In compliance with information technology guidelines of the University of Notre Dame, we respect the privacy of all users of the CARE website. User data, such as IP addresses and page requests are collected, but used only internally in summary format. We do not collect individual biographical information from users without their consent. Personal information (such as email addresses) which are input by the user at this site are used only for announcements related to CARE activities. Individual user information is not released to third parties.
Notre Dame GDPR Privacy Notice Information
What Personal Data is Collected: When Notre Dame seeks to gather personal information, Notre Dame informs individuals as to why they are being asked for their information, and how Notre Dame intends to use the data via the Notre Dame data privacy notice. Personal information may include anything that directly or indirectly identifies or relates to a living person (e.g. a name, address, telephone number, date of birth, unique identification number, photographs, video recordings, including images on CCTV).
How Notre Dame Collects Your Data: The data collected from you will be used by Notre Dame only in accordance with the purposes outlined in this privacy notice. Data collected in this manner will be shared within the following areas of Notre Dame, and may be shared with the primary Notre Dame offices within the United States. If you have any queries or complaints in relation to the use of your personal data you may contact Notre Dame via the Office of Information Security and Compliance at firstname.lastname@example.org.
The Purpose for (use of), and Legal Basis for Collecting Your Data
There are a number of legal reasons and different circumstances why Notre Dame may collect personal information. Personal information may be collected and used when:
- An individual, or their legal representative, has given consent
- An individual or organization has entered into a contract with us
- It is necessary for Notre Dame to perform their statutory duties, or other legitimate business purposes
- It is necessary to protect someone in an emergency
- It is required by law, or is necessary for legal cases
- It is necessary for employment purposes
- It is necessary to deliver part of our service
- A company or individual has made their information publicly available
- It is necessary for archiving, research, or statistical purposes
When Notre Dame has received consent to use personal information for specific reasons, individuals have the right to remove consent at any time. To remove consent, please contact Notre Dame via the GDPR Inquiry Form, stating which service the consent is withdrawn from.
How Notre Dame Stores and Secures Your Data: Any data collected from you by Notre Dame will be stored confidentially and securely as required by Notre Dame and the University of Notre Dame (USA) Information Security Policy. Notre Dame and its offices are committed to ensuring that all accesses to, uses of, and processing of such data is performed in a secure, controlled manner.
Notre Dame has a duty of care and a legal obligation to make sure personal information (on paper and electronically) is kept secure, and to only make information accessible to those individuals who have a right to it. To ensure this, Notre Dame has the following processes and policies in effect to safeguard personal information. These practices to ensure data security include:
- encryption, keeping information encoded so it can be read only via secure processes
- pseudonymisation, anonymizing sensitive aspects of personal information so an individual can work with data without knowing which individual data subject it belongs to
- controlling access, to keep systems and networks secure by restricting who is allowed to view personal information through the use of two-factor identification or VPN connection
- training, making UND employees aware of how to handle personal information, and how and when to report when something goes wrong
- reviews, assessing technology and working practice to maintain good practice and secure IT
In keeping with these data protection principles, Notre Dame will only store and retain information for a time period that serves the original purpose for which it was collected, or as long as required by law. Notre Dame and its offices may at times be required for business purposes to keep personal information for a set period of time.
Personal information held by Notre Dame is stored either on the premises in-country or on secure IT platforms. In certain instances, pieces of information can and may be transferred to another organisation, including outside of the EU. This most routinely happens when academic progression information is sent to the primary Notre Dame within the United States. The University of Notre Dame (USA) has agreements with third-party organisations where data is collected, stored, or processed, in order to protect personal information per United States Law.
If you have any queries or complaints in relation to the use of your personal data you may contact Notre Dame via the Office of Information Security and Compliance at email@example.com.
When Notre Dame Shares Personal Data; Details of Third Parties with whom Notre Dame Shares Personal Data: In certain circumstances, Notre Dame may use a third-party organization to store an individual’s personal information or to help deliver a service. In such instance, Notre Dame and/or a European will have an agreement in place to ensure that the third party in question is compliant with pertinent and applicable data protection law.
