Privacy Notice
Towson University is committed to protecting your privacy and personal information.
This privacy statement primarily addresses ways Towson University (“TU”) collects and manages both personally identifiable and non-personally identifiable information for users of its various websites and online portals.
TU complies with both federal and state law regarding privacy rights. For example, as a state agency, TU does not create personal records unless there is a legitimate University need for the information. Such records must be relevant to the purposes for which they are collected, be accurate and current, and not be obtained by fraudulent means.
Student Information
TU collects and retains relevant information, including “education records” as defined under the Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 C.F.R. Part 99) (“FERPA”), for both prospective and enrolled students. Its purpose is to further its mission, including providing successful academic opportunities throughout a student’s academic journey. Students’ education records are protected and not disclosed to third parties unless the student consents to the disclosure or a FERPA exception applies. Learn more about TU’s compliance with FERPA.
General Information
TU’s websites may collect connection related information such as date and time, IP addresses, location and type of browser. This information is primarily used for analyzing trends, troubleshooting and information security monitoring.
Data Collection Forms
TU’s websites allow users to do things like request information, opt-in to receive messages/updates, register for events, purchase goods, and complete various tasks. To do so, TU uses electronic forms which collect necessary information, such as first and last name, address, phone number, and email address. This information is provided voluntarily and can be inspected and updated at a user’s request.
Cookies
TU uses various user-tracking technologies, including cookies, which allow it to collect and analyze user data. Information collected in this way includes how often a user visits a site, where users enter the site (e.g., by clicking on an advertisement or link on another web page), and what actions users take while on TU’s websites. TU utilizes this aggregate and user-level site data to benchmark performance of websites, to inform marketing strategies, and assist with enrollment related predictive analytics.
Individual web browsers provide instructions on rejecting or deleting cookies. Please note some website pages and applications may not function properly if cookies are rejected or deleted.
Advertising
TU uses display advertising on other websites and search engines which measure performance and user behavior as it relates to those ads. Third parties, such as Google, Facebook, and YouTube, show TU ads to various audiences. These third parties then provide data to TU which helps it evaluate performance and assess user interactions before, during, and after visiting a TU website. To do so, TU places tags or pixels on its websites to capture information and inform interest-based advertising.
Security
Protecting personal information is our priority. TU takes appropriate and necessary actions to safeguard user information and personal records. It employs reasonable practices to help prevent the loss or misuse of data. Learn more about the university’s data privacy practices.
Maryland’s Public Higher Education Privacy Law
Under Maryland law you have certain rights when it comes to your data. You have the right to request access to any personally identifiable information (“PII”) about you in our Systems of Record. Additionally, you have the right to request correction and or deletion of any of your PII stored in our Systems of Record. Finally, you have the right to ask if your PII was or is currently being shared with a third party.
To learn more about these rights under Maryland law please review the Maryland Higher Education Privacy Law.
The University has designated the following as “Systems of Record:”
- Human Resources Information System
- Relationship Management System
- Student Admissions System
- Student Information System
For more information see Systems of Record and our Data Privacy Program in support of the Maryland Law.
In addition to the Maryland Higher Education Privacy Law, additional state, national, and international laws may apply to your information such as the following.
- COPPA — Children's Online Privacy Protection Rule
- COPPA includes certain requirements for operators of websites and/or online services in order to protect the privacy and online safety of children under 13 years of age. The University does not knowingly collect or use PII from children on our website or online services. Learn more about COPPA.
- GDPR — General Data Protection Regulation
- If you are located in the European Economic Area, you may have additional data protection rights under laws and regulations such as GDPR, which requires TU to protect the personal data of EU residents. Protected personal data includes IP address, email address, and other device identifiers. TU is committed to processing personal data in compliance with GDPR. Learn more information on GDPR.
- GLBA — Gramm-Leach-Bliley Act
Privacy Updates
This statement has been updated as of October 2024. Additional updates will be added to this page. TU reserves the right to revise this statement at any time.
Contact Information/Data Privacy Requests
Requests related to academic records information can be found on the Registrar’s website.
The University’s Office of Information Security and Privacy is available to assist with privacy requests for access, correction, deletion, and opting out of sharing with third parties. To initiate your request, please email infoprivacy AT_TOWSON. Once your request is received and reviewed, you may receive a request to complete a Privacy Request form for additional information.
For security reasons, any privacy request MUST be made by the data subject (the individual to whom the PII relates) and will be reviewed and verified by the University. Currently, the University does not have the capability to process requests from third parties such as data removal services. Any request not directly made by the data subject will be denied.