Category Links
- CONTACT INFORMATION & QUESTIONS
- GENERAL
- STANDARD USES
- ACTIVITY/SERVICE SPECIFIC USES
- LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
- SENSITIVE PERSONAL DATA
- HOW YOUR DATA IS PROCESSED & WHO PROCESSES IT
- THIRD PARTIES
- TRANSFER OF DATA OUTSIDE THE U.S.
- COOKIES AND OTHER TRACKING TECHNOLOGIES
- RETENTION OF PERSONAL DATA
- WITHDRAWAL OF CONSENT
- YOUR RIGHTS
- CHANGES
- PRINT UVM's GDPR NOTICE (PDF)
PRIVACY DISCLOSURES FOR EEA ACTIVITIES
Introduction
Under the European Union’s (“EU”) General Data Protection Regulation1 (“GDPR”), the University of Vermont (“UVM” or “we”) is required to provide data subjects with the following information ("Notice") regarding the collection, use, processing and sharing of your personal data, as that term is defined below. Please review it carefully. This Notice is issued by UVM, located in Burlington, VT, USA.
“Personal data”, or “PD”, means information that is associated with an individual's name or other identifier. Examples of other identifiers include home address, email address, phone number, passport number, driver’s license number, account number, location data, and IP address. PD can be in any format including electronic, paper and recorded.
“EEA” means the European Union along with Iceland, Lichtenstein and Norway.
“EEA Processing Activities” refers to the collection, use, processing or sharing of PD when such collection, use, processing or sharing of PD falls under the scope of GDPR.
“EU” means the European Union and includes Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
These disclosures only apply to the use of PD in EEA Processing activities and only apply to those activities performed by the University of Vermont.
1Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural personals with regard to the processing of personal data. The full text can be found here (opens in new window).
Contact Information & Questions
The controller of the PD described in this notice is UVM. For questions related to your rights and the processing of your PD, or to file a complaint related to the collection and/or processing of your PD, contact the Chief Privacy Officer at:
Mail:
Office of Compliance & Privacy Services
The University of Vermont
284 East Ave.
Burlington, VT, 05405 USA
Email: GDPR@uvm.edu
Phone: (802) 656-3086
General
In order for you to participate in certain University programs, we may be required to collect and use PD that involves EEA processing activities. We may collect PD directly from you, we may collect it automatically when you utilize various services and/or we may obtain your PD from third parties. We use PD to perform various university activities. This Notice provides you with more information on UVM’s legal bases to collect and process your PD.
It is important to note that these disclosures only apply to activities that fall within GDPR and only apply to EU data subjects. However, depending on your relationship with UVM, other privacy notices may apply. In addition, depending on the relationship you have with UVM and the services for which we are providing to you, the ways that we collect and use your data may vary.
STANDARD USES
We collect PD on you to perform university-related activities. Specific uses are described herein. For all PD collected, we may use your PD for the following purposes:
- To carry out contractual obligations that we have with you;
- To administer our programs;
- To make decisions about our programs and services;
- To monitor trends and conduct analytics;
- To manage our billing, collections, payables, and to perform cashier functions;
- To provide technical assistance;
- To facilitate directory and promotional activities (see FERPA Rights Disclosure (PDF));
- To fulfill our legal obligations;
- To respond to subpoenas, court orders, or other legal processes;
- To enforce our agreements and contracts;
- To prevent or investigate fraud or other unlawful activity;
- To protect the security of our property, websites and other systems;
- To meet the obligations of private organizations with oversight over UVM, such as accreditation organizations;
- To protect the health, safety, or rights of you, our faculty and staff, other students and visitors;
- To conduct scientific, statistical, or historical research;
- To create archives in the public interest.
Activity/Service Specific Uses
In addition, we may collect PD on you for the following specific purposes.
Website or Mobile Applications
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Social Media User Names - Log Files
Examples: IP Address, Browser Type, Internet Service Provider, Pages Visited, Operating System, Date/Time Stamp, Clickstream Data - Cookies and Other Tracking Technologies
Examples: Text files transferred from websites, applications or services and stored on your device, session identifiers, JavaScript ™, Scripts, Information and Correspondence, Server Logs, Tracking Images, Web Analytics, Other Browser Detection Technology - Location Information
Examples: Geographic Area of Device Accessing Websites, Precise Location Information for Certain Mobile Applications (i.e., maps) - Mobile Device Sensor Information
Examples: Camera, Microphone
Specific Uses
For information security purposes; To conduct web/mobile app analytics; To conduct online research related to website/mobile app usage; To improve our websites/mobile apps and users experience while using our websites/mobile apps; To better serve users (improve communications, invite users to or register users for events, personalize online transactions, fulfill user requests); To track down a technical problem; To investigate fraudulent behavior or illegal conduct.
