MIT Lincoln Laboratory Beaver Works (MITLLBW)

Privacy Statement

Introduction

The MITLLBW is committed to supporting the privacy of students, parents, teachers, recommenders of MIT.  This Privacy Statement explains how we handle and use the personal information we collect about the students, parents, teachers, recommenders.  

What personal information we collect

While specific information may vary for particular individuals, we may collect, use, store and transfer different kinds of personal information about you, which we have grouped together as follows:

• Basic biographic/contact information – home and business addresses, phone numbers, email addresses, and social media contact information
• Demographic information – names, genders, birth dates, photographs
• Analytical information – aggregated information related to web visitor activity and email marketing actions
• Basic Health Information – dietary needs, allergies, doctor’s information, health insurance

How we collect personal information about you

This information is collected through webforms that the student, parent, teacher or recommender fill out.

How we use your personal information

We use your personal information for a number of legitimate purposes all in support of the Institute and its mission.  Specifically, we use your personal information to:

• Emails to individuals regarding our program
• Demographic information for reporting to MIT, Lincoln Laboratory and sponsors (no names or personal data is given with this information)
• Emails to accepted students and parents with ongoing program information
• Develop and publish brochures/pamphlets about the program to distribute to sponsors, participants and potential new sponsors/participants

If you have concerns about any of these purposes, or how we communicate with you, please contact us at MIT Lincoln Laboratory Beaver Works. We will always respect a request by you to stop processing your personal information (subject to our legal obligations).

When we share your personal information

To perform the functions listed above, it may be necessary to share your personal information with our sponsors and grantors.

How your information is stored and secured

MIT uses risk-assessed administrative, technical and physical security measures to protect your personal information.  Our webform company offers an enterprise-level solution that is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  AWS Hosting. The webform company uses AWS in the United States as our external security hosting provider. AWS meets System and Organization (SOC) standards verified by independent third-party examination reports demonstrating how the provider achieves key compliance controls and objectives. Please see the following website for further details on AWS compliance: https://aws.amazon.com/compliance/programs/. Our webform company will protect your data from unauthorized access, they have logs with alerts set to notify us of suspicious activity.  If you provide credit card information that information will be destroyed after the program ends and payment has been fully received.         

How long we keep your personal information

MITLLBW  will keep directory information about you, including your name, email, address, phone, school data, indefinitely.   For any HIPAA related data we will delete all records one month after the current program ends.

Rights for Individuals in the European Economic Area

You have the right in certain circumstances to (1) access your personal information; (2) to correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling.  To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights.  You also have the right to lodge complaints with your national or regional data protection authority.  

If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identity when exercising these rights.  Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for MIT archival purposes.  We may also need to retain some financial information for legal purposes, including US IRS compliance.  In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against or exercising our rights with respect to such claim.

By providing information directly to MIT, you consent to the transfer of your personal information outside of the European Economic Area to the United States.  You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.

You are under no obligation to provide any personal data to us; however, failure to do so may prevent our ability to consider your application for participation in the program.

Additional Information

We may change this Privacy Statement from time to time.  If we make any significant changes in the way we treat your personal information we will make this clear on our MIT websites or by contacting you directly.

The controller for your personal information is MIT.  If you are in the EU and wish to assert any of your applicable GDPR rights, please contact dataprotection@mit.edu.  

This policy was last updated in December 2021.