CCURE Physical Access Control System Privacy Statement

CCURE Physical Access Control System Privacy Statement

Introduction

This Privacy Statement describes how Harvard University may access and use personal information about individuals in connection with providing the CCURE Physical Access Control System (“CCURE”) managed by the Harvard University Police Department (“HUPD”) and hosted and supported by Harvard University Information Technology (“HUIT”).

In this Privacy Statement, “CCURE” refers only to the CCURE application managed by HUPD and hosted and supported by HUIT. Some Harvard schools and units, including Harvard Business School, Harvard Medical and Dental Schools, and Harvard Art Museum, have set up other CCURE instances to which this Privacy Statement does not apply.

Users

This Privacy Statement applies to all Harvard University Identification cardholders (“cardholders”) using the CCURE system, regardless of relationship to Harvard.

Information Gathering

Personally identifiable information about cardholders that may be accessed by Harvard in connection with providing CCURE (“Personal Information”) includes:

  • HUID number;
  • Department affiliation, name, and role;
  • Photograph;
  • Journal history of ID Card usage including date/time and specific doors accessed; and
  • List of a cardholder’s access clearances, which may identify campus residential location.

Personal Information accessible by Harvard through CCURE may also include data about a cardholder’s Harvard affiliation or status.

Use of Information

Personal Information that Harvard may compile in connection with providing CCURE may be used for troubleshooting the access control system, criminal investigation purposes, and well-being checks.

Other uses of Personal Information by Harvard are described in other parts of this Privacy Statement.

Sharing of Information

Harvard may transmit a cardholder’s card history to other Harvard systems and certain third-party systems. Those third-party systems may include, for example, Crimson Clear, which uses cardholder Personal Information for purposes of auditing cardholder compliance with COVID safety protocols. Information shared with these systems includes card history data, which includes the cardholder’s name, date and time of cardholder’s entry, and the card reader doors accessed by the cardholder. In addition, Harvard may review card history data to determine building usage, for purposes such as planning for staffing and building operations. For example, the Libraries may run reports to determine usage of their facilities by schools and departments.

Harvard may also share Personal Information with third-party service providers in connection with data uses described in this Privacy Statement.

In addition, Harvard may share and disclose Personal Information if Harvard believes that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; investigate compliance with or enforce this Privacy Statement or any acceptable use policy for CCURE; detect, prevent, investigate, or otherwise address fraud, security or technical issues; or protect, defend, investigate, or enforce the operations, property, rights, and safety of users, Harvard, Harvard affiliates, and others.

Other sharing of Personal Information by Harvard is described in other parts of this Privacy Statement.

Information Protection

There are security measures in place to help protect against the loss, misuse, and alteration of the Personal Information under Harvard’s control. No data transmission, processing, sharing, or storage by any party can be guaranteed to be completely secure.

Contact Information

Please contact ithelp@harvard.edu with any questions or concerns about this Privacy Statement.

Changes to this Privacy Statement

This Privacy Statement may be amended from time to time. Any such changes will be posted on this page. This Privacy Statement was last updated on June 30, 2022.