University of Illinois System

University of Illinois System Privacy Statement

1. Scope

The Board of Trustees of the University of Illinois, by and through its component units, including the System Offices, the Urbana-Champaign, Chicago, and Springfield universities, and all other teaching, research, and service facilities, wherever located, (“University of Illinois System”, “System”, “we”, “us”, or “our”) is committed to respecting and protecting the privacy rights of all natural persons. This Privacy Statement applies to the University of Illinois System and describes the University of Illinois System’s privacy notices and policies.

The University of Illinois Supplemental Privacy Notice (“Supplemental Notice”) supplements this Privacy Statement. The Supplemental Notice applies generally to the provision of personal information by individuals in the European Economic Area and the United Kingdom. The Supplemental Notice explains how the University of Illinois System meets its obligations under the European Union General Data Protection Regulation (GDPR) and the United Kingdom GDPR with respect to such information.

The University of Illinois Supplemental Privacy Notice - PIPL (“Supplemental Notice - PIPL”) also supplements this Privacy Statement. The Supplemental Notice - PIPL applies generally to the provision of personal information by individuals in the People’s Republic of China. The Supplemental Notice - PIPL explains how the University of Illinois System meets its obligations under China’s Personal Information Protection Law with respect to such information.

2. Privacy Notices and Policies

This Privacy Statement includes as an integral part the following privacy notices and policies identified or linked below.

A. Web Privacy Notice

Scope

This Web Privacy Notice applies to all websites and domains owned, controlled, operated, and/or maintained by the University of Illinois System and any other web properties or profiles owned, controlled, operated, or maintained by the University of Illinois System (the “System Web”).

Terms of Use

Access to the System Web is provided subject to the Legal Notice and Terms of Use. Please read the Legal Notice and Terms of Use carefully as use of the System Web constitutes acceptance of its terms.

Purpose

To inform data subjects about the System’s commitment to data privacy and explain how the System uses and protects personal information.

Processing and Sharing Personal Information

University of Illinois System personnel

Personal information may be processed by System trustees and employees, including faculty, researchers, medical professionals, financial aid counselors, human resources professionals, law enforcement officers, and others associated with the System, as may be necessary to carry out the purposes and the activities of the System.

University Related Organizations

The System may share personal information with University Related Organizations, such as the University of Illinois Foundation and the University of Illinois Alumni Association.

Third parties

The System may share personal information with third parties subject to appropriate safeguards. Examples include: educational platform providers and course partners to further the purposes for processing the information and the activities of the System; U.S., state, local, and foreign government entities to fulfill regulatory obligations (e.g., visa processing) and to facilitate access to funding sources (e.g., financial aid); partner institutions to facilitate study abroad activities; service providers to facilitate the full range of System functions (e.g., cloud storage, software, chatbots); information requestors pursuant to freedom of information laws; and vendors to provide services related to an individual’s affiliation with the System (e.g., print diplomas, arrange housing) and to improve System outreach efforts.

Please note that the System may provide anonymized data developed from personal information to third parties, such as government entities and research collaborators, and that such anonymized data is outside the scope of this Web Privacy Notice.

Chatbots

Some System websites use chatbots to respond to questions from website visitors about the University and its programs or to otherwise assist the website visitors. The chatbots may ask for the user’s email address and other personal information in order to answer chat questions, provide a chat transcript, and/or provide helpful information about the System. The System uses third parties to make the chatbots available and to process the personal information collected by the chatbots.

Public Forums

Many System units provide chat rooms, forums, message boards, and news groups for their users. Any information disclosed in these areas may become public information and users should therefore exercise caution when deciding to disclose personal information in such places. Chat sessions and discussion forums may be logged.

E-Commerce

Some System websites enable users to pay for products or services online with a credit card. These transactions use a centralized process and are commercially secure.

Rules for Individuals under 13 Years of Age

The federal Children’s Online Privacy Protection Act (COPPA) imposes legal and regulatory requirements on certain operators of commercial websites or online services directed to children under 13 years of age, and on certain operators of other commercial websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. The Federal Trade Commission enforces COPPA, which spells out what operators of commercial websites and online services that are subject to COPPA must do to protect the privacy and safety of children under the age of 13 online when COPPA applies.

Consistent with COPPA, the University of Illinois System is committed to protecting the privacy of children under the age of 13. If a user of the System Web is under the age of 13, such user is not authorized to provide the System with personally identifying information, and the System will not use any such information in its database or other data collection activities once the System becomes aware that the user is under the age of 13. The University of Illinois System appreciates user cooperation with this requirement.

Users under the age of 13 and their parents or guardians are cautioned that the collection of personal information volunteered online or by e-mail by children under the age of 13 a) will be treated the same as information given by an adult until the System becomes aware that the user is under the age of 13, and b) such information may be subject to public access.

Illinois Freedom of Information Act

As a state institution, the University of Illinois System may be legally required under the Illinois Freedom of Information Act, which provides for public access to certain documents and records of public bodies, to provide specific information, including in some instances electronic correspondence originating on or sent via the System Web. More information about the System’s compliance with the Illinois Freedom of Information Act can be found on the System’s Illinois Freedom of Information Act webpage.