Notre Dame may at times be required by legal duty to provide personal information to other organisations. In extremely rare circumstances, Notre Dame may also share personal information when there is a necessary reason to do so. This may happen under specific circumstances, including but not limited to:
- identify or prevent crime
- if there are serious risks to the general public or members of the Notre Dame community
- to protect a vulnerable member of the community (such as a child)
- to protect adults who are thought to be at risk (e.g. individuals who could be confused or incapacitated).
In such circumstances, the risk must be serious or significant to merit overriding the individuals’ right to privacy; as such, Notre Dame will thoroughly document what information is shared and the reasons for sharing, and will notify affected individuals when merited.
Normally, when Notre Dame is worried about a person’s safety and feels it is necessary to take action to protect them from harm, Notre Dame shall discuss their concerns and obtain such a person’s consent to inform and tell others about the situation. However, Notre Dame may share information without consent if it is believed that the risk of harm is serious enough. In this circumstance, Notre Dame will thoroughly document the information that is shared and the reasons for sharing, and if safe to do so the individual is notified of what personal information has been shared and where.
Notre Dame will share your data with the following third parties where necessary for purposes of the processing outlined here:
When your data is shared with the third parties outlined here, Notre Dame will ensure that the data is only processed according to our specific instructions and that the same standards of confidentiality and security are maintained. Once the processing of the data is complete any third parties with whom data was shared will be required to return the data to Notre Dame save where they are required to retain it by law.
What Are Your Rights? The European General Data Protection Regulation provides individuals rights in relation to how their personal information is used. You have the following individual rights over the way Notre Dame processes your personal data.
RIGHT OF ACCESS: You have the right to request a copy of the personal data Notre Dame processes about you, and to exercise that right easily and at reasonable intervals.
CONSENT: You have the right to withdraw your consent where that is the legal basis of Notre Dame’s processing.
RECTIFICATION: You have the right to have inaccuracies in personal data that is held about you rectified.
ERASURE: You have the right to have your personal data deleted where there is no longer any justification for retaining it, subject to exemptions such as the use of pseudonymised data for scientific research.
You have the right to object to processing your personal data if:
- Notre Dame has processed your data based on a legitimate interest or for the exercise of the public tasks of the University of Notre Dame (USA), if you believe the processing to be disproportionate or unfair to you;
- The personal data was processed for the purposes of direct marketing or profiling related to direct marketing;
- Notre Dame has processed the personal data for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You have the right to restrict the processing of your personal data if:
- You are contesting the accuracy of the personal data;
- The personal data was processed unlawfully;
- You need to prevent the erasure of the personal data in order to comply with legal obligations;
- You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.
PORTABILITY: Where it is technically feasible you have the right to have a readily accessible, machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.
CONTACT: Please contact Notre Dame via the GDPR Inquiry Form, if you wish to make a request
- To obtain information about yourself;
- To have your information corrected (where applicable by law); OR
- To have your information removed / erased (where applicable by law).
If you have any other queries relating to the processing of your personal data or if you have any queries or complaints in relation to the use of your personal data, you may contact Notre Dame via the Office of Information Security and Compliance at firstname.lastname@example.org.
Contact the Center
We strive to maintain a site that is a resource rich in information to assist you in your own practice, research, and education goals. Please contact Lorie Marsh at: email@example.com with any questions, comments or suggestions.
Center for Accounting Research and Education
University of Notre Dame
126G Mendoza College of Business
Notre Dame IN 46556 USA
Visiting the University of Notre Dame? The Center is located at 126G Mendoza College of Business. Access our online campus map at map.nd.edu.
The Center for Accounting Research and Education is funded by donations from private individuals and foundations that support our mission. We depend on contributions from those who value CARE and its top-quality, highly informed conferences, research support, and teaching initiatives. Please consider making a tax-deductible donation by contacting Steve Nekic, at 574.631.2698, or visit https://giveto.nd.edu/give?fund_id=1670 today.