This Privacy Statement describes how Harvard University gathers and uses personal information about individuals through Harvard University Authentication applications managed by Harvard University Information Technology (HUIT), which include the HarvardKey authentication service, the HarvardKey Self-Service application, and the XID Self-Service application. In this Privacy Statement, “HarvardKey” refers only to these HUIT-managed applications.
This Privacy Statement applies to all users of these HarvardKey applications with HarvardKey accounts, regardless of relationship to Harvard.
Personally identifying information about users that may be collected by Harvard through HarvardKey (“Personal Information”) includes:
- Login IDs, passwords, whether two-step verification is required, account claim status and date claimed.
- User’s name, date of birth, last 4 digits of social security number, email addresses, ID card image, directory privacy preferences.
Personal information collected by Harvard also includes data related to use of the HarvardKey application, and identifiers or other information about a user’s Harvard affiliation or status.
Harvard also collects log files of the IP addresses and browsers of computers accessing the application and the pages visited.
Use of Information
Personal Information is used to prove a user’s identity in order to authorize access to various resources or files, or to match a user’s identity to an existing account in an effort to avoid issuing multiple credentials to the same user. Harvard also may use Personal Information to send an emergency message to all users, to communicate with users in the case of an information security event, to secure users’ access, and to help users change passwords or transact other self-service requests.
Harvard may review users’ IP addresses and data on the files and resources they access to administer HarvardKey and to provide technical support and help diagnose problems. Harvard may use and retain email or other communications to staff in order to process inquiries, respond to requests, and improve services.
Other uses of Personal Information by Harvard are described in other parts of this Privacy Statement.
Sharing of Information
Harvard may transmit a user’s Personal Information to other systems that are integrated with HarvardKey, including certain third-party systems, to enable the user to access a service or resource. Information routinely shared with these systems (for those without FERPA blocks) is name, email address, unique identifier IDs, and role.
The HarvardKey applications may also contain links to other websites.
Harvard may also share Personal Information with other service providers in connection with data uses described in this Privacy Statement.
Other sharing of Personal Information by Harvard is described in other parts of this Privacy Statement.
In addition, Harvard may share and disclose Personal Information if Harvard believes that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; investigate compliance with or enforce this Privacy Statement or any acceptable use policy for HarvardKey; detect, prevent or otherwise address fraud, security or technical issues; or protect, defend or enforce the operations, property, rights and safety of users, Harvard, Harvard affiliates, or others.
Cookies and Related Technologies
You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies or you can opt out of the collection and use of some Cookies through tools like the Network Advertising Initiative opt-out page. If you disable or delete certain Cookies in your settings, you may not be able to use features of our websites.
We may use third party analytics such as Google Analytics or similar analytics services. For information on how Google processes and collects information using Google Analytics, please see www.google.com/policies/privacy/partners/ , and for how to opt out, please see https://tools.google.com/dlpage/gaoptout.
The opt-outs described above may not work for all browsers or devices.
There are security measures in place to help protect against the loss, misuse, and alteration of the personal information under Harvard’s control. No data transmission, processing, sharing or storage by any party can be guaranteed to be completely secure.
Please contact firstname.lastname@example.org with any questions or concerns about this Privacy Statement or the practices of the HarvardKey applications.
Users Located in the European Economic Area and the United Kingdom
If you are located in the European Union, Iceland, Liechtenstein or Norway (the European Economic Area) or the United Kingdom, please see https://gdpr.harvard.edu/eeaprivacydisclosures for Harvard’s Additional EEA Privacy Disclosures.
Changes to this Privacy Statement
This Privacy Statement may be amended from time to time. Any such changes will be posted on this page. This Privacy Statement was last updated on May 19, 2021.