Privacy and Term Conditions

Passion University - Syria and Gulf Branch

First: The purpose of the privacy policy

Passion University is keen - The Syria and Gulf Branch, through its privacy policy, ensures transparency in dealing with all stakeholders and protects the data of individuals, including students, faculty members and employees. It confirms its commitment to protecting personal data in accordance with local and international laws . The privacy policy is considered An important document for dealing with all beneficiaries of its services and those dealing with it, especially with regard to :

1- Collecting personal information of students, faculty and staff such as names, email addresses, phone numbers, payment information , etc.

2- Use of data such as to improve educational services, communicate with students, or manage accounts

3- Data protection through security measures taken by the university to protect personal information from unauthorized access or illegal use.

4- Sharing information with third parties, such as companies that provide assistance services .

5- Students and faculty rights to access and correct their personal information

6- Privacy Policy Updates which explains how individuals will be notified of any changes to the Privacy Policy.

7- Compliance with laws To ensure compliance with local and international laws related to data protection.

Second: Scope of Privacy Policy

The privacy policy includes the parties to whom the policy applies , including: students, employees , visitors , university clients , etc. And the types of data collected (such as personal, academic, financial, health data) .
The scope of the privacy policy includes the limits and standards covered by this policy, and the types of information collected by the institution or website , and how it is used and protected. Here is a breakdown of the components of the scope of the privacy policy :

1. Responsible authority :

Passion University - Syria and Gulf Branch .
data protection officer is contacted .........

2. Types of information collected :

Personal information : Name, address, phone number, email, date of birth, gender, etc.
Financial information : Credit card data, bank accounts, payment information, etc.
Demographic information : Age, gender, geographic location, interests, hobbies .
Technical information : IP address , browser type, operating system, device information, cookies , geolocation data .
Usage information : Browsing history, pages visited, links clicked, duration of visit, etc.
Health information : Health data, medical history, health insurance information (if relevant) .
Sensitive information : Racial or ethnic information, political opinions, religious or philosophical beliefs, biometric or genetic data .

3. How to collect information :

collection from user : When registering, filling out forms, taking surveys, contacting customer service .
And automatically : Through the use of cookies , tracking technologies, server logs, web analytics .
And from external sources : All partners, advertisers , social media, and public databases .

4. Purposes of using information :

Providing services : Fulfill orders, process payments, provide technical support, personalize user experience .
Improving services : Analyze data, conduct research, develop new products, improve performance .
Marketing and Advertising : Send promotional messages, display targeted ads, manage marketing campaigns .
Security and Protection : Account protection, fraud prevention, network security, compliance with laws .
Legal Compliance : Complying with legal requirements, responding to requests from authorities, resolving disputes .

5. Sharing information with third parties :

Service Providers : Hosting, payment processing, marketing, analytics, technical support .
Business partners : Companies that offer shared products or services .
Advertisers : Companies that display targeted ads .
Legal authorities : Government agencies, courts, law enforcement agencies .

6. User rights :

Right to access : Request a copy of stored personal information .
Right to correction : Request correction of inaccurate or incomplete information .
Right to delete : Request deletion of personal information (in certain circumstances) .
Right to restrict processing : Request to restrict how information is used .
Right to data portability : Obtain a copy of the information in a machine-readable format for transmission to another party .
Right to object : Object to the processing of information for certain purposes (such as direct marketing) .
Right to withdraw consent : Withdraw consent to the processing of information (if the processing is based on consent) .

7. Information security :

Security measures : Encryption, firewalls, access controls, security monitoring .
Data retention : Duration of retention of personal information, criteria for deleting data .
Cross-border data transfer : If data is transferred to other countries, the safeguards taken to protect the data must be stated .

8. Cookies and Tracking Technologies :

Types of cookies : essential, performance, functional, targeting .
Purpose of using cookies : Usage analysis, content personalization, advertising display .
Cookie management : How to enable or disable cookies by the user .

9. Changes to the Privacy Policy :

Mechanism for notifying users of changes : Post updates on the site, send emails .
Last update date : To indicate when the policy was last modified .

10. Contact information :

Contact details : Email address, phone number, postal address to ask questions or submit complaints regarding privacy .

Third: Types of collected data

The university collects many different types of data that need to be collected , To provide its services. It guarantees to all those dealing with it that sensitive data about them will not be published , and it deals with them with all caution and transparency .

Types of data:

1. Personal data : This relates to identification, including :

full name .
Gender and date of birth .
National number or ID/passport number .
Residence address and postal address .
Phone numbers and email .

.2 Academic data necessary to complete the educational process and document data in the academic record, including :

Previous academic records (such as high school transcripts) .
Grades and ratings .
Selected curricula .
Course registration data .
Research and project files .
Graduation information and certificates .