Online Education & Hybrid Programs
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Social Security Number - Payment Information
Examples: Credit Card Numbers, Financial Account Numbers - Personal Likes and Preferences
Examples: Interests, Extracurricular Activities, the Information you may volunteer while using the online education delivery system - Employment History
Examples: Profession, Occupation, Job Title, Location, Experience, Reference Letters - Education History
Examples: Prior Schools Attended, Transcripts, School Activities, Disciplinary Records, Reference Letters, Awards, Honors - Health Information
Examples: Medical information, allergies, dietary restrictions - Course-Specific Data
Examples: Communications with other students, class contributions and posts, assignment responses, test scores - Log Files
Examples:IP Address, Browser Type, Internet Service Provider, Pages Visited, Operating System, Date/Time Stamp, Clickstream Data - Cookies and Other Tracking Technologies
Examples: Text files transferred from websites, applications, or services, stored on your device, session identifiers, JavaScript ™, Scripts, Information and Correspondence, Server Logs, Tracking Images, Web Analytics, Other Browser Detection Technology - Location Information
Examples: Geographic Area of Device Accessing Websites, Precise Location Information for Certain Mobile Applications (i.e., maps) - Images
Examples: Photograph or other image provided by you
Specific Uses
To administer online programs; To evaluate your participation in online programs; To respond to your requests; To communicate with you during online programs; To provide information regarding future online programs; To conduct online research related to online program offerings; For personal safety; To address accommodation requests; To help provide users with a more pleasant online experience; To make online course technology work better for you; For your online profile; To provide user verification; When you have elected to utilize a remote proctoring third-party service software; For remote completion of an exam or assessment.
Admissions and Financial Aid
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Gender, Age, Date of Birth - Education History
Examples: Prior Schools Attended, Transcripts, School Activities, Disciplinary Records, Reference Letters, Awards, Honors - Testing History
Examples: Standardized Testing Results - Personal Likes and Preferences
Examples: Interests, Extracurricular Activities, Clubs, Sports, Other information you may provide during the admissions or financial aid review process - Employment History
Examples: Profession, Occupation, Job Title, Location, Experience, Reference Letters - Financial Information
Examples: Social Security Number, Tax Returns, Wage History, Bank Statements, Socioeconomic Status, Scholarships, Grants, Family Support - Family Information
Examples: Names, Ages, Dates of Birth, Education Information, Occupations, Finances - Payment Information
Examples: Credit Card Numbers, Financial Account Numbers - Other Information
Examples: Additional information from interviews as part of the admissions process, Additional information for recruitment purposes to help us identify potential students.
Specific Uses
To make admission decisions; To provide appropriately tailored services including financial aid; To file reports with applicable government agencies; To respond to your requests regarding the admissions and financial aid processes; To enforce our policies; To satisfy our regulatory and contractual obligations; To monitor trends with incoming classes; To conduct scientific, statistical or historical research; To report application and admission statistics to appropriate publications; IF ADMITTED: To register you; To make decisions about and plan for course offerings; To take action to provide for your health and safety; To ensure that the University is prepared for emergencies.
Employees and Job Applicants
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Gender, Age, Date of Birth - Payment Information
Examples: Credit Card Numbers, Financial Account Numbers - Financial Information
Examples: Social Security Number, Tax Returns, Wage History - Personal Information
Examples: Marital Status, Dependent Information, Background Check Results, Credit History, Driving Record, Self-Reported/Publicly Available Criminal History, Citizenship, Work Authorization Status - Employment History
Examples: Profession, Occupation, Job Title, Location, Experience, Reference Letters, Job Performance/Discipline Records - Education History
Examples: Prior Schools Attended, Transcripts, Disciplinary Records, Reference Letters, Awards, Honors - Health Information
Examples: Medical information, allergies, dietary restrictions, Physical Limitations - Identification Documents
Examples: Photograph or other image provided by you, Driver's License, I-9 Form, Passport/Visa Information
Specific Uses
To make employment decisions; To manage your employment; To evaluate job performance; To consider you for a promotion/new position; To manage your benefits; To file reports with applicable government agencies such as the IRS; To engage in financial planning activities; To enforce policies and applicable laws related to personnel record retention requirements; To take action to provide for your health and safety; To ensure that the University is prepared for emergencies.
