Ellucian Privacy Policy – Customer Data


Ellucian is committed to maintaining your confidence and trust, and accordingly abides by this privacy policy (this “Policy”) to protect the personal information you provide to Ellucian Company L.P. and all of its related worldwide affiliates and subsidiaries (“Ellucian”). “Personal Data,” for purposes of this Policy, means customer data that is individually identifiable information about a natural person or information from which an individual reasonably could be identified.

EU-U.S. and Swiss -U.S. Privacy Shield Frameworks

Ellucian adheres to the EU-U.S. Privacy Shield Principles and the Swiss -U.S. Privacy Shield Principles developed by the United States Department of Commerce, in conjunction with the European Commission and Switzerland, respectively. Ellucian’s commitment to the Privacy Shield Principles is described in its Privacy Shield Policy located here.

Ellucian has additionally chosen to apply the Privacy Shield privacy principles to Personal Data received from or on behalf of customers and prospective customers (collectively referred to herein as “customers”) located outside the EEA and Switzerland.

Ellucian’s Role as a Service Provider to Its Customers

Ellucian offers product solutions to its customers to store and manage their electronic documents, document metadata, and data relevant to managing an institution of higher education. Ellucian provides its hosted solutions to customers located in the EEA or Switzerland by hosting these solutions within computing environments located in the EU. Ellucian is a global organization and may provide product development services, solution engineering services, professional technical services and product technical support services to its customers in any country from any of Ellucian’s locations worldwide. As a result, customers’ Personal Data may be transferred, accessed and stored globally as necessary for the uses stated in this Policy. Whenever Ellucian handles Personal Data, regardless of where this occurs, we take appropriate steps to ensure that customers’ information is treated securely and in accordance with this Policy and all applicable laws and regulations.

The Customer’s Responsibilities with Respect to Its Personal Data

Ellucian’s customers may choose to include Personal Data with the customer data provided to Ellucian. This Personal Data may include employee name and contact details for the purpose of administering the customer’s account with Ellucian.

Ellucian processes only the Personal Data that its customers have chosen to share with Ellucian. Ellucian has no direct or contractual relationship with the subjects of this Personal Data (the “Data Subjects”). As a result, when customer data includes Personal Data, the customer is solely responsible for satisfying all legal obligations owed directly to Data Subjects under applicable data protection laws.

It is the Ellucian customer's responsibility to ensure that Personal Data it collects or directs Ellucian to collect can be legally collected in the country of origin. The customer also is responsible for providing to Data Subjects any notices required by applicable law and for responding appropriately to Data Subjects’ requests to exercise their rights with respect to Personal Data. In addition, the customer is responsible for ensuring that its disclosure of Personal Data to Ellucian is consistent with any privacy policy the customer has established and any notices it has provided or is required to provide to Data Subjects.

Ellucian is not responsible for its customers’ privacy policies or practices; or for customers’ compliance with such policies/practices. Ellucian does not review, comment upon, or monitor its customers’ privacy policies or its customers’ compliance with such policies. Ellucian does not review instructions or authorizations sent to Ellucian by customers or other parties to determine whether the instructions or authorizations are in compliance with, or conflict with, the terms of a customer's published privacy policy or of any notice provided to Data Subjects.

How Ellucian Uses, Shares and Protects Customer Data

Use of Personal Data

Ellucian uses Personal Data submitted to us for general business purposes, including:

  • to deliver or provide products and services ordered by customers, including administering the delivery of electronic products and services requiring logins and passwords, confirming compliance with licensing terms, and responding to technical queries;
  • to perform accounting and export compliance functions;
  • to notify customers of new products and services from Ellucian and our business partners and for other general marketing purposes, such as advertising Ellucian’s customer events and engaging with customers via online communities and social media; and
  • to comply with legal requirements.

Sharing of Personal Data with Third Parties

Ellucian shares Personal Data with our subcontractors, business partners and third party agents and contractors only to the extent required in order to deliver products or services requested by customers. Before transferring Personal Data to these third parties, Ellucian will obtain assurances from the recipient that it will safeguard Personal Data in a manner consistent with this Policy and otherwise to support Ellucian business activities. If Ellucian learns that a recipient is using or disclosing Personal Data in a manner contrary to this Policy, Ellucian will take steps to prevent such use or disclosure.