.3 Administrative data :

It is used to manage administrative affairs, including :

Student and faculty numbers (ID).
Attendance and absence records .
Information on class schedules and vacation records .
Information related to student funding or financial aid .

4. Financial data necessary to complete transactions related to fees and financial management, including :

Tuition fees and payment dates .
Bank account or credit card information (if applicable) .
Records related to scholarships and student loans .

5. Health data of students and university members to address health cases and emergencies, including :

Medical reports .
Information about health insurance .
Emergency information and contacts .

.6 Data related to security and safety in order to provide a safe environment, including :

Campus entry and exit records .
Register for security systems (such as smart ID cards or facial recognition) .
Monitoring security cameras on campus .

.7 Employment data related to faculty and staff, including :

Job certificates and previous experiences .
Salary and benefits information .
Job performance evaluations .
Contracts and their terms .

.8 Student activities data : Related to participation in social activities and events, such as :

Join student clubs .
Participation in events and competitions .
Attend workshops or conferences .

.9 Technical data :

Used to support digital systems, including :

Login data to the university’s electronic portals (username and password) .
Records of network usage and university resources (such as the digital library) .
Data on devices used by students and staff .

10. Scientific research and project data such as :

Field studies data .
Student and research participant questionnaires .
Research results and resources .

.11 Family contact information : Collected for use in emergency situations or to notify parents, including :

Names and contact details of responsible persons (parents or guardians) .
Emergency phone numbers .

privacy and security issues , as it collects data in accordance with local and international laws and regulations, and takes into account ensuring the privacy of individuals. It also ensures that all data collected is directed to achieving legitimate and clear purposes, such as academic administration or providing services to students.

Fourth: Reasons for collecting data

The university collects data for the purposes of admission , registration , preparing university documents, and providing academic services of all kinds; and for the purpose of communicating and exchanging books and correspondence with those dealing with it. It is also collected for the purpose of preparing scientific research and studies, etc. The university guarantees that the collected data will only be used for the declared purposes.

Data collection in universities is essential to achieving their academic and administrative goals and providing integrated services to all stakeholders, such as students, faculty and staff.

The most important reasons for collecting data are as follows :

.1 Academic Operations Management :

Registering students in academic programs and courses .
Track attendance and absence .
Providing a comprehensive academic record for students (grades, grades, credit hours) .
Preparing graduation certificates and academic achievement certificates .

. 2 Providing student services :

Providing academic guidance services .
Manage scholarship and student loan applications .
Facilitating access to resources, such as digital libraries and e-learning systems .

.3 Financial Affairs Management :

Collect tuition fees and process payments .
Distributing financial rewards, loans, or scholarships .
Preparing financial reports and managing budgets related to students .

.4 Improving the quality of education :

Evaluating the performance of students and faculty members .
Collecting feedback from students to improve curricula and educational programs .
Design new educational programs based on the needs of students and the labor market .

.5 Conducting scientific research :

Collecting data to support academic projects and research .
Participate in field studies and data analysis to produce high quality research .
Sharing results with the academic community and achieving scientific progress .

.6 Providing a safe and healthy environment :

Maintaining the safety and security of the campus by securing entry and exit records .
Dealing with health and emergency situations by accessing emergency information .
Commitment to health and safety standards for students and staff .

.7 Communication with stakeholders :

Facilitating communication between the university, students and faculty members through email addresses and phone numbers .
Sending important administrative announcements and messages .
Notify students and their families of any academic or administrative changes .

.8 Infrastructure and services development :

Improving electronic systems and technological services .
Measuring the rate of use of facilities (such as libraries, laboratories, university housing) .
Planning the construction or expansion of infrastructure on campus .

.9 Compliance with legal and regulatory requirements :

Meet legal obligations related to academic and financial reporting .
Compliance with data protection and privacy laws .
Preparing reports for government, donor agencies or regulatory bodies .

. 10 Support strategic decision making :

Using data to analyze the overall performance of the university .
Identify student needs and attitudes to better allocate resources .
Improving governance and strategic planning for the future of the university .

.11 Enhancing the student experience :

Improving student activities and events .
Supporting cultural, sports and social activities .
Strengthening student exchange and internship programs .

.12 Supporting alumni relations :

Collecting graduate data to maintain contact with them after graduation .
Developing alumni networks and involving them in university activities .
Use their data to solicit financial support or future donations .

Fifth: How to collect data

Data is collected at the university using a variety of methods and techniques that ensure the provision of the information necessary to complete academic and administrative work, provide student services, and ensure transparency and compliance with laws. The following are the most important methods used by the university to collect data :

.1 Registration and acceptance :

Through electronic or paper registration forms , the university collects student data when applying for admission, such as name, date of birth, previous academic records, etc.
Electronic admission platforms that require official documents such as academic certificates, ID cards, and letters of recommendation .

