You are here: American University University Policies Data Privacy Notice

Data Privacy Notice

American University (“University”) is committed to safeguarding and maintaining the privacy of your personal information. In providing its website and services, the University must collect and use (or process) personal data about visitors. This Privacy Notice describes practices related to the collection and processing of personal information when users visit the University’s websites.

For purposes of clarity, “processing” as used in this notice includes the collection, use, storage, transmission, disclosure, and destruction of personal information. This Privacy Notice applies to all information collected by the University and its third-party service providers, including but not limited to websites and applications that post a link to this Privacy Notice.

By continuing to use and interact with University websites and providing your personal information, you are accepting the terms of this Privacy Notice.  

Information Collected

In general, American University collects and processes two types of information through its websites: (1) information voluntarily provided by you in order to receive requested information and/or services, and (2) information automatically collected upon your navigation to one of its websites.

Information You Provide

The University collects information which you provide, such as when you: request information; use a device to interact with a website; create an account; log in; register for courses, programs, or activities; complete a web form; add or update your account information; or otherwise interact or communicate with the University (including via its websites or other electronic means). The University then processes the information you provide.

Information Automatically Collected

When you use University websites, they automatically collect information about the devices you use to do so (e.g., computers, tablets, mobile phones, etc.). The University collects your device identifier, web browser, IP address, and browsing information via “cookies” and “web beacons.” The University also automatically collects information about how you use the websites, such as what you have searched for and viewed on the websites. The information automatically collected will be associated with any personal information you have provided. 

Cookies and Other Technologies Used by The University and Third-Party Service Providers

The University collects information automatically through various means such as cookies and web beacons. 

Cookies

University websites use cookies –small text files placed on your device – to keep track of information about your browsing preferences. Your decision to set your web browser to accept or disable cookies is a personal choice. However, without cookies you may not be able to take full advantage of features and functionality University websites, including those related to your preferences.

If you would like more information on how to opt out of cookies, please visit: Your Ad Choices or the EU's Your Online Choices.

Web Beacons

American University uses web beacons to collect data from individuals who interact with American University websites. These technologies, which are often small, transparent images, when loaded collect information about the requestor. This could include your IP address, and the date and time a website was accessed. Web beacons work in conjunction with cookies so if cookies are disabled, we are unable to collect unique information about you.

Processing Your Information

The University processes personal data for a variety of reasons, including to:

  • Carry out operations and manage the educational, research, and administrative needs of the University community;
  • Improve its websites and services;
  • Respond to your requests or inquiries;
  • Provide newsletters, articles, service or safety alerts/announcements, event invitations, and other information that we believe may be of interest to you;
  • Request gifts and donations;
  • Analyze your use of University websites and perform other market research activities, such as interest-based advertising, targeted advertising, and online behavioral advertising in order to determine the content that would be of interest to you;
  • Comply with and meet legal obligations, enforce agreements, and protect the health, safety, rights, and/or property of the University and its community; and/or
  • Prevent, investigate, and take actions regarding unlawful or criminal activity (including fraud or other misconduct), security or technical concerns, or unauthorized access to or use of the University’s data, users’ personal information, and University data systems.

The University will process your personal data consistent with the consent you have provided for a stated purpose, or as necessary to: (i) advance the University’s legitimate interests, (ii) perform a contract with you (or for your benefit) or fulfill a request you have made, (iii) comply with a legal obligation, and/or (iv) to protect the vital interest of you or another person.

How Information is Shared

The University may share your personal data with its third-party service providers to provide services or to support the University’s activities. These activities include, for example, online course support for students, benefit services for faculty and staff, or study abroad and international educational or teaching opportunities. The University does not sell or rent this data. The University’s third-party service providers are not authorized to disclose personal data except as necessary to perform services on the University’s behalf or to comply with legal requirements. In certain instances, in order to provide services and to support University’s activities, or as required by law, the University may share your personal data. In these instances, the information shared will be limited to the extent necessary to provide the user-requested information and/or services, or as required by law.