Server Log Information the System Gathers

System Web servers generate logs that may contain information about computers or devices used to access the System Web, or about general activity on the System Web, such as the following:

  • Internet address of computer or device
  • Type of browser or other client application used
  • Operating system of computer or device
  • Webpages requested
  • Referring webpages
  • Time spent on the site

Many System Web server administrators produce summary reports from these logs and share that information with System Web content managers. System Web content managers typically use this information in aggregate to understand what pages are popular, how users are navigating to and within their site, and when their sites are used most frequently.

B. Cookie Policy

Cookies are small text files a website saves on a website visitor’s computer or other device (e.g., mobile phone) when they visit the website. For a discussion on how the System employs cookies and related technologies, consult the University of Illinois System Cookie Policy.

C. FERPA Notice

The University of Illinois System complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission. For more details on how the System complies with FERPA, consult the following:

FERPA does permit the release of public or “directory information” about students, unless the student has requested that their directory information be suppressed. Information about suppressing the release of “directory information” can be obtained at:

D. HIPAA Notice

The University of Illinois System is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information. Information about how the System complies with HIPAA and HITECH is available on the System’s HIPAA website.

E. PIPA Notice

The Illinois Personal Information Protection Act (PIPA) requires certain data collectors to notify affected individuals whenever there is a data breach involving the computerized personal information of Illinois residents. For more information about PIPA, please visit the following:

F. International Privacy Notice

The University of Illinois System is committed to respecting and protecting the privacy rights of persons in the European Economic Area (EEA) and the United Kingdom (UK) pursuant to the European Union General Data Protection Regulation (“GDPR”). Similarly, the University of Illinois System is committed to respecting and protecting the privacy rights of persons in Mainland China pursuant to China’s Personal Information Protection Law (PIPL). For more information about the System’s commitment to the privacy of persons in the EEA and the UK, consult the following:

G. Social Security Numbers Notice

The University of Illinois System is committed to having the proper procedures in place for collecting, maintaining and disseminating social security numbers of students, employees and individuals associated with the System. Information about the System’s commitment to the privacy of social security numbers can be found in the following policies:

H. Graham Leach Bliley Act (GLBA) Notice

The University of Illinois System protects student financial aid information as required by the GLBA, which governs the use, sharing, and collection of financial information. For more information about how the University of Illinois System complies with the GLBA’s financial information security requirements, consult the University of Illinois System GLBA Security Plan

I. Electronic Communications Privacy Act (ECPA) Notice

The University of Illinois System is committed to providing secure networks to protect wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers as required by the ECPA. For details on each university’s information security plan, please review the following policies:

J. Notice to System-Authorized Users of the System Web

The University of Illinois is committed to protecting the privacy of personal information. System-authorized users, including students, employees, contractors, and other authorized individuals, using the System Web and all personal information collected therefrom must do so in accordance with the applicable acceptable use policy:

Use by System-authorized users of the System Web and all personal information collected therefrom is subject to all applicable state, federal, and foreign laws, as well as general System policies.

It is the System’s usual practice not to share any personal information with those outside the System. However, in limited circumstances consistent with the System’s interests, System-authorized users may share personal information gathered from the System Web provided doing so is not prohibited by applicable law or System policies and not inconsistent with notice given on a System website or in the Supplemental Privacy Notice or Supplemental Privacy Notice - PIPL, and at least one of the following:

  • Authorized by law;
  • Permitted under System policies;
  • Authorized by an approved University of Illinois contract;
  • Clearly stated on a System website or in the Supplemental Privacy Notice or Supplemental Privacy Notice - PIPL that such information will be shared and the user indicates consent by providing the information;
  • Otherwise consented to;
  • Considered appropriate in support of the University of Illinois’s legitimate interests, such as sharing certain student and employee demographic information with the University of Illinois Alumni Association, the University of Illinois Foundation, applicant students’ high schools and other educational institutions with questions about students who have been admitted or earned a degree from the University of Illinois;
  • Considered appropriate to further the purposes for processing the personal information and the activities of the University of Illinois, to facilitate the full range of University of Illinois functions, to provide services related to an individual’s affiliation with the University of Illinois, and to improve University of Illinois outreach efforts; or
  • Authorized for good cause by the Chancellor of each university or the Vice President for Academic Affairs of the System.

System-authorized users responsible for conducting online surveys that collect personally identifiable information must clearly state on the survey site the extent to which any information provided will be shared. Subject to applicable law, aggregate and/or de-identified data from surveys may be shared with external third parties provided doing so does not compromise privacy.

It is the System-authorized user’s responsibility to verify that applicable law does not restrict their:

  • Use of the System Web and all personal information collected therefrom; and,
  • Sharing of the personal information collected therefrom, including the sharing of aggregate and/or de-identified data with external third parties.

3. Questions

Any questions about this Privacy Statement can be emailed to Privacy Office as follows:

4. Updates to Privacy Statement

The System may update this Privacy Statement from time to time. Any changes will become effective upon posting of the revised Privacy Statement.

Last revised: 11/03/2023