This Notice establishes Ƶ State University’s (“Ƶ”) privacy notices for both its website located at kennesaw.edu (“Site”) and in compliance with any applicable data privacy standards and legal requirements regarding the data collected, including compliance with the European Union General Data Protection Regulation (“EU GDPR”).  This Notice describes the type of information Ƶ collects from visitors to this Site, what we do with that information, and how visitors can update and control the use of information collected by this Site. 

Type of Information Collected and Why

Ƶ State University (Ƶ) is committed to ensuring the privacy of your information. Ƶ collects two kinds of information on this site:  1) Information that is voluntarily supplied by visiting the site and enrolling in programs and 2) Information that is automatically collected as you navigate the site. 

Information voluntarily supplied by visitors seeking to access various features and information includes, among other things, name, address, and phone number. Any personal information that you choose to provide through the Site will be protected in accordance with the provisions of this Notice. If you refuse to provide personal data that is required by Ƶ in connection with one of Ƶ’s lawful bases to collect such personal data, such refusal may make it impossible for Ƶ to provide education, employment, or other requested services.

Information automatically collected includes the user’s IP address, date and time of the website access along with the web pages(s) visited. In addition, Ƶ may also collect any information that it receives from your web browser, including browser type and version, and operating system.  This information helps us understand aggregate uses of our site, track usage trends and improve our services. Additionally, university web sites use cookies to collect certain information. Cookies are small pieces of data that are sent by our Website to your Web browser. They are stored on your computer and are used to improve your web experience and improve the availability of web content. We may also use cookies to pre-fill forms so that you do not need to re-enter data. Accepting a cookie does not give us access to your computer or any personal information about you.

Links to Other Websites

Links within the university website may direct you to other websites not affiliated with Ƶ.  Ƶ is not responsible for the privacy practices, policies, actions, web content, services, or products of non-Ƶ sites to which we link. These links are not intended to, nor do they constitute, an endorsement by Ƶ of the linked materials.  We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.

Security and Accuracy of Confidential Information

Ƶ does its best to reasonably ensure that the personal information obtained from you is accurate. Visitors may review the information saved or submitted via the Site at any time up to the point when it is purged. If there is an error in your personal information, we will correct the information upon your request, which may be submitted to dataprivacy@usg.edu

We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to the online information we collect and use. While we strive to protect visitor’s personal information by encryption and other means, we cannot guarantee or warrant the security of the information you transmit to us, and if you choose to use the Site, you do so at your own risk. 

If you post any data within a public forum on any Ƶ website, that data is now public. 

Sharing of Information

Ƶ is committed to maintaining the privacy of your personal information. Any information submitted via the website will only be used for the purposes stated on the submission page.  Ƶ does not actively share personal information gathered from the Site, except:

  • as required by law (including but not limited to the Georgia Open Records Act);
  • as necessary to protect Ƶ interests;
  • as necessary to further research efforts pursuant to approvals from the appropriate data stewards and the Institutional Review Board;
  • and/or with contracted service providers acting on behalf of the university who have agreed to protect the confidentiality of the data.  

Ƶ also complies with the Family Educational Rights and Privacy Act (“FERPA”), which generally prohibits (with some exceptions) the release of education records without student permission. Please visit  for more information.

European Union General Data Protection Regulation (EU GDPR) Privacy Notice

Lawful Basis for Collecting and Processing of Personal Data

Ƶ State University is an institution of higher education involved in education, research, and community engagement. For Ƶ to educate its students both in class and on-line, engage in world-class research, and provide community services, it is essential, necessary, and Ƶ has lawful bases to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention. Examples of data that Ƶ may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

For more information regarding the EU GDPR, please review Ƶ State’s .  All personal data and sensitive personal data collected or processed by Ƶ under the scope of the Ƶ EU General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards of Ƶ policies.

The majority of Ƶ’s collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by Ƶ or third parties in providing education, employment, research and development, and community programs.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
  3. Processing is necessary for compliance with a legal obligation to which Ƶ is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.  This lawful basis pertains primarily, but not exclusively, to the protection of research subjects.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Where Ƶ Obtains Personal Data and Special Categories of Sensitive Personal Data

Ƶ receives personal data and special categories of sensitive personal data from multiple sources. Most often, this data comes directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to Ƶ through use of the Common App). 

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Ƶ’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  • information about the controller collecting the data
  • the data protection officer contact information
  • the purposes and legal basis/legitimate interests of the data collection/processing
  • recipients of the personal data
  • if Ƶ intends to transfer personal data to another country or international organization
  • the period the personal data will be stored
  • the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  • the existence of the right to withdraw consent at any time
  • the right to lodge a complaint with a supervisory authority (established in the EU)
  • why the personal data are required, and possible consequences of the failure to provide the data
  • the existence of automated decision-making, including profiling
  • if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights under the EU GDPR may do so by submitting a Service Request with the Office of Cybersecurity at dataprivacy@kennesaw.edu.   

Website Data Collected and Why; Cookies

Please see the “Type of Information Collected and Why” section above for details regarding information collected from Ƶ websites and cookies.

Security of Personal Data subject to the EU GDPR

All personal data collected or processed by Ƶ under the scope of the Ƶ EU General Data Protection Regulation Compliance Policy must comply with organizational security controls, standards, processes and policies.  If you have questions about this Notice or believe that your personal information has been released without your consent or if you wish to correct information held by Ƶ, please contact us at dataprivacy@usg.edu.

Ƶ will not share your information with third parties except as necessary to meet one of Ƶ’s lawful purposes. 

Georgia Open Records Act

As an entity of the government of the State of Georgia, Ƶ is subject to the provisions of the Georgia Open Records Act (ORA). Except for those records that are exempt from disclosure under the ORA, the ORA provides that all citizens are entitled to view the records of state agencies on request and to make copies for a fee.  For more information on Ƶ’s ORA compliance, please visit the . 

Data Retention

Ƶ keeps the data it collects for the time periods specified in the . 

For examples of Student Records Retention Schedules, see: 

For examples of Human Resources (Employment) Records Retention Schedules, see: