Last Revision Date: — May 5, 2023
The University of California (UC) system and the University of California, Riverside (UCR) respects the privacy of individuals. Privacy plays an important role in human dignity and is necessary for an ethical and respectful workplace. The right to privacy is declared in the California Constitution.
Thus, the University continually strives for an appropriate balance between:
- Ensuring an appropriate level of privacy through its policies and practices, even as interpretations of privacy change over time;
- Nurturing an environment of openness and creativity for teaching and research;
- Being an attractive place to work;
- Honoring its obligation as a public institution to remain transparent, accountable, and operationally effective and efficient to the extent possible; and
- Safeguarding information about individuals and assets for which it is a steward. – UC Statement of Privacy Values
The University of California, Riverside is committed to ensuring the privacy and accuracy of your confidential information to the extent possible, subject to provisions of state and federal law. Unless required by law, personally-identifiable information is not actively shared. In particular, except when noticed, we do not knowingly re-distribute or sell personal information collected on our web servers.
In principle, the University of California, Riverside strives to:
- Collect, store and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with applicable legal obligations.
- Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
- Limit who has access to the personal information in our possession to only those who need it for a legitimate purpose.
- Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
- Communicate with our students, faculty, employees, suppliers, partners and others about how we use personal information in our day-to-day operations.
- Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
- Consider privacy principles in the design of our projects or activities that involve the use of personal data.
The University of California, Riverside’s Privacy Statement is generally applicable to activities conducted by the University of California, Riverside that involve the collection and processing of personal information. It is meant to give you a broad overview of these activities and our approach to protecting privacy.
The University of California, Riverside is a large organization and it is difficult to provide a detailed description of all the personal information we collect and use as an institution. You can find more detailed information in specific privacy notices provided by the schools, departments, health care components, units, or groups with which you interact. Each area may have its own specific requirements imposed upon it by various commonly accepted practices, contract, laws, regulations, accrediting/regulatory bodies, and/or other sources.
We define personal information as any information that relates to an identified or identifiable individual. This definition may change depending on any given area of the University of California, Riverside.
In general, we collect and use information at an institutional level, in the following categories:
- Prospective students: including, but not limited to, personal and family information related to the application and financial aid process, including supporting documentation, identification and contact information; including information data related to ethnic origin, if the prospective student wants to disclose such data.
- Students: including, but not limited to, the information submitted as prospective students, information related to their academic record, their academic performance, video images on campus.
- Faculty, staff and other employees: including, but not limited to, identification, contact information, biographic information, information related to remuneration, to benefits, to family members, information related to performance at work.
- Visiting scholars and exchange students: including, but not limited to, identification, contact information, biographic information, possibly data related to health.
- Subjects of our research projects: as needed, including but not limited to, identification and contact information, together with all information that is produced and observed in relation to the subject as part of the research project.
- Alumni: including, but not limited to, identification and contact information, donor information.
- Website visitors: Web servers typically collect, at least temporarily, the following information: Internet Protocol (IP) address of computer being used; web pages requested; referring web page; browser used; date and time. Additionally, UCR may collect statistics identifying particular IP addresses from which our websites are accessed or other information as needed.
- Patients of University of California, Riverside Health and School of Medicine: including, but not limited to, contact and other personally identifiable information, healthcare related data/protected health information (such as history, diagnosis, treatment, etc.), information related to billing, and other necessary data.
Use of Collected Information
We only use your personal information for legitimate and specific purposes and to facilitate the various operations of the University.
In general, we use personal information in, but not limited to, the following ways:
- To facilitate admission and provide higher education services for our undergraduate and graduate students and prospective students.
- To manage the employment of our faculty members and staff.
- To facilitate the visits to our campus for visiting scholars and exchange students.
- To deliver the course material, facilitate engagement, and track attendance and completion for subscribers of our online courses.
- To facilitate the attendance of persons who register for conferences, symposia, and other events.
- To keep alumni engaged in our community.
- For the purposes of delivering healthcare to our patients.
- To enable participation of individuals who take part in our research projects.
- Video images recorded by our video security system to ensure our community members’ physical security and to protect our property.
We may occasionally process other personal information for various legitimate and specific purposes. When these situations occur, we will endeavor to inform you.
For website visitors, UCR may use personal information collected from websites for the purpose of future communication back to online enrollees, in order to keep you informed of such activities as campus programs, symposia and/or special events, but only if you are provided the opportunity to opt out of that type of use.
UCR may use browser-IP-address information and anonymous-browser history to report information about site accesses and for statistical purposes. This information is generally used to improve Web presentation and utilization. The campus also may use IP address information for troubleshooting purposes.
Some UCR online activity sites may use "cookies" in order to deliver web content specific to individual users' interests or to keep track of online purchasing transactions.
As part of our service, we engage in targeted and tailored profiling, which involves using your personal data to create profiles that help us provide you with a more personalized experience. We take all necessary measures to ensure that your personal data is processed securely, with a mindfulness towards privacy, and in accordance with GDPR.
