For purposes of this Notice the following terms have the meaning provided:

“Data Subject” means the individual to whom a particular Personally Identifiable Information (PII) Record relates.

“Legitimate Basis or Legitimate Business Use” means that the University has a contractual need, public interest purpose, business purpose, or other legal obligation to retain and/or process information or data in the University’s possession, or a Data Subject has consented to the retaining and/or processing of information or data in the University’s possession.

“Personally Identifiable Information” (PII) includes any information that, taken alone or in combination with other information, enables the identification of an individual, including:

1. a full name;
2. a Social Security number;
3. a driver's license number, state identification card number, or other individual identification number;
4. a passport number;
5. biometric information including an individual's physiological, biological, or behavioral characteristics, including an individual's deoxyribonucleic acid (DNA), that can be used, singly or in combination with each other or with other identifying data, to establish individual identity;
6. geolocation data;
7. internet or other electronic network activity information, including browsing history, search history, and information regarding an individual's interaction with an Internet website, application, or advertisement; and
8. a financial or other account number, a credit card number, or a debit card number that, in combination with any required security code, access code, or password, would permit access to an individual's account.

Personally Identifiable Information does not include data rendered anonymous through the use of techniques including obfuscation, delegation and redaction, and encryption, so that the individual is no longer identifiable.

“Records” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.

“System” means an electronic or other physical medium maintained or administered by the University and used on a procedural basis to store information in the ordinary course of the business of the University.

“System of Record” means a System that has been designated by the University as a System of Record. Determination that a System is a System of Record is based on the following criteria:

• the risk posed to individuals by the Personally Identifiable Information processed and stored on the System;
• the relationship of the System to the overall function of the University; and the technical and financial feasibility of implementing privacy controls and services within the System.

UMB collects and processes PII necessary for the effective operation of our core business practices, which includes data related to our Student, Human Resources, and Financial systems, and is required for administrative, educational, and operational purposes. Categories of PII that UMB collects or is submitted to us may include:

• Admissions, Account Setup, and Contact Information. When you create an account or during the registration or admissions process, we collect personal information from you, including, but not limited to, your lived or legal name, Social Security number, email address, phone number, address, country or region, communication preferences, payment information, gender, date of birth, and/or grade level.
• Payment/Financial Information. We may collect payment information in order to complete transactions, such as purchases, registrations, reimbursements, and donations. We may retain personally identifiable information in connection with these types of transactions, such as credit card or bank account numbers, Social Security number, and other tax information.
• Inquiry and Communications Information. We collect personal information when we communicate with you, for example, in custom messages sent through forms, to one of our email addresses, or via phone
• Newsletter and Marketing Emails, including email address and applicable interests and communication preferences.
• Surveys and Feedback Information. We may collect feedback from you relating to our Services through surveys or other means. Information collected may include responses to questions, testimonials, and demographic information.
• Employment, Volunteer, Internship, and Other Application Information, including your contact and demographic information, Social Security number, educational and work history, employment interests, and any other information you choose to provide, if you apply for or accept these positions.

UMB is committed to handling personal data responsibly, ensuring that it is collected and used for specific legitimate purposes, along with ensuring appropriate safeguards in place.

Under Maryland law you have certain rights when it comes to your data. To learn more about these rights under Maryland law please review the Maryland Higher Education Privacy Law. As outlined in the law, you have the following rights in institutional Systems of Record.

• Access – You have the right to request any personally identifiable information about you in our Systems of Record.
• Correction – If you believe that one or more data elements about you in one of our systems of record is incorrect, you have the right to request for the record to be corrected.
  • Please note: In the event that a request for correction is denied, you have the right to dispute the denial and to have that dispute produced if the information is ever requested by a third party.
• Deletion – You have the right to request that we delete your PII from a System of Record.
  • Please note: Only information that is being held without a Legitimate Basis for holding or processing can be deleted. Information that must be held for technical, legal, or financial reasons cannot be deleted.
• Collection and Use of PII – You have the right to request a profile regarding relevant System(s) of Record, including details such as the information collected, the purpose for collection, how the information is used, and any third-party groups with whom the information is shared.
• Opt Out of Sharing with Third Parties – You have the right to opt out of sharing your PII with a third party. The institution may share information with third parties based on a Legitimate Basis or with your consent. If your information is being shared by consent, you have the right to know how your consent was gathered, and you also have the right to revoke your consent.
  • Please note: Only information that is being shared without a Legitimate Basis can be opted out. Information that must be shared for technical, legal, or financial reasons cannot be opted out of.

To make a request, please use this link to access our web form. Requests are only considered valid and accepted through this form.

Please note: For security reasons, any privacy request MUST be made by the Data Subject and will be reviewed and verified by UMB. At this time, we do not have the capability to process requests from third parties such as data removal services. Any request not directly made by the Data Subject will be denied.

Some Personally Identifiable Information may be subject to disclosure under the Maryland Public Information Act or other federal and state laws or regulations.

The University reserves the right to access and use Personally Identifiable Information in its sole discretion when University staff believe there is a risk to safety or to investigate actual or suspected instances of misconduct or risk to the University, students, faculty, staff, and third parties, subject to applicable law and University policy.

The University reserves the right to disclose any relevant information, including PII, when required by law enforcement or to comply with a court order, law, or legal process, including responding to a government or regulatory request.

The University may disclose aggregated, disaggregated, anonymized, or de-identified personal information about our community.

In addition to the Maryland Higher Education Privacy Law, the following state, national and international laws may apply to your information.  The following links will take you to information about each of these laws, including how they may apply to information held by the institution.

• FERPA – Family Educational Rights and Privacy Act
• HIPAA – Health Insurance Portability and Accountability Act
• COPPA – Children's Online Privacy Protection Rule
• GLBA – Gramm-Leach-Bliley Act
• GDPR – Europe’s General Data Protection Regulation

UMB may use automated collection technologies such as “Cookies” or “Web Beacons” to collect information such as:

• Log Data, including internet protocol (IP) address, operating system, device type and version, MAC addresses, browser type and version, browser id, the URL entered and the referring page/campaign, date/time of visit, other hardware or software data, the time spent on our Services, how frequently you access our Services, and any errors that may occur during the visit to our Services. Log data may overlap with other categories of data below.
• Authentication Data. Some Sites require authentication in order to grant access. Authentication systems will use information such as logins, passwords, and authentication tokens to verify your identity.
• Analytics data, including the electronic path you take to our Services, through our Services and when exiting our Services, as well as your usage and activity on our Services, such as the time zone, first and last active date and time, usage history (flows created, campaigns scheduled, emails opened, total logins) as well as the pages, links, objects, services you view, click, or otherwise interact with. We may also use third-party tools to collect information about how you use our Services and may record your mouse movements, scrolling, clicks, and keystroke activity on the Services, and other browsing or search behavior on University websites.
• Geolocation data, such as location information we derive from your IP address or other device information.

Please visit allaboutcookies.org for information on how browser cookies and web beacons work.

Cookies may also be used by organizations other than UMB. Because UMB does not control these other organizations, you should review their policies. Users may disable cookies through their individual browser configuration. However, if you do not accept cookies, you may not be able to access or use some portions of UMB’s digital content or technology network.

If you have any questions about this Privacy Statement or other privacy-related matters, please contact the University of Maryland, Baltimore Privacy Office at umb-privacy@umaryland.edu