Learn about the privacy notices surrounding UMGC Europe's website.
EU GDPR Web Privacy Notice
This notice provides certain required information to persons located in the European Union (“EU”), a European Economic Area (“EAA”) member state, or Switzerland. Before the University collects any Personal Information from you, you are entitled under Regulation (EU) 2016/679 (commonly known as the EU General Data Protection Regulation, or the “GDPR”), to the information in this notice. The GDPR does not apply to the Processing of Personal Information from Data Subjects prior to May 25, 2018.
If you would like to review the GDPR Articles cited in this notice, please click here, https://www.eugdpr.org/.
Capitalized terms shall have the meaning ascribed to them herein and shall have the same meaning when used in the singular or plural form or any appropriate tense.
- Contractor: A person or a company that undertakes a contract to provide materials or labor to perform a service.
- Controller: The entity that determines the purposes and means of the Processing of Personal Information.
- Data: Element(s) of Information in the form of facts, such as numbers, words, names, or descriptions of things from which “understandable information” can be derived.
- Data Subject: A natural person who is identified, or can be identified, by reference to their Personal Information.
- Employee: University staff and faculty, including nonexempt, exempt and overseas staff, 12-month collegiate faculty, and collegiate traveling faculty.
- Information: Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.
- Information Resource: Anything that is intended to generate, store, or transmit Information.
- Personal Information: Any Information relating to an identified or identifiable natural person, including but not limited to Personally Identifiable Information. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Personally Identifiable Information: An individual’s first name and last name, personal mark, or unique biometric or genetic print or image, in combination with one or more of the following data elements:
- A social security number;
- A driver's license number, state identification card number, or other individual identification number issued by a state government unit;
- A passport number or other identification number issued by the United States government;
- An Individual Taxpayer Identification Number; or
- A financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.
- Privacy: The right of a party to maintain control over and Confidentiality of Information about itself.
- Processed/Processing: Any operation or set of operations which is performed on Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
- Processor: The entity that processes Personal Information on behalf of the Controller.
- Security: A condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach.
- University: University of Maryland Global Campus (UMGC)
The Identity and Contact Details of the Controller/Data Protection Officer
Under the GDPR, the University will be deemed a Controller of your Personal Information. If you would like to contact the University in its capacity as Controller, please contact the University’s Data Protection Officer (DPO):
|Purpose for Processing||GDPR Legal Bases for Processing|
|Student Admissions Applications and Other Student Data: Obtaining admissions applications, transcripts, test scores and related documents to determine applicants’ qualifications for admission, and preparing related correspondence||
|Staff and Faculty Job Applications: Obtaining job applications, resumes, background checks, and other background materials from job applicants; and preparing related correspondence||
|Managing Student Accounts: Establishing and administering student accounts, issuing invoices, Processing payments and refunds, preparing related correspondence, and, if necessary, pursuing collection efforts||
|Managing Payroll Accounts: Collecting forms needed to satisfy regulatory requirements (such as IRS W-9 forms), and other documents necessary to prepare payroll checks, manage direct deposits, make withholdings, issue IRS W-2 forms, process pension and retirement contributions and payments, and perform related payroll matters||
|Managing Benefits Accounts: Collecting and Processing benefit election and claim forms in order to manage staff and faculty benefits including medical, vision, dental, and other insurance coverages, pension and retirement accounts, charity contributions, beneficiary designations, and related benefit matters||
|Managing Expenses, Purchasing, and Reimbursements: Collecting, issuing, and Processing expense requests, purchasing invoices, receipts, approvals, payment records, bank account information, checks, and electronic payments||
|Administering Student Financial Assistance and Scholarship Programs: Accepting, reviewing, and making decisions related to financial assistance programs, including preparing, executing, monitoring, and enforcing scholarship and loan agreements and documenting such financial assistance||
|Class Registration, Enrollment, and Education Records: Registering students for courses, confirming completion of required coursework, accepting, reviewing, and evaluating student course work, and operating education-related software to support the learning environment||
|Evaluating Academic Performance and Granting Degrees: Assigning grades and other performance measures; confirming satisfaction of required coursework and out-of-class requirements applicable to the awarding of degrees; preparing transcripts and diplomas; maintaining long-term graduation and performance records and providing these to employers||
|Evaluating Staff and Faculty Performance: Preparing and Processing evaluations (including self-evaluations), maintaining personnel and disciplinary files, compiling other performance measure Data||
|Providing Student Support Services: Providing advising services, transfer credit evaluations, reasonable accommodations, library and tutoring services, and other related services||
|Security Measures: Taking measures to protect persons and property (both physical, personal, and digital) through issuance of identification cards, encryption, firewalls, password, reset questions, surveillance cameras, login systems, card-swiping and similar entrance/exit tracking devices, and other security efforts||
|Complaint, Misconduct, and Grievance Processes: Enabling students, staff, and faculty to file and process complaints, such as those related to sexual misconduct, fair practices, academic integrity, arbitrary and capricious grading, and other types of grievance and misconduct issues||
