Last Revision Date — May 24, 2018
The University of Michigan recognizes and values the privacy of the university community members and its guests, and strives to be the leaders and best in the ways in which we manage your personal information. This value is reflected in Regent’s Bylaw Sec. 14.07. Privacy and Access to Information, which states in part:
“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”
In principle, the University of Michigan strives to:
- Collect, store, and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with legal obligations.
- Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
- Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
- Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Communicate with our students, faculty, employees, suppliers, partners, and others about how we use personal information in our day-to-day operations.
- Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
- Integrate privacy in the design of our activities when that involves the use of personal data.
This scope of this notice applies to our practices for gathering and disseminating information related to the University of Michigan main website (umich.edu). It is meant to provide you an overview of our activities that require the processing of personal information and our approach to protecting privacy. Please be advised that specific schools, departments, units, clubs, and other groups may have specific privacy notices for their activities related to their collection and processing of your personal information.
At the University of Michigan, we strive to appropriately manage, secure, and keep private and confidential the personal data entrusted to us.
How We Collect Information
The University of Michigan collects personal information in the following circumstances:
- Direct Collection: When you directly provide it to us, such as when you sign up for a newsletter on one of our websites.
- Automated Processes: Through automated processes. This includes information you provide us through technology, such as through a cookie placed on your computer when you visit our websites.
- From Others: We receive information from other organizations for legitimate, specific purposes (for example, transcripts for admissions purposes).
Our goal is to limit the information we collect to the information needed to support our business.
What Type of Information Do We Collect
During a user visit to umich.edu, we automatically collect and store certain information about the visit. Information collected includes:
- The Internet domain from which a visitor accesses the website
- The IP address assigned to the visitor’s computer
- The type of browser the visitor is using
- The date and time of visit
- The address of the website from which the visitor has linked to umich.edu
In addition, the University of Michigan collects information from users that visit umich.edu or through University of Michigan contracted-for third-party advertising and marketing providers (ex: Google Analytics, and Google Adworks). Information collected may include:
- Content viewed during the visit
- Date and time of visit
- Amount of time spent on the website
- Visitor location based on IP address
- Demographic information
The University of Michigan website also may provide opportunities for site visitors to voluntarily provide personally identifiable information, such as their email address, name, telephone number or street address.
How This Information Is Used
The University of Michigan collects and uses information about user visits to allow the university to monitor website performance, make improvements to site navigation and content, and better market to prospective students and other audiences.
The university may also collect and use personal information provided by site visitors for educational programs (e.g., related to admission), administrative purposes (e.g., related to employment), or university engagement (e.g., attending a university sponsored event).
We may occasionally process other personal information for other legitimate and specific purposes. When these situations occur, we will endeavor to inform you of such occasional processing activities, since transparency is one of our core principles for using personal information for the purposes for which it was collected.
With Whom This Information Will Be Shared
The University of Michigan does not sell or rent your personal information. We may, however, share your personal information in limited circumstances, such as with service providers that support business activities. We require our service providers to keep your personal information secure. We do not allow our service providers to use or share your personal information for any purpose other than providing services on our behalf.
We may also share your personal information when required by law, or when we believe sharing will help to protect the safety, property, or rights of the university, members of the university community, and university guests.
What Choices You Can Make About Your Information
To enhance your experience, we may place “cookies” on your computer or device. Cookies are files that store your preferences. When you access umich.edu, the following cookies may be placed on your device, depending on your web browser settings. Our website uses the following types of cookies:
Google Analytics Cookies
Opt-out: Find out more about managing cookies through your browser .
Social Media Plugins
How Information Is Secured
The University of Michigan recognizes the importance of maintaining the security of the information it collects and maintains, and we endeavor to protect information from unauthorized access and damage. The University of Michigan strives to ensure reasonable security measures are in place, including physical, administrative, and technical safeguards to protect your personal information.
Privacy Notice Changes
This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.
Who to Contact with Questions or Concerns
If you have any concerns or questions about how your personal data is used, please contact us at email@example.com .
We strive to promptly respond to your request, and will do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority. You also have the right to submit a complaint in the Member State of your residence or place of work of an alleged infringement of the GDPR.
NOTICE SPECIFIC TO PERSONS WITHIN THE EUROPEAN UNION
If you are in the EU and you interact with the University of Michigan in the context of this website, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”) and under the legal framework of Directive 2002/58/EC (“ePrivacy” Directive). In these circumstances and as applicable, the University of Michigan may be the controller of the processing of your personal data. Please see also our GDPR resources webpage for more information.
LEGAL BASIS FOR PROCESSING
When we process your personal information, we will endeavor to have a valid lawful ground for processing in place. We process your personal information relying on different lawful grounds for processing, depending on the context of the processing activity.
The University of Michigan is committed to facilitating the exercise of the rights granted to you by EU data protection law (the right to access your data, to ask for erasure, correction, restriction, portability of your data or to object to the processing of your data) in a timely manner for personal information that properly falls under the GDPR.
In order to be able to reply to your request for exercise of your rights, and if we are not certain of your identity, we may need to ask you for further identification data to be used only for the purposes of replying to your request. If you have any inquiries or requests, please write to firstname.lastname@example.org or contact us through our postal address.
We strive to keep personal data in our records only as long as they are necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate purposes and all applicable legal requirements.
When you interact with the University of Michigan, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have obtained an adequate level of protection from the European Commission. To ensure the lawful transfers of personal data from the EU, the University of Michigan relies on the derogations laid out in Article 49 GDPR. Be advised that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this website privacy notice.