Skip to Main Content

Below is The College of Saint Rose (Saint Rose) Privacy Notice for both its website and for compliance with the European Union General Data Protection Regulation (“EU GDPR”).


What we collect and why

Saint Rose collects information from individuals or entities when they access any Saint Rose website.  Information that is collected from accessing the website includes the contactor’s IP address, date and time of the website access, and the web pages(s) visited.  In addition, Saint Rose may also collect any information that it receives from your web browser, including browser type and version, and operating system.  This information helps us understand aggregate uses of our site, track usage trends and improve our services.


Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user.  Saint Rose’s website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Sharing your information

We will not share your information with third parties except:

  • as required by law;
  • as necessary to protect Saint Rose interests; and/or
  • with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

Links to other websites

Saint Rose’s website may contain links to other unaffiliated websites. Saint Rose is not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.

Legal Notice

Notwithstanding any language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, or contract of any kind. The data contained herein is for informational purposes only and is not represented to be error free. Any links to non-Saint Rose information are provided as a courtesy. They are not intended to nor do they constitute an endorsement by the Saint Rose of the linked materials.

Additional European Union General Data Protection Regulation (EU GDPR) Privacy Notice

In addition to the information provided above in the general Privacy Notice, the following information is being provided pursuant to the EU GDPR:

Lawful Basis for Collecting and Processing of Personal Data

Saint Rose is an institution of higher education. In order for Saint Rose to educate its students both in class and on-line, engage in research, and provide other services, it is essential, necessary, and lawful for Saint Rose to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and other programs. The lawful bases include, without limitation, admission; registration; delivery of classroom, on-line, and study abroad education; grades; communications; employment, applied research; development, including fundraising; program analysis for improvements; and records retention. Examples of data that Saint Rose may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent, when possible.

Most of Saint Rose’s collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by Saint Rose or third parties in providing education, employment, research and development, community programs.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
  3. Processing is necessary for compliance with a legal obligation to which Saint Rose is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.  This lawful basis pertains primarily but not exclusively to the protection of research subjects, providing medical and mental health services.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Types of Personal Data collected and why

Saint Rose collects a variety of personal and sensitive data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, participation in research, development and community outreach. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please contact Saint Rose’s Data Controller at

If anyone refuses to provide personal data that is required by Saint Rose in connection with one of Saint Rose’s lawful bases to collect such personal data, such refusal may make it impossible for Saint Rose to provide education, employment, research or other requested services.

Where Saint Rose gets Personal and Sensitive Personal Data

Saint Rose receives personal and sensitive personal data from multiple sources. Most often, Saint Rose gets this data directly from the individual or under the direction of the individual who has provided it to a third party (for example, application for admission to The College of Saint Rose through use of the Common App).

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by Saint Rose’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  • information about the controller collecting the data
  • the data protection officer contact information
  • the purposes and legal basis/legitimate interests of the data collection/processing
  • recipients of the personal data
  • if Saint Rose intends to transfer personal data to another country or international organization
  • the period the personal data will be stored
  • the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  • the existence of the right to withdraw consent at any time
  • the right to lodge a complaint with a supervisory authority (established in the EU)
  • why the personal data are required, and possible consequences of the failure to provide the data
  • the existence of automated decision-making, including profiling
  • if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by filling such request with Saint Rose’s Data Controller at

Security of Personal Data subject to the EU GDPR

We will not share your information with third parties except:

  • as necessary to meet one of its lawful purposes, including but not limited to,
  • its legitimate interest,
  • contract compliance,
  • pursuant to consent provided by you,
  • as required by law;
  • as necessary to protect Saint Rose’s interests;
  • with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

We would like to acknowledge the generosity of Georgia Institute of Technology in allowing us to utilize its materials in developing this Privacy Notice.