Language for Customized Privacy Statements
Appendix to Policy
When developing a customized privacy statement for your site, copy the sections that apply to your site from the standard University online privacy statement(privacy.umn.edu) and add the following sections. Below each section is sample language. Other sections may be added as needed for your site.
Include in your customized privacy statement a notice specific to persons within the European Union. See the GDPR- General Data Protection Regulation section below for sample language.
Notification (What is gathered, how it is used and shared)
- We use the information only for internal purposes and to improve the content of the website.
- We may redirect your inquiry to another person, institution, or agency to answer your question.
- We do not sell, rent, trade, or distribute any personally identifiable information obtained from visitors to a third party, except as required by law.
- We only share personal information when required by University policy or law.
- We publish on a website the statistics from traffic on this location.
Choice (Ability to contact organization to ensure personal information is not shared, if they choose)
- We do not knowingly collect personal information from children without parent's permission.
- You may remove information from our database to discontinue communications or service by calling:_______ or sending an email to _______
Security Of (How it protects information on site and with those they share it with)
We use appropriate safeguards to ensure the security, integrity, and privacy of personally identifiable information submitted to our site and periodically update measures with new technologies.
When appropriate, the University uses encryption technologies, user authentication systems, and access control mechanisms.
Access To (Reasonable access to information collected and a way to correct inaccuracies)
- You have the ability to edit your account information and preferences at any time. By calling: _______ or sending an email to _______
- If you have questions or would like more information about the online data we collect from you, call _______ or send an email to _______
Contact Information (For questions about information collection and security of your site)
- If you have questions about this site, its collection of information, and its online privacy statement, contact <insert local contact here>.
GDPR- General Data Protection Regulation
Notice Specific To Persons Within the European Union
If you are in the EU and you interact digitally with the University of Minnesota, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”) and under the legal framework of Directive 2002/58/EC (“ePrivacy” Directive). In these circumstances and as applicable, the University of Minnesota may be the controller of the processing of your personal data. Please see also our GDPR resources webpage at www.privacy.umn.edu for more information.
Legal Basis for Processing
When we process your personal information, we will endeavor to have a valid lawful ground for processing in place. We process your personal information relying on different lawful grounds for processing, depending on the context of the processing activity.
The University of Minnesota is committed to facilitating the exercise of the rights granted to you by EU data protection law (the right to access your data, to ask for erasure, correction, restriction, portability of your data or to object to the processing of your data) in a timely manner for personal information that properly falls under the GDPR.
In order to be able to reply to your request for exercise of your rights, and if we are not certain of your identity, we may need to ask you for further identification data to be used only for the purposes of replying to your request. If you have any inquiries or requests, please write to GDPRINFO@umn.edu or mail to Records & Information Management; 360 McNamara Alumni Center; 200 Oak Street SE; Minneapolis, MN 55455.
In addition to your rights under the GDPR, the University of Minnesota is also subject to the Minnesota Government Data Practices Act, Minnesota Statutes Chapter 13. Information on Public Access to University Information, as well as Information on Rights of Subjects of Government Data can be found in Administrative Policy: Public Access to University Information.
We strive to keep personal data in our records only as long as they are necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate purposes and all applicable legal requirements. More information on the University of Minnesota records management program is available at Administrative Policy: Managing University Records and Information.
When you interact with the University of Minnesota, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have obtained an adequate level of protection from the European Commission. To ensure the lawful transfers of personal data from the EU, the University of Minnesota relies on the derogations laid out in Article 49 GDPR. Be advised that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this website privacy notice.