Hawthorn University values the privacy of all its constituents, including faculty, staff and students by maintaining a trusted user environment. We are dedicated to protecting the confidentiality and personally identifiable information and privacy of our community and have established applicable professional codes of ethics.
Hawthorn does not collect personal information about our website visitors such as names, addresses, telephone numbers, or e-mail addresses unless such information is specifically provided to Hawthorn by the website visitor. In some areas of the website, you will be asked to provide personal information, which will allow you to join our mailing list, submit an application, register for an education program or course, log-in to an online class, make a payment, or request additional information. Individual participation is completely optional.
Credit Cards are accepted for tuition and fees. Credit card numbers are not stored on our server. Credit card information is only available to Hawthorn staff with security access to our payment processing center.
Email accounts are given to enrolled students. Once a student is enrolled, all announcements, including scholastic and administrative communications from members of administration or the faculty must be sent to a Hawthorn University email account. This includes information about webinars, updates, opportunities and may include occasional advertisements from vendors who may benefit your personal growth and professional development. Should a student suspect any unauthorized use of their email or personal information they must notify the chief information officer immediately. All email received from students or other members of Hawthorn who are no longer associated with the institution may be deleted and non-user accounts may be disabled.
Hawthorn’s websites are not intended for children and we do not knowingly collect data relating to children.
The data protection declaration of Hawthorn University is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our students and business partners. To ensure this, we would like to first explain the terminology used.
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Restriction of processing:
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Controller or controller responsible for the processing:
Controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. Hawthorn University is the data controller of your personal data and is subject to the General Data Protection Regulation (the “GDPR”) effective May 25th, 2018.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
How we collect your information
We may collect your personal data in a number of ways, for example:
- from the information you provide to us when you interact with us during the registration and application process or express your interest in studying at Hawthorn University;
- when you apply to study at Hawthorn and complete the application and enrollment forms via the University websites;
- when you communicate with us by telephone, email, or via our website, for example in order to make inquiries or raise concerns using our Help Desk;from third parties, for example from your previous or current school, university, or employers who may provide a reference about you or who may sponsor your studies;
- in various other ways as you interact with us during your time as a student at Hawthorn University, for the various purposes set out below.
The types of information we collect
We may collect the following types of personal data about you:
- your name, and contact information such as address, email address, telephone number, date of birth, your passport number or identification card details, country of domicile, and your nationality. We will also allocate you a unique student identification number;
- information relating to your previous education and employment history, the courses you have completed, dates of study, grades, and examination results. We will also keep records relating to the assessments of your work and details of examinations taken, and other information in your student record.
How we use information about our students
The purposes for which we may use personal data (including sensitive personal data) we collect during a student’s association with us include:
- recruitment and admissions;
- academic matters, including:
- registration, assessment, managing progress, academic misconduct investigations, certification, graduation;
- maintaining student records;
- providing library, IT, and information services;
- non-academic matters in support of our core services, including:
- providing student support services;
- monitoring equal opportunities;
- safeguarding and promoting the welfare of students;
- administering finance (e.g. tuition and fees, grants, scholarships, and other financial purposes);
- other administrative purposes, including:
- carrying out research and statistical analysis;
- carrying out audits (e.g. to ensure compliance with our regulatory and legal obligations);
- providing operational information;
- promoting our services;
- preventing and detecting crime;
- dealing with grievances and disciplinary actions;
- dealing with complaints and inquiries.
The basis for processing your information and how we use it
We may process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. In this respect, we use your personal data for the following:
- to interact with you before you are enrolled as a student, as part of the admissions process (e.g. to send you a catalog or answer inquiries about our courses);
- once you have enrolled, to provide you with the services as set out in our Enrollment Agreement;
- to deal with any concerns or feedback you may have;
- for any other purpose for which you provide us with your personal data.
