Data Privacy Notice for Employees in the E.U.
This Notice describes New York University’s practices with respect to the collection, use, storage, and disclosure (“processing”) of Personal Information of employees covered by the European Union’s General Data Protection Regulation. This Notice applies to NYU, with global headquarters at 70 Washington Square South, New York, NY 10012, as well as to its affiliated legal entities and branches (collectively “NYU,” “us” or “our”) solely with respect to employees of NYU’s Global Sites in the European Union. All such employees (referred to below as “you” or “your”) should carefully read the provisions of this Privacy Notice.
“Personal Information,” as used in this Notice, means any information that can be used to identify you, whether directly or indirectly, including by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
This Notice has the following sections:
You can contact NYU’s Data Protection Officer (the “DPO”), or the local data protection contact for the relevant EU Global Site, with any questions about this notice, our data collection practices, or your rights. You can reach NYU’s Data Protection Officer, Peter Christensen, at:
c/o Data Protection Officer’s Office
70 Washington Square South
New York, NY 10012
+1 212 992 7256
Contact information for NYU’s local data protection contacts for NYU’s EU Global Sites is provided in Annex A.
This general notice may be supplemented by additional notices at the point of any data collection. If you have specific questions about any of the data processing activities described in this or any other notice, please contact the DPO.
The Information We Process About You
We process the information we collect from you directly, either during our communications with you, when you apply for employment, when you sign up for employment benefits, or when you make use of NYU equipment and systems, facilities, programs, resources, and NYU services provided by third-party vendors. This includes information about your employment history with NYU, your job performance, compensation and benefits, and your dependents and emergency contacts.
In some cases, we may require certain information from you to provide you with a service or benefit. Failure to provide that information may mean we cannot provide you with a service or benefit.
We use automated decision-making processes to process your data in certain contexts. For example, we may automatically evaluate information about your compensation and benefits to withhold taxes or determine your eligibility for employee benefits or other programs. You can find out more about the logic we use in our automated decision-making processes by contacting the DPO.
In addition, we collect the following kinds of information about you from third parties:
- Information about your employment history and education: We collect information about your employment history and education during the application process or when taking an employment action – such as considering you for a promotion or a new position at NYU. We may confirm information you have provided of your previous employers and the education institutions you attended.
- Information about your professional certifications: We may confirm information you have provided about any professional certifications you might have from third parties that provide or verify those certifications.
- Information about your health: Where permitted by applicable law, we may collect information about your ability to work or your sick leave status from your health care provider or another third party you direct us to in order to confirm your employment status or to provide you with benefits to which you are entitled.
- Information we collect from other employees or students: Other employees or students may provide us with information about you, whether in the process of reporting an incident or complaint, alerting us to an emergency situation involving you, or as part of the employment process. This information can include your name, information about your behavior or activities, and other information about the situation being reported to us.
- Immigration information: Governments and consulates may provide us with government identification, immigration information, or other information in order to facilitate travel related to your employment at NYU. The type of information provided may vary by country depending on applicable reporting requirements. For example, the Czech government may report information regarding criminal convictions and debts.
NYU maintains video surveillance and card swipe systems for the security of our premises. NYU or our contracted service operator may process images and video of you, and information about your use of and access to our premises, in connection with the operation of these systems.
Purposes and Legal Basis for Processing Your Data
We process your Personal Information to administer and manage NYU programs and services, administer, manage, and evaluate your employment with NYU, communicate with you regarding your employment, and provide you with access to NYU programs, services, and facilities. We also use data to make strategic decisions about NYU programs or course offerings, administer those programs, file required reports with applicable governmental authorities, and engage in financial planning. We also use your data for purposes required by law, including complying with application retention requirements, and for the enforcement of NYU policies and applicable laws.
We combine the data that we collect in order to provide these functions.
We have the following legal basis for processing the information you provide and that we collect about you during your employment.
We have a legitimate interest in hiring and retaining qualified employees, complying with laws and regulations that govern our conduct in the countries where we operate, and administering NYU and its programs in an efficient, ethical, and appropriate manner. We process all the information we collect from or about you to meet these purposes. You can obtain additional information about the legitimate interests we have in processing your information by contacting the DPO.
We may be required to process your Personal Information to fulfill our obligations pursuant to a contract of employment or an agreement to receive certain other benefits. You can obtain additional information regarding processing we do to enter into contracts with you by contacting the DPO.
We may also be required to process your Personal Information to comply with laws applicable in the European Union or its member states. For example, we may process your passport information in order to comply with our obligations under applicable employment laws.
You can obtain additional information about the processing we do to comply with applicable laws by contacting the DPO.
In the case of Sensitive Personal Information (which includes (i) information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; (ii) genetic and biometric data, and (iii) data concerning health, sex life, or sexual orientation, we process information either (i) because we have your consent to do so or (ii) because we are required to process the information to comply with applicable laws. For example, we may be required to process your trade union membership in order to deduct applicable trade union fees from your payroll.
You can obtain more information about these laws by contacting the DPO. When we process your Sensitive Personal Information on the basis of your consent, you may withdraw that consent at any time by contacting the DPO. If you withdraw your consent, we may still be required to process your Sensitive Personal Information to comply with applicable law, but we will explain to you at the time your consent is withdrawn what processing activities will continue for legal compliance purposes.
Finally, we process your Personal Information for additional purposes that are compatible with those already described, including for the purposes of conducting scientific, statistical, or historical research or for the purpose of creating archives in the public interest. Where possible, we do not use identifiable information for these purposes, or we take steps, including making use of pseudonymous data, to limit the amount of Personal Information we use in our research or archives.
