Policy Number: 12-001

Online/Internet Privacy Statement

Category: Information Technology

Responsible Executive: Chief Compliance, Ethics, and Privacy Officer


Commitment to Privacy and Data Security

The University of Florida (UF or University) values individuals’ privacy and actively seeks to preserve the privacy rights of those who share information with us. Your trust is important to us and we believe you have the right to know how information submitted through a University Web site is handled.

We provide this Privacy Notice (Notice) to define UF’s information policies and practices, and to assist you in protecting your privacy.

UF is dedicated to preventing unauthorized data access, maintaining data accuracy, and ensuring the appropriate use of information. We strive to put in place appropriate physical, electronic, and managerial safeguards to secure the information we collect online. These security practices are consistent with the policies of UF and with the laws and regulatory practices of the State of Florida. 

Privacy Notice

The following information explains the Internet privacy policy and practices the University has adopted for official UF websites. However, in legal terms, it shall not be construed as a contractual promise, and UF reserves the right to amend it at any time without notice. Privacy and public records obligations of the University are governed by applicable Florida statutes and U.S. federal laws.

This Notice describes:

  • Key Definitions
  • The State of Florida Public Records Notice
  • The Types of Information We Collect
  • How We Use Information
  • EU GDPR Rights
  • Protection and Retention of Information
  • How to Contact UF
  • Changes to this Notice

Key Definitions

  • Official University Web Sites

Except as noted, the information in this Notice applies to all official UF websites, which are defined as the web pages of University colleges, schools, departments, divisions or other units and any other sites specifically designated as official by a vice president, dean, department head or director. Official UF pages are generally recognizable by a standard page header and/or footer carrying the University logo, contact information and reference to this privacy statement. 

  • Unofficial Web Sites

Within the UF domain – signified by the address “ufl.edu” or within the range of Internet protocol addresses assigned to the University of Florida – you may find Web sites over which the University has no editorial responsibility or control. Such sites are considered unofficial and include, but are not limited to, the Web pages of individual faculty members or students and the Web pages of student organizations and other entities not formally a part of the University. While UF encourages compliance with this Web Privacy Statement at such sites, in order to better understand the policies and practices under which they operate, please consult the privacy statements of individual sites or seek information directly from the persons responsible for those sites.

This Notice speaks generally to the information collected by or submitted to official University of Florida web sites. Still the amount and type of information collected may vary somewhat from site to site. Therefore, in addition to this general explanation of policy and practice, the University encourages colleges, schools, departments, divisions and other units contributing to its official web pages to post, as necessary, more specific approved privacy notices pertaining to the collection and use of any personal information associated exclusively with those pages. Thus, it is wise for users to read page-specific notices to better understand the privacy policies and practices applicable to a particular site. 

  • European Union General Data Protection Regulation (EU GDPR)

Regulation (EU) 2016/679, the European Union’s new General Data Protection Regulation, regulates the processing by an individual, a company or an organization of personal data relating to individuals in the EU. 

  • Personal Information

Personal Information is any information that we can use to reasonably identify you. If you are located in the European Union, Personal Information includes all “personal data” as defined under EU GDPR. 

  • Sensitive Personal Information

Sensitive Personal Information includes special categories of Personal Information (e.g., racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, and data concerning a natural person’s sex life or sexual orientation) for which applicable law provides enhanced protections. 

State of Florida Public Records Notice

There is no legal requirement for you to provide any information at our Web site. However, our Web site will not work without routing information and the essential technical information. Failure of your browser to provide nonessential technical information will not prevent your use of our Web site but may prevent certain features from working. For any optional information that is requested at the Web site, failure to provide the requested information will mean that the particular feature or service associated with that part of the Web page may not be available to you.

Under Florida law, email addresses are public records. If you do not want your email address released in response to a public records request, do not send electronic mail to the University. Instead, contact the specific office or individual by phone or in writing.

The Types of Information We Collect

When you access official UF websites, certain client information and essential and nonessential technical information (collectively referred to as access information) listed below is automatically collected. No other information is collected through our official Web sites except when you deliberately send it to us (for example, by clicking a link to send us an e-mail). Examples of the information you might choose to send us are listed below as “optional information.” 

