you forward email from your University-assigned email address to a private (non-Widener University) email address, we may send email to either or both addresses. We may also share your private email address with service providers inside and outside the University.
Faculty and Staff University-Assigned Email Addresses
Faculty and staff University-assigned email addresses appear in the Widener email directory, and are visible to all students, faculty, staff, administrators and others who have authorized access to the directory. We may share faculty and staff University-assigned email address with service providers inside and outside the University and do so according to university policies. Faculty and staff must comply with university policies and ensure that all business transactions are conducted solely through university approved systems.
Telephone Numbers
If you provide your telephone number(s), we may share these numbers with service providers inside and outside the University. The University may share telephone numbers with outside persons or organizations to comply with legal investigations and/or to protect the University’s rights and interests.
In some cases, users of our Services may choose whether or not to voluntarily provide their Personal Data. However, if you choose not to provide us with certain Personal Data, your access to those Services may be limited or prevented.
How to Request Access to or Deletion of Information Data and Files Pertaining to You
You have the right to request access to information and files pertaining to you. You also have the right to request that certain data pertaining to you be removed from Widener University systems and files. You may exercise these rights by contacting the office below that is most appropriate to your role at the University. We require that such requests be made in writing and include the following information:
- your name and role (applicant, student, or employee);
- contact information, including your email and postal addresses;
- the item(s) of information you wish to access or want removed; and
- the reason for requesting access to, or removal of, the information.
Applicants may contact the office of admissions at the Widener campus they are applying to:
Widener University Main Campus Office of Admissions
Muller Hall
One University Place, Chester, PA 19013
610.499.4126
Widener Law Commonwealth Admissions
3800 Vartan Way, Harrisburg, PA 17110
717.541.3903
Widener Delaware Law School Admissions
4601 Concord Pike, Wilmington, DE 19803
302.477.2703
Enrolled students may contact the registrar at the Widener campus they are attending:
Widener University Main Campus Registrar
One University Place, Chester, PA 19013
610.499.4161
enrollmentservices@widener.edu
Widener Law Commonwealth Registrar
3800 Vartan Way, Harrisburg, PA 17110
717.541.1941
Widener Delaware Law Registrar
4601 Concord Pike, Wilmington, DE 19803
302.477.0474
Employees may contact the Widener University Office of Human Resources:
Widener University
Office of Human Resources
Old Main, Ground Floor
One University Place, Chester, PA 19013
610.499.4181
There are some instances where the University may deny a request to remove information. For example, the University may decline to remove the following types of information, including, but not limited to:
- information required to be maintained by the University as part of student or employment records, or pursuant to local, state or Federal law, statute or other regulation, or in performance of contractual obligations; and
- information compiled in reasonable anticipation of, or for use in a civil, criminal or administrative action or proceeding.
The University will generally respond to requests no later than sixty (60) days after receipt. If a request is denied, we will send a written explanation explaining the reason for the denial and a notification of your right to file a written statement of disagreement. The University may also provide a right to have the denial reviewed. If the University is unable to act within sixty (60) days, we may extend that time by no more than an additional thirty (30) days. If we need to extend this time, we will notify you of the delay and the date by which we will complete action on your request.
Redress
If you are not satisfied with the outcome of a privacy inquiry, you have the right to seek redress. To exercise this right, please contact, in writing, the Office of Compliance and Risk Management, Widener University, One University Place, Chester, PA 19013. The following information is required:
- your name and role (applicant, student, or employee);
- a description of the problem or concern;
- your contact information, including email and postal addresses;
- the names of person(s) you have contacted about the problem; and
- copies of responses received from them.
The University will generally respond to requests for redress no later than sixty (60) days after receipt. If a request is denied, we will send a written explanation explaining the reason for the denial, and a notification of your right to file a written statement of disagreement. The University may also provide a right to have the denial reviewed. If the University is unable to act within sixty (60) days, we may extend that time by no more than an additional thirty (30) days. If we need to extend this time, we will notify you of the delay and the date by which we will complete action on your request.
EU General Data Protection Regulation
Widener University is committed to recognizing and respecting users’ privacy rights pursuant to the provisions of EU Regulation 2016/679, the General Data Protection Regulation (“GDPR”). The information and rights found in this Privacy Statement apply equally to those who are granted rights and protections under the GDPR. However, the rights and protections afforded under the GDPR supersede any inconsistent right or protection found in this Privacy Statement.
Personal data may be transferred overseas to the United States of America pursuant to the terms, conditions, and limits specified by Chapter 5 of the GDPR.
You can read the GDPR at:
http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Rights Under the GDPR
Any person located within the European Union is granted the rights and protections of the GDPR. Such persons are given the following rights:
- The right to access his/her Personal Data that is collected by the University;
- The right to correct inaccurate Personal Data collected by the University;
- The right to have the University erase Personal Data if: the Personal Data is no longer necessary in relation to the purposes for which it was collected; the user withdraws consent; the user objects to the processing of Personal Data and there are no overriding legitimate grounds for the processing; or the personal data is unlawfully processed;
- The right to restrict the collection of Personal Data if its accuracy is contested; the processing is unlawful; the University no longer needs the Personal Data for the purposes of processing such information; or the user objects to the processing of Personal Data pending the verification that legitimate grounds of the University override those of the user;
- The right to receive Personal Data in a commonly used format for its transmission by the University to another controller of data if the processing is based on consent or a contract, and the Personal Data is processed by automated means;
- The right to object to the processing of Personal Data at any time;
- The right to oppose the use of automated decision-making; and
- The right to withdraw consent.
You also have legal rights and remedies against any breach of your personal privacy according to Articles 77 to 84 of the GDPR.
Any person who wishes to use any of the above rights may contact the University at the following address:
Widener University
Office of Compliance and Risk Management
One University Place
Chester, PA 19013
Lodging a Complaint
Any person located within the European Union can lodge a complaint. Complaints are lodged with the government authority responsible for monitoring the application of the GDPR. Complaints can be lodged with the authority where a person’s habitual place of residence or work is located, or with the authority where the place where an alleged infringement occurred.
Widener University maintains a multi-disciplinary approach to privacy, aimed to address all aspects of information protection, including both security and privacy programs. We strive to protect your information from any unauthorized access and/or disclosure. Systems that solicit or display personally-identifiable information are protected by authentication and authorization controls and Web-based experiences involving personal information are secured by SSL (Secure Sockets Layer protocol) with 128-bit encryption. The University reminds users, however, that no method of transmission over the Internet can be 100% secure. Widener University cannot guarantee absolute security of our systems, nor guarantee that information supplied will not be intercepted while being transmitted over the internet.
How to Contact the Organization
If you have questions or concerns about the Widener Privacy Statement, please contact the office appropriate to your role at the University as identified in the above section entitled "Requesting access to, or deletion of, information and files pertaining to you."
Solicitation of Information from Children
Widener University does not knowingly solicit or collect Personal Information from users under the age of 13, nor do we knowingly send users under the age of 13 requests for Personal Data. If you believe we have inadvertently collected information about your child, please contact us and we will attempt to delete the information.
Changes to the Privacy Statement
The Privacy Statement is subject to change at any time, and the revision date will be noted here. We encourage users to regularly review the Privacy Statement for any changes. The most recent changes to the privacy statement occurred on May 20, 2019.