Study Abroad Privacy Notices – Employees

Boston University understands that collecting and processing personal information is an important topic, and it is committed to safeguarding privacy. Boston University collects and processes certain types of personal information from prospective and current employees in connection with hiring and employment for its Study Abroad programs. This privacy notice explains what information is collected, how it is used, and how the University safeguards it. You should contact your site director or BU Study Abroad with any questions or concerns regarding this policy.

Whose Information Is Collected?

Boston University collects information about applicants for employment with and employees of its Study Abroad programs.

What Information Is Collected?

Boston University collects:

  • Contact information for job applicants and employees, including names, titles, telephone numbers, email addresses, etc.;
  • Background information for job applicants, including educational background, employment experience, and other qualifications;
  • Demographic information for employees, including citizenship, work history, date of birth, marital status, gender, and, except as prohibited by local law, race and ethnicity;
  • Contact information of emergency contacts of employees;
  • Medical information from employees, including information on disability accommodations;
  • Background check information, including criminal records and driving records;
  • Salary information, including salary amount, government identification numbers, bank account information, and work permit information;
  • Employment records for employees, including position, title, salary, and employment type;
  • Information necessary to provide benefits, including retirement benefits, insurance, and the like;
  • Information necessary for filings with local governments, such as tax filings;
  • Staff leave records for employees, including vacation and sick leave; and
  • Information concerning allegations of violation of University policies, including sexual misconduct.

Why Is This Personal Information Collected?

Boston University collects this information to comply with its contractual, statutory, and management obligations and responsibilities as an employer, which may include:

  • The University’s contractual responsibilities arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: employee qualification; payroll; bank account; postal address; sick pay; vacation and leave; and pension and emergency contacts.
  • The University’s statutory responsibilities arising from employing individuals. The data processed to meet statutory obligations includes, but is not limited to, data relating to payroll, tax, national insurance, sick, family, and maternity leave; work permits; and equal opportunities monitoring.
  • The University’s management responsibilities necessary for the organizational functioning of the University’s Study Abroad program. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment; training and development; teaching; research; absence; disciplinary matters; and the health, safety and security of University faculty, staff and students.

Boston University needs to keep and process information about applicants and employees for normal employment purposes and to promote the safety and well-being of the University’s students, staff, and faculty. The information the University holds and processes will be used for management and administrative use only. The University will keep and use it to manage operations and the University’s relationship with applicants and employees effectively, lawfully, and appropriately, during the recruitment process, while an employee is employed by the University, at the time when employment ends, and after employment ends. This includes using information to enable the University to comply with the employment contract, to comply with legal requirements, to pursue the University’s legitimate interests, and to protect the University’s legal position in the event of legal proceedings. Much of the information the University holds will have been provided by the applicant or employee, but some may come from other internal sources, such as a supervisor, or in some cases, external sources, such as application references. If the applicant or employee does not provide this data, the University may be unable in some circumstances to comply with its obligations and will inform the applicant or employee of the implications of that decision.

As a higher education institution, Boston University may sometimes need to process applicant or employee data to pursue its legitimate operational interests, for example to ensure the safety and security of Study Abroad students, to prevent fraud, for administrative purposes, or for reporting potential crimes. The University will never process applicant or employee data where these interests are overridden by the applicant’s or employee’s own interests.

Sensitive Personal Data

“Sensitive personal data” includes information about racial and ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data, data concerning health, criminal history, or data concerning a person’s sex life or sexual orientation. The University will only process such data where the processing is necessary to perform the employment contract or to comply with laws and regulations; to establish, exercise, or defend legal claims; or to assess an applicant’s or employee’s working capacity. The University will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals for health care, and to make any necessary accommodations in the workplace in case of disability. This processing of sensitive personal data ordinarily would not happen without the applicant’s or employee’s knowledge and consent. Generally, the University will process data about an applicant’s or employee’s racial and ethnic origin, their sexual orientation, or their religious beliefs only where it is legal to request such data from applicants and employees, where the applicants and employees have volunteered such data, and only for the purpose of monitoring and upholding the University’s equal opportunity and anti-discrimination policies and related provisions. Data about an applicant’s or employee’s criminal convictions will be held as necessary.

How Is Information Collected?

Information is collected through a variety of sources, which may include:

  • Information provided by a job applicant through the employment application and hiring process;
  • Information provided by an employee during the course of employment;
  • University management and other internal sources;
  • Application references;
  • Background check services; and
  • Employment records.

What Is Done With Collected Information?

Collected information is used only for purposes of Boston University operating its Study Abroad programs, including performing the contract of employment and management of its employees.

Who Has Access To Collected Information?

  • Boston University staff, including staff in the United States;
  • Third-parties who provide benefits or other services to University employees or to the University, pursuant to a contract with the University; and
  • Government departments or agencies, as required by law.

How Is Information Stored and Secured?

Boston University uses University-managed, secure information technology systems to store electronic personal information, including systems such as Microsoft’s Office 365, that permit creating shared spaces that are accessible by BU faculty and staff in the Study Abroad location and Boston. BU employs appropriate administrative, technical, and physical security measures to protect paper or other physical records that contain personal information, including locked offices and file cabinets. BU uses encrypted SecureMail for Restricted Use information that is subject to the University’s Data Protection Standards.

How Long Is Information Saved?

Boston University maintains records as specified in its Record Retention Policy and the accompanying Record Retention Table.

What Are Your Rights Related To Your Personal Data?

You have a number of rights with regard to your personal data. You have the right, in certain circumstances, to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing, as well as the right to data portability. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn. In certain circumstances, the University may process an employee’s personal data and sensitive personal data without their explicit consent.

Concerns?

If you have questions or concerns about the use of your personal data, please contact your site director or BU Study Abroad with any questions or concerns regarding this policy.

Updates to this Notice

The University may change this Privacy Notice from time to time. If the University makes any significant changes in the way it treats your personal information, the updated notice will be posted on the University’s website.