Information Technology, Documents, & Records

Privacy Statement

Effective Date:  April 1, 2019

Carleton College is committed to protecting the privacy of individuals who share personal data with us.

We value and respect your privacy. We strive to ensure that information entrusted to the College will be handled with care and respect. This Privacy Policy is designed to assist you in understanding how we collect, use, share, and dispose of personal information you provide to us and information that is gathered during your interactions with the College. Information we collect is necessary for us to conduct our legitimate business operations and administer our educational offerings. We collect, use, store, and dispose of the information we collect in accordance with relevant laws and regulations including, but not limited to the Family Educational Rights and Privacy Act, the Gramm-Leach-Bliley Act, and the European Union’s General Data Protection Regulation (GDPR). By using our sites and services, you are consenting to our collection and use of information in accordance with this Privacy Policy.

What information do we collect?

The College collects information you provide when you apply for admission, register for campus visits and events, apply for employment, make charitable contributions, or otherwise interact with the College’s sites and services. Some of the information submitted by you or collected during your relationship with the College may be personally identifiable information.

Types of personal information include, but are not limited to:

  • full legal name
  • social security number
  • date of birth
  • address
  • email address and phone numbers
  • your parent’s or guardian’s full name(s) and contact information
  • gender and sex
  • ethnicity, race, and national origin
  • academic information
  • enrollment information
  • employment information
  • donation information
  • involvement in work, school, and community activities
  • personal essays
  • browsing and navigation behavior on our sites and networks

How do we use information we collect?

Ways we use the information we collect include, but are not limited to:

  • to consider your candidacy for admission to or employment with the College
  • to evaluate your eligibility for financial aid
  • to facilitate your education, if you are admitted and enroll to the College
  • to provide opportunities to engage with the College, alumni, donors, prospective donors, and students through interactions, events, and financial transactions
  • to provide educational courses and programs
  • for our marketing and promotional efforts
  • to prevent, investigate, take action against fraud, spam, harassment, intellectual property infringement, crime, violations of College policies, and security risks
  • to conduct or support Carleton-endorsed research studies
  • to meet legal obligations
  • to provide, improve, and customize our educational offerings
  • to administer College operations
  • to offer attendance to events and opportunities to volunteer
  • to conduct admissions and development research
  • to understand how our sites and services are being used
  • to support the safety and security of our students, faculty, fellows, employees and others

How do we dispose of the information we collect?

We will retain your personal data for only as long as is necessary for the purposes listed in this Policy unless a longer period is required under applicable law, or is needed to resolve disputes or protect our legal rights or comply with legal obligations.

When assessing the data retention period, we take into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Privacy Oversight

To satisfy our privacy obligations, the Information Security Advisory Council will:

  • design, develop, and execute plans for monitoring and ensuring the privacy of data across all functions of the College
  • act as the primary point of contact for questions regarding protected information
  • conduct periodic audits to ensure that privacy procedures are followed
  • report on risk related to protected information to the audit committee
  • monitor and advise on privacy education efforts
  • participate as appropriate in privacy complaints and investigations

This policy will be reviewed annually. If you have any questions regarding this Privacy Policy, please contact us at

Last Revised: January 23, 2023

Approved by TPPC January 16, 2023.

For: Faculty, Staff, Students

Last Reviewed: January 25, 2023

Maintained by: Information Technology Services