Educational Programs Conducted in the EEA
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Gender, Age, Date of Birth - Personal Information
Examples: Personal Interests, Citizenship - Education History
Examples: Prior Schools Attended, Transcripts, Disciplinary Records, Reference Letters, Awards, Honors - Employment History
Examples: Profession, Occupation, Job Title, Location, Experience - Course-Specific Data
Examples: Assignment responses, test scores, course evaluations - Health Information
Examples: Medical information, immunizations, medications, allergies, dietary restrictions, Physical Limitations - Local Information
Examples: Address in EEA, Local host information - Payment Information
Examples: Credit Card Numbers, Financial Account Numbers - Identification Documents
Examples: Photograph or other image provided by you, Driver's License, I-9 Form, Passport/Visa Information - Log Files
Examples: IP Address, Software Downloads, Browser Type, Internet Service Provider, Operating System
Specific Uses
To evaluate acceptance into the program; To administer the program; To provide you with services related to the program; To provide academic advising related to the program; To assist with your travel, housing, dietary and medical needs; To respond to your requests/communicate with you; To monitor trends without our student body and individual courses as they relate to the programs offered; To provide immigration and mobility services for you while participating in the program; To take action to provide for your health and safety; To ensure that the University is prepared for emergencies.
Research
Type
- Demographic
Examples: Name, Home Address, Email Address, Phone Number, Gender, Age, Date of Birth, Income Level - Personal Information
Examples: Marital Status, Dependent Information, Family Health History, Family Occupations, Family Educational History, Race, Ethnicity, Citizenship, Personal Interests - Employment History
Examples: Profession, Occupation, Job Title, Location, Experience, Reference Letters, Job Performance/Discipline Records, Trade Union Membership - Education History
Examples: Prior Schools Attended, Transcripts, Disciplinary Records, Reference Letters, Awards, Honors - Financial Information
Examples: Social Security Number, Tax Returns, Wage History, Income Level - Health Information
Examples: Medical information, immunizations, medications, allergies, dietary restrictions, Physical Limitations, medical records, surgical records, dental records - Biometric Data
Examples: Facial measurements, finger prints, retinal scans - Genetic Data
Examples: Genetic information obtained from biological samples - Course-Specific Data
Examples: Assignment responses, test scores, course evaluations - Log Files
Examples: IP Address, Browser Type, Internet Service Provider, Pages Visited, Operating System, Date/Time Stamp, Clickstream Data - Cookies and Other Tracking Technologies
Examples: Text files transferred from websites, applications or services and stored on your device, session identifiers, JavaScript ™, Scripts, Information and Correspondence, Server Logs, Tracking Images, Web Analytics, Other Browser Detection Technology - Location Information
Examples: Geographic Area of Device Accessing Websites, Precise Location Information for Certain Mobile Applications (i.e., maps) - Mobile Device Sensor Information
Examples: Camera, Microphone, Applications specific to a study or that you have given us access to
Specific Uses
To further research and understanding in fields of academic study; To enroll you in a study; To administer a study; To satisfy legal and regulatory requirements; To fulfill our reporting obligations to regulatory agencies; To comply with our contractual obligations.
Legal Bases for Processing Your Personal Data
Our legal bases for processing your PD are the following:
- Legitimate Interest: The legitimate interests of UVM or a third party, such as providing educational services and administering the study abroad programs.
- Contractual Obligations: To satisfy our contractual obligations that we have with you and with our EEA study abroad partners, or in order to take steps at your request prior to your entrance in a study abroad program, such as evaluating your application or evaluating your request for financial aid.
- Compliance with Laws and Regulations: To comply with applicable laws. For example, we may need to comply with U.S. or EEA immigration laws or laws that require us to report PD to government or other enforcement/ oversight officials.
- Consent: Your consent, when applicable. When we ask for your consent, we will specify the requested PD and their uses. We will not process your PD without your consent when consent is required.