Access Information (automatically collected)

  • Client information: the Internet domain and Internet address of the computer you are using.
  • Essential technical information: identification of the page or service you are requesting, type of browser and operating system you are using; and the date and time of access.
  • Nonessential technical information: the Internet address of the Web site from which you linked directly to our Web site, and the “cookie information” used to direct and tailor information based on your entry path to the site.
  • Third-party Tracking Tools: Many UF websites use third-party tracking tools to monitor and improve sites or to provide ads and other information that may be of interest to users. Third-party tools like Google Analytics help website administrators track site usage, understand how users find sites, and improve website function and content. You can opt out of these services:

Optional information (deliberately sent)

  • E-mail: your
  • name, e-mail address, and the content of your e-mail.
  • Online forms: all the data you choose to fill in or confirm. This may include credit or debit card information if you are ordering a product or making a payment, as well as information about other people if you are providing it for delivery purposes, etc.  See below for more specific information about children’s online activities.

How We Use Information

As a general rule, UF does not track individual visitor profiles. We do, however, analyze aggregate traffic/access information for resource management and site planning purposes. UF reserves the right to use log detail to investigate resource management or security concerns. 

Access Information:

Client information is used to route the requested Web page to your computer for viewing. In theory, the requested Web page and the routing information could be discerned by other entities involved in transmitting the requested page to you. We do not control the privacy practices of those entities.

We may keep client information from our systems indefinitely after the Web page is transmitted, but we do not cross-reference it to the individuals who browse our Web site. However, on rare occasions when a “hacker” attempts to breach computer security, logs of access information are retained to permit a security investigation. In such cases the logs may be further analyzed or forwarded together with any other relevant information in our possession to law enforcement agencies.

Under the Florida Public Records Laws, certain records in our possession are subject to inspection by or disclosure to members of the public. As indicated above, client information retained after transmission of the requested Web page will be available for inspection.

Essential and nonessential technical information lets us respond to your request in an appropriate format [or in a personalized manner] and helps us plan Web site improvements. To expedite this process, some official University of Florida Web sites use “cookies.” Usually a cookie enables the university Web site to tailor what you see according to the way you entered the site (i.e., if you entered by pushing a button identifying yourself as a student, your subsequent views of information might be tailored for student audiences).

We also use non-identifying and aggregate information to better design our Web site. For example, we may determine that X number of individuals visited a certain area on our Web site, or that Y number of men and Z number of women filled out a particular registration form. But we do not disclose information that could identify those specific individuals. 

Optional Information:

Optional information enables us to provide services or information tailored more specifically to your needs, to forward your message or inquiry to another entity that is better able to do so, and to plan Web site improvements.

We use the information you provide about yourself or about someone else when placing a request for service only to complete that order or request. We do not share this information with outside parties, except to the extent necessary to complete that order or request.

We generally use return e-mail addresses only to answer the e-mail we receive. Such addresses are generally not used for any other purpose and by university and state policy are not shared with outside parties.

Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the purpose described without a clear notice on the particular site and without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

Please note that we may still use any aggregated and de-identified Personal Information that does not identify any individual, and may also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

Children’s Online Activities and Programs

University Web sites are operated by the University of Florida and affiliated entities. In general, the websites are intended for use by adults, unless they are specifically labeled for children.  UF does not knowingly collect Personal Information from children under the age of 13.  If we learn that we have collected Personal Information of a child under the age of 13 that was not supplied to us voluntarily, we will delete that data from our systems.

Children – Some internet sites may ask you to share information about yourself. Before sending any information about yourself over the Internet to us or anyone else, be sure to ask your parents for permission.

Parents – the University recommends that parents take an active role in their children’s use of the Internet. We encourage you to talk to your children about safe and responsible use of their personal information while using the Internet.  Here are some tips:

  • Teach children never to give Personal Information (such as name, address, phone number, school name, etc.) unless supervised by a parent or responsible adult.
  • Know the sites your children are visiting and which sites are appropriate.
  • Look for website privacy policies and know how your child’s information is treated.

Some UF Web sites present UF-sponsored information or activities that are specifically designed for children.  However, the Web sites are intended to be used only by adults to voluntarily share information online, so that a child who is under the age of 13 can participate in these activities (e.g., summer camps, classes, programs) or so that the child can receive information mailed or e-mailed from UF (newsletters, class schedules, recruitment information). When a parent or legal guardian voluntarily signs their child up for one of these programs, the parent may be asked to provide:

  • The child’s full name
  • Full home mailing address
  • Phone number
  • Birth date
  • School, current grade level
  • Email address
  • Parent or legal guardian’s name and e-mail address

The parent or legal guardian supplying the child’s information will be asked to acknowledge that they are, in fact, the parent or guardian who is legally authorized to disclose this information about the child.  UF, through its Web sites, does not condition participation in any of our online activities on the disclosure of more information than is reasonably necessary to participate in the activity.  This information will not be transferred, disclosed or shared with a third party and will not be used for other purposes.

