Skip to main content
Skip table of contents

Learner Records and Privacy

Learner Record Management

Nexford University mandates the permanent retention of all learner records, including academic, financial, and other non-academic documentation. Access to these records is restricted to authorized personnel and must be managed in accordance with this policy.

This policy outlines responsibilities for the management of learner records and aims to:

  • Fulfill business, legal, and accreditation requirements

  • Safeguard learner privacy and personal identifiable information

  • Preserve a complete and accurate history of learner engagement

  • Support institutional continuity and accountability

Records may only be deleted or destroyed if required by applicable laws, regulations, judicial or administrative orders, or audit directives. Any such exceptions must be documented and approved by the designated records administrator.

Purpose

This policy guides the University in the access, maintenance, and preservation of learner records. It establishes procedures for the secure and compliant handling of these records.

Academic Record

Learner records include any academic or administrative information related to a learner’s engagement with the University. These may include, but are not limited to:

  • Academic: transcripts, admission documents, waivers, and grade books

  • Non-academic: tuition and payment records, communications, and service requests

Retention Period

Nexford University has adopted a permanent retention policy for all learner records. Exceptions must be legally mandated and formally approved.

Records Destruction

Records destruction refers to the secure physical or electronic disposal of records that are no longer required and have been approved for deletion. Any destruction activity must comply with applicable legal requirements and follow University-approved procedures to ensure confidentiality and data protection.

Litigation Hold

A litigation hold is a directive issued in response to ongoing or anticipated litigation, audits, government investigations, or similar matters. It suspends the normal process regarding the retention and disposition of University records.

Roles and Responsibilities

All employees, faculty, and staff members of the University are responsible for familiarizing themselves with and adhering to the provisions outlined in this policy. 

Learner Privacy and Confidentiality

As members of the academic community who adhere to the highest standards of academic integrity and learner privacy, all employees and faculty access learner records only as permitted under §99.31 of FERPA, the Family Educational Rights and Privacy Act. More information on FERPA can be found here.

Nexford University complies with the European Union’s General Data Protection Regulation (GDPR). The GDPR applies to all organizations processing the personal data of data subjects residing in the Union, regardless of the organization’s location, where activities between data subjects and the organization relate to offering goods or services irrespective of whether payment is required.

Learners have the right to obtain confirmation as to whether their personal data is being processed, where it is being processed, and for what purpose. Upon request, such information will be provided in an electronic format at no additional cost. Learners also have the right to request the erasure of personal data that is no longer relevant to the original purposes of processing, except where the University is required to retain such data to maintain accurate academic records or comply with legal obligations. More information about the 2018 Reform of EU Data Protection Rules can be found here.

Nexford University’s Learner Privacy and Confidentiality Policy outlines standards and practices regarding the collection, use, and protection of personal information. This policy applies to all current and prospective learners, faculty, staff, and third parties who interact with the University in connection with its programs. By enrolling in the University’s programs, learners acknowledge that they have read, understood, and agree to the terms of this Privacy and Confidentiality Policy.

Nexford University defines personal information, confidential information, and educational records as follows:

  • Personal information. Any information that can identify an individual, such as name, address, date of birth, academic records, and contact information.

  • Confidential information. Any information that is not publicly available and is protected from unauthorized disclosure.

  • Educational records. Records directly relating to a learner and maintained by the University or a party acting on its behalf, as defined by FERPA.

Nexford University is committed to maintaining the privacy and confidentiality of all personal information collected in compliance with FERPA and GDPR.

Collection of Personal Information

Nexford University collects personal information through various means, including:

  • Application forms

  • Enrollment processes

  • Course registrations

  • Communications (emails, SMS/text messages, phone calls, synchronous meetings, complaints)

  • Online learner portals, surveys, and website form submissions

Use of Personal Information

Nexford University uses personal information for the following purposes:

  • Processing applications and admissions decisions

  • Enrolling learners in programs and courses

  • Maintaining academic records

  • Communicating with learners about program-related matters

  • Providing support services

  • Complying with legal and regulatory requirements

  • Conducting research and analysis for continuous improvement

  • Marketing outreach via email and SMS/text message where explicit consent is provided as required by law

