This Notice describes the practices of New York University with respect to the collection, use, storage, and disclosure of personal information associated with alumni and development activities covered by the European Union’s General Data Protection Regulation relating to alumni and other friends of NYU who are located in the European Union, Iceland, Norway, Liechtenstein, and Switzerland in the context of NYU’s alumni relations and development activities.

For the purposes of this Notice and the GDPR, the collection, use, storage and disclosure of information is called “processing”.  This Notice applies to NYU, with global headquarters at 70 Washington Square South, New York, NY 10012, as well as to its affiliated legal entities and branches (collectively “NYU,” “us” or “our”). All alumni and other friends of NYU in the EU (referred to below as “you” or “your”) should carefully read the provisions of this Privacy Notice.

For the purposes of this Notice and the GDPR, “Personal Information,” means any information that can be used to identify you, whether directly or indirectly, including by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

For purposes of this document, “Friends of NYU” includes former employees, faculty, family of students and faculty, other donors to NYU and their families, potential donors and their families, and others who have expressed an interest in supporting NYU or in participating or engaging in University-sponsored activities.

This Notice has the following sections:

Questions?

You can contact NYU’s Data Protection Officer ("DPO") with any questions about this notice, our data collection practices, or your rights. You can reach the DPO, Tani Raiford, at:

Tani Raiford
c/o Data Protection Officer’s Office
10 Astor Place, room 502E
New York, NY 10003 
+1 212 998 1180 
privacy@nyu.edu

This general notice may be supplemented by additional notices at the point of any data collection. If you have specific questions about any of the data processing activities described in this or any other notice, please contact the DPO.

^ Back to top

The Information We Process About You

We process information we collect from you directly, including during our communications with you; during your enrollment, employment, participation in student or alumni activities or programs, or other association with NYU; when you attend one of our events; when you make contributions to NYU; and when you request services from NYU.

In some cases, we will require that certain information be provided in order for NYU to provide you with a service or take an action that you request.  We will indicate when such information is required and failure to provide required or mandatory information may result in our being unable to provide you with a service or take an action you request.

In addition, we collect the following kinds of information about you from third parties:

  • Information we collect from other NYU personnel or students: We may collect information about you from other persons affiliated with NYU. For example, we collect contact information for our student’s parents and family members from our students.
  • Information we receive about you from journals, research publications, professional organizations, or other platforms through which you publish or present academic content.
  • Information from publicly available sources, like your public social media profiles (e.g., LinkedIn), and public directories that include your professional and contact information.
  • Demographic Information: We may share information we have about you with third-party service providers who use other information they have about you to provide us with demographic information.
  • Information about your prior or concurrent educational history, which we collect from other educational institutions (or retrieve from our own records).

^ Back to top

Purposes and Legal Basis for Processing Your Data

We process your personal information in order to help us support and operate NYU and its programs, to provide you with alumni support and related services (such as job placement, email, reunion planning, transcripts, and library services), and to contact you to offer you services and request financial support for NYU. We also use this data to:

  • file required reports with applicable governmental authorities,
  • administer our programs and provide appropriately tailored services,
  • monitor trends within our fundraising activities,
  • verify your identity,
  • ensure that the university is prepared for emergencies,
  • enforce NYU policies and applicable laws,
  • manage university gift receipting, acknowledgement, billing, collecting, refunding and cashiering functions,
  • facilitate internal research,
  • coordinate events such as conferences and professional development, and
  • facilitate alumni directories and other promotional activities.

We combine the data that we collect in order to provide these functions.

We have the following legal basis for processing the information you provide us or that we collect about you.

  • We have a legitimate interest in raising funds to support NYU’s mission and programs; supporting our alumni and other friends of NYU; complying with laws and regulations that govern our conduct in the countries where we operate; and administering NYU and its programs in an efficient, ethical, and appropriate manner. We process all the information we collect from or about you to meet these purposes. You can obtain additional information about the legitimate interests we have in processing your information by contacting the DPO.
  • We may also be required to process your personal information to complete a contract or agreement that you have entered into with us, including when you wish to receive a service or when the University responds to your pledge or intention to make a contribution. You can obtain additional information regarding processing we do to enter into contracts with you by contacting the DPO.
  • We may also be required to process your personal information to comply with laws applicable in the European Union or its member states.

You can obtain additional information about the processing we do to comply with applicable laws by contacting the DPO.

