Marshall University GDPR Statement

Marshall University GDPR Statement

European Union General Data Protection Regulation (EU GDPR)

The EU GDPR provides broad privacy protections to individuals physically located in the European Economic Area. Under certain circumstances, the EU GDPR may be relevant to Marshall University’s activities in the European Economic Area. When subject to the EU GDPR, Marshall University will comply with existing Family Educational Rights and Privacy Act (FERPA)(20 U.S.C. § 1232g; 34 CFR Part 99) laws, applicable United States of America federal laws and State of West Virginia law, regulatory, agency and accreditation requirements and Marshall University’s applicable Record Retention Rules; Policies; and/or Administrative Procedures (“Record Retention Regulations”). Data obtained by Marshall University is retained for the following objectives:

1. exercising the right of freedom of speech, expression and information;
2. compliance with a legal obligation which requires processing by federal and West Virginia state law to which the Marshall University is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Marshall University;
3. reasons of public interest in the area of public health;
4. archiving purposes in the public interest, scientific or historical research purposes or statistical purposes of which destruction of records would likely render impossible or seriously impair the achievement of the objectives of that processing;
5. the establishment, exercise or defense of legal claims; or
6. other legitimate objectives not expressly listed.

Individuals physically located within the EU may seek “EU” status to ensure that personal data is handled in accordance with Marshall University’s applicable Record Retention Regulations.

To achieve its core mission, it is essential and necessary for Marshall University to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in its educational, research and community programs. To that end, Marshall University processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment, student registration, residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty and staff; employment; applied research, program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community at-large; compliance with internal policies, procedures, and guidelines, as well as applicable federal, state and local laws; and record retention. Marshall University colleges, departments, and programs are encouraged to be cognizant when collecting personal data and ensure that only information that is absolutely necessary to process a request is collected.

Personal data processed by Marshall University typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact dataprivacy@marshall.edu or 304-696-3170.

If a data subject refuses to provide personal data that is required by Marshall University in connection with Marshall University’s lawful basis to collect such personal data, such refusal may make it impossible for Marshall University to provide education, employment, research or other requested services.