.2 E-Learning Systems (LMS):

Using systems like Blackboard Or Moodle To collect student data including their activities on the platform, grades, attendance, and assignments submitted .
Track activities related to virtual lectures and open online courses .

.3 Forms and questionnaires :

Distributing questionnaires aimed at collecting students’ and faculty members’ feedback on the quality of education and university services .
Fill out financial, student activities, and housing application forms.

Sixth : Data sharing

The University needs to share its data with multiple parties , for various legitimate purposes, and in doing so, it takes into account the laws, regulations and rules related to data protection and privacy , such as the General Data Protection Regulation (GDPR ), or local laws . It confirms that it will not provide, sell or share data with external parties , without consent .

Below is a list of entities that may receive data from the University and the potential purposes for such sharing :

1. Ministries and government agencies :

Authorities :

Ministry of Education or Higher Education .
Academic accreditation bodies .
National statistics and information institutions .

Purposes :

Preparing official reports on the university’s performance and the quality of education .
Follow up on compliance with academic curricula and administrative standards .
Providing data for national education statistics or government planning purposes .

.2 Grants and financial aid :

Authorities :

Institutions funding scholarships (governmental or private) .
Banks and companies that offer educational loans .

Purposes :

Verify the student's eligibility for a scholarship or financial support .
Manage student loan records and financing dues .

.3 Academic partners :

Authorities :

Other universities (local and international) .
Joint research institutions .

Purposes :

Exchange of student data in student exchange programs .
Collaboration in research projects and joint initiatives .
Recognition of student records between partner universities .

.4 Employment and training organizations :

Authorities :

Companies and institutions that offer training or employment opportunities .
Labor and employment offices .

Purposes :

Delivering students' CVs and professional data to employers .
Organizing internships or job opportunities for graduates .

.5 Technology institutions and companies :

Authorities :

providers ( eg Blackboard , Moodle).
Software and technology companies ( such as Google Workspace or Microsoft).

Purposes :

Providing educational systems and digital services .
Supporting technological systems that enable digital learning or curriculum redesign .

6. Health authorities :

Authorities :

Health care centers within the university or health partners .
Health insurance institutions .

Purposes :

Providing health care to students and staff in emergency situations .
Management of health insurance programs and benefits .

.7 Scientific research organizations :

Authorities :

International research centers and academic institutions .
Scientific journals and academic conferences .

Purposes :

Exchange data to participate in field research and studies .
Academic publishing and sharing of research results .

. 8 Student Service Providers :

Authorities :

University housing or external accommodation operators .
Transportation service providers .
Companies that run student or sports activities .

Purposes :

Meeting student housing needs and providing basic services .
Facilitating access to student activities and events .

9. Judicial authorities and security authorities :

Authorities :

Police and security agencies .
Courts or legal bodies .

Purposes :

Providing data for legal investigations when needed .
Comply with judicial or legal orders .

.10 Alumni organizations :

Authorities :

Alumni networks or associations .
Career Contacts and Professional Development .

Purposes :

Maintain constant communication with graduates .
Providing job opportunities or services to anticipate the professional future of graduates .

.11 Sponsoring companies and financial partners :

Authorities :

Academic Awards and Competitions Donors .
Capital institutions that fund research and development programs .

Purposes :

Ensure transparency in the use of the funds granted .
Reporting on project progress, both on the ground and financially .

. 12 Accreditation and classification organizations :

Authorities :

Institutions that grant accreditation to academic programs .
International university ranking organizations ( such as QS , Times Higher Education).

Purposes :

Ensuring that academic programs are evaluated according to international standards .
Enhancing the university's reputation through prestigious rankings .

. 13 International Marketing and Education Companies :

Authorities :

University promotion agencies (internal or external) .
Online platforms that market academic programs .

Purposes :

Attract more local or international students .
Promote activities and events .

Participation rules and ethics :

The University guarantees that participation with any external party will only be for the specified purposes and it is committed to the following controls and ethics:

Individuals' consent : Explicit consent must be obtained from individuals before their data is shared .
Defining a clear purpose : Data sharing must be for a legitimate and clear purpose, with no use outside that purpose .
Data protection : Data is transferred in secure ways that ensure its protection from unauthorized access .
Compliance with laws : Compliance with national and international data protection laws .

Seventh: Data Protection

Data protection at the university is a vital part of maintaining privacy and securing academic and administrative information. Since the university handles sensitive data involving students, faculty, staff, and research, there are several security measures that can be taken to ensure the safety and security of this data. These measures include :

.1 Access protection to systems :

Multi-Factor Authentication (MFA) Application: Add an extra layer of security when you log in, such as using a verification code sent to your phone or email .
Use strong passwords : Establish a policy that requires users to change passwords periodically and use complex passwords .
Define user permissions : Grant access to data only to authorized users in proportion to the scope of their work .

