Privacy

Last Updated: March 30, 2020

Fulcrum由密歇根大学图书馆创建并主办,是密歇根大学(U-M)的一个项目,遵循其政策。

The University of Michigan recognizes and values the privacy of the university community members and its guests. This value is reflected in the Regents of the University of Michigan bylawsection 14.07. “Privacy and Access to Information,”which states in part:

“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”

Overview

In principle, the U-M strives to:

  • Collect, store and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with applicable legal obligations.
  • Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
  • Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
  • Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
  • 与我们的学生、教师、员工、供应商、合作伙伴和其他人就我们如何在日常运营中使用个人信息进行沟通。
  • Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
  • Consider privacy principles in the design of our projects or activities that involve the use of personal data.

Scope

The U-M Privacy Statement is generally applicable to activities conducted by the University of Michigan that involve the processing of personal information. It is meant to provide you a broad overview of our activities that require the processing of personal information and our approach to protecting privacy.

Categories of Personal Information We Collect and Use

We define personal information as any information that relates to an identified or identifiable individual. We generally collect personal information in the following circumstances:

  • When you directly provide it to us;
  • 通过自动化流程(例如,通过与我们的网站如Fulcrum的交互);or
  • From other organizations for legitimate, specific purposes (for example, information from libraries required to manage authentication).

我们只会为合法和特定的目的处理您的个人信息,并方便大学的各种运作。

We may occasionally process other personal information for various legitimate and specific purposes. When these situations occur, we will endeavor to inform you of such occasional processing activities.

Who Has Access to Your Information

The U-M does not sell your information to third parties, and does not share it with third parties for purposes other than supporting the legitimate interests and operations of the University.

We use a variety of third-party services to help fulfill the University’s business. We strive to be diligent with confidentiality, privacy and security standards that we require from all our service providers, and we strive to require that they only use your personal information for the purposes of providing those services.

How We Secure Your Information

U-M认识到维护其收集和维护的信息安全的重要性,我们努力保护信息不受未经授权的访问和破坏。U-M努力确保合理的安全措施到位,包括物理、管理和技术保障措施,以保护您的个人信息。

Privacy Notice Changes

This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.

Contact

If you have any questions about our practices around the use of personal information, contact our Privacy Office atprivacy@umich.eduor by mail at:

University of Michigan
500 S State St
Ann Arbor, Michigan, 48109

Notes Specific to Persons Within the European Union

If you are located in the EU, then our processing of your personal information may fall underRegulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).

In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see ourGDPR resources webpagefor more information.

Legal Basis for Processing

Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:

  • 签订合同或履行合同的必要性(例如:您提交的在线申请;查阅报名时所提供的资料;for the payment information we process for tuition);
  • Necessity for our legitimate interests or those of third parties (our legitimate interest to maintain a community for alumni);
  • 同意(用于您可能参与的研究项目;for processing of special categories of personal data).

Your Rights

U-M致力于促进您及时行使欧盟数据保护法赋予您的权利。

In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:

  • Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
  • 反对权利-您有权按照我们营销邮件中的退出指示反对从我们接收营销材料,并有权反对根据您的具体情况对您的个人数据进行任何处理。对于后一种情况,我们将根据法律义务,对您的请求进行评估并及时给予答复。
  • 撤回同意权——对于所有基于您同意的加工操作,您有权随时撤回同意,我们将依法停止这些加工操作。

请注意,当您基于这些权利提出请求时,如果我们不确定您的身份,我们可能需要要求您提供更多的个人信息,仅用于回复您的请求的目的。

Retention Period

We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.

Data Transfers

当您与U-M互动时,您的个人信息将被转移到美国。目前,在欧盟以外的国家中,欧盟委员会(European Commission)认为美国对个人信息拥有足够程度的法律保护。为了确保从欧盟合法转移个人信息,U-M依赖于GDPR第49条规定的克减条款。特别是,对于某些转让,我们依赖于您的明确同意,以及履行合同或执行应您要求采取的合同前措施的必要性(例如,您申请入学所需的个人数据转让)。但是,请注意,我们根据GDPR本身的要求,并根据本通用隐私声明,为传输的信息提供保护措施。

Concerns

If you have any concerns or questions about how your personal data is used, please contact us atprivacy@umich.edu. We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.