I. GDPR PRIVACY NOTICE
The European Union’s General Data Protection Regulation (“GDPR”) is a data privacy law that applies to personal information collected in or from the European Union and European Economic Area. The University of North Carolina at Greensboro (“UNC Greensboro”) is committed to safeguarding the privacy of personal information, including compliance with the GDPR where applicable.
This Privacy Notice outlines the collection, use, and disclosure of personal information provided to UNC Greensboro by individuals in or from the European Union and European Economic Area (hereinafter “Information Providers”), including but not limited to:
- prospective students and their parents, guardians, spouse, or other family members
- applicants for admission and their parents, guardians, spouse, or other family members
- matriculated students and their parents, guardians, spouse, or other family members
- applicants for employment
- employees and members of their immediate family
- former employees
- event patrons
- contractors and vendors
- research subjects
When information is submitted to UNC Greensboro or you use UNC Greensboro’s websites and other electronic data services, you consent to the collection, use, and disclosure of that information as described in this Privacy Notice.
II. INFORMATION AND SENSITIVE INFORMATION
UNC Greensboro may use, collect and/or disclose “Information” and “Sensitive Information” for its legitimate business purposes.
As used herein, “Information” refers to all personal data, excluding Sensitive Information, concerning a natural person, created by or provided to UNC Greensboro by or about an Information Provider.
“Sensitive Information,” as used herein, is Information about an Information Provider’s race, gender, ethnic origin, religious affiliation, health data, and criminal convictions.
III. UNIVERSITY USE OF INFORMATION AND SENSITIVE INFORMATION
- UNC Greensboro collects, processes and discloses Information and Sensitive Information from and about Information Providers only as necessary in the exercise of UNC Greensboro’s legitimate interests, functions, and responsibilities as a public higher education institution.
- UNC Greensboro collects, processes and may disclose Information and Sensitive Information from and about Information Providers who are research subjects in the exercise of scientific, historical research, or statistical purposes.
- UNC Greensboro collects and processes Information from and about Information Providers who are applicants for employment, employees and immediate family members in order to enter into or administer an employment relationship with UNC Greensboro.
- UNC Greensboro collects Information from and about Information Providers and may share it with internal and external parties to register or enroll persons, provide and administer housing to students, provide and administer financial aid, manage a student account, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, as well as recruitment, regulatory reporting, auditing, maintenance of accreditation, and other related UNC Greensboro processes and functions.
- UNC Greensboro uses Information and Sensitive Information to conduct general demographic and statistical research to improve UNC Greensboro programs.
- UNC Greensboro collects, processes and shares Sensitive Information internally and externally, as necessary, applicable and appropriate, to identify appropriate support services or activities, provide reasonable accommodations, enforce UNC Greensboro policies or comply with applicable laws.
- Information and Sensitive Information may be shared by UNC Greensboro with third parties who have entered into contracts with UNC Greensboro to perform functions on behalf of UNC Greensboro, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
- UNC Greensboro collects, processes and shares Information and Sensitive Information from and about alumni, donors and event patrons internally and with third parties for the purpose of management of your relationship and engagement with UNC Greensboro.
IV. THIRD PARTY USE OF INFORMATION AND SENSITIVE INFORMATION
UNC Greensboro may disclose Information and Sensitive Information to third parties as follows:
- Consent: We may disclose your Information and Sensitive Information if we have your consent to do so.
- Emergency Circumstances: We may share your Information and Sensitive Information when necessary to protect your health and safety if you are physically or legally incapable of providing consent.
- Employment Necessity: We may share your Sensitive Information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
- Charitable Organizations: We may share your Information with the UNC Greensboro Foundation in connection with charitable giving subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
- Public Information: We may share your Information and Sensitive Information if you have otherwise made it public.
- Performance of a Contract: We may share your Information and Sensitive Information when necessary to administer a contract you have with the University.
- Legal Obligation: We may share your Information and Sensitive Information when the disclosure is required by international, federal, or state laws and regulations.
- Service Providers: We use third parties who contract with the University to support the administration of University operations. In such cases, we may share your Information and Sensitive Information with such third parties subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
- University Affiliated Programs: We may share your Information with parties that are affiliated with the University for the purpose of contacting you about goods, services, charitable giving or experiences that may be of interest to you.
- De-Identified and Aggregate Information: We may use and disclose your Information and Sensitive Information in de-identified or aggregate form without limitation.
UNC Greensboro implements appropriate technical and organizational security measures to protect your Information and Sensitive Information when you transmit it to us and when we store it on our information technology systems.
VI. COOKIES AND OTHER TECHNOLOGY
VII. RETENTION AND DESTRUCTION OF YOUR INFORMATION
Your Information and Sensitive Information will be retained by the University in accordance with applicable federal and state laws, and the applicable retention periods in the University of North Carolina General Records Retention and Disposition Schedule.
Your Information and Sensitive Information will be destroyed upon your request unless applicable law or policy requires permanent retention or only allows destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value, and criticality to the University.
VIII. YOUR RIGHTS
You have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your Information and Sensitive Information in accordance with all applicable laws including, for students, the Family Educational Rights and Privacy Act (FERPA). The disposition of your Information and Sensitive Information shall be subject to the retention periods of applicable federal and state law, University Policy, Electronic Records Retention, and the University of North Carolina System Records Retention and Disposition Schedule. If you have provided consent to the use of your Information or Sensitive Information, you have the right to withdraw consent without affecting the University’s lawful use of the Information or Sensitive Information prior to receipt of your request.
Individuals may exercise these rights by contacting the UNCG Information Security & Compliance Office – firstname.lastname@example.org.
In some cases, your Information and Sensitive Information created in the European Union may be transferred out of the European Union to the University. If you feel the University has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.
IX. UPDATES TO THIS PRIVACY NOTICE
This GDPR Privacy Notice may be amended from time to time. Any such changes will be posted on this page. The effective date of this GDPR Privacy Notice is January 28, 2022.