Privacy Statement

We, the American University of Beirut (AUB), take data privacy seriously and adhere to all applicable data privacy laws and regulations. It is our responsibility to ensure data has been obtained correctly, is accurate, and held in a secure manner.

Personal data relates to a living individual who can be identified directly or indirectly from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. We are the Data Controller (contact details below). This means we have responsibility for your personal data.

This statement sets out:

1- how we use the personal information received from you;

2- for what purpose, and;

3- how we process it.

If you have any questions, please send us an email to <dpo@aub.edu.lb> for AUB Campus data privacy related matters, and to <dpo_aubmc@aub.edu.lb> for AUBMC data privacy related matters. Full contact information is provided at the end of this statement.

If you are experiencing technical problems with this website, please Email <it.helpdesk@aub.edu.lb>.

If you are concerned that any of the information we hold on you is incorrect, then please contact us. Email: <sart@aub.edu.lb>.

1- We pledge to be responsible when gathering your personal information and protect your privacy by:

• Complying with our obligations under all applicable (to AUB) data privacy laws and regulations;

• Keeping personal data up to date;

• Storing and destroying it securely;

• Collecting personal data only for specified, explicit and legitimate purposes and not exploiting it beyond these purposes;

• Not collecting or retaining excessive amounts of data;

• Ensuring that our employees are provided the necessary training on how to be in compliance with data privacy;

• Protecting personal data from loss, misuse, unauthorized access and disclosure; and,

• Processing personal data in a manner that ensures its security to the extent possible (or however feasible), using appropriate technical measures to protect personal data against unauthorized or unlawful access, as well as against accidental loss, destruction or damage (security, integrity and confidentiality).

We may, under certain circumstances, access electronic data as authorized by executives in order to protect the interests of the university and maintain the operational and institutional integrity and in other emergency situations. For further information, please refer to the below related “Privacy Policy on Electronic Communications and Files” [https://aub.policytech.eu/dotNet/documents/?docid=185].

2- You will be asked to provide certain information such as your name, contact and other details depending on the services we provide you.

We use your personal data for the following purposes:

• Your comfort, safety and security; To fulfil our agreement with you, including processing your details, sending you your schedule, or contacting you if there is a problem;

• To comply with all educational, patient-care, research regulations, and fund raising activities;

• To register you with our electronic services and administer our systems where you have registered;

• To answer any queries which you may address to us;

• To communicate or notify you with news, updates and events related to the registered services;

• To make automated or manual decisions for providing better services;

• To enable us to review, develop and improve the services which we offer and provide you and other constituents (via mail, email, telephone or otherwise) with information about new programs, services, news and special events.; and,

• To maintain our business accounts and records.

3- We collect and process personal data on the following basis:

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

Performance of a contract is our primary legal basis for processing your personal data. However, we take your data privacy, and rights extremely seriously. So, for all direct marketing and promotional activities, we will ask you to give your explicit consent.

Your personal data remains strictly confidential and will only be shared with trusted third parties with your consent. The only exception to this is where we must meet our obligations under international and national civil law and security regulations.

Where common services are used, such as email and cloud data storage, we will not seek your consent as the selected providers of these services are compliant with data privacy regulations.

All of our third party providers must meet and adhere to strict data protection standards that are EU GDPR compliant or of equivalent standard. Third parties may include the following:

• Customs and Immigration authorities or other regulatory authorities in your country of departure and/or destination in order to comply with the existing laws.

• The provision of certain services, such as enabling our constituents to attend events or other services quickly and easily.

• To our employees and agents to do any of the above on our behalf, now or in the future.

• To third party organizations involved in credit card authorization and banking organizations.

• If we have a duty to do so or if the law allows us to do so.

Our web site and mobile applications may contain links to other web sites. Please be aware that we are not responsible for the privacy practices of web sites or mobile applications not operated by us. We encourage you to read the privacy statements of each and every service, web site and mobile application that collects personally identifiable information.

If you no longer wish to receive promotional materials, you may opt-out at any time by notifying us - Email: <sart@aub.edu.lb>

We are required by law to retain personal data. Data may be retained for only a few days, to several months or years. For more information, please refer to our Retention Policy [https://aub.policytech.eu/docview/?docid=170]

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

• The right to request a copy of your personal data which American University of Beirut holds about you;

• The right to request that American University of Beirut corrects any personal data if it is found to be inaccurate or out of date;

• The right to request your personal data is erased where it is no longer necessary for American University of Beirut to retain such data as per the applicable laws and regulations;

• The right to withdraw your consent to the processing at any time;

• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;

• The right to object to the automatic or manual use of personal data, except where there is a valid reason to continue processing;

• The right to lodge a complaint with the Supervisory Authority.

If we wish to use your personal data for a new purpose i.e. a purpose that is not covered by this Statement, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

We may change this Privacy Statement at any time and will notify users of any material changes by updating the statement here and by including a "NEWLY UPDATED" label with the "PRIVACY POLICY" link on the web sites governed by this statement for 30 days after any material changes are made.

Contact Details

To exercise all relevant rights, queries or complaints, please in the first instance, contact: American University of Beirut,

Office of Compliance, American University of Beirut, Bliss St., Beirut, Lebanon

Email: <compliance@aub.edu.lb>

You can contact the Information Commissioners Office by:

• Phone +44 (0) 303 123 1113;

• Email https://ico.org.uk/global/contact-us/email/;

• at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, United Kingdom. SK9 5AF.

Note: Individuals must contact the university directly, in the first instance, regarding all enquiries concerning Data Privacy. This is required for identity authentication.