This Notice describes New York University’s (“NYU”) practices with respect to the collection, use, storage, and disclosure (“processing”) of Personal Information covered by the European Union’s General Data Protection Regulation about students studying at NYU’s Global Sites in the European Union. This Notice applies to NYU, with global headquarters at 70 Washington Square South, New York, NY 10012, as well as to its affiliated legal entities and branches (collectively “NYU,” “us” or “our”). All students studying at NYU’s Global Sites in the E.U. (referred to below as “you” or “your”) should carefully read the provisions of this Privacy Notice.
“Personal Information,” as used in this Notice, means any information that can be used to identify you, whether directly or indirectly, including by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
You can contact NYU’s Data Protection Officer with any questions about this notice, our data collection practices, or your rights. You can reach NYU’s Data Protection Officer, Peter Christensen, at:
c/o Data Protection Officer’s Office
70 Washington Square South
New York, NY 10012
+1 212 992 7256
Contact information for NYU’s local data protection contacts for NYU’s EU Global Sites is provided in Annex A.
This general notice may be supplemented by additional notices at the point of any data collection. In addition to this notice:
If you have specific questions about any of the data processing activities described in this or any other notice, please contact the DPO.
We process the information we collect from you directly, including when you apply to study abroad, during our communications with you, when you sign up for classes or other services, when you make use of NYU equipment, facilities, and resources, when you take classes, when you apply for financial aid, when you make use of the Student Health Center, and when you make use of other required or optional services as a member of the NYU community. This includes information about you created by our faculty and staff, like your grades, scores, records of attendance and participation, and recorded observations about you. It also includes information about your payments made to us for tuition and other expenses.
In some cases, we will require that certain information be provided in order for us to provide you with a service or take an action you request. We will indicate when such information is required, and failure to provide required or mandatory information may result in our being unable to provide you with a service or take an action your request.
We use automated decision-making processes to process your data in certain contexts. For example, we may automatically evaluate your grades or test scores to determine your eligibility for enrollment in certain programs, receipt of certain honors, or to provide you with offers of academic support. Similarly, the information in your financial aid application may be used to generate a profile of your financial circumstances that is used to make decisions about your eligibility for scholarships, loans, and other financial assistance throughout your enrollment at NYU. You can find out more about the logic we use in our automated decision-making processes by contacting the DPO.
In addition, we collect the following kinds of information about you from third parties:
NYU maintains video surveillance and card swipe systems for the security of our premises. NYU or our contracted service operator may process images and video of you, and information about your use of and access to our premises, in connection with the operation of these systems.
We process your Personal Information to operate NYU and the programs you are enrolled in, to provide you with financial aid, and to provide you with additional related services (like housing, internet access, and health services through the Student Health Center and other programs). We also use this data to:
We combine the data that we collect in order to provide these functions.
We have the following legal basis for processing the information you provide us or that we collect about you.
You can obtain additional information about the processing we do to comply with applicable laws by contacting the DPO.
In the case of Sensitive Personal Information (which includes (i) information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic and biometric data, and (iii) data concerning health, sex life, or sexual orientation), we process information either (i) because we have your consent to do so, (ii) because we are required to process the information to comply with applicable laws or (iii) because processing is necessary for the provision of healthcare to you. We may also process sensitive data where necessary to protect your vital interests and you are physically or legally incapable of giving consent, for example, to admit you to the hospital if you are sick or injured and unable to complete the admission information on your own.
You can obtain more information about our processing of Sensitive Personal Information by contacting the DPO. When we process your Sensitive Personal Information on the basis of your consent, you may withdraw that consent at any time by contacting the DPO. If you withdraw your consent, we may still be required to process your Sensitive Personal Information to comply with applicable law, but we will explain to you at the time your consent is withdrawn what processing activities will continue for legal compliance purposes.
Finally, we process your Personal Information for additional purposes that are compatible with those already described, including for the purposes of conducting scientific, statistical, or historical research or for the purpose of creating archives in the public interest. Where possible, we do not use identifiable information for these purposes, or we take steps, including making use of pseudonymous data, to limit the amount of Personal Information we use in our research or archives.
Your Personal Information will be received and processed by NYU employees and personnel, including third parties who provide services to NYU in connection with the purposes of processing described above. For example, we may disclose your information to service providers who help us make travel arrangements, support our information technology systems, or provide services to our students. We share your Personal Information with our service providers only when they have agreed to process your Personal Information only to provide services to us and have agreed to protect your Personal Information from unauthorized use, access, or disclosure. You may contact the DPO to learn more about the categories of service providers to whom your data is disclosed.
We also disclose your information to government authorities as required by laws that regulate higher education, immigration, tax, national security, and criminal activity.
NYU is a global university headquartered in the United States. NYU offers study abroad programs at the following Global Sites outside of the EU: Accra, Ghana; Buenos Aires, Argentina; Sydney, Australia; Tel Aviv, Israel; and Washington DC, United States. NYU operates degree-granting Portal Campuses in New York, United States; Abu Dhabi, United Arab Emirates; and in Shanghai, China. If you study at one of our Global Sites in the EU, your data will be sent to the Portal Campus in which you are enrolled, and will also be sent to our global headquarters in the United States. Your data may also be shared with other Global Sites if you are participating at a program at that site or otherwise to facilitate central management of NYU’s programs and administer NYU’s global operations. We may also share your medical information with third-party medical providers pursuant to your consent or an an emergency basis.
NYU has executed Standard Contractual Clauses, as approved by the European Commission. These clauses permit NYU to transfer data from the EU to third countries, including the United States. If you would like to receive a copy of NYU’s Standard Contractual Clauses, you can contact the DPO.
You can find information about how long we retain personal data by consulting our Retention and Destruction of Records Policy. Certain of our EU Global Sites may retain data for shorter or longer periods to meet local legal requirements or business practices. You can obtain additional information about any of these retention periods by contacting the DPO.
You have the right to the following information regarding NYU’s processing of your Personal Information:
This Privacy Statement is intended to provide this information. Any questions about these details may be directed to the DPO.
You also have the following additional rights with respect to your Personal Information:
Czech Republic (NYU Prague)
Jiri Pehe, Site Director
Male Namesti #2
Prague, CZ 1100 00
+420 2 2422 6874
France (NYU Paris)
Valerie Michelin, Associate Director
57 Boulevard St. Germain
Paris, FR 75005
+33 1 5373 21812
Germany (NYU Berlin)
Gabriella Ekmektsoglou, Site Director
Schnhauser Allee 3
Berlin DE 10435
+49 30 290291006
Italy (NYU Florence)
Ellyn Toscano, Site Director
Villa La Pietra
120 Via Bolognese
Florence IT 50139
+39 055 5007 205
120 Via Bolognese
Florence IT 50139
+39 055 5007 201
Spain (NYU Madrid)
Hector De Solo, Associate Director
Calle Segre, 8
Madrid ES 28002
+34 91 590-2927
United Kingdom (NYU London)
Eric Sneddon, Associate Director
6 Bedford Square
Ruth Tucker, Assistant Director
6 Bedford Square
+44 20 7907-3306
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27 170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30 53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
Jurisdiction for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to this list.
Agencia de Protección de Datos
C/Jorge Juan, 6 28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
Commission Nationale de l'Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745