Sensitive Personal Data
PD that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the process of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation cannot be processed without your explicit consent or when it is necessary to protect your vital interests when you are physically or legally incapable of giving consent.
How Your Data is Processed & Who Processes It
Your PD will be processed by our offices and personnel with a legitimate need to process such PD. In certain cases, your PD may be collected and processed by students with a need to know.
Processing of your sensitive PD will be further limited to only those offices and personnel required to perform tasks directly related to the purposes for which the sensitive PD was collected.
Third Parties
Your PD may also be shared with, collected from, and/or otherwise processed by third parties and our partners who provide services to us in connection with the purposes for processing described in this notice. These partners and third parties may have access to PD that we may not have collected from you but is needed in order for us to provide a service to you (i.e., the Common Application or others that you have signed up for directly with that provider.) We will only use that data for the purposes outlined in these disclosures. Uses not otherwise described in these disclosures require your consent.
We also may share your PD with third parties and our partners to the extent necessary for the third party or partner to provide a product, to administer a program, or to provide a service. We take steps to ensure that these third parties are obligated to protect your information on our behalf.
We may use services provided by third parties (i.e., social media platforms) to provide you with targeted advertising or sponsored content.
Transfer of Data Outside the U.S.
We do not operate any facilities overseas. We may transfer your PD overseas in order to satisfy a contractual obligation through a university partner or research collaborator or upon your request. This means that we may share your PD with the institution(s) in the EEA that provide educational services to you in connection with your program. Contracts require that recipients of your PD agree to safeguard your PD and protect it against unauthorized use, access or disclosure.
Your PD may be disclosed to government authorities as required by applicable laws and private organizations such as accrediting bodies.
In the event that we are required to transfer your PD outside the EEA, we rely on suitable safeguards or specific exceptions recognized under the GDPR.
Cookies and Other Tracking Technologies
Cookies are small text files that are transferred from websites, applications or services and stored on your device. Some cookies are managed by us while others are managed by third parties. As is common with many other websites, we may use cookies to provide you with a personalized service or to help make a Website work better for you. Not all websites use cookies; however, if cookies are used, they may be either temporary or persistent. Temporary cookies identify and track users within websites, applications or services. Temporary cookies are deleted when you either close your browser or you leave the website. Persistent cookies are used to remember who you are and to remember your preferences within a given website, application or service. These cookies stay on your computer or device after you close your browser or leave the session. Persistent cookies can be controlled in your device settings. You can choose not to accept cookies by selection settings on your web browser that block or restrict the use of cookies. You can also delete cookies that have been placed on your computer or device.
In addition to cookies, we may use other types of session identifiers, JavaScript™, scripts, server logs, tracking images, information and correspondence, web analytics, or other browser detection technology to provide you with a more pleasant online experience. Many browsers provide consumers with the ability to disable some or all of these technologies. Disabling them, especially in the case of JavaScript™, may prevent you from viewing some web pages.
Retention of Personal Data
Your PD will be stored according to our legal and operational requirements. These requirements can be found on the Records Retention Schedule. Questions related to retention should be forwarded to the contacts listed in the Contact Information and Questions section above.
Withdrawal of Consent
When we process your PD based on your consent, you have the ability to withdraw your consent at any time by contacting the department for which you signed the consent. If you are unsure, contact the individual listed in the Contact Information and Questions section above. However, your withdrawal will not affect that processing for which, based on your consent, we have already taken action. We will continue to process your PD for other purposes consistent with this Notice.
Your Rights
If you are located in the EEA, you may have legal rights under applicable law with respect to your PD, including the right:
- To withdraw your consent at any time, if we are processing your PD on the basis of consent;
- To access the PD we have about you;
- To request that we rectify or erase your PD;
- To request that we restrict the way we use your PD;
- To object to the way we use your PD;
- To ask us to transfer your PD to someone else;
- To lodge a complaint with a data protection authority in the EEA; and
- To refuse to provide us with certain PD; provided, however, that refusing to provide us with certain PD that is necessary for us to carry out our programs and/or services may disallow you from participating in such programs or receiving such services.
Our ability or obligation to comply with your requests may be limited by applicable law.
Changes
We reserve the right to amend this Notice at any time without notice to you. Any changes will be published here and you should check our website to access our current notices. This Notice was last updated on December 17, 2019.