We use artificial intelligence (AI) to determine what content is displayed to you. This includes automated decision-making processes that use your personal data to customize your experience. We reserve the right to use AI in a mindful way that aligns with our core values and protects your privacy. We take measures to ensure that our AI processes are fair, transparent, and secure, and that your personal data is processed in accordance with applicable data protection laws.
Who Has Access to Your Information
The University of California, Riverside does not sell your information to third parties, and does not share it with third parties for purposes other than supporting the
legitimate interests and operations of the University.
We use a variety of third-party services to help fulfill the University’s business. We strive to be diligent with confidentiality, privacy and security standards that we require from all our service providers, and we strive to require that they only use your personal information for the purposes of providing those services.
Individuals who wish to use methods other than online enrollment may submit requests by e-mail or U.S. mail addressed to the UC Riverside organization responsible for the website.
Access to Your Own Information
Questions regarding users' rights to review, modify or delete their previously provided personal information should be directed to the campus unit to which they provided the information. Any disputes will be resolved under existing records regulations applicable to UCR.
Main Campus Site
The main campus site (i.e. www.ucr.edu) in addition to general logs, also collects usage information from the links on its pages. This information is only used in an aggregate form to determine how resources are used.
How We Secure Your Information
Privacy Statement Changes
This privacy statement may be updated from time to time, without notice. We will post the date of last update at the top of this page.
Who to Contact with Questions or Concerns
If you have any concerns or questions about how your personal data is used, please contact our Privacy Office at email@example.com You can also contact us at Chief Compliance Office 365 Skye Hall 900 University Ave. Riverside, CA 92521
Persons under the age of 13 or their parents or guardians
COPPA imposes legal and regulatory requirements on certain operators of websites or online services directed to children under 13 years of age, and on certain operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. The Federal Trade Commission, United States’ consumer protection agency, enforces COPPA, which spells out what operators of websites and online services that are subject to COPPA must do to protect the privacy and safety of children under the age of 13 online when COPPA applies. The University of California, Riverside, and the vendors with whom we work, sometimes collect data from children under the age of 13, or share such information with one another. The sharing and collection of such information is done in accordance with all applicable law, including COPPA to the extent it applies under the circumstances.
Persons within the European Union
If you are located in the EU, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”).
In addition to the privacy information provided above, there is additional information specific to the EU legal framework below. Please also see our GDPR resources webpage for more information.
Legal basis for processing
Our processing activities of your personal information will rely on different lawful grounds depending on the circumstances. Generally speaking, we typically rely on the following lawful bases in order to process your personal information under the GDPR:
- Necessity to enter or for the performance of a contract (ex: for online applications you submit; for the information provided when enrolling; for the payment information we process for tuition);
- Necessity for our legitimate interests or those of third parties (our legitimate interest to maintain a community for alumni);
- Consent (for the research projects you may participate in; for processing of special categories of personal data).
UCR is committed to facilitating the exercise of the rights granted to you by EU data protection law in a timely manner.
In the context of our processing activities that are subject to the GDPR, you have the following rights regarding your personal information:
Access, correction and other requests – You have the right to obtain confirmation of whether we process your personal data, as well as the right to obtain information about the personal data we process about you. You also have a right to obtain a copy of this data. Additionally, and under certain circumstances, you may have the right to obtain erasure, correction, restriction and portability of your personal data.
Right to object – You have the right to object to receiving marketing materials from us by following the opt-out instructions in our marketing emails, as well as the right to object to any processing of your personal data based on your specific situation. In the latter case, we will assess your request and provide a reply in a timely manner, according to our legal obligations.
Right to withdrawal consent – For all the processing operations that are based on your consent, you have the right to withdraw your consent at any time, and we will stop those processing operations as allowable by law.
Please note that when you make requests based on these rights, if we are not certain of your identity, we may need to ask you for further personal information to be used only for the purposes of replying to your request.
We strive to keep personal data in our records only as long as necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
When you interact with the UCR, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have been deemed by the European Commission to have an adequate level of legal protections for personal information. To ensure the lawful transfers of personal information from the EU, the UCR relies on the derogations laid out in GDPR. In particular, we rely on your explicit consent for some of the transfers and on necessity for the performance of a contract or the implementation of pre-contractual measures taken at your request (for instance, for the transfer of personal data necessary for your application for admission). However, please be aware that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this General Privacy Statement.
If you have any concerns or questions about how your personal data is used, please contact us at firstname.lastname@example.org. We will promptly respond to your request and do our best to address your concern. However, if you believe we have not been able to deal with your concern appropriately, you have a right to complain to your local data protection authority, as granted by GDPR. You also have the right to submit a complaint in the Member State of your residence, place of work or of an alleged infringement of the GDPR.
We are committed to ensuring that UC Riverside websites are accessible to everyone. We strive to ensure our Web content adheres to accessibility guidelines embodied in the UC Information Technology Accessibility policy, the campus World Wide Web Standards policy (IMT-1300) and the UC Web accessibility guidelines.
We are continually striving to improve the experience for all of our visitors. If you have any questions or suggestions regarding the accessibility of any UC Riverside Web content, please contact us at email@example.com.