Last Updated: March 30, 2020
The University of Michigan recognizes and values the privacy of the university community members and its guests. This value is reflected in the Regents of the University of Michigan bylawsection 14.07. “Privacy and Access to Information,”which states in part:
“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”
In principle, the U-M strives to:
- Collect, store and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with applicable legal obligations.
- Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
- Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
- Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
- Consider privacy principles in the design of our projects or activities that involve the use of personal data.
The U-M Privacy Statement is generally applicable to activities conducted by the University of Michigan that involve the processing of personal information. It is meant to provide you a broad overview of our activities that require the processing of personal information and our approach to protecting privacy.
Categories of Personal Information We Collect and Use
We define personal information as any information that relates to an identified or identifiable individual. We generally collect personal information in the following circumstances:
- When you directly provide it to us;
- From other organizations for legitimate, specific purposes (for example, information from libraries required to manage authentication).
We may occasionally process other personal information for various legitimate and specific purposes. When these situations occur, we will endeavor to inform you of such occasional processing activities.
Who Has Access to Your Information
The U-M does not sell your information to third parties, and does not share it with third parties for purposes other than supporting the legitimate interests and operations of the University.
We use a variety of third-party services to help fulfill the University’s business. We strive to be diligent with confidentiality, privacy and security standards that we require from all our service providers, and we strive to require that they only use your personal information for the purposes of providing those services.
How We Secure Your Information
Privacy Notice Changes
This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.
If you have any questions about our practices around the use of personal information, contact our Privacy Office email@example.com by mail at:
University of Michigan
500 S State St
Ann Arbor, Michigan, 48109
Notes Specific to Persons Within the European Union
If you are located in the EU, then our processing of your personal information may fall underRegulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).
In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see ourGDPR resources webpagefor more information.
Legal Basis for Processing
Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:
- 签订合同或履行合同的必要性(例如:您提交的在线申请;查阅报名时所提供的资料;for the payment information we process for tuition);
- Necessity for our legitimate interests or those of third parties (our legitimate interest to maintain a community for alumni);
- 同意(用于您可能参与的研究项目;for processing of special categories of personal data).
In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:
- Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
If you have any concerns or questions about how your personal data is used, please contact us firstname.lastname@example.org. We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.