What personal data we collect


While specific information may vary for particular individuals, we may collect, use, store and transfer different kinds of personal data about you, including:

• Basic biographic/contact information – names, home and business addresses, phone numbers, email addresses, and social media contact information
• Demographic information –  including gender, birth and death dates, photograph, language, citizenship and ethnicity (if provided)
• Student “directory information” obtained from admission, academic, or alumni records
• Employment information – company names, job titles, and industry information
• Family and network information – spouse/partner's name, children's names and birth dates, and other familial and non-familial relationships
• Information on participation in activities – event attendance, volunteer interests, organization affiliations, committee participation, awards and honors
• Information about donors and prospective donors – giving information regarding any donation which is made, including wealth assessment information and indicators of your interest in giving
• Analytical information – aggregated information related to web visitor activity and email marketing actions

How we use your personal data


We use your personal data in support of our school and its mission, as well as to enable us to provide certain services to our current students, parents, alumni, employees, and other supporters.  
Specifically, we may use your personal data to:

• Keep you updated with information about academic and alumni activities
• Conduct surveys, donation preferences, and other interests
• Provide email or traditional mailings of school information or literature
• Provide access to an online account for enabling online giving, event registration, academic records, or other pertinent information
• Send you information about volunteer activities and invite you to associated events in your area
• Conduct philanthropic preference research in order to understand alumni and supporters, to inform our fundraising strategy and target our communications.
• Perform administrative tasks and for internal record keeping purposes.
• Create and analyze aggregated information about our students, alumni, donors and other supporters for statistical research purposes in support of our educational mission.
• Issue tax receipts
• Create online donor listings

Information for Data Subjects Located in the European Union (EU)/European Economic Area (EEA)


For data subjects located in the EU/EEA, the GDPR may afford you rights in certain circumstances, including the right to be informed of how your personal data is used, the right of access to your personal data, the right to rectify or have your personal data erased where appropriate, the right to object to or restrict the processing of your personal data, and the right to object to communications, direct marketing, or profiling.  Articles 12 through 23 of the GDPR provide further information about your rights as a data subject, to the extent applicable.  You also have the right to lodge a complaint with your national or regional data protection authority.  If you are interested in exercising these rights, we request an opportunity to discuss with you any concerns you may have about the processing of your personal data. To protect the personal data we hold, we may also request further information to verify your identity when exercising these rights.  Upon a request to erase your information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future.  We may also need to retain some financial information for legal purposes, including US IRS compliance.  In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against or exercising our rights with respect to such claim.


By providing information to Shattuck-St. Mary’s, you consent to the transfer of your personal information outside of the EU/EEA to the United States.  You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EU/EEA.