Information Technology, Documents, & Records
Effective Date: April 1, 2019
Carleton College is committed to protecting the privacy of individuals who share personal data with us.
What information do we collect?
The College collects information you provide when you apply for admission, register for campus visits and events, apply for employment, make charitable contributions, or otherwise interact with the College’s sites and services. Some of the information submitted by you or collected during your relationship with the College may be personally identifiable information.
Types of personal information include, but are not limited to:
- full legal name
- social security number
- date of birth
- email address and phone numbers
- your parent’s or guardian’s full name(s) and contact information
- gender and sex
- ethnicity, race, and national origin
- academic information
- enrollment information
- employment information
- donation information
- involvement in work, school, and community activities
- personal essays
- browsing and navigation behavior on our sites and networks
How do we use information we collect?
Ways we use the information we collect include, but are not limited to:
- to consider your candidacy for admission to or employment with the College
- to evaluate your eligibility for financial aid
- to facilitate your education, if you are admitted and enroll to the College
- to provide opportunities to engage with the College, alumni, donors, prospective donors, and students through interactions, events, and financial transactions
- to provide educational courses and programs
- for our marketing and promotional efforts
- to prevent, investigate, take action against fraud, spam, harassment, intellectual property infringement, crime, violations of College policies, and security risks
- to meet legal obligations
- to provide, improve, and customize our educational offerings
- to administer College operations
- to offer attendance to events and opportunities to volunteer
- to conduct admissions and development research
- to understand how our sites and services are being used
- to support the safety and security of our students, faculty, fellows, employees and others
How do we dispose of the information we collect?
We will retain your personal data for only as long as is necessary for the purposes listed in this Policy unless a longer period is required under applicable law, or is needed to resolve disputes or protect our legal rights or comply with legal obligations.
When assessing the data retention period, we take into account the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the data, the purposes for which we process the data and whether we can achieve those purposes through other means, and the applicable legal requirements.
To satisfy our privacy obligations, the Information Security Advisory Council will:
- design, develop, and execute plans for monitoring and ensuring the privacy of data across all functions of the College
- act as the primary point of contact for questions regarding protected information
- conduct periodic audits to ensure that privacy procedures are followed
- report on risk related to protected information to the audit committee
- monitor and advise on privacy education efforts
- participate as appropriate in privacy complaints and investigations
Last Revised: May 30, 2018
Last Reviewed: April 11, 2019 Update Review Date
Maintained by: Information Technology Service