Privacy Policy

Privacy Policy

Introduction

REVA University [“Company” or “We”] respects your privacy and is committed to the responsible use of personal and sensitive information collected from its students, faculty, staff, business partners, and others.

This Privacy Policy [“Policy”] explains how we collect, use, disclose, and safeguard your information when you visit our website https://reva.edu.in, including any other media form, media channel, mobile website, or mobile application related or connected thereto [collectively, the “Site”]. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

Please read this policy carefully to understand our policies and practices regarding your information and how we may treat it. If you do not agree with our policies and practices, it is your choice to not use our Services. By accessing or using REVA University’s Services, you agree to this Policy. This Policy may change from time to time (see Changes to our Privacy Policy).

You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted.

The REVA University Privacy Policy applies to all faculty, staff, students, affiliates, and third-party service providers. This policy is not intended to replace or supersede other existing University policies and procedures relating to the use of maintenance of sensitive information such as those related to FERPA compliance, GLBA compliance, or human subjects research.

Objective

The purpose of this policy is to protect the privacy of individuals who have sensitive information stored (either in electronic or paper form) on assets owned by The REVA University, while at the same time providing the University the ability to share this information with authorized entities as required by legitimate academic or business need  or by law.

Terms and Conditions

Information we collect

REVA University collects several types of information. We collect students and parents’ information through our website. Such information is utilized in providing an efficient and effective experience to all users. When our patrons use our Site, information is stores on our computers and servers.

In some circumstances, the people involved in the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, as necessary, as Data Processors by us, may have access to this data.

REVA University collects the following information:

  • Personal Information, which includes information through which you may be personally identified, such as name, postal addresses, email addresses, IP address, social media website user account names, telephone numbers, companies you may be associated with, education, employment history, or other addresses at which you receive communications from or on behalf of REVA University.
  • Our Site does not store any cookies. The data collected from our users is only for the official purposes of the University, and will not been shared with any other government or non-government organisations for any promotional activities.
How We Use Your Information

When we collect user information, the University is committed to protecting individual privacy, and disallows unauthorized access to or use of user information. We fully comply with the laws and government regulations in the collection, use, storage, display, distribution and disposal of any personal and sensitive information.

Authorized uses of sensitive information within the University are limited to uses which are:

  • Necessary to meet legal and regulatory requirements
  • Facilitate access to services, transactions, facilities and information
  • Support efficient academic and administrative processes

Access to sensitive information is limited to:

  • The individual whose information is produced or displayed
  • A University official or agent of the University with authorized access based upon a legitimate academic or business interest and a need to know
  • An organization or person authorized by the individual to receive the information
  • A legally authorized government entity or representative
  • Other circumstances in which the University is legally compelled to provide access to information, such as the GOI Information Act
  • Or other individuals or entities, as allowed by law, for purposes judged to be appropriate or necessary for the reasonable conduct of University business.
Confidential Information

Pan/ Aadhar Numbers are always considered confidential and are therefore subject to the limits of use and access described above. In addition, the University will continue to collect, and process Pan/ Aadhar Numbers limited only to instances in which that number is required by law or contract or instances where there is a legitimate business or academic need authorized by University administration. This includes, but is not limited to, all enrolled students.

The University, its faculty, staff, and students must abide by all legal regulations pertaining to Pan/ Aadhar Numbers protection.

It is against both state law and University policy to:

  • Publicly post or display the Pan/ Aadhar Numbers in any manner
  • Require an individual to transmit his or her Pan/ Aadhar Numbers over the Internet unless the connection is secure, or the number is encrypted or
  • Require an individual to use his or her Pan/ Aadhar Numbers to access an Internet site unless a unique password or PIN is also required.
  • Print the Pan/ Aadhar Numbers on any card required to access services
  • Establish a new process that requires the printing of a Pan/ Aadhar Numbers on any materials that are mailed unless required by other state or federal agency.

Online Collection of Information

University departments must post a link to the REVA University Privacy Policy on any website which collects data about website visitors.