.2 Data encryption :

Encrypt stored data : Use encryption techniques to secure data stored in databases and systems .
Data encryption in transit : Ensuring that data transmitted between systems (such as email or web browsing) is protected using protocols such as HTTPS and SSL.

.3 Backups :

Perform regular backups : Create backup copies of data and store them in secure locations (such as the cloud or dedicated data centers) .
Backup Restore Test : Ensure that backup systems are able to restore data when needed .

. 4 Device and network management :

Network protection : Use firewalls and intrusion detection systems to prevent cyber attacks .
Device insurance : Implement policies that prevent unauthorized access to devices (such as computers and printers) .
Endpoint Protection : Installing antivirus software and advanced protection systems on devices used on campus .

.5 Security training and awareness :

Awareness of students and employees : Organizing workshops and training courses to raise awareness of the importance of cyber security .
Identifying cyber attacks : Educate employees on how to deal with phishing attacks and suspicious emails .

.6 Data Access Policy :

Determine employee permissions : Limit access to data based on a person's role and job responsibilities .
Periodic verification of permissions : Review and revoke access rights when a person's relationship with the university ends (e.g. resigning employees or graduates) .

.7 Continuous system updates :

Update software periodically : Installing security updates and fixing vulnerabilities in the university’s software and systems .
Use of modern systems : Stay away from old, unsupported systems that may have vulnerabilities .

.8 Use of data management systems :

Advanced data management systems : Such as student affairs or human resources management systems, which provide enhanced security features .
Closing unused accounts : Ensure that data of users who no longer need access to systems is removed .

.9 Data and systems monitoring :

Monitoring activities : Install monitoring systems to track and protect data from any unusual or suspicious activity .
Conduct security reviews : Conduct periodic internal reviews and audits to identify gaps and weaknesses .

.10 Preparedness for emergencies and crises :

Security Incident Response Plan : Prepare a clear plan to deal with cyber attacks or data loss .
Emergency plan test : Organizing periodic security tests to ensure the readiness of the relevant teams .

.11 Compliance with legal standards :

Compliance with laws and regulations : Such as the General Data Protection Regulation (GDPR) and local data protection laws .
Setting up a clear privacy policy : Explain how data is collected, used and protected to ensure compliance with laws .

.12 Limit the use of unofficial devices :

Prevent employees and students from using unauthorized devices to access sensitive systems .
Providing university-secured devices to access academic and administrative resources .

.13 Third Party Management :

Monitor partners and suppliers : Ensuring that all third parties handling university data (such as cloud storage providers) adhere to the same security standards .
Legal contracts : Signing data protection agreements with all external suppliers .

.14 Safe handling of actual data :

Store all printed data in secure vaults .
Dispose of unnecessary documents in a safe manner (such as shredding or burning) .

.15 Developing a specialized cybersecurity team :

Establish a dedicated cybersecurity management team to monitor data and implement preventive measures .
Forming a rapid response unit to address any data leak or defect .

Eighth: Individual rights

Individuals’ rights over their personal data at the University are protected. They are in line with legal and ethical standards relating to data protection. The purpose of granting these rights is to ensure transparency, promote accountability, and protect the privacy of individuals. Below are the main rights that the University should guarantee to individuals over the data it holds about them.

.1 Right to access data :

· Individuals have the right to know whether the university holds any data concerning them .

· They have the right to request a copy of their data stored by the University, including details of the nature of the data and the purpose for which it is processed .

.2 Right to correct data :

If there are errors or inaccuracies in personal data, the individual can request correction of the data .
The University reserves the right to update data to ensure its accuracy and keep records up to date .

.3 The right to delete data (the right to be forgotten) :

Individuals have the right to request that their data be removed if it is no longer needed or if its retention would violate laws .
This includes deleting data that the University does not rely on for any legal or educational purpose .

4. The right to restrict processing :

In some cases, an individual may request that the processing of his data be restricted (for example, if he believes that the data is inaccurate or that the processing is being carried out unlawfully) .
The University stores the data but stops processing it until the dispute is resolved .

.5 The right to object to the collection or use of data :

Individuals may object to the collection or use of their data if the purpose of the processing is unlawful or unnecessary .
This may include objecting to the use of data for marketing or research purposes .

6. The right to withdraw consent :

If the University bases the collection or processing of data on the individual’s prior consent, he or she may withdraw this consent at any time .
When consent is withdrawn, the University must stop processing the data .

.7 Right to data portability (data portability) :

If the data is processed in a digital manner, the individual has the right to request a copy of his data in a portable form (e.g. electronic format) .
An individual may transfer his data to another organization or use it for private purposes .

8. The right to know the details of data sharing :

Individuals have the right to know with whom the university shares their data, and the reasons behind this .
They must be notified of any future sharing or different use of the data .

