University Privacy Statement
The University of Arizona (“UA”) provides information and services to students, employees, and the public through its information technologies to supplement services provided on campus. We are committed to protecting the personal information and the security of our users and being transparent about the information we hold. UA has developed this statement to explain how personal information that is collected is handled and used.
In addition to the information in this Privacy Statement, UA’s Information Technology Policies (such as the Code of Conduct, acceptable use policies, and the policies of the Information Security Program) set forth requirements that you must follow when using UA’s websites and information technologies.
If you are in the European Union, please also review UA’s Supplemental Privacy Provisions for Persons in the European Union. These EU Supplemental Privacy Provisions provide additional information regarding UA’s processing of personal data you submit or disclose to UA (or to a third party that transfers it to UA for processing) while you are in the European Union.
We encourage you to periodically review this Privacy Statement, as well as any information linked from this Privacy Statement, because we may update it from time to time.
This statement applies to all personal information collected by or submitted to UA. It (along with any supplemental statements, notices, or policies provided by UA or its colleges, departments, or units) should not be construed as a contractual promise.
What Services UA Provides Online
UA’s websites provide online information and services to all users of UA’s information technologies (“Users”) consistent with UA’s mission, vision, and core values (our “Mission”).
In addition to information and services provided on UA websites, UA may also provide links or other connections to external services and information provided by non-UA service providers. These non-UA provided services may include the education versions of D2L, Box.com, Amazon Web Services, Microsoft Azure, Microsoft Office365 and Google’s G-Suite, which includes Gmail. Non-UA service providers have their own privacy policies that are not covered by this Privacy Statement. UA is not responsible for the privacy practices or policies of non-UA service providers and any links or connections are not intended to be an endorsement of their privacy practices or policies. We recommend you review the privacy practices and policies of all non-UA service providers.
Information UA Collects from Users and How We Use it
UA collects information actively provided by you to UA (or to a third party that transfers it to UA for processing). We may also collect information about the computers, mobile devices, or other devices you use to access UA’s information technologies, such as IP address, unique device identifiers, browser types, browser languages, web pages requested, network software access, referring web pages, date, time, and duration of activity, passwords, and accounts accessed, volume of data storage and transfers, and locations of User devices when connected to UA’s information technologies. Logs of this information may be retained. When you enter into a transaction with UA, participate in a UA class or program, attend a UA event, or otherwise engage with UA or our facilities, we may also collect information about that interaction, such as its content, time, and location. We may also collect information when you interact with UA through its official social media outlets. We may also receive information about you from other sources and link or combine that with information we collect about you to help understand your needs and provide you with better service. We may contract with non-UA service providers to help us better understand Users. These non-UA service providers are not permitted to use the personal information collected on our behalf except to help us conduct and improve our services.
UA uses information collected for a number of interdependent purposes in support of UA’s Mission, including to provide services, to protect the security of UA’s information technologies, to support academic integrity, and to provide safety and security services to Users, as well as to monitor, preserve, and enhance the use, functioning, and integrity of UA’s information technologies. UA may also use information collected from you for analysis and statistical purposes consistent with UA’s Mission.
The following describes some of the types of cookies UA uses on our websites:
Functionality Cookies. We use functionality cookies to enhance website features, such as videos and live chat, and for personalization, such as storing your preferences (e.g. username and language selection). Functionality cookies may be set by UA or by third parties whose services we have added to our websites. If you do not allow these cookies, you may not be able to use some portions of our websites, and some website functions may not work properly.
Social Media Cookies. Social media cookies may be set by third parties such as YouTube and Facebook to collect information about your social media usage.
Analytics Cookies. Analytics cookies collect information about your use of our websites and help us improve the way it works. For example, analytics cookies identify the most frequently visited pages, record any difficulties you have, and show whether our advertising is effective. This allows us to see the overall patterns of usage on the websites, rather than the usage of a single person. We use the information to analyze the websites’ traffic.
Targeting/Advertising Cookies. We use targeting/advertising cookies to create profiles and personalize content. We may use third party products, such as Google Analytics, to market UA’s services to you on third party websites. For example, if you visit UA websites, you may then see advertisements for UA on other websites.
You can learn more about cookies and their functions generally by visiting an information website, such as allaboutcookies.org.
Do Not Track Signals. Some web browsers have a "Do Not Track" (“DNT”) feature that tells websites that users do not want to have their online activity tracked. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, UA does not currently require that websites respond to DNT signals.
