European Union General Data Protection Regulation (EU GDPR)
The Stony Brook Foundation (the “Foundation”) affirms its intent to honor and abide
by the European Union General Protection Regulation (EU GDPR), which takes effect
on May 25, 2018.
The Foundation recognizes that the EU GDPR provides special protection to the personal data of people located in the European Economic Area (EEA), which includes, but is not limited to, the EU countries; which applies both inside and outside of the EEA; and which applies to anyone in the EEA (“data subjects”).
As part of honoring the EU GDPR, the Foundation recognizes the rights of the people covered under the regulation and will take appropriate action to ensure that:
- The Foundation informs data subjects of its intent to collect and/or process specific
data about them for specific purposes, and that positive consent is obtained from
data subjects through clear and simple language whenever necessary.
Currently, the Stony Brook Foundation maintains some or all of this information about our constituents:
- Contact information (addresses, phone numbers, emails)
- Biographical information (birthday, gender, family relationships)
- Employer/business and affiliated organizations
- Stony Brook academic major, minor, and current and past affiliations (examples: Chess Club, Advisory Board)
- Other schools attended
- Giving history and associated documentation (examples: agreements, correspondence and meetings)
- Affiliated public information (example: real estate)
- Stony Brook events attended and interest in news items
- News, awards and honors
- Preferences regarding contact
The security of relevant personal data is an integral part of the Foundation’s data systems and processes and not simply an add-on or afterthought.
The Foundation will comply with the EU GDPR’s terms of prompt notification in the unlikely event of a data breach.
The data subjects have access to the data collected and processed by the Foundation, and can request to rectify it, restrict its processing, object to its use for profiling for direct marketing purposes, and/or to have their data erased (“right to be forgotten”).
That data subjects under the EU GDPR will also retain their rights covered by any complementary applicable U.S. laws regarding data privacy and disclosure, including FERPA for student data and HIPAA for patient data.
For questions or comments about this policy please contact the Foundation at (631) 632-4887.