  • European Union General Data Protection Regulation (EU GDPR) Privacy Notice
Lawful Basis for Collecting and Processing of Personal Data

The University is an institute of higher education involved in education, research, and community development.  In order for the University to educate its students both in class and on-line, engage in world-class research, and provide community services, it is essential, and the University has lawful bases to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs.

The lawful bases include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, research, development, program analysis for improvements, and records retention. Examples of data that the University may need to collect in connection with the lawful bases are name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

For more information regarding the EU GDPR, please review the University’s European Union General Data Protection Regulation Compliance Policy.

Most of the University’s collection and processing of personal data will fall under the following categories:

  • For the purposes of the legitimate interests pursued by the University or third parties in providing education, employment, research and development, community programs.
  • For the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
  • For compliance with a legal obligation to which the University is subject.
  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Accessing Personal Data

The University collects a variety of personal and sensitive data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, employment, and provision of medical services, participation in research, development and community outreach. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please contact the Office of Information Security at support@reva.edu.in

If a user refuses to provide personal data that is required by the University in connection with one of the University’s lawful bases to collect such personal data, such refusal may make it impossible for the University to provide education, employment, research or other requested services.

Individual Rights of Users under the EU GDPR

Individual information collected under the University’s European Union General Data Protection Regulation Compliance Policy will contain the following information at the time of the collection of information:

  • Information about the controller collecting the personal data
  • The purposes and lawful basis of the data collection/processing, including the legitimate interest for the processing (if applicable)
  • Who the recipients or categories of recipients of the personal data are
  • Whether the University intends to transfer personal data to another country or international organization
  • The period for which the personal data will be stored
  • The existence of the right to access, make corrections to, or erase personal data, the right to restrict or object to processing, and the right to data portability
  • The existence of the right to withdraw consent at any time (if applicable)
  • The right to lodge a complaint with a supervisory authority (established in the EU)
  • Justification for why the personal data are required, and possible consequences of the failure to provide the personal data
  • The existence of automated decision-making, including profiling; and
  • If the collected personal data are going to be further processed for a purpose other than that for which it was collected

Individual data subjects whose information is collected under the University’s European Union General Data Protection Regulation Compliance Policy will be provided the following rights (as applicable), provided that the University determines that the exercise of the right is permitted and/or required by the EU GDPR:

  • the right to receive confirmation from the University as to whether the user’s personal data is being processed by the University, and if so, the right to access such personal data and the right to receive information regarding, among other things, the categories of personal data collected and how such personal data is being used
  • The right to correct inaccurate personal data concerning the data subject
  • The right to obtain erasure of personal data concerning the data subject
  • The right to restrict or object to the processing of the data subject’s personal data; and
  • The right to request a copy of personal data concerning the data subject
Security of Information subject to the EU GDPR

All personal and sensitive information data collected or processed by the University under the scope of the European Union General Data Protection Regulation Compliance Policy must comply with the security controls and systems and process requirements and standards set forth in the University’s Data Classification and Protection Standard.

We will not share your information with third parties except:

  • As necessary to meet one of its lawful purposes, including but not limited to,
    1. Its legitimate interest
    2. Contract compliance
    3. Its legitimate interest
    4. Pursuant to consent provided by you
    5. As required by law
  • As necessary to protect the University’s interests
  • With service providers acting on our behalf who have agreed to protect the confidentiality of the data
Data Retention

Human Resources (Employment) Records Retention period is as per REVA University Policy.

Enforcement and Implementation

Roles and Responsibilities
  • Each University department/unit is responsible for implementing, reviewing and monitoring internal policies, practices, etc. to assure compliance with this policy.
  • The Department of Information Technology is responsible for enforcing this policy.
Consequences and Sanctions
  • Violation of this policy may incur the same types of disciplinary measures and consequences as violations of other University policies, including progressive discipline up to and including termination of employment, or, in the cases where students are involved, reporting of a Student Code of Conduct violation.

Contact Information

To raise questions or comment about this Privacy Policy and our privacy practices, contact us at: support@reva.edu.in