Shepherd University is committed to assisting students and families to achieve their educational goals by providing financial information and resources in a professional and individualized manner through effective communication. The SU Information Security Program applies to any record containing nonpublic financial information about a student or other third party who has a relationship with Shepherd University, whether in paper, electronic or other form, which is handled or maintained by or on behalf of Shepherd University or its affiliates.
For these purposes, the term nonpublic financial information shall mean any information:
(i) a student or other third party provides in order to obtain a financial service from Shepherd,
(ii) about a student or other third party resulting from any transaction with Shepherd involving a financial service, or
(iii) otherwise obtained about a student or other third party in connection with providing a financial service to that person.
What information do we collect?
In order to provide quality assistance to students and families, our departmental offices will collect information from you to verify identity, communicate via phone or email, understand enrollment, and process financial transactions as part of helping you achieve your educational goals.
When visiting the Finance Office or other student services offices of the campus, or when using RAIL or other on-line portals, as appropriate you may be asked to submit personally identifying information to confirm identity and do business relating to your Shepherd University student account.
How do we use your information?
Any of the information we collect may be used in one of the following ways:
· To personalize your experience (your information helps us to better respond to your individual needs).
· To improve our products and services based on feedback you provide to us.
· To process transactions (payments, payment plans, refunds).
· To send emails (our office will only send emails to students and families with information that is directly related to services provided by our office and/or Shepherd University. Your email is never shared with third party providers without your consent).
· To verify authorization of information (In order to protect the privacy and confidentiality of our students (as required by federal law under the Family Educational Rights and Privacy Act, FERPA), Shepherd University staff members cannot disclose any non-directory student information to anyone other than the student unless the student has given specific written consent, and students may opt out of disclosure of directory information by contacting the Registrar’s Office.
How do we protect your information?
Student data is protected, as directed by the Family Educational Rights and Privacy Act of 1974 (FERPA). With few exceptions, the University cannot disclose any non-directory student information to anyone other than the student unless the student has given specific written consent.
University staff members receive training on FERPA rights and practices and certify their compliance. Staff are also trained to follow the privacy and confidentiality practices outlined in this statement. We also implement a variety of security measures, both physical and through the use of technology, to maintain the safety of your personal information.
Shepherd adheres to the safeguarding rules of the Gramm-Leach-Bliley Act (GLBA) by ensuring the confidentiality of student information.
Can information be corrected?
The University will work with students, parents, employees or other affected persons, regarding appropriate data entries. If you have any questions, or objections regarding the validity of your data, please contact the Registrar or Finance Office as soon as possible if you believe there is an issue. If your concerns cannot be immediately addressed by them, they will assist you in identifying where to access further assistance.
Information shared with outside parties
There are legal limits on Shepherd University’s disclosure of any non-directory student information to anyone, outside of Shepherd employees with a University need-to-know, other than the student unless the student has given specific written consent. The greater detail of other exceptions to that restriction are explained in the Student Handbook, Student Bill of Rights section.
Information may be shared with trusted third parties who assist us in providing services related to Shepherd University student and faculty/staff accounts including (but not limited to):
· Third party payment gateway vendors who provide online payment abilities, payment plans and online account access.
· Credit/debit card payment processing vendors.
· Outside collection agencies who use information to contact and receive payments related to past due accounts.
· Whenever we determine that release is appropriate to comply with the law, to enforce our site policies, or to protect ours and other’s rights, property, or safety.
Third party links
Occasionally, at our discretion, we may include links to third party sites on our website. Please be aware that we have no control, responsibility, or liability for the content and activities of these linked sites. These third party sites have separate and independent privacy statements and we encourage our users to be informed and aware and to read the privacy statements of any other site that collects your personal information. However, we continually seek to protect the integrity of our site and welcome any comments for improvements, including any links to third party sites.
Compliance with the other jurisdictional privacy regulations
Other states or countries may have privacy regulations which serve to protect their citizens. For example, the European Union General Data Protection Regulation (GDPR) is a European Union (EU) legal framework for data privacy and security of personal data for individuals within the EU. The GDPR sets forth obligations for organizations that collect, use, share, and store personal data of constituents who reside in the European Union.
Students, or potential students, have created a contractual need with Shepherd University to collect and retain certain data at the time of submitting an application for enrollment. Personal information is being required by the University as an essential part of the academic process and must be retained per legal and regulatory requirements.
For non-students, Shepherd University is committed to securing the appropriate consent (opt-in) in the collection and processing of personal data. If you have any questions, or objections to the collection, use and retention of your personal data, on legitimate grounds, Shepherd University shall consider all requirements of notice, choice, transfer, security, data integrity, and access. Please direct any questions you may have concerning Shepherd University’s obligations and compliance with GDPR by emailing the Coordinator of the Information Security Program at email@example.com
How long do we keep your information?
Personal data will be retained by the University in accordance with applicable federal and state laws, regulations, and accreditation guidelines, as well as University policies. Personal data will be destroyed when no longer required for University services and programs, upon request or after the expiration of any applicable retention period, whichever is later, and as permitted by West Virginia law. GDPR, or other jurisdiction privacy regulations, do not supersede legal requirements that Shepherd maintain certain data.
By enrolling in Shepherd University you have created a contractual need that requires the sharing of required personal information. Your consent was established at the time of enrollment.
By giving us your information via email, phone, fax, website, or other communication methods, you consent to our Privacy Statement.
Changes to this Privacy Statement and University Policy
If you have any questions regarding this statement, please contact:
Office of the Information Security Administrator and Coordinator of the Information Security Program by emailing firstname.lastname@example.org
IMPACT Data, Technology, and IT Resources
RESPONSIBLE OFFICE IT Services
CREATED August 18, 2021
REVISED August 18, 2021
APPROVED BY General Counsel