.9 Right to Report a Data Breach (Data Security) :

If individuals' data is compromised or leaked, the university must notify them immediately, explaining the nature of the data that has been compromised and the actions that must be taken to mitigate the impact .

.10 The right to clarify the purpose of data collection :

The university must make it clear to individuals why their data is collected and how it will be used .
The purpose of the processing must be lawful and transparent .

11 The right to object to automated decisions :

If decisions are made based solely on automated processes (without human intervention), such as performance evaluation via an electronic system, an individual can challenge these decisions .

.12 Right to receive privacy notices :

The individual has the right to receive clear and concise notice explaining how data is collected, processed and used .
The notice must be written in simple, straightforward language .

13. The right to file a complaint :

If an individual feels that his data rights have been violated, he has the right to file a complaint with the relevant university administration .

.14 Right to privacy :

The individual's right to maintain the privacy of his data must be respected and his personal data must not be used in a way that violates his privacy .

.15 The right to control the period of data retention :

The individual has the right to know how long the university keeps his data .
He has the right to request that his data not be kept for longer than necessary, according to the specific purpose .

.16 Rights of the guardian or guardians :

For minor students, parents or guardians have the right to control their child's data, subject to applicable local laws .

.17 Ensuring compliance with laws :

Individuals have the right to know whether the University complies with applicable laws and regulations, such as local and international data protection laws .

comments :

Awareness : The university is clear and transparent in informing individuals of their rights and providing channels for easy access to them .
Accessibility : The technical department is contacted in all matters related to data protection and privacy management to address privacy issues.
Balance : The university balances the rights of individuals with the requirements of academic or administrative work, and justifies, when necessary, any rejection of individual requests .

Ninth: Data retention periods
Data retention periods at the University vary depending on the type of data and the purpose for which it was collected, as well as national and international laws and regulations relating to data protection. The primary objective of setting retention periods is to ensure that data is only kept for the period necessary to fulfil its purpose, after which it is either deleted or securely archived.

Below are details about common data retention periods at the university :

.1 Students’ academic data :

· Admission and registration records :

It is kept throughout the student's study period .
They are kept for long periods (possibly permanently) to document academic credentials and education as a permanent resource for any future inquiries .

· Academic records (such as degrees and certificates) :

It is considered permanent in most universities to ensure a reference is available for any subsequent requests such as verification of degrees or transfer of records .

· Documents related to academic courses or scientific training :

They are held for a limited period (usually 5-10 years) after the student graduates or withdraws .

.2 Financial statements :

Tuition and Payment Records :

They are typically kept for a period of 5 to 10 years, depending on regulatory laws, to provide a reference for any financial inquiries or reviews .

Student Grants and Loans Data :

They are held in accordance with donor or legal requirements (e.g. 7-10 years) .

.3 Health data :

Student medical records :

It is kept throughout the student's studies, and is then deleted within a period of time depending on national regulations (it may be 5-7 years after graduation) .

.4 Employment data (for faculty and staff) :

Job records (appointment, performance, contracts) :

It is kept for up to 6-7 years after the work is completed, according to legal requirements .

Salary and benefits data :

It is kept for a period of 5-10 years to meet documentation and financial reporting needs .

5. Student activity records :

Data related to participation in activities and clubs :

They are usually held for a short period, usually two to five years after graduation, unless there is an educational or administrative need to retain them .

6. Scientific research and projects data :

Research data :

The duration depends on the type of research. It may be kept for a long period (10 years or more) for documentation and scientific verification purposes .

Participant questionnaires :

It is only kept for the duration of the research project, and then deleted or anonymized to ensure privacy .

.7 Login data to systems and networks :

Records of electronic activity (such as access to networks or learning systems) :

They are kept for a short period, usually 6 months to 2 years, to ensure internal security and investigate any illegal activities .

. 8 Privacy and Security Data :

Security camera images :

It is kept for a short period, usually 30 to 90 days, unless required as part of a security investigation .

Campus entry and exit records :

The duration depends on the internal policy, usually 12 months .

.9 Archival data :

Graduates data :

They are kept permanently to facilitate communication with them and for statistical research purposes .

Annual University Reports :

It is permanently preserved as part of the university's historical record .

.10 Contact information and parents :

Contact information (eg parents) :

They are usually deleted shortly after a student graduates or withdraws, unless there is a legal reason to retain them .

.11 Partner and third party data :

Legal and contractual agreements :

It is stored for long periods, usually 7 years or more, according to commercial and regulatory laws .

Factors affecting retention time :

Regulatory laws : Minimum retention periods are often specified for certain types of data .
Purpose of data collection : When the data is no longer needed, it is deleted .
Institutional need : Data of academic or administrative value may be retained for longer periods .

