University of Illinois System Privacy Statement

1. Scope

The Board of Trustees of the University of Illinois, by and through its component units, including the System Offices, the Urbana-Champaign, Chicago, and Springfield universities, and all other teaching, research, and service facilities, wherever located, (“University of Illinois System”, “System”, “we”, “us”, or “our”) is committed to respecting and protecting the privacy rights of all natural persons. This Privacy Statement applies to the University of Illinois System and describes the University of Illinois System’s privacy notices and policies.
 
The University of Illinois Supplemental Privacy Notice (“Supplemental Notice”) supplements this Privacy Statement. The Supplemental Notice applies generally to the provision of personal information by individuals in the European Economic Area and the United Kingdom. The Supplemental Notice explains how the University of Illinois System meets its obligations under the European Union General Data Protection Regulation with respect to such information.

2. Privacy Notices and Policies

This Privacy Statement includes as an integral part the following privacy notices and policies identified or linked below.
 
A. Web Privacy Notice
Scope
This Web Privacy Notice applies to all websites and domains owned, controlled, operated, and/or maintained by the University of Illinois System and any other web properties or profiles owned, controlled, operated, or maintained by the University of Illinois System (the “System Web”).
 
Access to the System Web is provided subject to the Legal Notice and Terms of Use. Please read the Legal Notice and Terms of Use carefully as use of the System Web constitutes acceptance of its terms. 
 
Purpose
To inform data subjects about the System’s commitment to data privacy and explain how the System uses and protects personal information.
 
Processing and Sharing Personal Information
University of Illinois System personnel
Personal information may be processed by System trustees and employees, including faculty, researchers, medical professionals, financial aid counselors, human resources professionals, law enforcement officers, and others associated with the System, as may be necessary to carry out the purposes and the activities of the System.
 
University Related Organizations
The System may share personal information with University Related Organizations, such as the University of Illinois Foundation and the University of Illinois Alumni Association.
 
Third parties
The System may share personal information with third parties subject to appropriate safeguards. Examples include: educational platform providers and course partners to further the purposes for processing the information and the activities of the System; U.S., state, local, and foreign government entities to fulfill regulatory obligations (e.g., visa processing) and to facilitate access to funding sources (e.g., financial aid); partner institutions to facilitate study abroad activities; service providers to facilitate the full range of System functions (e.g., cloud storage, software); information requestors pursuant to freedom of information laws; and vendors to provide services related to an individual’s affiliation with the System (e.g., print diplomas, arrange housing) and to improve System outreach efforts.   
 
Please note that the System may provide anonymized data developed from personal information to third parties, such as government entities and research collaborators, and that such anonymized data is outside the scope of this Web Privacy Notice.
 
Public Forums
Many System units provide chat rooms, forums, message boards, and news groups for their users. Any information disclosed in these areas may become public information and users should therefore exercise caution when deciding to disclose personal information in such places. Chat sessions and discussion forums may be logged.
 
E-Commerce
Some System websites enable users to pay for products or services online with a credit card. These transactions use a centralized process and are commercially secure. 
 
Rules for Individuals under Thirteen Years of Age
The University of Illinois System is committed to complying fully with the Children’s Online Privacy Protection Act. Accordingly, if a user of the System Web is under the age of thirteen (13), such user is not authorized to provide the System with personally identifying information, and the System will not use any such information in its database or other data collection activities once the System becomes aware that the user is under the age of thirteen. The University of Illinois System appreciates user cooperation with this federally mandated requirement. 
 
Users under the age of thirteen and their parents or guardians are cautioned that the collection of personal information volunteered online or by e-mail by children under the age of thirteen 1) will be treated the same as information given by an adult until the System becomes aware that the user is under the age of thirteen, and 2) such information may be subject to public access.
 
Illinois Freedom of Information Act
As a state institution, the University of Illinois System may be legally required under the Illinois Freedom of Information Act, which provides for public access to certain documents and records of public bodies, to provide specific information, including in some instances electronic correspondence originating on or sent via the System Web. More information about the System’s compliance with the Illinois Freedom of Information Act can be found on the System’s Illinois Freedom of Information Act webpage
 
Server Log Information the System Gathers
System Web servers generate logs that may contain information about computers or devices used to access the System Web, or about general activity on the System Web, such as the following: 
Internet address of computer or device
Type of browser or other client application used
Operating system of computer or device
Webpages requested
Referring webpages
Time spent on the site
Many System Web server administrators produce summary reports from these logs and share that information with System Web content managers. System Web content managers typically use this information in aggregate to understand what pages are popular, how users are navigating to and within their site, and when their sites are used most frequently.
 
