We, Brigham Young University (“BYU”), a Utah non-profit corporation, a 501(c)(3) organization, with our main campus in Provo, Utah 84602 USA, explain in this Notice what personal information we collect from applicants and students in the context of our admissions process, educational services, and other university services, programs, and activities, and how we use such personal data.
What data do we collect about applicants and students?
Data you actively submit to us: When you apply to attend BYU, or participate in certain services, programs, activities, and events at BYU, you will provide, or may be asked to provide, the following categories of personal data and records:
At your own discretion and initiative, you provide additional personal data when you send us questions or requests, or seek out or participate in our services, programs, activities, or events. You will know what personal data you provide because you will actively submit it to us.
Data from third parties: We also receive personal data about you from third parties acting at your request or on your behalf, such as parents, ecclesiastical leaders, schools, references, testing and application services providers and other education partners (e.g., the College Board), and other people and organizations with which you are affiliated, or to whom you provide information and authorize them to share your information with us. We also may ask for and receive information about you from educational institutions that you have attended in the past.
Data about your participation and performance at BYU: We also observe, collect, and create personal data and records about you in connection with your participation, performance, and other involvement in BYU’s educational services and other university services, programs, activities, and events. This includes personal information and records regarding:
What are the purposes of data collection?
We collect personal data to provide our services, programs, activities, and events, as outlined above; to process any requests you submit to us; to promote student safety and welfare on campus, in an atmosphere consistent with the ideals and principles of The Church of Jesus Christ of Latter-day Saints; to analyze for educational, research, and administrative purposes; to conduct internal marketing and development activities; to comply with legal obligations; and to communicate with you.
With whom do we share your personal data?
We will share your personal data:
We also share aggregated usage statistics that cannot be used to identify you individually.
Who do you contact if you have questions or concerns about data privacy?
BYU has a privacy officer who assists with the university’s privacy efforts and can help to answer your questions and respond to your concerns about privacy or security issues. If you have these types of questions or concerns, you may submit them via email or mail to the following:
By Email: email@example.com
By Mail: BYU Data Privacy Officer
Provo, Utah 84602 USA
What security efforts are made to protect personal data?
BYU implements technical and organizational security measures to protect your personal data, as outlined in BYU’s Information Security Program. While BYU strives to protect your personal data, we cannot ensure or warrant the security of such data. Use caution and best practices (e.g., strong passwords) when submitting personal data online.
The Family Educational Rights and Privacy Act (FERPA)
BYU is subject to the U.S. federal Family Education Rights and Privacy Act (FERPA), a federal law designed to protect your privacy and limit access to student education records. In some cases, FERPA allows certain personal data such as your directory information to be shared without your permission. More information about FERPA is available at http://ferpa.byu.edu.
EEA Supplemental Data Protection Law Disclosures
BYU provides the following disclosures, which apply only to residents of the European Economic Area (EEA), to supplement the BYU Student Privacy Notice.
Data Controller: The data controller is BYU, with the contact information specified above. BYU’s data protection officer is the same individual as BYU’s Data Privacy Officer, whose contact information also is provided above. BYU’s authorized representative in the EEA is Brigham Young University Limited, a UK limited company and charity, located at 27 Palace Court, London, W2 4LP, United Kingdom.
Legal Basis for Processing: Legal basis for the processing of your personal data by BYU is your consent and Art. 6(1)(a) GDPR.
Recipients in Third Countries: BYU and our agents, contractors and service providers are based in the United States, a country with respect to which the European Commission has not issued an unlimited adequacy decision. The transfer of your personal data to the United States is necessary because BYU is located in the United States and based on your consent.
Period of Data Storage: We will process personal data for applicants who do not enroll at BYU only for as long as necessary to administer your applications and for three years after the semester for which the applicant applied, for analytical purposes and to address any questions about your application. If you enroll as a student, BYU will store and process your personal data as long as necessary to conduct program analysis, monitoring, performance evaluations, and outcome measurements; to provide, upon your request, or to communicate with you regarding, BYU’s services, programs, activities, and events; to confirm your educational achievements on request; or as required for tax, audit, and legal compliance. Subject to data subjects’ rights, as outlined below, BYU also keeps a permanent record of a student’s participation and performance at BYU.
Data Subject Rights: You have a right to request from BYU access to and correction of your personal data, and in certain circumstances, deletion of your personal data, restriction of processing, withdrawal of consent, and data portability, as well as the right to lodge a complaint with a supervisory authority.
Last updated on August 31, 2018