Recipients of Your Personal Information
NYU is concerned with ensuring adequate protection of all Personal Information. In this regard, NYU endeavors to restrict Personal Information to only those needing access to carry out their duties. Your Personal Information will be received and processed by NYU employees, students, and personnel, including third parties who provide services to NYU in connection with the purposes of processing described above, like payroll and benefits service providers, technology providers that support NYU’s systems and infrastructure, and other vendors acting on our behalf. We share your Personal Information with our service providers only when they have agreed to process your Personal Information only to provide services to us and have agreed to protect your Personal Information from unauthorized use, access, or disclosure. You may contact the DPO or local data protection contact to learn more about the categories of service providers to whom your data is disclosed.We may also disclose your contact information at NYU in staff and faculty directories available to NYU students, employees, and the general public. You may request that your information be removed from this directory.
We may provide your information to other universities or entities to facilitate joint activities, including travel, collaborative events, professional affiliations, and research.
We also disclose your information to government authorities as required by laws that regulate immigration, tax, national security, and criminal activity.
Transfers to Third Countries
NYU is a global university headquartered in the United States. NYU offers study abroad programs at the following Global Sites outside of the EU: Accra, Ghana; Buenos Aires, Argentina; Sydney, Australia; and Tel Aviv, Israel. NYU operates degree-granting Portal Campuses in New York, NY, Abu Dhabi, United Arab Emirates, and in Shanghai, China. Data that is collected about you by the EU Global Site at which you are employed may be shared with our global headquarters in the United States and other Global Sites or Portal Campuses during the period of your employment as appropriate to facilitate central management of NYU’s programs and administer NYU’s global operations.NYU has executed Standard Contractual Clauses, as approved by the European Commission. These clauses permit NYU to transfer data from the EU to third countries, including the United States. If you would like to receive a copy of NYU’s Standard Contractual Clauses, you can contact the DPO.
You can find more information about how long we retain personal data by consulting our Retention and Destruction of Records Policy. Certain of our EU Global Sites may retain data for shorter or longer periods to meet local legal requirements or business practices, in which case you will be notified separately of any such retention period.You can obtain additional information about any of these retention periods by contacting the DPO or the local site contact listed in Annex A
You have the right to the following information regarding NYU’s processing of your Personal Information:
- the purposes of the processing,
- the categories of Personal Information concerned,
- the recipients or categories of recipients to whom the Personal Information have been or will be disclosed,
- where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period.
This Data Privacy Notice is intended to provide this information. Any questions about these details may be directed to the DPO.
You also have the following additional rights with respect to your Personal Information:
- The right to request access to the Personal Information that NYU has about you, as well as the right to request rectification of any data that is inaccurate or incomplete.
- The right to request a copy of your Personal Information in electronic format so that you can transmit the data to third parties, or to request that NYU directly transfer your Personal Information to one or more third parties.
- The right to object to the processing of your Personal Information for marketing and other purposes.
- The right to erasure of your Personal Information when it is no longer needed for the purposes for which you provided it, as well as the right to restriction of processing of your Personal Information to certain limited purposes where erasure is not possible.
- The right to lodge a complaint with the supervisory authority in the country where you live or work or where you believe that your rights have been violated. See Annex B for a list of supervisory authority contacts for NYU Global Sites in the EU.
NYU employees may also files concerns in accordance with the applicable Compliance Complaint Policy.
These rights may be exercised through the GDPR Data Request Process.
Czech Republic (NYU Prague)
Jiri Pehe, Site Director
Male Namesti #2
Prague, CZ 1100 00
+420 2 2422 6874
France (NYU Paris)
Valerie Michelin, Associate Director
57 Boulevard St. Germain
Paris, FR 75005
+33 1 5373 21812
Germany (NYU Berlin)
Gabriella Etmektsoglou, Site Director
Schoenhauser Allee 36, Haus 2F
Berlin DE 10435
+49 30 290291006
Greece (NYU Athens
34 Tsakalof Str., Kolonaki 106 73, Athens
Italy (NYU Florence)
Lorenzo Ricci, Site Director
Villa La Pietra
120 Via Bolognese
Florence IT 50139
+39 055 5007 205
120 Via Bolognese
Florence IT 50139
+39 055 5007 201
The Office for Personal Data Protection
Urad pro ochranu osobnich udaju Pplk. Sochora 27 170 00 Prague 7
Tel. +420 234 665 111
Fax +420 234 665 444
Commission Nationale de l'Informatique et des Libertés - CNIL
8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstraße 30 53117 Bonn
Tel. +49 228 997799 0; +49 228 81995 0
Fax +49 228 997799 550; +49 228 81995 550
Jurisdiction for complaints is split among different data protection supervisory authorities in Germany. Competent authorities can be identified according to this list.
Garante per la protezione dei dati personali
Piazza di Monte Citorio, 121 00186 Roma
Tel. +39 06 69677 1
Fax +39 06 69677 785
Agencia de Protección de Datos
C/Jorge Juan, 6 28001 Madrid
Tel. +34 91399 6200
Fax +34 91455 5699
The Information Commissioner’s Office
Water Lane, Wycliffe House Wilmslow - Cheshire SK9 5AF
Tel. +44 1625 545 745
This list is provided for your reference, but you may file a complaint with the data protection authority in any Member State where you habitually work, live, or believe an infringement of EU data protection law occurred. You may consult a list of data protection authorities.