|Offering Access to University Information Resources and Services: Providing authorized users appropriate access to Information Resources including University email accounts, storing Data on University servers (and servers of third-party processors), allowing students, faculty, staff, and alumni, and other authorized persons the right to use University-licensed software, providing access to educational platforms, assessment tools, social media, library digital collections||
|Assisting With Out-of-Class Experiential Opportunities and Job Placement: Identifying hospitals, clinics, schools and employers who will offer practice opportunities, classroom teaching experience, and similar internships, and helping place students and graduates in jobs||
|Recruitment and University Marketing: Tracking inquiries and website activity and conducting ad campaigns on third party websites and networks, including through the use of “cookies” and similar tracking files, to identify and recruit prospective students, faculty, and staff||
|Research, Data Analytics, and Data Reporting: Conducting educational, scientific, and other research and related statistical analysis||
|Alumni and Advancement Communications: Maintaining contact information for alumni and donors in order to send correspondence, magazines, newsletters, online communications, invitations, and to seek and accept gifts and donations||
|Insurance Claim Processing: Obtaining and evaluating Personal Information pertaining to claims of bodily injury, property damage, and other liability claims, including collecting medical reports and health insurance information, personal financial information, police reports, or other relevant Data, including Data required by the University's insurers||
|Complying with Legal Obligations: Compiling and providing information required under applicable laws and regulations, including, but not limited to, the Internal Revenue Code, Title IV, Title IX, Family Educational Rights and Privacy Act (FERPA), Americans with Disabilities Act, Higher Education Act, and Family Medical Leave Act (FMLA)||
Categories of Recipients Who May Receive Your Personal Information and Third Parties Who May Provide Your Personal Information
The specific categories of recipients who may receive your Personal Information depend on whether you are a prospective, current, or former student (or such student’s parent or guardian), a faculty or staff member, or a Contractor, donor, supporter, or research subject, or have some other status, and the types of Personal Information that you provide. The categories of recipients are likely to include one or more of the following:
- As to Personal Information needed to accomplish university business described above, Employees and third parties working on behalf of the University may receive your Personal Information;
- As to Personal Information required by U.S. federal departments and agencies, employees of the federal government, including but not limited to, personnel in the Department of Education, Department of Defense, the Department of Justice (Office of Civil Rights), and the Department of Treasury (Internal Revenue Service), may receive your Personal Information;
- As to Personal Information required by State of Maryland departments and agencies, employees of the State of Maryland, including but not limited to, personnel in the University System of Maryland, the Maryland Higher Education Commission, and the Maryland Attorney General’s Office, and their respective divisions, agencies, and offices, may receive your Personal Information;
- Third parties who underwrite, administer, or provide services related to the University’s health insurance, pension, retirement and other benefit programs may receive your Personal Information;
- Lenders and other third parties who assist in originating, monitoring, and collecting student loans, scholarships, and other financial assistance programs, may receive your Personal Information; and
- Third-party Processors who host and process Data may receive your Personal Information.
In certain instances, the University, in its capacity as a Controller, may acquire your Personal Information from a third party, and not directly from you.
If you would like more details as to the recipients receiving your Personal Information or the third parties from whom the University may obtain your Personal Information, please contact the University DPO using the contact information provided above.
Transfer of Personal Information to the United States
Personal Information that you provide while in the EU, an EAA member state, or Switzerland will be transferred to the United States. The GDPR permits such transfer so long as certain legal requirements have been satisfied. In transferring your Personal Information, the University will employ suitable safeguards to protect the Privacy and Security of your Personal Information so that it is only used in a manner consistent with your relationship with the University and this privacy notice.
How Long Will Your Personal Information Be Stored?
The GDPR requires that your Personal Information be kept no longer than necessary. The applicable time period will depend on the nature of such Personal Information and will also be determined by legal requirements imposed under applicable laws and regulations. If you have specific questions concerning how long a certain type of Personal Information will be retained, please contact the University DPO using the contact information provided above.
You Have Certain Rights to Control Your Personal Information
Articles 15-21 of the GDPR give you the right to control your Personal Information by directing the University, as Controller, to do one or more of the following, subject to certain conditions and limitations:
- Allow you to access your Personal Information to see what Data the University has collected concerning you;
- Correct (rectify) any inaccuracy in your Personal Information;
- Delete (erase) your Personal Information, unless the University can demonstrate that retention is necessary or that the University has other overriding legitimate grounds for retention;
- Restrict the Processing of your Personal Information;
- Transfer your Personal Information to a third party (portability); and
- Upon your objection, stop Processing Personal Information when the University is relying on a legitimate interest basis for Processing such Data unless the University can demonstrate compelling legitimate grounds for Processing that override your interests in prohibiting such Processing.
