At Central European University (address: 224 West 57th street, New York, NY 10019, USA and 1051 Budapest, Nádor u. 9.) and Közép-európai Egyetem (address: 1051 Budapest, Nádor u. 9.) (jointly as “CEU” or the “University”) we place great emphasis on the protection of your personal information and compliance with the EU General Data Protection Regulation (GDPR)*. This Privacy Notice relates to the collection, use, transfer, and retention of your personal data by CEU's outreach functions, including the CEU Development Office.
*Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1. Who are we and what we do
CEU’s development and outreach offices, as well as University departments, schools, and units, support CEU through contact with a variety of stakeholders, including alumni, students, employers, partners, and supporters of the University. We do this in tandem with offices that serve as primary data stewards for these groups (including, for example, Alumni Relations, which oversees all alumni data management; Career Services, serving as the primary steward of employer data; the Human Resources Office, for CEU employee data; and the Student Records Office, which manages student data). Together, we offer a range of academic, social, and networking activities, events, and publications, and provide access to University resources for members of the broader CEU community. We also author and share news about the University and those affiliated with it, and fundraise to support CEU’s students, teaching, research, and campus development, and the University’s most urgent needs.
In order to advance our mission, CEU maintains and processes personal data collected during the course of our relationship with students, alumni, faculty, staff, employers, partners, donors, and supporters. The majority of the information we hold is obtained directly from you. Further, if you interact with departments, schools, or units within CEU, these areas may share data with each other. We always aim to keep your details up to date, and we will undertake efforts to check the contact details we have for you are correct, and, where appropriate, update them. As a result, some of the data may also have been obtained from publicly available sources. We may also use information from publicly available sources to carry out research to assess your inclination and capacity to support CEU financially or by volunteering your time and/or expertise. More information on these activities is below and you will always have the right to opt out. We value our relationship with you and we use your personal data to ensure we contact you in the most appropriate way, improve our services, and ensure we work efficiently and effectively., and ensure we work efficiently and effectively.
The offices conducting outreach on the University’s behalf are part of CEU, and CEU is the Data Controller. CEU’s data protection policy is available here: https://documents.ceu.edu/documents/p-1805.
2. Contact details of the Data Controller
Nador u. 9.
Phone: + 36 1 3273000
Central European University
Nador u. 9.
Phone: + 36 1 3273000
3. Contact details of the Data Protection Officer
Irisz Szel, Legal Counsel and Data Protection Officer
Central European University
Nador u. 9.
Phone: + 36 1 3273000
4. What is the purpose for processing your data?
Your data is used by CEU for a number of purposes in order to carry out academic activities and support the University’s educational mission, including academic and community programming, services, volunteer engagement, and fundraising. More specifically, we use your data to: to carry out academic activities and support the University’s educational mission, including academic and community programming, services, volunteer engagement, and fundraising. More specifically, we use your data to:
- Invite you to relevant University events
- Develop and support tailored communication channels and feedback platforms and initiatives, including newsletters (e.g. Octagon, The Planet, What’s On), special updates, social media coverage, and surveys
- Assist with data collection and analysis of demographic statistics and career trajectories of CEU graduates and program participants for institutional purposes, including strategic and academic planning, as well as grant reporting and accreditation
- Provide services and benefits to members of the CEU community
- Provide information about volunteering and fundraising opportunities
- Keep internal records, including the management of feedback and other meaningful interactions
- Perform administrative processes (e.g. processing your requests, donations, or event registrations you have made).
5. What is our legal basis for processing your data?
As part of our work, we process and store personal information relating to students, faculty, staff, alumni, current and potential supporters, partners, and friends of CEU and we therefore adhere to the applicable data protection rules. We take our responsibilities under these rules seriously and ensure the personal information we obtain is held, used, transferred and processed in accordance with the applicable data privacy rules. CEU processes the information outlined in this Privacy Notice in pursuit of our legitimate interests in:
- Communicating with students, faculty, staff, alumni, employers, partners, and current and potential supporters;
- Providing benefits and services to students, faculty, staff, alumni, employers, partners, and supporters;
- Furthering the University’s educational and charitable mission (which includes fundraising and securing the support of volunteers);
- Ensuring the security of our University premises;
- Enabling the University to achieve its strategic and operational goals.
We may pursue these legitimate interests by contacting you by telephone, email, post, or social media. Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from CEU, is outlined in the ‘Your rights’ section below.
Although CEU relies on legitimate interest as the legal basis for processing where this is not overridden by the interests and rights or freedoms of the data subjects concerned, it recognizes that it is not the only lawful ground for processing data. As such, where appropriate, CEU will sometimes process your data on an alternative legal basis – for example, based on a legal obligation (when reporting may be required to the Hungarian or American tax authorities, for instance) or when you give your explicit consent to us to do so.