Parents or guardians have the right:

  • To review personal information that has been recorded by a UF Web site about their child,
  • To refuse to allow further collection of the information,
  • To be given the choice of consenting to the collection and internal use of information, but prohibiting the disclosure of that information to third parties (unless disclosure is integral to the site or service, in which case, this will be clearly stated), and
  • To require the deletion of any information that has been recorded.
  •  

EU General Data Protection Regulation (GDPR)

Rights

If you are an individual inside the EU and you interact with UF in the context of this Notice, the GDPR provides the following rights. To exercise any of these rights, please download the applicable form (use the “click here” buttons in the bolded text below) and send it to our Data Protection Officer at Privacy-GDPR-L@lists.ufl.edu.

  • Be informed – collection and use of your data described herein;
  • Request access to or correct inaccurate personal data held about you;
  • Request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • Object to the processing of personal data for marketing purposes or on grounds relating to their particular situation;
  • Request restriction of processing of personal data in specific cases;
  • Obtain your personal data (‘data portability’);
  • Request to not be subject to a decision based solely on automated processing of personal data, including profiling.

Because we want to avoid taking action regarding your Personal Data at the direction of someone other than you, we will ask you for information verifying your identity. The University will respond to your request without undue delay. Individuals may also wish to contact or file a complaint with the applicable Data Protection Authority

Basis for Processing Data

Personal data will only be processed when the law permits this to happen. In some cases, a UF entity may provide other information about its processing activities in its own supplemental or separate notice. Most commonly, personal data will be processed by UF in the following circumstances:

  • Where you have given us your consent.
  • In order to fulfill UF’s obligations to you as part of your contract of employment or enrollment.
  • Where UF needs to comply with a legal obligation (for example, the detection or prevention of crime and financial regulations).
  • Where it is necessary for UF’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency).
  • In order to perform a task carried out in the public interest or the exercise of official authority vested in us.

Special Category Data

We may process special category personal data in the following circumstances where, in addition to a lawful basis for processing, there exists one of the following grounds:

  • Explicit consent – where you have given us explicit consent.
  • Legal obligation related to employment or enrollment – The processing is necessary for a legal obligation in the field of employment or enrollment at UF.
  • Vital interests – The processing is necessary in order to protect the vital interests of the individual where the data subject is physically or legally incapable of giving consent (i.e., during a medical emergency).
  • Not for profit bodies – The processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
  • Public information – The processing relates to personal data which is made public by the data subject.
  • Legal claims – The processing is necessary for the establishment, exercise or defense of legal claims.
  • Substantial public interest – The processing is necessary for reasons of substantial public interest.
  • Healthcare – The processing is necessary for healthcare purposes and is subject to suitable safeguards.
  • Public health – The processing is necessary for public health purposes.
  • Archive – The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes.

UF will use personal data for the purposes for which it was collected unless it is considered reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If the University needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. The University may process your personal data without your knowledge or consent, in compliance with this notice, where permitted by law. 

International Transfers of Personal Data out of the EU

As an American institution of higher education, the processing of almost all personal data by UF will take place in the United States. Visitors to this website acknowledge that personal data provided or collected through a University website will be transferred to the United States, and by continuing to use such websites, you consent to this transfer.

Protection and Retention of Personal Information

The University takes the security of your personal information seriously. Our minimum data security standards can be found at: https://it.ufl.edu/policies/.

Individuals have responsibilities with respect to held/processed by UF, as described in UF’s policies on the various types of personal information it processes, listed below. All members of the UF community must familiarize themselves with these policies and are responsible for complying with them.

Information Technology (IT) resources UF IT Acceptable Use Policy
Student Education Records UF Registrar’s Office
Employment Records UF Human Resources
Research Study Records UF IRBsHuman Research Protection Program
Patient Health Records UF Health Patient Privacy Policy

Records management is the systematic and administrative control of records throughout their life cycle to ensure efficiency and economy in their creation, use, handling, control, maintenance, and disposition. The University Records Manager is responsible for developing University-wide records management policies and services, maintaining records retention schedules, and for assisting with the collection and preservation of selected University records and associated materials of the University. Details about the University’s record retention requirements can be found at: http://cms.uflib.ufl.edu/records/Retention.

How to Contact UF

Should you have other questions or concerns about these privacy policies and practices, please call us at (866) 876-4472 (toll-free) or send an e-mail to privacy@ufl.edu

Changes to this Notice

The University reserves the right to change this Notice at any time. Changes to this Notice will be available at www.privacy.ufl.edu. Your continued use of University websites after any changes are posted will constitute acceptance of such changes.