Effective Date: Jan. 1, 2020
Grand Canyon University (GCU) is located in Phoenix, AZ. The university, a top Christian institution serving both traditional and online students, is committed to protecting our constituents' privacy. This statement is designed to expound upon the necessary collection of data/information that GCU acquires from site visitors and to define how that information is used.
Changes in Privacy Statement
Reporting an Online Security Incident
This form provides a way to submit feedback on a security flaw, vulnerability or malicious activity from one of our information assets. Please provide specific details such as IP address, URL, user account or any other details that will help us to fully understand the issue. Also, it is very helpful if you provide contact info where we can follow up with questions if we have any difficulty in finding or replicating the issue.
We may collect information you volunteer to provide, which may be used to identify your records directly or indirectly. GCU states to have collected the displayed attributes as listed in the table below in the past 12 months.
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number or other similar identifiers||YES|
|B. Commercial information||Records of personal, property, products or services purchased, obtained or considered or other, purchasing or consuming histories or tendencies||YES|
|C. Biometric information||Genetic, physiological, behavioral and biological
characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns and sleep, health or exercise data
|D. Internet or other similar network activity||Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement||YES|
|E. Geolocation data||Physical location or movements||YES|
|F. Sensory data||Audio, electronic, visual, thermal, olfactory or similar information||NO|
|G. Professional or employment-related information||Current or past job, history or performance evaluations||YES|
|H. Non-public, education information (per the Family Educational Rights and Privacy Act (20,U.S.C. Section 1232g, 34 C.F.R. Part 99))||Education records, directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student, schedules, student identification codes, student financial information or student disciplinary records||YES|
|I. Inferences drawn from other personal information||Profile reflecting a, person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes||YES – This is oriented toward Human Resource (HR) use purposes (e.g. complaint cases).|
How We Use Your Information
Some of the information collected may be used for business purposes such as:
- Operating, maintaining and improving services
- Analyzing process performance and conducting consumer research
- Debugging an information system that contains personal records
- Financial aid evaluation, transcript evaluation, enrollment and other processes outlined in existing GCU enrollment agreements and the student handbook.
- Marketing services / products to individuals, as applicable
- Monitoring the security of your data and performing auditing functions to maintain state, federal and international compliance
- Other business-related functions, per need
GCU may assign you a username and password to permit access to certain sites. PII data will be collected in order to create these unique identifiers. Additionally, credit card or other financial PII may be requested for activities such as: purchases, orders, donations and registrations, which may be handled by a PCI compliant third-party service provider.
GCU does not sell personal data records and has not done so in the past 12 months.
Alternative to Website Transactions
GCU websites provide access to information and services for constituents that may not have a formal relationship with the university as a student or employee. If you are neither a student nor employee and prefer not to provide any information online, we invite you to cancel the transaction and contact the administrative unit responsible for the service to conduct the business in person, by mail or by telephone. Contact information is found in the “More Information” section of this policy.
GCU is committed to providing secure online environments for our constituents and online visitors. Our websites have standard and advanced security measures in place to protect against the loss of, misuse, unauthorized access, disclosure, alterations and destruction of information we process and control. Although GCU has security controls in place to safeguard against malicious actors, it is important to remain alert when entering GCU-assigned credentials to external sites that are not affiliated with the university.
We recommend ensuring that your device is kept protected with an up-to-date Antivirus software. GCU does not accept liability for data that is compromised due to the following: (i) utilizing a password that is deemed weak or commonly used; (ii) voluntarily providing credentials to a malicious site; (iii) transmitting information through an insecure channel not provided by GCU or its partner institution (e.g. utilizing an unprotected public network or a compromised personal device). To further protect your data, we regularly educate our employees on standard data protection procedures and new cybersecurity threats/technologies through cybersecurity awareness programs.
If you suspect a security incident may be related to a record handled by GCU, please contact ITSecurity@gcu.edu for a prompt response.