6. What kind of personal data do we collect?
CEU maintain records of all former students of the University and, as such, we hold education records in perpetuity. If we become aware that your personal data has changed we will update our records to reflect this. In subsequent instances where we provide for example your name (e.g. a class list) we will use your current name alongside any previous names (such as your maiden name) to ensure you can be identified correctly. The University also maintains records of current and potential donors, partners, employers, and event attendees. The personal data we store and process, the majority of which is given to us by you but some of which we may obtain from other sources, may include:
- Name, title, gender, and date of birth;
- Contact details including postal address, email address, phone number and links to social media accounts;
- Information about your time at the University and other academic institutions;
- Your occupation and professional activities;
- Your recreations and interests;
- Family and spouse/partner details and your relationships to alumni, supporters, and friends;
- Records of donations, where applicable;
- Information about your interests and capacity to support CEU as a volunteer, advisor, or donor;
- Records of communications sent to you by CEU or received from you;
- Volunteering by you on behalf of the University;
- Information on your engagement in University meetings, events, groups, or networks;
- Information about your use of CEU resources or facilities.
7. Who receives your information?
CEU offices work closely together to provide a coordinated approach. Any transmission of data between CEU units is managed through agreed processes which comply with relevant data protection legislation. Some individual units elaborate their own data protection procedures in Privacy Notices similar to this one, which may be found on the respective unit’s CEU web page.
Unless we have a legal obligation to do so, we will not disclose your data to individuals, organizations, or other entities outside the University other than those who are acting as agents and data processors working on our behalf.
For the purposes set out in section 4, we may need to pass your information to our third-party service providers, agents, subcontractors, CEU’s related organizations, or volunteers for the purposes of completing tasks and providing services to you on our behalf (for example to process donations, send you mailings, print our annual report, or volunteer on an advisory committee). However, with all external entities with whom data is shared, we share only those data needed to perform the specific service and require a contract and/or confidentiality and non-disclosure agreement to be signed before any data transfer—requiring them to keep your information secure and not to use it for their own purposes. We will not sell or rent your information to third parties.
When you are using our secure online donation or event registration pages, your donation or payment is processed by a third-party payment processor specializing in the secure processing of credit/debit card transactions. We do not retain credit card information for future use unless you authorize monthly or other periodic transactions.
Specific third parties we work with include:
- Office 365: Based in the US, with CEU’s data stored within EU in datacenters located in Amsterdam and Dublin. Software As A Service which provides CEU’s email and document management.
- Raiser’s Edge and related Blackbaud providers (Online Express, Blackbaud Merchant Services): Based in the US and UK, this group of providers serves as a contact management platform, inclusive of secure donation processing capacity, and the Citrix email exchange.
- Mailchimp and Constant Contact: Based in the US, Mailchimp and Constant Contact enable CEU to share news about the University, and provide us with data on opens and clicks from our newsletters.
- Eventbrite: Based in the US, Eventbrite provides us with an event technology platform which enables our faculty, staff, students, alumni, employers, and supporters to book events with us.
- iWave: Aggregator of publicly available data for contacts in the US and Canada to support research for appropriately-tailored funding proposals.
- Regulators and other authorities acting as processors based in the US and Hungary who require reporting of processing activities in certain circumstances, such as the US Internal Revenue Service.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
8. How long will your information be held?
We consider being a member of the CEU community as a lifelong relationship. Generally, CEU will look to retain personal data of our stakeholders until the individual asks us to remove it from our records. We will routinely remind you of your right to have us remove your personal data.
Further, as a fundraising institution founded and powered by visionary philanthropy, CEU relies on ongoing relationships with its alumni, supporters, and their families to enable the University to carry out its educational mission. Especially in cases of donations of bequests and endowments—which are vital to our teaching, research, and community engagement—the generosity that sustains CEU may endure well beyond a supporter’s lifetime. Therefore, unless otherwise requested, or unless deemed inactive under periodic review, CEU will hold supporter records in perpetuity. As noted above, CEU maintains records of all former students of the University and, as such, we hold education records in perpetuity.
If you decide that you no longer wish to receive communication from CEU, please be aware that we still need to retain a minimal amount of personal data so that we can keep a record that you have asked us not to contact you.
9. What are your rights?
You have a right
- to access your personal information,
- to object to the processing of your personal information,
- to rectify,
- to erase and
- to restrict processing your personal information.
If you wish to exercise any of these rights, please email firstname.lastname@example.org or write to us at CEU Data Protection Officer, Nádor utca 9, 1051 Budapest, Hungary. CEU will make every effort to fulfill your request to the extent allowed by law and will respond in writing within 30 days of receiving your request.
Should you wish to request help from the relevant national authority, their details are as follows:
National Authority for Data Protection and Freedom of Information (1055 Budapest, Falk Miksa utca 9-11)
10. Security of your information
We are committed to holding your data securely and treating it with sensitivity. All data are held securely and in accordance with the relevant data privacy laws and our internal policies. We do not sell to or trade your data with any other organizations. For further details please see CEU’s Data Protection Policy.
Although most of the information we store and process stays within Hungary, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partners’ servers are located in a country outside the EEA. Where these countries do not have similar data protection laws to the European Union, we will take steps to make sure they provide an adequate level of protection in accordance with EU data protection law.
11. Future changes
If our information policies or practices change at some time in the future, we will post the changes on our website among our Official Documents (https://documents.ceu.edu/).
Last updated on: May 24, 2018