EU Student Consent for Collection, Processing, and Retention of Personal Data

  • Personal data of an identifying and geographic nature to allow secure communication of accurate information regarding IW, its services, policies, and procedures.
  • Personal data of a financial nature necessary to conduct the transaction of a financial nature and determine my or my family’s ability to pay for services provided by IW.
  • Personal data revealing racial or ethnic origin, religious or philosophical beliefs, and sexual orientation for the purpose of determining housing assignments in university residence halls.
  • Personal data concerning health for purposes of planning and providing of adequate care while enrolled at IW.
  • Personal data of a physical nature such as deemed necessary by the National Collegiate Athletics Association (NCAA) for participation in intercollegiate athletics including my image and likeness, height, weight, sport, and player position.

Right to Erasure

  • I understand that until payment of any monies to IW (application fees, enrollment deposits, residence deposits, etc.) I reserve the right to erase of my personal data from IW systems (physical or digital). My name and date of erasure may be retained as deemed necessary by the DPO.
  • I understand that upon payment of fees and upon attendance in courses (physically or online), my right to erasure is mitigated by the rights and responsibilities of IW to comply with US federal laws governing data retention.

The Release of Directory Information

  • I agree that, unless I submit a written request to restrict its release to the Office of the Registrar, the following personal data will be released upon request to the requestor without additional notification to me: my name, local and permanent home addresses, phone number, email address, date and location of birth, parents’ or legal guardians’ names and addresses, classification (freshman, sophomore, etc.), program of study (major, minor, etc.), enrollment status, dates of enrollment, degrees and honors received, the most recently enrolled institution prior to IW, IW student organizations including athletic teams.

Cookie Notice

We use cookies and similar technologies to recognize your repeat visits and preferences, as well as to measure the effectiveness of campaigns and analze traffic.

Data Breach Policies and Procedures – DP03

  1. In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
  2. The processor shall notify the controller without undue delay after becoming aware of a personal data breach.
  3. The notification referred to in paragraph 1 shall at least:
    1. describe the nature of the personal data breach including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
    2. communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
    3. describe the likely consequences of the personal data breach;
    4. describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
  4. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay.
  5. The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.
  6. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
  7. The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain at least the information and plan of action to deal with the breach.
  8. If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so or may decide that any of the conditions referred to in paragraph 3 are met.

Iowa Wesleyan University’s Controller or Chief Information Officer is Kit Nip. Please contact Kit Nip at [email protected].