- to provide you with educational services which may not be set out in our Enrollment Agreement but which are nevertheless a part of our academic and educational mission;
- to monitor and evaluate the performance and effectiveness of the University, including by training our staff or monitoring their performance;
- to maintain and improve the academic, corporate, financial, estate, and human resource management of the University;
- to promote equality and diversity throughout the University;
- to seek advice on our rights and obligations, such as legal advice
- recovering money you owe to us;
- for fundraising purposes.
Graduation and degree information
Personal data (including award and classification) will be published and available on our University website following the relevant graduation events.
You may withhold your consent to publish your graduate bio.
Hawthorn may also process your personal data to remain in compliance with our legal obligations. In this respect, we may use your personal data for the following:
- to meet our compliance and regulatory obligations;
- for the prevention and detection of crime;
- in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities;
- we have your specific or, where necessary, explicit consent to do so.
Sharing information with others
For the purposes referred to in this privacy notice and relying on the basis for processing as mentioned above, we may share your personal data with certain third parties. You are given the opportunity to opt out of some of these data sharing arrangements, for example when you register with us, but you should carefully consider the possible impact of doing this. Unless an opt-out is in place, we may disclose limited personal data to a variety of recipients including:
- our employees, agents and contractors where there is a legitimate reason for their receiving the information, including:
- third parties who work with us to provide student accommodations;
- third parties who work with us to provide student support services;
- third parties who are contracted to provide IT services for us;
- internal and external auditors;
- Those with an interest in tracking student progress and attendance, including:
- student sponsors;
- current or potential employers (to provide references and, where students are sponsored by their employer and/or where you take part in a placement, to provide details of progress/attendance);
- professional and regulatory bodies in relation to the confirmation of qualifications, professional registration and conduct, and the accreditation of courses;
- government departments and agencies where we have a statutory obligation to provide information;
- crime prevention agencies (e.g. the police);
- parents, guardians, and next-of-kin (where there is a legitimate reason for disclosure).
The University websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Changes to your personal data
Please tell us promptly about any changes to the information we hold about you. This is particularly important for your contact details. You can do this through the University Student Portal.
How long your information is kept
Subject to any other notices that we may provide to you, we retain your personal data in accordance with applicable federal and state laws. Some information may be retained longer or indefinitely in order to maintain your academic record for archiving. For example, your transcript will be held in perpetuity.
Hawthorn University maintains both hard copy and electronic files for each enrolled student that contain:
- Transcripts of any formal education or training, testing, or experience that are relevant to the student’s qualifications for admission;
- Personal information regarding a student’s age, and gender, if that information has been voluntarily supplied by the student;
- Copies of all documents signed by the student, including enrollment agreements and the School Performance Fact Sheet;
- Dates of enrollment and, if applicable, withdrawal from the institution, leaves of absence, and graduation;
- Official transcript, including courses or programs that were completed, or were attempted but not completed, and the dates of completion or withdrawal; credits transferred from other institutions;
- The thesis or dissertation;
- A record of the total amount of money received from or on behalf of the student and the date or dates on which the money was received;
- Copies of any official advisory notices or warnings regarding the student’s progress; and
- Complaints received from the student.
In addition to permanently retaining the student’s transcript Hawthorn shall maintain the pertinent student records described above for a period of five (5) years from the student’s last date of attendance.
Your rights under GDPR
- to obtain access to, and copies of the personal data that we hold about you;
- to require that we cease processing your personal data if the processing is causing you damage or distress;
- to require us not to send you marketing communications.
- to require us to correct the personal data we hold about you if it is incorrect;
- to require us to erase your personal data;
- to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
- to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
- to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply.
Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.
Updates to this policy
We may update or change this policy at any time. Your continued use of the University’s website and third party applications after any such change indicates your acceptance of these changes.
If you have given your consent and you wish to withdraw it, please contact us using the contact details set out below. Please note that where our processing of your personal data relies on your consent and where you then withdraw that consent, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
If you have any questions about this privacy notice, how we process your personal data, or to request access to the personal data that we hold about you, you can contact us: