The University of Cincinnati (UC) recognizes the importance of privacy and is committed to protecting the personal data of our students, faculty, staff, alumni and guests. This Privacy Statement explains the type of personal data UC collects and how that data is used.
UC receives personal data from multiple sources, most often directly from you or from a third party whom you have directed to provide information to UC (e.g., application for admission to UC through the use of CollegeNet or the Common App).
The university’s publicly facing technology services (ex.: websites, student information system, learning management system, and similar) collect personal information that you knowingly and voluntarily provide when completing applications and forms, sending emails, registering for classes or other programs, responding to surveys, or ordering merchandise. Your personal information can be used to provide you with the needed information, products or services, as well as helping to enhance your experience with the university’s resources and technology services.
Cookies are small pieces of data stored by the web browser on your local computer or mobile device, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.
In order for UC to achieve its core mission, it is essential and necessary for UC to process personal data of its students, employees, applicants, research subjects, alumni and others involved in our educational, research, service and community programs. UC processes personal information for various lawful reasons, including, without limitation:
Personal data that UC processes typically includes, but is not limited to, name, Social Security number, date of birth, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.) and donations.
If you refuse to provide personal data that is required by UC in connection with one of UC’s lawful bases to collect and process the personal data, such refusal may make it impossible for UC to provide the requested or necessary service.
UC shares personal data with other parties when one or more of the following conditions apply:
We generally do not actively share personal information gathered from the university’s technology services such as our web servers. As UC is a public institution, some information collected from our websites, including information from our server logs, e-mails delivered to the UC, and information collected from digital forms, may be subject to the Ohio Public Records Act. In some cases, we may be required by law to release information gathered through and/or by UC technology services.
UC complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances. UC also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) where relevant and appropriate.
UC will comply with its published data protection policies in the processing of your personal data, except for legally permitted exceptions. Please see UC’s Office of Information Security website for related policies and further detail.
If you have specific questions regarding the collection and use of your personal data, please contact the Director of Privacy within the Office of General Counsel.
Generally, UC retains data it collects as specified in its General Records Retention Schedule.
The EU GDPR provides broad privacy protections to individuals physically located in the European Economic Area (EEA) (data subject(s)). Under certain circumstances, the GDPR may apply to UC activities in the EEA, for example, when a student attends a study abroad program in the EEA or when a faculty member is temporarily assigned to work on behalf of UC in the EEA. When subject to the GDPR, UC will comply with the regulation’s core privacy principles.
Under the GDPR, UC must have a lawful basis to process a data subject’s personal data. Although there will be some instances where the processing of personal data will be pursuant to other lawful bases (e.g., processing necessary to protect the vital interests or safety of a data subject, processing related to legal action involving the university, etc.), the following lawful bases will apply to most UC data processing activities:
Subject to all other applicable laws and regulations, including all laws of the United States and the State of Ohio, where legally applicable, certain data subjects have the following rights under the GDPR:
Please be aware that under certain circumstances, the GDPR or other applicable laws may limit a data subject’s exercise of the above rights. To exercise the above rights, data subjects should contact Privacy@uc.edu. Please note that exercising these rights is not a guarantee of a requested outcome.
Please email us if you have questions about this Privacy Statement, or if you find UC web pages that do not adhere to this statement.
© 2020 University of Cincinnati Online Copyright Information