Protection of Personal Information

Nexford University employs a range of security measures to protect personal information, including:

  • Secure electronic data storage systems

  • Physical security measures for hard copy files and records

  • Access controls and authentication protocols

  • Regular security audits and assessments

  • Staff training in data privacy and confidentiality

Disclosures of Personal Information

Personal information may be disclosed to third parties only under the following circumstances:

  • With the explicit consent of learners

  • To comply with legal obligations

  • To authorized service providers who support institutional operations (e.g., IT services, mailing services)

  • To partners in collaborative programs or academic exchanges, with prior notifications to learners

  • As permitted or required under FERPA, including disclosures to:

    • University officials with legitimate educational interests

    • Other institutions where learners seek to enroll

    • Appropriate parties in connection with financial payments

    • Accrediting organizations

    • Compliance with a judicial order or lawfully issued subpoena

    • Appropriate officials in cases of health and safety emergencies

Learner Rights Under FERPA

Learners have the following rights under FERPA:

  • The right to inspect and review their educational records within 45 days of submitting a written request to the Registrar’s Office.

  • The right to request the amendment of educational records they believe are inaccurate or misleading by submitting a written request to the Registrar’s Office, specifying the inaccuracy or misleading information.

  • The right to consent to disclosures of personal identifiable information contained in their educational records, except to the extent that FERPA authorizes disclosure without consent.

  • The right to file a complaint with the US Department of Education concerning alleged failures by Nexford University and to comply with FERPA requirements.

Learner Rights Under GDPR

Learners in the European Union have the right to:

  • Access their personal information (data subject access request)

  • Request correction of personal information

  • Request erasure of personal information where no legitimate processing reason exists

  • Request restriction of processing

  • Object to processing, including for direct marketing purposes

  • Request transfer of their personal information to another party

Authorization to Release Education Records

Under the Family Educational Rights and Privacy Act (FERPA), learners control access to their educational records. Learners who wish to authorize the release of their educational records to third parties, including parents, sponsors, employers, or other individuals or organizations, may do so through the Privacy Settings page in their myNXU Profile.

Through the Privacy Settings page, learners may designate the specific educational records that may be disclosed and identify the individual(s) or organization(s) authorized to access those records by providing their name, email address, and/or phone number. Once submitted, the authorization preferences will be saved to the learner’s record.

Learners who are self-funded should complete the applicable fields under the “For Self-Funded Learners” section to authorize the release of their records.

image-20250110-223546.png

Privacy Settings fields in myNXU for sharing education records

Learners may update or revoke their authorization preferences at any time through the Privacy Settings page in their myNXU Profile.

Cookies, Advertising, and Messaging 

Cookies: Nexford University uses Google Analytics cookies to monitor site performance. These cookies collect information about website usage and performance and do not directly identify individuals. The University's website uses cookies based on the consent provided through its Cookie Banner, except for cookies that are strictly necessary for website functionality. Users may customize their cookie preferences through Google Analytics' opt-out browser add-on

Remarketing: Nexford University uses third-party remarketing tracking cookies and pixels, including Google Ads and AdRoll, to serve targeted advertisements based on prior website visits. Where required by applicable law, including within the European Union (EU/EEA), remarketing technologies are used only after obtaining user consent through the Cookie Banner. Users may withdraw consent or opt out of targeted advertising at any time by adjusting their cookie preferences or through the Ads Preferences Manager (Google) or Your Ad Choices (Adroll).

SMS/Text Messaging Communications: By voluntarily providing a mobile phone number through University forms, individuals may consent to receive administrative or marketing text messages. Consent to receive marketing text messages is not a condition of enrollment.

Mobile phone numbers and SMS opt-in data will not be shared with third parties or affiliates for marketing or promotional purposes. This information is used solely for communications from the University.

Individuals may opt out of receiving text messages at any time by following the opt-out instructions included in the message or by texting STOP.

Retention of Personal Information

Personal information is retained only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law. When personal information is no longer needed, it is securely destroyed or permanently deleted.

Data Breach Notification

In the event of a data breach that compromises personal information, Nexford University will notify affected individuals in accordance with applicable laws and take appropriate steps to mitigate the impact and prevent recurrence.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close