How to deal with the expiration of the retention period :

1. Secure deletion or destruction :

o When the retention period expires, the data is securely deleted or destroyed (such as shredding paper documents or permanently deleting digital data) .

2. Anonymity :

o Some data that is no longer used may be kept in a form that identifies individuals, for use in research or statistical analysis .

3. Review procedures :

o Conduct periodic reviews of stored data to ensure that retention is still justified .

Tenth: Policy updates

are critical to ensuring that the University keeps up with laws and regulatory changes, and improves data protection practices , in line with technological and administrative developments. When a University’s Privacy Policy is updated, several issues must be addressed to ensure transparency, legal compliance, and direct consent from data subjects (students, staff, faculty, etc.).

Below is an explanation of what these updates may entail and the steps to take :

1. Informing individuals of updates :

User Notice :
Data subjects are notified of changes to the Privacy Policy through :

o Email .

o University website .

o Notifications on the university systems used such as the student management system or the e-learning platform .

Advance clarification : The notice includes details about the nature of the changes (such as changing the purpose of data processing, or adding new parties with whom data is shared) .

.2 Re-apply for approval :

Obtaining explicit consent again :
If the updates significantly change how data is collected or used (e.g., new data is collected, or new purposes for processing), the University must request individuals’ consent again .
Allowing the right to object :
Providing an individual with the option to refuse the continued use of their data under the new terms .

.3 Update relevant documents and policies :

Update all digital and printed versions of the Privacy Policy to ensure consistency .
Modify any regulations or procedures that rely on the Privacy Policy (such as registration forms and software used) .

.4 Compliance with laws and regulations :

Legal Compliance :
Verify that all modifications comply with local and international laws on data protection. Such as the General Data Protection Regulation (GDPR) and national privacy laws .
Providing advance notice :
Some laws require an advance notice period before changes are implemented .

.5 Enhancing transparency :

Include a section in your privacy policy that explains when updates were made and what changes were made .
Providing simplified information and a clear understanding of the new terms in a language that is easy for all users to understand .

6. Staff training :

Training all university employees (such as faculty members, administrative staff, and IT unit) on how to implement the new policy .
Ensure that policies are implemented effectively without conflicting with existing practices .

.7 Ensuring enhanced data protection :

When introducing security-related changes or sharing data with new third parties, security measures must be enhanced to ensure that data is protected from any unauthorized use .

.8 Individuals' right to object or withdraw :

Individuals have the right to object to changes if they feel that their privacy is being compromised or their data is being used in a way that is incompatible with the original purpose .
Provide options to opt-out of participating in the collection or processing of data in accordance with the new policies .

.9 Supervision and review :

Review and carefully study the legal and administrative impact of changes before implementing them .
Forming a privacy committee to deal with inquiries and objections from individuals regarding the amendments .

.10 Addressing user expectations :

Receive data subject inquiries through dedicated support channels to answer questions about the changes and how they will affect them .
Creating a dedicated page on the university’s website to answer frequently asked questions (FAQ) related to the new amendments .

.11 Clear explanation of updates :

Divide the amendments into clear parts that clarify :

What has been changed ? Such as adding new data or modifying purposes.
Why did it change? such as legal compliance or improving services.
What is the impact of the change on the user?

. 12 Improving communication with third parties :

If the updates include changes regarding data sharing with third parties (such as technical service providers or academic partners), those parties must be notified and appropriate security measures agreed upon .

.13 Edit log :

Maintain a record of the date , and copies , of each amendment made to the Privacy Policy, documenting the reasons and decisions involved .

Practical examples of what the changes might include :

Updates may include :

Collect new types of data such as geographic location or usage patterns .
Sharing data with international academic bodies for research projects .
Implementing new technologies such as artificial intelligence systems to analyze student performance .
Adapting policies to comply with new data protection regulations .

Eleventh: Contacts

Contact information for the data protection department or the university’s privacy officer .
- Explain how to submit complaints or inquiries related to the privacy policy .

Twelfth: Compliance with laws

The University confirms its compliance with local and international laws related to data protection , Like GDPR in the European Union , or CCPA in California .

Thirteenth: Privacy in research

If the university is involved in research, it ensures the protection of the data of participants in research studies. It takes all appropriate measures to protect it, given its sensitivity and scientific and ethical importance.

Below are the most important details regarding the privacy of study and research data, as well as the policies that the university adheres to when sharing it with others :

First: Main considerations for protecting study and research data

1. Compliance with ethical standards :

o Ethical approval must be obtained from the university's research ethics committee before any data is collected .

o Data collection should comply with ethical principles and national and international professional standards .

2. Participants' consent :

o Clear written or electronic consent must be obtained from study or research participants .

o This consent must include specifying how the data will be collected, the purpose of its use, and who has the right to access it .

3. Anonymization :

o Any information that identifies individuals (such as name, address, telephone number) should be removed from the raw data, especially if the study requires analysis of results without the need to link them to participants .

