Additional EEA Privacy Disclosures

Effective Date:  May 25, 2018
Last Updated:   August 5, 2020

The following EEA privacy disclosures (the “Disclosures”) provide information about the collection, use, processing and sharing of data about individuals located in the European Union, Iceland, Liechtenstein or Norway (the “European Economic Area” or “EEA”). 

In these Disclosures, 

  • “GDPR” means the European Union’s General Data Protection Regulation; 
  • “Personal Data” means information that relates to an individual who is directly or indirectly identified or identifiable; and
  • “EEA Processing Activities” means the collection, use, processing or sharing of Personal Data when those activities are within the scope of the GDPR.

These Disclosures apply only to the use of Personal Data in EEA Processing Activities.  Further, these Disclosures apply only to the Harvard University Schools, Centers, and other Harvard units and controlled entities (collectively, “Harvard Entities”) that link to these Disclosures or expressly adopt them in writing.  In these Disclosures the words “we” or “our” refer to each such Harvard Entity.  In some cases a Harvard Entity may provide other information about its EEA Processing Activities in its own supplemental or separate disclosures.These Disclosures apply to EEA Processing Activities by any means, including hardcopy (such as paper applications or forms) and electronic means (such as websites and mobile applications).

A.    How We Collect and Use Personal Data

We collect several categories of Personal Data in circumstances that may involve EEA Processing Activities, including data you provide, data collected automatically (potentially including location data), and data we obtain from third party sources.
 We use the Personal Data that we collect to carry on various institutional and educational activities.  As described in more detail below, we rely on a number of legal bases to lawfully process your Personal Data.

The ways in which we collect and use your data vary depending on the relationship between you and us, as well as the Harvard Entity with which you interact.  The following sections of these Disclosures describe in more detail how we collect and use Personal Data in various circumstances that may involve EEA Processing Activities.  Please note that, depending on the situation, some of the processing of Personal Data we do in the various circumstances described below may not fall within the scope of the GDPR. 

1.    Personal Data We Obtain from You

Websites and Mobile Applications

As is true of most digital platforms, we gather certain data automatically when you use one of our websites or mobile applications, such as your IP address, browser type and device type.  Certain web-forms also collect Personal Data you provide, for example when you enter the data into form fields on a feedback page.  If we also process data through our websites or mobile applications for one of the activities described further below, those sections will provide additional information about how data are collected and used.  We and our third-party vendors collect Personal Data for the primary purposes of conducting analytics, responding to your requests and providing you with relevant information.