Privacy Notice

 

We know that your privacy is very important to you

Memphis Theological Seminary recognizes the concerns of individuals regarding privacy and online data collection. We strive to respect and protect the privacy expectations of our website visitors.

Most websites collect some information regarding visitors. Types of information collected are wide-ranging, and are collected both passively (by the web servers that host the websites) and actively (via user input through forms, surveys, etc.).

Some of the information collected allows site owners to determine who a particular visitor is and to track their behavior within and across a website domain.

However, most of the information collected cannot identify you as a particular individual and is only collected in aggregate.

Websites within Memphis Theological Seminary website domain, memphisseminary.edu likewise collect information regarding site visitors. This statement outlines the types of information (data) collected, our methods for collecting data, and the reasons we collect data.

 

 

 

Aggregate Information

The following are examples of information that may be collected in aggregate to provide communications staff, site owners, content managers, designers, and IT specialist’s insight into visitor behavior for the purpose of improving university websites and access to university information.

  • The Internet Protocol (IP) address of the computer and name of the Internet domain used to access the Internet;
  • IP addresses of websites linking directly to sites within the memphisseminary.edu domain;
  • The date and time a site was accessed within the memphisseminary.edu domain;
  • Pages visited (“requested”) during this session;
  • Web browser and operating system used to access a site within the memphisseminary.edu domain;
  • Device used to access a site within the memphisseminary.edu domain.

Memphis Theological Seminary websites commonly use one of the following methods to collect this data:

 

 

Cookies

Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user. Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.

Users may set preferences regarding the storage of cookies within their individual web browsers, which can also be used to remove stored cookies.

Third-party Tracking (e.g. Google Analytics)

Many websites within the memphisseminary.edu domain use Google Analytics to collect visitor data in aggregate. This data is also collected using cookies set by Google. See Google’s privacy and terms with regard to partner sites for more info: google.com/policies/privacy/partners/

The Memphis Theological Seminary may also transmit non-Personally identifiable information (NPII) collected by third-party tracking services (cookies) to other third parties (e.g. Facebook) so that you may see messages from the university when you visit other websites outside of the memphisseminary.edu domain.

Users can opt-out of the collection and use of information for ad targeting by blocking third party cookies and tracking mechanisms via browser or operating system settings, browser plugins, or using a service such as aboutads.info/choices or youronlinechoices.eu/.

Server Logs

All web servers collect very basic visitor information to monitor site usage and performance.

Types of Personal Data collected and how it will be used

MTS collects a variety of personal data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development, and public service. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please contact the Data Protection Officer for the applicable MTS campus or institute as identified herein.

If a data subject refuses to provide personal data that is required by MTS in connection with one of MTS’s lawful bases to collect such personal data, such refusal may make it impossible for MTS to provide education, employment, research, or other requested services.

Where MTS gets Personal Data

MTS receives personal data from multiple sources. Most often, MTS gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to MTS through use of Blackbaud).

Sharing your information

MTS will not share your information with third parties except:

  • as necessary to meet one of MTS’s lawful purposes, including but not limited to:
    • its legitimate interest,
    • contract compliance,
    • pursuant to consent provided by you,
    • as required by law;
  • as necessary to protect MTS’s interests; or
  • with service providers acting on our behalf who have agreed to protect the confidentiality of the data.
  • No mobile or messaging consent information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

The Gramm-Leach-Bliley Act (GLBA)

The Gramm Leach Bliley Act (GLBA) is a comprehensive, federal US law enacted to control the way financial institutions handle customers’ personal information. The law requires financial institutions to develop, implement, and maintain administrative, technical, and physical safeguards to protect the security, integrity, and confidentiality of customer information.

What is GLBA?

The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers’ private information. To be GLBA compliant, financial institutions must communicate to their customers how they share the customers’ sensitive data, inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties, and apply specific protections to customers’ private data in accordance with a written information security plan created by the institution.

The primary data protection implications of the GLBA are outlined in its Safeguards Rule, with additional privacy and security requirements issued by the FTC’s Financial Privacy Rule, created under the GLBA to drive implementation of GLBA requirements. The GLBA is enforced by the FTC, the federal banking agencies, and other federal regulatory authorities, as well as state insurance oversight agencies.

Related Policies

This ISP is in addition to existing Memphis Theological Seminary policies and procedures that address various aspects of information privacy and security, including but not limited to, the Student Privacy Rights Policy (Family Educational Rights and Privacy Act Policy), the Information Security Policy, and the Computing Policy.
ISP Coordinator
Memphis Theological Seminary has designated the Director of Information Technology as its ISP Coordinator. The ISP Coordinator may designate other individuals to oversee and/or coordinate particular elements of the ISP.

Covered Information

“Covered information” means nonpublic personal information about a student or other third party who has a continuing relationship with MTS, where such information is obtained in connection with the provision of a financial service or product by MTS, and that is maintained by MTS or on MTS’s behalf. Nonpublic personal information includes students’ names, addresses and social security numbers as well as students’ and parents’ financial information. Covered information does not include records obtained in connection with single or isolated financial transactions such as ATM transactions or credit card purchases.

Elements of the ISP

1. Risk Identification and Assessment.

MTS’s ISP identifies and assesses external and internal risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. The ISP Coordinator will provide guidance to appropriate personnel in the central administration, academic units, and other university units in evaluating their current practices and procedures and in assessing reasonably anticipated risks to covered information in their respective areas. The ISP Coordinator will work with appropriate personnel to establish procedures for identifying and assessing risks in the following areas:

  • Employee Training and Management. The ISP Coordinator will coordinate with the appropriate personnel to evaluate the effectiveness of current employee training and management procedures relating to the access and use of covered information.
  • Information Systems. The ISP Coordinator will coordinate with the appropriate personnel to assess the risks to covered information associated with the university’s information systems, including network and software design as well as information processing, storage, transmission and disposal.
  • Detecting, Preventing and Responding to Attacks and System Failures The ISP Coordinator will coordinate with the appropriate personnel or consulting group to evaluate procedures for and methods of detecting, preventing and responding to attacks, intrusions or other system failures.
2. Designing and Implementing Safeguards.

The ISP Coordinator will coordinate with appropriate personnel to design and implement safeguards, as needed, to control the risks identified in assessments and will develop a plan to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures.

3. Overseeing Service Providers.

The ISP Coordinator, in conjunction with Vice President for Finance and Operations, and appropriate contractors, will assist in instituting methods for selecting and retaining service providers that are capable of maintaining appropriate safeguards for covered information. These standards will apply to all existing and future contracts entered into with service providers to the extent required under GLBA.

4. Adjustments to Program.

The ISP Coordinator will evaluate and adjust the ISP as needed, based on the risk identification and assessment activities undertaken pursuant to the ISP, as well as any material changes to MTS’s operations or other circumstances that may have a material impact on the ISP.