We protect your data like it’s our own
We safeguard your information
We protect data and keep Nexford University (NXU) assets safe. We protect the confidential details of our organization, people and learners. In other words, we treat data as if it was our own.
We never discuss or disclose data to colleagues unless there’s a business need to do so.
Information about people is also known as personal data – this can be, for example, someone’s name, address, phone number, email address, bank account or billing information. It includes data held on our systems, in paper documents, emails, call recordings, mobiles or other storage media.
We honor the Family Educational Rights and Privacy Act (FERPA) – a US federal law that protects the privacy of learners’ education records, including personally identifiable and directory information. FERPA was enacted to ensure that parents and learners age 18 and older can access those records, request changes to them, and control the disclosure of information, except in specific and limited cases where FERPA allows for disclosure without consent.
We also recognize General Data Protection Regulation (GDPR), which imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. We believe that GDPR is an important step forward for enabling individual privacy rights.
• Third-party data
Privacy is a brand-impacting issue. We’re accountable for the personal data we hold. We ensure that any third parties that handle personal data on our behalf take the right steps to protect it. This means more than scripting data protection clauses in the contract. Third parties must be open and transparent about how they handle our personal data. We maintain proper data due diligence before we do business with them and conduct appropriate checks on their handling of personal data during our engagement with them.
We use third-party vendor remarketing tracking cookies and pixels, including the Google Adwords tracking cookie and the Adroll tracking pixel.
We'll show ads to you across the internet, specifically on the Google Content Network (GCN) and through Adroll’s network for remarketing. Based on past visits to our website, third-party vendors, including Google, will place cookies on web browsers to serve you ads. Why? We can show you programs, and occasionally offers, tailored to your preferences. We don’t currently remarket to users in the EU.
We use Google Analytics cookies to manage the performance of our site. These cookies do not contain any personally identifying information. By using our website, you agree that we can place these types of cookies on your device.
You can customize how your data is stored by Google Analytics using their opt-out browser add-on.
Find out more about cookies, including how to manage and delete them.
We’ll collect, store, and use the following personal data when you use our site:
- Your full name and title
- Your date of birth
- Your address, including city, state (US only) and country of residence
- Your email address
- A contact telephone number
- Your undergraduate field of study and result
- Your academic history as demonstrated on a transcript
- Your high-school study
- Your work experience history
- Your job title
- Where you currently work
- Your LinkedIn profile
- Your CV
- Your DACS score
- Your English proficiency score
We process your data for one or more of the following reasons and lawful bases under the GDPR. To:
- Provide you with the information you’ve requested. Maybe you want to know more about a program, or you want an update on the progress of your application. This processing is necessary to meet our contractual obligations to you or to take steps requested by you prior to entering into an agreement.
- Provide you with marketing communications based on your legitimate interests, where we have your consent, such as programs in which you’ve expressed an interest. We do this when you’ve specifically indicated that you consent to receive such communications, for example, by ticking a box or through some other action, or by volunteering non-mandatory information. You can withdraw your consent at any time by contacting us at firstname.lastname@example.org. In this event, we’ll stop any processing as soon as we can. However, this will not affect the lawfulness of any processing carried out before your withdrawal of consent and you may no longer be able to use the site in the same way you did before.
- Tailor use of this website, including personalizing our tuition fees to your location, and ensuring that content from our site is presented in the most effective way for you and your device.
- To help you participate in interactive features, including live chat.
We are Nexford University (NXU). All references to "we", "us", or "our" mean Nexford. This means that we control how to use it and we're responsible for ensuring it's in line with GDPR.
Only NXU staff who need access to your data as part of their work will have rights to view it. We'll also share your data with trusted third parties, as described above.
We act as the controller of the personal data you provide directly to us via a contact us, request information or application form, when creating an account, or via other contact methods.
We may store data collected by our website electronically or manually. The electronic data is stored on secure servers in the US and the UK.
There may be occasions when we transfer your data outside the US and the UK, for example, to our software application licensors that operate outside these countries. Such transfers will only take place if the following applies:
- The country of the organization receiving the data is considered by the EU and the US to provide an adequate level of data protection
- Approved contractual clauses govern the transfer
- The transfer has your consent
- The transfer is required for a contractual obligation with you or another person (in your best interests)
- The transfer is required by law.
We'll always do our best to protect your personal data, but we cannot ensure the security of data sent to the website and any transfer is at your own risk.
By law, you have the right to:
- Request to access your personal information (commonly known as a "data subject access request"). Activating this request enables you to receive a copy of your data and to check that we are lawfully processing it
- Request that we correct personal information about you that we hold. It may be that we have inaccurate or incomplete information, in which case, your request will enable us to correct it
- Request erasure of your personal information in line with GDPR. You can ask us to delete your data where there is no good reason for us continuing to process it
- Request we remove your data if you object to the processing of your personal information. It may be that we're relying on a legitimate interest (or those of a third party) and there is something about your precise situation which makes you want to object to processing
- Request the restriction of processing of your personal information. You can ask us to stop processing your data, for example, if you want us to check the reason for processing in the first place
- Object where we’re processing your personal information for direct marketing purposes
- Request the transfer of your personal information to another party.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a contractual requirement for us to process your data and we would not meet legal criteria if we were to stop. Or, if we need to comply with a legal obligation.
When you consent to the processing of your data (for instance, where you have asked us to contact you for marketing purposes) you can withdraw your permission at any time by emailing us at email@example.com.
What happens next? We'll stop the processing as soon as we can. Please note that you may no longer be able to use the site in the same way as you did before.
If you want to exercise any of the rights described above, you should contact Nexford's Information Compliance Team at firstname.lastname@example.org.
We'll deal with your request without delay, and in accordance with GDPR. We may keep a record of your communications to help us resolve any issues.
Finally, if you feel we haven't catered to your concerns, you have the right to lodge a complaint with the Information Commissioner’s Office, here.
Privacy Shield Notice for Users in the European Union and Switzerland
We comply with the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework as set by the US Department of Commerce.
It relates to the collection, use, and storage of personal information transferred from the EU and Switzerland to the US. Learn more about the Privacy Shield program here.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal information. EU and Swiss Individuals with inquiries or complaints regarding our Privacy Shield policy should first contact email@example.com.
At NXU, we make education accessible to people everywhere.
We’re not just talking about how much programs cost. We want to give you access to the information you need. We’re always testing our content on as many devices as possible – and this applies to our website. We’ve built it from scratch with a global audience in mind, so we welcome your feedback.
We’re committed to providing an accessible website. All pages should validate as XHTML 1.0 Strict. The templates use cascading style sheets.
We aim to meet WCAG AA standards.
If you have any problems accessing this site, contact us at firstname.lastname@example.org.