B. Cookie Policy
Cookies are small pieces of data stored by a Web browser on a user’s computer. For a discussion on how the System employs cookies and related technologies, consult the University of Illinois System Cookie Policy
 
C. FERPA Notice
The University of Illinois System complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission. For more details on how the System complies with FERPA, consult the following:
University of Illinois at Chicago: UIC Student Records Policy
University of Illinois at Springfield: Student Record Policy
University of Illinois at Urbana-Champaign: Family Educational Rights and Privacy Act of 1974 
 
FERPA does permit the release of public or “directory information” about students, unless the student has requested that their directory information be suppressed. Information about suppressing the release of “directory information” can be obtained at:
University of Illinois at Chicago: Confidentiality of Student Records
University of Illinois at Springfield: Student Record Policy
University of Illinois at Urbana-Champaign: § 3-604 Regulations for Record Custodians 
 
D. HIPAA Notice
The University of Illinois System is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information. Information about how the System complies with HIPAA and HITECH is available on the System’s HIPAA website.
 
E. PIPA Notice
The Illinois Personal Information Protection Act (PIPA) requires certain data collectors to notify affected individuals whenever there is a data breach involving the computerized personal information of Illinois residents. For more information about PIPA, please visit the following:
 
F. GDPR Notice
The University of Illinois System is committed to respecting and protecting the privacy rights of persons in the European Economic Area (EEA) and the United Kingdom (UK) pursuant to the European Union General Data Protection Regulation (“GDPR”). For more information about the System’s commitment to the privacy of persons in the EEA and the UK, consult the following:
 
G. Social Security Numbers Notice
The University of Illinois System is committed to having the proper procedures in place for collecting, maintaining and disseminating social security numbers of students, employees and individuals associated with the System. Information about the System’s commitment to the privacy of social security numbers can be found in the following policies:
 
H. Notice to System-Authorized Users of the System Web
The University of Illinois is committed to protecting the privacy of personal information. System-authorized users, including students, employees, contractors, and other authorized individuals, using the System Web and all personal information collected therefrom must do so in accordance with the applicable acceptable use policy:
Use by System-authorized users of the System Web and all personal information collected therefrom is subject to all applicable state, federal, and foreign laws, as well as general System policies. 
 
It is the System’s usual practice not to share any personal information with those outside the System. However, in limited circumstances consistent with the System’s interests, System-authorized users may share personal information gathered from the System Web provided doing so is:
Not prohibited by applicable law or System policies and not inconsistent with notice given on a System website or in the Supplemental Notice, and at least one of the following:
  • Authorized by law;
  • Permitted under System policies;
  • Authorized by an approved University of Illinois contract;
  • Clearly stated on a System website or in the Supplemental Notice that such information will be shared and the user indicates consent by providing the information;
  • Otherwise consented to;
  • Considered appropriate in support of the University of Illinois’s legitimate interests, such as sharing certain student and employee demographic information with the University of Illinois Alumni Association, the University of Illinois Foundation, applicant students’ high schools and other educational institutions with questions about students who have been admitted or earned a degree from the University of Illinois;
  • Considered appropriate to further the purposes for processing the personal information and the activities of the University of Illinois, to facilitate the full range of University of Illinois functions, to provide services related to an individual’s affiliation with the University of Illinois, and to improve University of Illinois outreach efforts; or
  • Authorized for good cause by the Chancellor of each university or the Vice President for Academic Affairs of the System.
 
System-authorized users responsible for conducting online surveys that collect personally identifiable information must clearly state on the survey site the extent to which any information provided will be shared. Subject to applicable law, aggregate and/or de-identified data from surveys may be shared with external third parties provided doing so does not compromise privacy.  
 
It is the System-authorized user’s responsibility to verify that applicable law does not restrict their:
Use of the System Web and all personal information collected therefrom; and,
Sharing of the personal information collected therefrom, including the sharing of aggregate and/or de-identified data with external third parties.

3. Questions

Any questions about this Privacy Statement can be emailed to Privacy Office as follows:
University of Illinois at Chicago: security@uic.edu
University of Illinois at Springfield: privacy@illinois.edu
University of Illinois at Urbana-Champaign: privacy@illinois.edu
University of Illinois System Offices: privacy@illinois.edu

4. Updates to Privacy Statement

The System may update this Privacy Statement from time to time.  Any changes will become effective upon posting of the revised Privacy Statement.
 
Last revised:  10/28/2020