Kennesaw State University (KSU) is committed to ensuring the privacy of your information. KSU collects two kinds of information on this site:  1) Information that is voluntarily supplied by visiting the site and enrolling in programs and 2) Information that is automatically collected as you navigate the site. Information automatically collected includes the user’s IP address, date and time of the website access along with the web pages(s) visited. In addition, KSU may also collect any information that it receives from your web browser, including browser type and version, and operating system.  This information helps us understand aggregate uses of our site, track usage trends and improve our services. Additionally, university web sites use cookies to collect certain information. Cookies are small pieces of data that are sent by our Website to your Web browser. They are stored on your computer and are used to improve your web experience and improve the availability of web content. We may also use cookies to pre-fill forms so that you do not need to re-enter data. Accepting a cookie does not give us access to your computer or any personal information about you.

Any information submitted via the website will only be used for the purposes stated on the submission page. KSU will not share your information with third parties except: as required by law, as necessary to protect Institutional interests in the course of an investigation, as necessary to further research efforts pursuant to approvals from the appropriate data stewards and the Institutional Review Board, and/or with contracted service providers acting on behalf of the university who have agreed to protect the confidentiality of the data.

Links within the university website may direct you to other Websites that we do not control. Kennesaw State University is not responsible for the privacy practices, policies, actions, Web content, services or products of non-KSU sites to which we link. These links are not intended to, nor do they constitute, an endorsement by KSU of the linked materials.

European Union General Data Protection Regulation (EU GDPR) Privacy Notice

(Lawful Basis for Collecting and Processing of Personal Data)

Kennesaw State University is an institute of higher education involved in education, research, and community engagement. In order for KSU to educate its students both in class and on-line, engage in world-class research, and provide community services, it is essential, necessary, and KSU has lawful bases to collect, process, use, and maintain data of its students, employees, applicants, research subjects, and others involved in its educational, research, and community programs. The lawful bases include, without limitation, admission, registration, delivery of classroom, on-line, and study abroad education, grades, communications, employment, applied research, development, program analysis for improvements, and records retention. Examples of data that KSU may need to collect in connection with the lawful bases are: name, email address, IP address, physical address or other location identifier, photos, as well as some sensitive personal data obtained with prior consent.

For more information regarding the EU GDPR, please review Kennesaw State’s EU General Data Protection Regulation Compliance Policy.

The majority of KSU’s collection and processing of personal data will fall under the following categories:

  1. Processing is necessary for the purposes of the legitimate interests pursued by KSU or third parties in providing education, employment, research and development, and community programs.
  2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This lawful basis pertains primarily but not exclusively to research contracts.
  3. Processing is necessary for compliance with a legal obligation to which KSU is subject.
  4. The data subject has given consent to the processing of his or her personal data for one or more specific purposes.  This lawful basis pertains primarily, but not exclusively, to the protection of research subjects.

There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases.

Individual Rights of the Data Subject under the EU GDPR

Individual data subjects covered by KSU’s EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  • information about the controller collecting the data
  • the data protection officer contact information
  • the purposes and legal basis/legitimate interests of the data collection/processing
  • recipients of the personal data
  • if KSU intends to transfer personal data to another country or international organization
  • the period the personal data will be stored
  • the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  • the existence of the right to withdraw consent at any time
  • the right to lodge a complaint with a supervisory authority (established in the EU)
  • why the personal data are required, and possible consequences of the failure to provide the data
  • the existence of automated decision-making, including profiling
  • if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by submitting a Service Request with the Office of Cybersecurity at