This Notice describes New York University’s practices with respect to the collection, use, storage, and disclosure (“processing”) of Personal Information covered by the European Union’s General Data Protection Regulation for purposes of recruiting and evaluating prospective employees and processing applications for employment. This Notice applies to NYU, with global headquarters at 70 Washington Square South, New York, NY 10012, as well as to its affiliated legal entities and branches (collectively “NYU,” “us” or “our”) solely with respect to prospective employees of NYU’s Global Sites in the European Union (the “Sites”). All such prospective employees (referred to below as “you” or “your”) should carefully read the provisions of this Privacy Notice.
“Personal Information,” as used in this Notice, means any information that can be used to identify you, whether directly or indirectly, including by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
This Notice has the following sections:
You can contact NYU’s Data Protection Officer (the “DPO”) with any questions about this notice, our data collection practices, or your rights.
You can reach NYU’s Data Protection Officer, Peter Christensen, at:
c/o Data Protection Officer’s Office
70 Washington Square South
New York, NY 10012
+1 212 992 7256
Contact information for NYU’s designated local data protection contacts for NYU’s EU Global Sites is provided in Annex A.
This general notice may be supplemented by additional notices at the point of any data collection. If you have specific questions about any of the data processing activities described in this or any other notice, please contact the DPO.
We process the information we collect from you directly, either during our communications with you about NYU or as part of your application for employment at NYU.
During the application process, we will indicate when certain information is required in order for NYU to process your application. Failure to complete a required field may result in your application being denied or your offer of employment rescinded.
We use automated decision-making processes to screen applicants according to predetermined criteria. For example, we may use an automated process to review your resume for key terms associated with the job for which you have applied. You can find out more about the logic we use in our automated decision-making processes by contacting the DPO.
In addition, we collect the following kinds of information about you from third parties:
We process your Personal Information to recruit prospective employees, evaluate applications for employment at NYU, evaluate your eligibility for employment, communicate with you about NYU and your application, and, if you are offered a position at NYU, to manage your acceptance of our offer of employment and begin the process of onboarding you as a new employee. We also use data to make strategic decisions about NYU programs or course offerings, administer those programs, file required reports with applicable governmental authorities, and engage in financial planning. We also use your data for purposes required by law, including complying with application retention requirements, and for the enforcement of NYU policies and applicable laws.
We combine the data that we collect in order to provide these functions.
We have the following legal basis for processing the information you provide us in your application or that we collect about you during the application process.
We have a legitimate interest in recruiting and hiring qualified applicants, complying with laws and regulations that govern our conduct in the countries where we operate, and administering NYU and its programs in an efficient, ethical, and appropriate manner. We process all the information we collect from or about you to meet these purposes. You can obtain additional information about the legitimate interests we have in processing your information by contacting the DPO.
Once you have accepted an offer of employment from us, we may also be required to process your Personal Information to complete a contract that you have entered into with us, including a contract of employment or an agreement to receive certain other benefits. You can obtain additional information regarding processing we do to enter into contracts with you by contacting the DPO.
We may also be required to process your Personal Information to comply with laws applicable in the European Union or its member states. You can obtain additional information about the processing we do to comply with applicable laws by contacting the DPO.
In the case of Sensitive Personal Information (which includes (i) information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic and biometric data, and (iii) data concerning health, sex life, or sexual orientation), we process information either (i) because we have your consent to do so or (ii) because we are required to process the information to comply with applicable laws. For example, in certain jurisdictions, we are required to collect information about your disability status in order to comply with legal mandates to hire a certain number of disabled employees. You can obtain more information about these laws by contacting the DPO.
When we process your Sensitive Personal Information on the basis of your consent, you may withdraw that consent at any time by contacting the DPO. If you withdraw your consent, we may still be required to process your Sensitive Personal Information to comply with applicable law, but we will explain to you at the time your consent is withdrawn what processing activities will continue for legal compliance purposes.
Finally, we process your Personal Information for purposes compatible with those already described, including for the purposes of conducting scientific, statistical, or historical research or for the purpose of creating archives in the public interest. Where possible, we do not use identifiable information for these purposes, or we take steps, including making use of pseudonymous data, to limit the amount of Personal Information we use in our research or archives.
Your Personal Information will be received and processed by NYU employees and personnel, including third parties who provide services to NYU in connection with the purposes of processing described above, including background-check providers, service providers that support our application software and other programs, and service providers that support our human resources and hiring functions. We share your Personal Information with our service providers only when they have agreed to process your Personal Information only to provide services to us and have agreed to protect your Personal Information from unauthorized use, access, or disclosure. We provide Personal Information to printers and mailing houses, professional organizations, and third party organizations who assist in verifying your credentials. You may contact the DPO to learn more about the categories of service providers to whom your data is disclosed.
We also disclose your information to government authorities as required by laws that regulate immigration, tax, national security, and criminal activity.
NYU is a global university headquartered in the United States. We transfer your data to the United States and to the countries where we operate Global Sites and Portal Campuses. NYU offers study abroad programs at the following Global Sites outside of the EU: Accra, Ghana; Buenos Aires, Argentina; Sydney, Australia; and Tel Aviv, Israel. NYU operates degree-granting Portal Campuses in New York, NY; Abu Dhabi, United Arab Emirates, and in Shanghai, China. If you apply for employment at one of our EU Global Sites, your data will be accessed by both our global headquarters in the United States and the applicable EU Global Site as appropriate in order to evaluate your application for employment.
NYU has executed Standard Contractual Clauses, as approved by the European Commission. These clauses permit NYU to transfer data from the EU to third countries, including the United States. If you would like to receive a copy of NYU’s Standard Contractual Clauses, you can contact the DPO.
You can find more information about how long we retain personal data by consulting our Retention and Destruction of Records Policy. Certain of our EU Global Sites may retain data for shorter or longer periods to meet local legal requirements or business practices. You can obtain additional information about any of these retention periods by contacting the DPO or the local site contact.
You have the right to the following information regarding NYU’s processing of your Personal Information:
This Data Privacy Notice is intended to provide this information. Any questions about these details may be directed to the DPO.
You also have the following additional rights with respect to your Personal Information:
Czech Republic (NYU Prague)
Jiri Pehe, Site Director
Male Namesti #2
Prague, CZ 1100 00
+420 2 2422 6874
France (NYU Paris)
Valerie Michelin, Associate Director
57 Boulevard St. Germain
Paris, FR 75005
+33 1 5373 21812
Germany (NYU Berlin)
Gabriella Etmektsoglou, Site Director
Schoenhauser Allee 36, Haus 2F
Berlin DE 10435
+49 30 290291006
Italy (NYU Florence)
Ellyn Toscano, Site Director
Villa La Pietra
120 Via Bolognese
Florence IT 50139
+39 055 5007 205
120 Via Bolognese
Florence IT 50139
+39 055 5007 201
Spain (NYU Madrid)
Hector De Solo, Associate Director
Calle Segre, 8
Madrid ES 28002
+34 91 590-2927
United Kingdom (NYU London)
Eric Sneddon, Associate Director
6 Bedford Square
Ruth Tucker, Assistant Director
6 Bedford Square
+44 20 7907-3306
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27 170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Commission Nationale de l'Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30 53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
Jurisdiction for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to this list.