If You Consent to the Processing of Your Data, You Can Withdraw Such Consent
If the University relies on your written consent to collect and process your Personal Information, you can subsequently withdraw such consent as to any further Processing of such Personal Information by contacting the University DPO using the contact information provided above.
GDPR Remedies Include the Right to File A Complaint with a Supervisory Authority
If you believe your rights under the GDPR have been violated, the GDPR gives you the rights and remedies set forth in GDPR Articles 77-82. These include the right to file a complaint with the applicable data protection supervisory authority in the country in which you are physically present.
Are You Obligated to Provide Personal Information?
As discussed above, the University will sometimes ask you to provide Personal Information that is necessary in order to provide you services or otherwise conduct business with you, to perform obligations under a contract to which you are a party, or to satisfy certain legal requirements binding upon the University. If you do not provide such Information, the University will not be able to fulfill is contractual obligations or comply with such legal requirements, and you will not be eligible to receive the benefits that may result. For example, if you do not provide Personal Information needed to process an admission application or financial aid, you will not be admitted to the University or awarded financial aid. Similarly, if you do not provide legally required Information required for a background check related to a job position, you may not be eligible for such job.
You Have The Right to Know If the University Uses Your Personal Information In Automated Decision-Making, Including Profiling
The GDPR limits the University’s right to use your Personal Information for predictive purposes as part of an automated decision-making process, including profiling. Such a process uses your Personal Information, such as preferences, interests, behavior, locations, and personal movement, to make an analytically-determined decision, instead of a personalized, individual decision. The GDPR limitation does not apply when such automated decision-making is necessary for the performance of a contract to which you are, or will be, a party. The University primarily will rely upon personalized, individual decision-making and does not intend to use Personal Information in automated decision-making processes. However, if the University intends to use automated decision-making processes, as defined by GDPR, the University will take all necessary steps in order to do so in a compliant manner.
University websites, Google Analytics, and selected third-party online advertising networks store small fragments of text, called "cookies," in a website visitor's web browser with limited Data, such as how the visitor was directed to the website (for example, from an advertisement), which advertisement was displayed to the visitor, whether the visitor has submitted a form, or how recently the visitor last accessed University websites.
The University uses these cookies to measure the performance of University websites and advertising, to provide interest-based advertising messages, and to inform development of new content, functionality, or services. Please review your Internet browser's help file for instructions on rejecting or deleting cookies.
The University partners with third party media agencies to run advertisements and to measure performance of that advertising across a myriad of placements, which may include, websites, mobile applications, streaming television and audio platforms, or a variety of television and radio networks.
The University’s advertising efforts include ads targeted to new prospective students; prospective students who have previously visited the university’s web properties; and current and/or former students.
Audiences targeted with university advertisements are identified within advertising networks and/or platforms based on a variety of qualifiers (demographics, behaviors, etc.). The given qualifiers used are based on advertising performance data and aggregate data on prospective, current, and/or former students. The University shares limited Personal Information with third parties in order to conduct targeted advertising.
University digital advertisements may appear on a variety of sites across the internet, or within applications, including those owned and operated by advertising networks/platforms, such as Google, Bing, Facebook, or Verizon Media. University advertisements are not guaranteed to appear on all of these sites at any given time and this list is to serve as a representative sample of the types of channels used within the university’s digital advertising efforts.
The University and its third-party vendors use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) to inform, optimize, and serve advertisements based on a visitor's past visits to University websites. These cookies are also used to report on data related to the serving of each ad, including impressions, interactions, form completions, and related performance information.
Opting Out of Targeted Advertising and Other University Marketing Communications
To opt-out of targeted University advertising on specific websites/advertising networks, including but not limited to University targeted advertising, please use the links provided below. As some sites/networks do not provide specific tools to opt out of personalized advertising, you may also want to review how cookies are being used/stored in the internet browser you are using via your browser settings and/or closely monitor your privacy settings on any social media channels utilized.
|Advertising Channel||How To Opt-Out of Personalized or Targeted Advertising|
|Bing/Microsoft||Access Microsoft’s Personalized Ad Settings|
|Manage Your Facebook Ad Preferences|
|Access Google’s Ad Settings|
|Manage Your LinkedIn Ad Settings|
|Snap Chat||Manage Your Snapchat Ad Preferences|
|Verizon||Access Verizon Media’s Privacy Dashboard & Controls|
After you have opted out from personalized or targeted advertising on a given site or network, you may continue to see targeted advertising from other companies or advertising networks and you may continue to see university advertising that does not use the selected targeting scripts or networks.