Alternatives to Website Transactions
If you prefer not to provide information to UA through our information technologies, you may contact the UA administrative unit responsible for the service to learn about available alternative options.
Disclosure of Information
Within UA, only authorized UA-affiliated individuals have access to confidential personal information. All persons with access to personal information are required to receive mandatory security and privacy training before accessing any systems.
UA does not disclose confidential personal information we collect through our information technologies to individuals or entities not affiliated with UA, except in the limited circumstances described below, or as authorized by you. UA may disclose your personal information to its affiliated entities and partners in support of UA’s Mission. Non-confidential information may be disclosed or distributed pursuant to federal laws, state laws, including Arizona’s public records laws, and UA and Arizona Board of Regents (“ABOR”) policies. These laws and policies explain what information may be shared or disclosed. They also explain what information is protected as confidential.
Set forth below are circumstances in which confidential information potentially may be disclosed:
Student Records. Certain records of students are protected by the federal Family Educational Rights and Privacy Act(“FERPA”), the Gramm-Leach-Bliley Act, Arizona law, and UA Policy. Information about students’ access to their education records and protection of education records is available on the UA Registrar’s informational websites about FERPA and the Gramm-Leach-Bliley Act. This website also provides information on students’ rights to limit access to their directory information. UA may disclose confidential student information with the consent of the student, under subpoena or court order, or in other limited circumstances as permitted by FERPA.
Employee Records. Access to UA personnel records is governed by Arizona Board of Regents Policy 6-912 and Arizona law.
Public Records Laws. UA may be required to provide access to UA records to third parties pursuant to Arizona’s public records laws, ARS §§ 39-121 through 39-161. Where public records are requested for commercial purposes, UA may require payment for such records. Additional information about Arizona’s public records laws is available at www.arizona.edu/publicrecords.
Court Order or Public Safety. UA may be required to disclose confidential information pursuant to a valid court order or lawfully issued and served subpoena, search warrant, or other legal order. In addition, UA may disclose confidential information to law enforcement if UA believes that disclosure is necessary to protect UA, to protect the health or safety of individuals, or if law enforcement believes that UA’s resources have been used in the commission of a crime.
Contractors. UA may contract with non-UA service providers to provide services and information to UA or through UA’s information technologies. UA may provide information, including personal information collected on our information technologies, to non-UA service providers to assist UA to deliver classes, programs, products, information, and services. UA also contracts with non-UA service providers to perform analysis, research, and administrative activities for UA. UA requires non-UA service providers to protect confidential and personal information on our behalf.
Academic Research and Related Activities. UA may share personal information with research collaborators as outlined in an approved human research protocol. If you are a participant in such a study, please contact the principal investigator or the Human Subjects Protection Program for more information on any such sharing.
Other research projects may also share data derived from your personal information, but only in a de-identified manner unless you give your consent.
Alumni and Development Services. UA shares personal information with our alumni engagement and development partners, including the University of Arizona Alumni Association (UAAA) and the University of Arizona Foundation (UAF). These partners may have their own privacy policies that govern any relationship you may have with them. Please refer to their privacy policies for more information on their privacy practices, which may permit broader disclosures of information than what is described in this Statement. In particular, these alumni partners may provide your personal information for the purpose of providing you goods and services via third-party vendors, contractors or consultants. These third parties may compensate or share revenue with our alumni partners as part of this relationship; our alumni partners do not permit these third parties to use or re-disclose such information for unauthorized purposes or those not related to their contractual relationships.
Other. In addition to the foregoing situations, other federal laws, state laws, or ABOR or UA policies may protect your information as confidential. In such circumstances, the University will not disclose your confidential information except as permitted in such law or policy. For a list of UA policies, visit policy.arizona.edu.
We may also share aggregated or de-identified information, which cannot reasonably be used to identify you.
UA takes steps to ensure that confidential information collected through its information technologies is secure. These steps include: ongoing user education; implementing identity and access management solutions; using tools in an effort to minimize the impacts of malware, phishing, and hacking attempts; and monitoring activity to identify potential system threats. UA routinely assesses and enhances tools and processes available to strengthen our online security. As with any online communications, security is impossible to guarantee and users should take reasonable precautions to protect their personal information from unintended disclosure. For more information on UA’s information security practices, visit security.arizona.edu.
If you believe UA has not adhered to this Privacy Statement, please contact UA’s privacy team at firstname.lastname@example.org. UA will use reasonable efforts to address your concerns, although there may be circumstances where we cannot assist.
We will publish on our website any changes we make to this Privacy Statement.