Third-Party Websites and Content

University websites may contain links to other websites as a convenience to you. These websites typically operate independently from the University’s websites and if you decide to use these links, you will leave the University’s website. The University is not responsible for the privacy practices or the content of such other websites and does not make any representations or endorsements about them. If you decide to leave the University’s website and access any third-party website, we strongly suggest you review the privacy notices or policies of that third-party website, as the University’s policies will no longer govern. You should review the applicable terms and policies, including privacy and information gathering practices, of these third-party sites.

Your Personal Accounts

Although the University has security measures in place to protect personal data you provide to it, you are encouraged to take steps on your own to protect your information by, for example, not leaving your web browser open and unsupervised, and using strong passwords and multi-factor authentication wherever possible. You should be aware that any information you post or disclose in social media, forums, message boards, and similar contexts may become public. You should always exercise caution before disclosing any personal data or other information in such contexts.

Retention of Information and Security

Personal data you provide to the University will be retained in accordance with the University’s record retention schedule, applicable laws, or until such time the service requested is no longer available. The University maintains administrative, technical, and physical safeguards to protect against loss, misuse, unauthorized access, disclosure, alteration, or destruction of the information you provide when visiting or using University websites. The University implements appropriate security measures to promote the confidentiality, integrity, and availability of any information in the possession (or control) of the University. The University utilizes Transport Layer Security (TLS) encryption technology for instances where American University websites process your personal information. The purpose of TLS is to protect your information from being viewed by an unauthorized person. Additionally, some features on American University websites may enable credit card transactions in order for you to purchase goods and services. American University subcontracts the processing of online transactions to third-party services providers that comply with the Payment Card Industry Data Security Standard (PCI DSS).

Additional Rights You May Have Regarding Your Data

If you reside in a member state of either the European Union or European Economic Area (collectively, "EU Residents"), or the United Kingdom (UK)) or if you reside in the People’s Republic of China (excluding the Hong Kong Special Autonomous Region (SAR), Macao SAR and Taiwan)(“PRC Resident”), you have the right to access personal information the University has collected about you for the purpose of reviewing, modifying, correcting or requesting erasure of your information. You may also have the right to request a copy of your information. Further, you may also request that the University restrict or stop processing your information. Finally, you may object to communications, direct marketing, or automated processing of your personal information.

To the extent applicable, the EU’s General Data Protection Regulation (GDPR), the UK Data Protection Act of 2018, and PRC’s Personal Information Protection Law provide further information about your rights. You also have the right to lodge complaints with your national or regional data protection authority.

If you wish to exercise these rights, please contact us at the address included under the “Contact” section, below. To protect the personal information the University holds, the University may also request further information to verify your identity when exercising these rights. Upon a request to erase information, the University will maintain a core set of personal information to ensure we do not contact you inadvertently in the future, as well as any information necessary for archival or other legal purposes. We may also retain financial information for legal purposes, including United States Internal Revenue Service compliance. Additionally, in the event of an actual or threatened legal claim, the University may retain your information for purposes of establishing, defending against, or exercising your rights with respect to such claim.

By providing information directly to the University, you consent to the transfer of your personal information outside of the applicable country you reside to the United States. Please note that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the applicable country you reside.

Children and Minors

The University does not knowingly collect or use any personally identifiable information from children or minors as defined by the Children's Online Privacy Protection Act on our general websites. 

If you believe that the University has collected personal information about a child or minor, please contact us immediately, at the address included under the “Contact” section below, so that the University can take appropriate action.

For more information, US residents may consult the Children's Online Privacy Protection Act, and EU Residents may consult the General Data Protection Regulation, and PRC Residents may consult with the Personal Information Protection Law. 

Contact

If you wish to ask questions, raise concerns, or make a report with respect to this Privacy Notice or regarding how American University processes personal information, please contact us at privacy@american.edu

Updates to this Privacy Notice

The University may modify this Privacy Notice from time to time, in its sole discretion. We recommend you read the Notice periodically. If we make any significant changes to this Privacy Notice that increase the University’s rights to use personal information that we previously collected about you, we will obtain your consent through an email to your registered email address or by prominent posting on the University’s websites. If the University intends to further process collected personal information for a purpose other than that for which the information was collected, prior to that further processing, the University shall provide you with information on that other purpose with additional information necessary to ensure fair and transparent processing.

Last updated September 2023