Data Protection Privacy Notice - General Data Protection Regulation (GDPR)

Document Number:
Revision #:
Document Owner:
Information Services

General Description

Policy Summary:

This Data Protection Privacy Notice is applicable to the extent Trinity University is subject to the European Union (EU) General Data Protection Regulation (GDPR). GDPR may apply in the context of certain activities performed by Trinity University and its third-party vendors and service providers in the processing of personal data of individuals residing in the EU.


This Data Protection Privacy Notice is in place to meet requirements of the EU GDPR to the extent Trinity University is subject to the GDPR.
Policy Content
The European Union (EU) General Data Protection Regulation (GDPR) may apply in the context of certain activities performed by Trinity University and its third-party vendors and service providers in the processing of personal data of individuals residing in the EU. This notice describes Trinity’s commitment to safeguarding personal data that is submitted to the University, either directly or indirectly, by you.  This notice also describes the ways Trinity University collects, uses, and shares your Personal Data, as defined by the GDPR,  that is gathered by any means (e.g., hard copy or electronic form) in its operations and to provide educational services.  This GDPR Privacy Notice is a supplement to the University’s  other privacy policies, including but not limited to the Internet Privacy Policy and Information Security Policy.  
Trinity collects Personal Data about you for the purposes described here and sensitive personal data if submitted by you as a voluntary response to inquiries by Trinity or its third-party service providers. Information is safeguarded in accordance with Trinity’s Information Security Policy.  As set forth herein, Trinity’s collection of personal data, as governed and defined by the GDPR, is necessary and lawful to accomplish a legitimate interest or lawful purpose, as permitted by the GDPR. Special categories of Personal Data are processed only with explicit consent or for another lawful purpose under the GDPR.
Detailed information about the types of Personal Data Trinity collects; how the Personal Data is used; the legal basis for processing Personal Data, including contractual necessity, compliance with legal obligations, vital interests, public interests, legitimate interests, and consent; and the Service Providers with whom Trinity may share the data for processing is available  here.
Generally, Trinity University will retain your Personal Data only for as long as is necessary for the uses or purposes for which it is collected.  We will also retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.   Trinity may also retain a core set of information for the University’s legitimate purposes, such as archival, scientific, and historical research, and the defense of potential legal claims.  More information about the length of time certain information is maintained is set forth in the Records Retention Policy.
Your Personal Data will be destroyed upon your request or after the expiration of the applicable retention period, whichever is later.  Appropriate data will be retained permanently to ensure your educational record is held on file for all lawful purposes. 
Your information, including any Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we may transfer this information, including Personal Data, to other companies to assist with providing our education services.

Your consent to this policy followed by your submission of such information represents your agreement to that transfer.

Trinity University will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy and no transfer of your Personal Data will take place to an organization or a company unless there are adequate data security controls in place. 
The security of your data is important to us, and Trinity utilizes appropriate technical and organizational security methods to guard against improper access, accidental loss, destruction or damage to Personal Data.  Trinity’s information security policies apply to the handling of Personal Data.
Trinity University values your rights under the GDPR.  If you would like additional information about the collection and use of your Personal Data we hold about you and/or you would like to exercise your rights under the GDPR, please contact Arturo de los Santos at  
In certain circumstances, you have the following data protection rights:
  • The right to access, update, or to delete information.  Whenever made possible, you can access, update or request deletion of your Personal Data.
  • The right of rectification.  You have the right to have your Personal Data rectified if it is inaccurate or incomplete.  
  • The right to object.  You have the right to object to our processing of your Personal Data. 
  • The right of restriction.  You have the right to request that Trinity University restrict the processing of your Personal Data.
  • The right to data portability.  You have the right to be provided with a copy of the Personal Data that Trinity University has.
  • The right to withdraw consent.  You have the right to withdraw your consent at any time where Trinity University relied on your consent to process your Personal Data.
Please note that you may be asked to verify your identity before responding to such requests.  
Terms & Definitions

Terms and Definitions:



Personal Data
Information relating to an identified or identifiable natural person in the EU.
Sensitive Personal Data
Special categories of personal data designated by the GDPR that relate to race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation or genetic or biometic data of a natural person in the EU. 

Data Controller
The natural or legal person or entity who determines the purposes and means for the processing of Personal Data.  For purposes of this policy, Trinity University is the Data Controller of your Personal Data.

Data Processor
Any natural or legal person or entity who processes the Personal Data on behalf of the Data Controller.  Trinity University may process data itself or use the services of various Service Providers in order to process your data more effectively.
Data Subject
Any natural person who can be identified by reference to an identifier of that person.
Revision Management

Revision History Log:

Revision #:


Recorded By:

4/13/2021 8:36 AM
Rachel Rolf

Vice President Approval:



Gary Logan
Vice President for Finance & Administration