In the case of Sensitive Personal Information (which includes (i) information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic and biometric data, and (iii) data concerning health, sex life, or sexual orientation), we process information either (i) because we have your consent to do so or (ii) because we are required to process the information to comply with applicable laws.

You can obtain more information about these laws by contacting the DPO. When we process your Sensitive Personal Information on the basis of your consent, you may withdraw that consent at any time by contacting the DPO. If you withdraw your consent, we may still be required to process your Sensitive Personal Information to comply with applicable law, but we will explain to you at the time your consent is withdrawn what processing activities will continue for legal compliance purposes.

Finally, we process your Personal Information for additional purposes that are compatible with those already described, including for the purposes of conducting scientific, statistical, or historical research or for the purpose of creating archives in the public interest. Where possible, we do not use identifiable information for these purposes, or we take steps, including making use of pseudonymous data, to limit the amount of Personal Information we use in our research or archives.

^ Back to top

Recipients of Your Personal Information

Your personal information will be received and processed by NYU employees and personnel, as well as third parties who provide services to NYU in connection with the purposes of processing described above. For example, we may disclose your information to service providers who provide campus security, support our information technology systems, or coordinate and provide alumni or public events and services. We share your Personal Information with our service providers only when they have agreed to process your Personal Information only to provide services to us and have agreed to protect your Personal Information from unauthorized use, access, or disclosure. You may contact the DPO to learn more about the categories of service providers to whom your data is disclosed.

We also disclose your information to government authorities as required by laws that regulate immigration, tax, national security, and criminal activity.

We will not share your personal information with any company or organization outside the University except as stated within this document.

^ Back to top

Transfers to Third Countries

NYU is a global university headquartered in the United States. We transfer your data to the United States and to the countries where we operate Global Sites and Portal Campuses.  NYU offers study abroad programs at the following Global Sites outside of the EU: Accra, Ghana; Buenos Aires, Argentina; Sydney, Australia; and Tel Aviv, Israel. NYU operates degree-granting Portal Campuses in New York, United States; Abu Dhabi, United Arab Emirates; and in Shanghai, China. In the case of the University’s Global Sites and Portal Campuses, we only transfer your data if we determine that you have an operative connection with that location or if you express a desire to provide financial support or engage in activities at that site or campus.

NYU has executed Standard Contractual Clauses, as approved by the European Commission. These clauses permit NYU to transfer data from the EU to third countries, including the United States. If you would like to receive a copy of NYU’s Standard Contractual Clauses, you can contact the DPO.

^ Back to top

Data Retention

You can find more information about how long we retain personal data by consulting our Retention and Destruction of Records Policy. If you have any questions, you may contact the DPO.

^ Back to top

Your Rights

You have the right to the following information regarding NYU’s processing of your Personal Information:

  • the purposes of the processing,
  • the categories of Personal Information concerned,
  • the recipients or categories of recipients to whom the Personal Information have been or will be disclosed,
  • where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period.

This Privacy Statement is intended to provide this information. Any questions about these details may be directed to the DPO.

You also have the following additional rights with respect to your Personal Information:

  • The right to request access to the Personal Information that NYU has about you, as well as the right to request rectification of any data that is inaccurate or incomplete.
  • The right to request a copy of your Personal Information in electronic format so that you can transmit the data to third parties, or to request that NYU directly transfer your Personal Information to one or more third parties.
  • The right to object to the processing of your Personal Information for the University’s communications regarding your student, faculty or alumni status, University publications relating to academic, employment and fundraising functions and other purposes.
  • The right to erasure of your Personal Information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Information to certain limited purposes where erasure is not possible.
  • The right to lodge a complaint with the supervisory authority in the country where you live or work or where you believe that your rights have been violated. See Annex A for more information about supervisory authority contacts in the EU.
These rights may be exercised through the GDPR Data Request process.
 

^ Back to top

Annex A: National Data Protection Authorities

Czech Republic
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27 170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
E-mail
Website

Germany
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30 53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
E-mail
Website

Jurisdiction for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to this list.

Spain
Agencia de Protección de Datos
C/Jorge Juan, 6 28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
E-mail
Website

France
Commission Nationale de l'Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website

Italy
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
E-mail
Website

United Kingdom
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
E-mail
Website

This list is provided for your reference, but you may file a complaint with the data protection authority in any Member State where you habitually work, live, or believe an infringement of EU data protection law occurred. You may consult a list of data protection authorities.

^ Back to top