Disclosure and Portability of PII Data
Grand Canyon University may disclose PII data to third parties who are approved vendors dedicated to performing tasks on behalf of GCU, where security obligations are in place to maintain confidentiality, integrity and availability of all the information transmitted. We may also disclose PII in response to legal processes, such as court order or a subpoena, in the response to a law enforcement agency’s request or where we believe it is necessary to investigate, prevent and/or act upon notices regarding suspected illegal activities.
GCU uses Google Analytics to display retargeted ads to our site prospects, on GCU’s behalf, across the internet. Google may collect non-PII data about your visits to our sites and your interaction with our products or services. This anonymous information is collected through the use of a pixel tag. No PII is collected during this process. If you do not want Google to collect this information, you may opt out of their service by visiting: https://tools.google.com/dlpage/gaoptout.
Grand Canyon University's online advertising features include: Acquia Lift, Salesforce Marketing Cloud, Snapchat, Quantcast, Quinstreet, Bing and Yahoo. GCU also uses some or all of the following: Facebook and Twitter cookie tracking, web beacons and similar technologies. These features allow GCU to track impressions on our sites for marketing purposes. If you wish to opt out of these online advertising features, please follow the instructions on the corresponding pages.
Protecting Children’s Privacy
GCU’s services are not oriented towards the use of individuals who are 13 and under. Any personal data records that may be tied to an applicable individual who cannot provide parental consent will have their record deleted promptly as enforced by the Children’s Online Privacy Protection Act of 1998 (Rule 15 U.S.C. §§ 6501–6506). Certain data regulations, such as GDPR, may require an individual who is under 16 to provide parental consent. If this applies to you, please defer from utilizing our services until parental consent has been provided.
NOTE: We would like to remind you that the voluntary disclosure of PII data on social networks and other similar sites can be collected and used by others. When you leave a GCU controlled site we cannot guarantee the safety of the PII data you disclose to that entity.
While browsing Grand Canyon University, cookies may be collected. Cookies are small text files stored by your browser on your device(s) to save certain information or image files. You can change the preferences in your browser(s) and refuse to accept cookies, disable cookies or even remove stored cookies from your computer. Please note that by taking this action, you may affect your browsing experience on sites which rely on cookies to function.
You may make a request to be removed from our mailing lists by sending your name, email address and home address to:
Grand Canyon University Opt-Out
3300 W. Camelback Road
Phoenix, AZ 85017
If you do not wish to receive marketing emails from GCU, please submit a request.
Voluntarily browsing a Grand Canyon University site indicates your acceptance of the terms and conditions in use. Additionally, you are agreeing to the terms of this Privacy Statement, all non-conflicting principles of the student handbook, employee handbook, faculty handbook, computer use policies and the gcu.edu terms and conditions. If you are in disagreement with consenting, then please discontinue use of GCU sites.
Mobile Terms and Conditions
Effective Date: Jan. 1, 2019
Receive special text offers and event information from Grand Canyon University through your mobile device. Text JOIN to 45598 to receive up to four text messages per month with personalized offers and invites. Message and data rates may apply.
By opting in to this service, you consent to receive mobile text alerts using an automatic telephone dialing system. Consent to receive marketing text messages is not required as a condition of purchasing any goods or services. By signing up, you are confirming you are over the age of 13.
Text STOP to 45598 to stop receiving GCU Alert messages from Grand Canyon University (you will receive a confirmation text).
For additional information, text HELP to 45598 or contact 855-GCU-LOPE.
Location Services for Mobile Applications
Our mobile applications include features that may utilize location services and data to enhance the user experience. We collect this type of data for specific purposes, including enabling features such as automated Chapel check in. Location services can be managed in your mobile device settings.