4. Restrict access to data :

o Access to data should be restricted to authorized individuals only, such as principal investigators and research team members .

o It is preferable to use password protection systems or encryption techniques to secure access .

Second: Policy for sharing research data with others

Research data may be shared with other parties for purposes that ensure academic or scientific benefit, but this process must be subject to several controls, including :

1. Identify the parties with whom data may be shared :

Research Partners :

Academic institutions or research centers that work with the university on the same project .

Funding bodies :

Research funding agencies may need access to results and data to assess their feasibility .

Other researchers :

Researchers may share data with other academics for additional analysis or to complete similar studies .

2. Provide clear guidelines on data use :

When sharing data, the permitted purpose (e.g. publication, further analysis) must be specified .
Setting strict limits to prevent misuse of data, such as prohibiting its exploitation for commercial purposes unless specifically authorized .

3. Signing data sharing agreements :

There must be a signed agreement between the university and any entity receiving the data. The agreement includes :

The purpose of participation .
The scope of data to be shared .
Protective measures to be followed .
How to deal with data after its purpose has ended .

4. Compliance with laws and regulations :

National and international laws such as the General Data Protection Regulation (GDPR) require researchers to share data in specific ways and under clear conditions .
If the research involves data collected from multiple countries, the privacy laws of each country involved must be taken into account .

Third: Search data privacy controls in specific cases

1. Sensitive data :

Research that deals with sensitive data (such as health, psychological, or social data) requires special measures to protect it from any misuse .
This data must be encrypted and secure data transfer protocols must be used .

2. Research of a general nature (Open Access):

In some cases, research data may be published in open access databases to enhance transparency and encourage further studies .
In this case, any identifying data must be removed and participants must be notified in advance .

3. Research funded by third parties :

Agreements with funders should include clear terms that highlight the use of data and protect participant privacy .

4. Research that studies at-risk groups :

If the study includes vulnerable groups (e.g. children, individuals with disabilities), increased care must be taken in collecting and storing data and ensuring consent from parents or guardians .

Fourth: Storing research data

Storage period :

A specific period of time should be specified for keeping research data, such as 5-10 years after the research ends, to ensure that it is used for scientific purposes and that the results are documented .

Secure data disposal :

After the required retention period has expired, the data must be disposed of in a secure manner, such as by final encryption or shredding paper documents .

Fifth: The risks of data sharing and how to protect against them

· Risks :

Unauthorized access .
Misuse .
Data leakage .
Violation of participants' privacy .

· Protection measures :

Use strong encryption techniques .
Employing data security management systems .
Monitor access to files and verify the identity of parties requesting data .
Training researchers and staff on data protection .

Sixth: Notifying and consenting participants

When collecting data, you should :

Explain how the data is used .
Mention if you intend to share it with others .
Reassure participants that they can withdraw their consent if they wish at any time .

Seventh: Ethical policies and institutional supervision

Ethics Committee : All research requires approval from a research ethics committee to ensure that data is collected and used in a way that respects the privacy of participants .
Corporate Data Policies : Each university should have a clear policy on the collection and sharing of study and research data, and commit to reviewing it regularly .

Fourteenth: Privacy on websites and applications

In general, privacy on websites represents a balance between collecting the necessary data to provide services and improve the user experience, and protecting the rights of users and their personal information. Privacy on websites relates to how to protect the personal information that the website collects when you visit it or use its services. Here are some privacy on websites:

1. Type of data collected by the site:

· Personally Identifiable Information ( PII ): includes your name, address, email address, phone number, and any other information that can be used to identify you.

· Usage Data : includes your browsing history, IP addresses , information about the device you use, and how you interact with the Site (such as the pages you visit and the links you click).

· Location Data : If you allow the Site to access your location, information about your geographic location may be collected.

· Cookies and other tracking technologies: These technologies are used to track your behavior on the Site, remember your preferences, and sometimes to track you across other sites .

2. How does the site use this data:

· Improving user experience : Sites may use your data to personalize content, make recommendations, and improve site design.

· Targeted advertising: Many sites use your data to show ads that are relevant to your interests, known as targeted advertising.

· Analytics : The Sites may use your data to analyze user behavior and better understand how the Site is used.

· Sharing data with third parties : Sites may share your data with other companies, such as advertisers or service providers.

3. Privacy Policies:

The University publishes a Privacy Policy detailing the types of data it collects, how it uses it, and how it protects it.

It is accessible and understandable.

4. Users’ Rights:

Some laws (such as the GDPR in Europe and the CCPA in California) give users certain rights regarding their personal data, such as the right to access, modify, and delete their data.

Websites must provide mechanisms to exercise these rights.

5. Data Protection:

The Website takes security measures to protect data from unauthorized access, use or disclosure.

