ֱ̲

ֱ̲ logo

ֱ̲ Privacy statement

1. Commitment To Privacy

ֱ̲ (ֱ̲) or “University” is committed to maintaining the privacy and security of any collected confidential or highly sensitive personal information. The University’s commitment to privacy aligns with the requirements of the Family Educational Rights and Privacy Act of 1974 (FERPA), (University Registrar’s FERPA Page) the University’s , ,and other relevant University Policies.

This policy has been adopted to address the collection, use, and dissemination of personal information by the University. This policy is subject to change over time, as the technologies utilized to provide services via the Internet continue to develop and evolve. Despite changes in technology, any alterations to this policy will not affect the University’s commitment to privacy.

2. General Statement

This policy applies to all information digitally collected by or submitted to ֱ̲. ֱ̲ receives information via two primary methods:

3. Information Collection

3.1 Automatic Collection

If a user has not taken specific steps to anonymize their personal web traffic (e.g. apply mechanisms such as the Google Analytics Opt-out Browser Add-on that disable the collection of data for analytical purposes), official University websites may collect certain information automatically. This information includes, but is not limited to:

Any information collected automatically is not associated with any other information held by the University (i.e. not linked with information voluntarily provided to University) unless the University is required to do so by law.

3.2 Voluntary Submission

In order to provide information and/or services, the University may request users to provide personal information, some of which may be personally identifiable information (PII). Information such as name, date of birth, email address, etc. can be collected via voluntary submission of an email or web form to a ֱ̲ entity.

4. Information Use

4.1 Website Information Use

Website information that is gathered automatically is utilized to improve the understanding of how University-provided websites are being leveraged by the user community.

For example, some University websites use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses “cookies” (i.e. files used to track website activity) to determine how users navigate University sites. Google uses this cookie data for various purposes, including the evaluation of website use, reports on website activity, and other services.

4.2 University Use of Submitted Information

Any information submitted to the University voluntarily in order to receive services and/or information will only be utilized to conduct official university business. ֱ̲ may disseminate voluntarily submitted information to third parties and offices/departments within the University to the extent necessary in order to provide the requested services and/or information. ֱ̲ may also disseminate such information if required by applicable international, federal, state and/or local laws.

The University will not disclose any information submitted voluntarily for reasons other than mentioned above, without clear notice and the opportunity to opt-out or otherwise prohibit such uses. ֱ̲ will never sell or trade voluntarily submitted information to other entities unless a prior consent has been obtained and/or such information is being shared in response to a subpoena, court order, or legal process.

There is no legal requirement for a user to provide any information to the University. However, without certain information, University websites and services may not function as intended and features may be inaccessible.

4.3 Third Party Use of Sensitive Personal Information

The University may disclose an individual’s sensitive personal Information and other personal information as follows:

Consent: The University may disclose personal information if the University has the individual’s consent to do so.

4.4 Retention and Destruction of Personal Information

An individual’s personal information will be retained by the University in accordance with applicable state and federal laws, and the University’s applicable retention periods. An individual’s personal information will be destroyed upon the individual’s request unless applicable law requires destruction after the expiration of an applicable retention period as per the . The manner of destruction shall be appropriate to preserve and ensure the confidentiality of the individual’s information given the level of sensitivity, value and criticality to the University.

5. Use of Cookies

Some ֱ̲ websites use cookies (beyond cookies utilized by Google Analytics), which enable the University to further tailor its web services to the needs of the user community. Cookie data assists the University in improving both web content and distribution. Users have the right to refuse the use of cookies by implementing technical configurations in their web browsers; however, functionalities of certain sites may be impacted if such configurations are implemented.

6. External Links

Some University sites may contain links to external websites not owned by, or officially affiliated with, ֱ̲ in any way. If a user decides to navigate to external links, the user will leave the University website and thus, the University is not responsible for privacy practices or the content of such websites. Navigating to external links is done at the user’s own risk and users should be aware that ֱ̲’s policies no longer apply. The University recommends that users review the privacy policy and applicable terms of all sites they visit.

7. Data Security

ֱ̲ implements stringent security measures wherever possible to promote confidentiality, integrity, and availability of any information in the possession of the University per the University’s . ֱ̲ websites that allow users to submit information voluntarily utilize encryption to prevent third-parties from viewing the submitted data. Personal information voluntarily submitted via email cannot leverage encryption in most cases, and thus email is not a mechanism that ֱ̲ will recommend for submitting confidential and/or personal data. Users that submit unsolicited confidential and/or personal information via email must do so at their own risk.

While the security of user data is of the utmost importance to ֱ̲, due to the nature of Internet communications, no data transmission over the Internet can be guaranteed to be completely secure. Any information transmitted to ֱ̲ by the user is done so at the user’s own risk. Once the information is received by ֱ̲, the University will make every effort to ensure the security of data on the ֱ̲ systems.

If an individual’s sensitive personal information and/or other personal information is compromised, ֱ̲ will notify the individuals affected and inform appropriate governing agencies, per our .

8. Individuals in the European Economic Area and GDPR

The purpose of the General Data Protection Regulation (“GDPR”) is to protect all European Union (“EU”) citizens from privacy and data breaches by allowing citizens to maintain control of the personal data kept and processed by organizations. The GDPR also protects the personal data of individuals, regardless of citizenry, in the EU.

ֱ̲’s Privacy Statement outlines the collection, use, and disclosure of personal information provided to the University by students, faculty and staff, alumni and other members of our community to which the GDPR applies. When information is submitted to ֱ̲, or a person uses the University’s websites and other services, the user consents to the collection, use, and disclosure of that information as described ֱ̲’s Privacy Statement.

Through the GDPR, EU Citizens have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of their information in accordance with all applicable laws. The erasure of their information shall be subject to applicable state and federal laws, and the applicable retention period. If an EU Citizen has provided consent to the use of their information, they have the right to withdraw consent without affecting the lawfulness of the University’s use of the information prior to receipt of their request.

Information created in the European Union will be transferred out of the European Union to the University. If a user feels the University has not complied with applicable foreign laws regulating such information, the user has the right to file a complaint with the appropriate supervisory authority in the European Union.

Read more about the .

9. Contact Information

For questions about this privacy statement or to make a privacy-related request, please contact the University Registrar at transcripts@ulm.edu

Last updated 6/1/2023