Ellucian also may disclose Personal Data as required by law, for example, in response to a court order, an administrative proceeding or subpoena. Before making any such disclosure, Ellucian will, as soon as practical, inform the customer when permitted by law, so the customer may take such actions as it deems necessary to protect the rights of Data Subjects.

Security for Personal Data

Ellucian is committed to safeguarding the Personal Data that it receives. While Ellucian cannot guarantee the security of Personal Data, the Company has implemented reasonable technical and organizational measures to protect Personal Data in Ellucian’s possession from loss, misappropriation and unauthorized access, disclosure and destruction.

Ellucian utilizes a combination of online and offline security technologies, procedures and organizational measures to help safeguard Personal Data. For example, facility security is designed to prevent unauthorized access to Ellucian computers. Electronic security measures — including, for example, network access controls, passwords and access logging — provide protection from hacking and other unauthorized access. Ellucian also protects Personal Data through the use of firewalls, role-based restrictions and, where appropriate, encryption technology. Ellucian limits access to Personal Data to employees, subcontractors, and third party agents that have a specific business reason for accessing such Personal Data. Individuals who have been granted access to Personal Data will be made aware of their responsibilities to protect such information and will be provided training and instruction on how to do so.

If Ellucian learns of an unauthorized disclosure of Personal Data that is within Ellucian’s possession or control, Ellucian will perform all actions required by applicable laws, including taking prompt measures to remedy the unauthorized disclosure and providing notice to affected customers.

Data Integrity

Ellucian’s customers are responsible for ensuring that they collect only that Personal Data needed to accomplish the purposes disclosed to Data Subjects. They also are responsible for providing Ellucian with instructions for the processing of Personal Data consistent with the purposes stated in the customers’ notice to Data Subjects. Ellucian will process Personal Data only in accordance with the customer’s instructions.

Ellucian will retain Personal Data only as necessary to fulfill the purposes described in this Policy or in our customer agreements. Ellucian will return or destroy Personal Data stored by Ellucian in accordance with applicable law.

Access to and Correction of Personal Data

Customers have the right to access and review, correct, amend or delete their Personal Data that Ellucian holds by contacting Ellucian. Customers are responsible for providing Ellucian with accurate and complete Personal Data, and for contacting Ellucian if correction of such information is required. Ellucian will cooperate with its customers’ reasonable requests for assistance in permitting Data Subjects to exercise their rights under applicable data protection laws to amend or delete their Personal Data. Please note that, where permitted, we may charge a fee for fulfilling access requests and that we reserve the right to disallow unreasonable requests for access. If a Data Subject’s Personal Data was provided to us by an Ellucian customer, we may facilitate access to such data by directing the Data Subject to the customer that provided the Personal Data to us.

Enforcement

Ellucian will conduct periodic (no less frequently than annually) self-assessments of its relevant practices to verify adherence to this Policy and the Privacy Shield Principles. Any customer or Data Subject with a complaint concerning Ellucian’s processing of Personal Data may contact Ellucian’s Compliance Office at [email protected].

If you are located in the EEA or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please review our Privacy Shield Policy located here for information on contacting our U.S.-based third party dispute resolution provider.

For More Information

If you have questions about this Policy, please contact Ellucian’s Compliance Office at [email protected]. Requests to unsubscribe from ("opt-out" of) communications from Ellucian can be managed using the link in email communications. You may also mail your enquiry/request to:

Ellucian
Attn: Compliance Department
4 Country View Road
Malvern, PA 19355
USA

Changes to this Privacy Policy

Ellucian may revise this Policy from time to time in order to comply with new laws and regulations; to conform to industry best practices; to reflect changes in Ellucian product and service offerings; and for other reasons. The revised Policy will become effective when it is posted on the Ellucian website.

Effective Date: September 21, 2017