AT&T, Sprint, T-Mobile®, Verizon Wireless, Boost, Cricket, MetroPCS, U.S. Cellular, Virgin Mobile, ACS Wireless, Appalachian Wireless, Bluegrass Cellular, Carolina West Wireless, Cellcom, C-Spire Wireless (formerly Cellsouth), Cellular One of East Central Illinois, Cincinnati Bell Wireless, Cross (dba Sprocket), Duet IP, Element Mobile, EpicTouch, GCI Communications, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri Cellular), Illinois Valley Cellular, Immix (Keystone Wireless / PC Management), Inland Cellular, iWireless, Mobi PCS (Coral Wireless LLC), Mosaic, MTPCS / Cellular One (Cellone Nation), Nex-Tech Wireless, nTelos, Panhandle Telecommunications, Peoples Wireless, Pioneer, Plateau, Revol Wireless, Rina - Custer, Rina - All West, Rina - Cambridge Telecom Coop, Rina - Eagle Valley Comm, Rina - Farmers Mutual Telephone Co, Rina - Nucla Nutria Telephone Co, Rina - Silver Star, Rina - South Central Comm, Rina - Syringa, Rina - UBET, Rina - Manti, South Canaan / CellularOne of NEPA, Thumb Cellular, Union Wireless, United, Viaero Wireless, West Central Wireless, Leaco, Nemont/Sagebrush.
Use of the GCU Wi-Fi Network for On-Campus Students
GCU's internet network is guarded by a firewall that protects on-campus students from entering sites that may be unsafe, requested to be blocked by management, or deemed not aligned with our Christian values. Sites are selected by category to filter usage. Seven categories are set to make the site unavailable but pressing the "Continue" button allows you through to the site. These site topics include, but are not limited to drugs, illegal activities, gambling and other questionable sites.
There are eight categories that are identified to make sites wholly unavailable, including, but not limited to pornography, cheating websites, malware, key loggers and sites that promote terrorist activities. The Learning Management System and eBooks websites are specifically white-listed to ensure students are always able to access them. If you feel a blocked website should be made available, contact the Office of Residence Life. Your request will be reviewed as soon as possible.
NOTE: The LOPES network, GCU's student intranet, does not authenticate students prior to allowing site access and their web filter's reporting capabilities are limited to big-picture summaries that describe general usage. Reporting on individual students will not be possible. GCU does not proactively monitor usage or sites visited.
Data Access Requests
If you are a European citizen, per GDPR regulations, you have the right to ask us for access to your data in a readable format, rectification or erasure of your information; to refuse to be subjected to automated decision making, including profiling; right to lodge a complaint with a supervisory authority; to restrict processing (pending correction or deletion); to object to communications or direct marketing; and to ask for the transfer of your information electronically to a third party (data portability).
GCU will not discriminate against an individual who wishes to exercise their rights as allowed to by applicable data protection regulations. Some of these rights are not automatic. We reserve the right to discuss with you why we might not comply with a request from you to exercise them varying on the circumstances involved.
A charge is not issued for personal data record requests, unless requests are excessive. in which a charge may be applied per regulation allowance. For further information please use the contact form, email address and/or phone number found in the “More Information” section of this policy.
GCU employees are also subject to certain data subject rights, such as the right to be informed of the attributes stored within their record as applicable through the rightful authorization of GDPR.
Per GDPR, you always retain the right as an EU data subject to lodge a complaint about our management of your personal information with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (ico.org.uk)
If you are an EU citizen residing in an EU member state that is subject to GDPR regulation and you wish to request a copy of the data GCU has collected from you or wish to exercise a granted right by GDPR, please contact one of our communication methods listed. If you are a registered student, you may also contact your student services counselor. Your request may take up to 30 days to complete, unless notified with a reasonable delay of up to 90 days.
This Privacy Statement
This privacy statement only applies to information collected on the following sites: gcu.edu, grand-canyon.edu, my.gcu.edu and gcu.edu subdomains. GCU’s Privacy Statement is available on our website and can be found in our University Policy Handbook. A hard copy of this policy may be requested via telephone or mail. Some personal records may be subject to additional laws that are not listed in this policy, which GCU will reasonably comply with regulations that are not publicly listed.