These measures include encryption, firewalls, and access controls.

6. What you should do to protect your privacy:

· Read the privacy policies before using the website.

· Adjust your privacy settings: Check the privacy settings in your account on the site and adjust them according to your preferences.

· Use strong passwords: Use strong, unique passwords.

Fifteenth: Awareness and Training
Awareness and training programs are an integral part of the university’s responsibilities towards its community. By implementing these programs in a comprehensive and continuous manner, the university can improve the level of understanding of the privacy policy among students and employees, reduce the risks associated with data, and enhance mutual trust .

This is why awareness and training programs are an essential part of the university’s strategy to ensure that students, faculty, and administrative staff understand the privacy policy. The goal of these programs is to create an environment that is aware of the importance of data protection and to increase compliance with privacy laws and regulations.

Below are the features and components of these programs :

Objectives of awareness and training programs :

1. Explanation of the concept of privacy policy :

o Explain what the privacy policy means and how it affects the lives of members of the university community .

o Highlight the rights protected by the policy and the obligations associated with it .

2. Promoting a culture of data security :

o Raising individuals’ awareness of the risks of privacy violations and the importance of protecting their data and the data of others .

o Encourage safe and responsible behaviors when handling data .

3. Compliance with policies and laws :

o Ensure that students and staff understand national and international laws ( such as GDPR) relating to data protection and privacy .

o Raising awareness of their responsibilities regarding data use .

Components of awareness and training programs :

.1 Awareness workshops :

Mandatory workshops :

It is presented at the beginning of the academic year to all new students, faculty members and administrative staff .
It includes a simplified explanation of the university's privacy policy and how to comply with it .

Advanced workshops :

It is intended for data management professionals, such as those working in IT or student affairs, to inform them of policy updates .

.2 Regular training courses :

Beginner training :

It is intended for the general university community (students and new employees) to familiarize them with the basics of the privacy policy .

Advanced courses :

Targets specific parties such as researchers, registrars, and administrative officials who directly handle sensitive data .

Cyber Security Training :

Related to protecting data from digital risks, such as combating phishing attacks and protecting passwords .

.3 Educational and guidance materials :

Guidelines and instructions :

Providing electronic and printed brochures that explain the privacy policy in a simplified manner in a language that everyone can understand .

Awareness videos :

Produce videos that explain data protection principles and privacy compliance methods in a concise and engaging way .

Advertising across digital platforms :

Disseminate data protection tips and short messages about the importance of privacy via email and university communication platforms .

.4 Interactive activities :

Educational games :

Develop fun tools such as security and privacy challenges to enhance knowledge in an engaging way .

Short tests :

Create short online tests to check understanding of the Privacy Policy .

Competitions :

Organizing competitions on best behaviors to protect privacy .

.5 Reporting and dealing with incidents :

Train students and staff on how to report incidents related to privacy breaches or data leaks .
Provide simplified online reporting tools that show clear and easy steps .

6. Advisory sessions :

Hold open sessions to allow students and staff to ask questions and inquiries about the privacy policy and how it is implemented .
Dedicated advisors or a support line to help answer any privacy questions .

.7 E- learning :

Online training :

Providing electronic platforms that provide educational materials about the privacy policy in a way that students and employees can access at any time .

Digital tests :

Imposing short tests at the end of e-courses to ensure understanding of the content .

.8 Creative activities to raise awareness :

Data Protection Week :

Allocate a full week for workshops, discussion groups and activities to raise awareness of the importance of privacy .

Seasonal campaigns :

Launch privacy awareness campaigns during Cybersecurity Awareness Month or end-of-semester registration times .

9. Specialized training for researchers :

Because researchers handle sensitive data, specific training is provided to explain how to collect, process and share research data in accordance with ethical standards .

.10 Use of interactive technology :

Awareness applications :

Develop smart applications that provide daily tips and interactive explanations about data protection .

Alerts and awareness messages :

Send periodic notifications to students and staff to remind them of privacy policies and best practices .

Main topics covered in the programs :

1. Definition of privacy policy and its importance .

2. Types of personal data collected by the university and for what purpose .

3. Individual rights (such as access, correction, deletion) .

4. How to protect personal data during daily use .

5. Handling data when sharing with third parties .

6. Use the university's digital platforms safely and carefully .

7. Steps to follow in the event of any privacy breach .

Measuring the effectiveness of awareness and training programs :

Satisfaction surveys : Conducting surveys of students and staff to measure their awareness of the privacy policy .
Accident reports : Analyze the number of privacy-related security incidents to evaluate the positive impact of the programs .
Performance indicators : Monitoring the percentage of employees and students’ commitment to the privacy policy after training .

conclusion

The University hopes that its privacy policy, which it has decided to be comprehensive and clear in relation to... With their personal data , it increases trust between it and all parties related to its services.