GDPR Privacy Notice

I. GDPR Privacy Notice

The European Union’s General Data Protection Regulation (“GDPR”) is a data privacy law that applies to personal information collected in or from the European Union and European Economic Area. The University of North Carolina at Charlotte (“UNC Charlotte”) is committed to safeguarding the privacy of personal information, including compliance with the GDPR where applicable.

This Privacy Notice outlines the collection, use, and disclosure of personal information provided to UNC Charlotte by individuals in or from the European Union and European Economic Area (hereinafter “Information Providers”), including but not limited to:

• prospective students and their parents, guardians, spouse, or other family members
• applicants for admission and their parents, guardians, spouse, or other family members
• matriculated students and their parents, guardians, spouse, or other family members
• applicants for employment
• employees and members of their immediate family
• former employees
• alumni
• donors
• event patrons
• customers
• contractors and vendors
• research subjects

When information is submitted to UNC Charlotte or you use UNC Charlotte’s websites and other electronic data services, you consent to the collection, use, and disclosure of that information as described in this Privacy Notice.

II. Information and Sensitive Information

UNC Charlotte may use, collect and/or disclose “Information” and “Sensitive Information” for its legitimate business purposes.

As used herein, “Information” refers to all personal data, excluding Sensitive Information, concerning a natural person, created by or provided to UNC Charlotte by or about an Information Provider.

“Sensitive Information,” as used herein, is Information about an Information Provider’s race, gender, ethnic origin, religious affiliation, health data, and criminal convictions.

III. University Use of Information and Sensitive Information

• UNC Charlotte collects, processes and discloses Information and Sensitive Information from and about Information Providers only as necessary in the exercise of UNC Charlotte’s legitimate interests, functions and responsibilities as a private, not-for-profit higher education institution.
• UNC Charlotte collects, processes and may disclose Information and Sensitive Information from and about Information Providers who are research subjects in the exercise of scientific, historical research, or statistical purposes.
• UNC Charlotte collects and processes Information from and about Information Providers who are applicants for employment, employees and immediate family members in order to enter into or administer an employment relationship with UNC Charlotte.
• UNC Charlotte collects Information from and about Information Providers and may share it with internal and external parties to register or enroll persons, provide and administer housing to students, provide and administer financial aid, manage a student account, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruitment, regulatory reporting, auditing, maintenance of accreditation, and other related UNC Charlotte processes and functions.
• UNC Charlotte uses Information and Sensitive Information to conduct general demographic and statistical research to improve UNC Charlotte programs.
• UNC Charlotte collects, processes and shares Sensitive Information internally and externally, as necessary, applicable and appropriate, to identify appropriate support services or activities, provide reasonable accommodations, enforce UNC Charlotte policies or comply with applicable laws.
• Information and Sensitive Information may be shared by UNC Charlotte with third parties who have entered into contracts with UNC Charlotte to perform functions on behalf of UNC Charlotte, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
• UNC Charlotte collects, processes and shares Information and Sensitive Information from and about alumni, donors and event patrons internally and with third parties for the purpose of management of your relationship and engagement with UNC Charlotte.

IV. Third Party Use of Information and Sensitive Information

UNC Charlotte may disclose Information and Sensitive Information to third parties as follows:

• Consent: We may disclose your Information and Sensitive Information if we have your consent to do so.
• Emergency Circumstances: We may share your Information and Sensitive Information when necessary to protect your health and safety, and you are physically or legally incapable of providing consent.
• Employment Necessity: We may share your Sensitive Information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
• Charitable Organizations: We may share your Information with the UNC Charlotte Foundation in connection with charitable giving subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
• Public Information: We may share your Information and Sensitive Information if you have otherwise made it public.
• Performance of a Contract: We may share your Information and Sensitive Information when necessary to administer a contract you have with the University.
• Legal Obligation: We may share your Information and Sensitive Information when the disclosure is required by international, federal, and state laws and regulations.
• Service Providers: We use third parties who contract with the University to support the administration of University operations. In such cases, we may share your Information and Sensitive Information with such third parties subject to the application of appropriate safeguards to prevent further unauthorized disclosure.
• University Affiliated Programs: We may share your Information with parties that are affiliated with the University for the purpose of contacting you about goods, services, charitable giving or experiences that may be of interest to you.
• De-Identified and Aggregate Information: We may use and disclose your Information and Sensitive Information in de-identified or aggregate form without limitation.

V. Security

UNC Charlotte implements appropriate technical and organizational security measures to protect your Information and Sensitive Information when you transmit it to us and when we store it on our information technology systems.

VI. Cookies and Other Technology

A description of how the University uses cookies and certain other data from its websites and email is located in the Terms of Use for the UNC Charlotte website.

VII. Retention and Destruction of Your Information

Your Information and Sensitive Information will be retained by the University in accordance with applicable federal and state laws, and the applicable retention periods in the University of North Carolina System Records Retention and Disposition Schedule.

Your Information and Sensitive Information will be destroyed upon your request unless applicable law or policy requires permanent retention or destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value, and criticality to the University.

VIII. Your Rights

You have the right to request access to, a copy of, rectification, restriction in the use of, or erasure of your Information and Sensitive Information in accordance with all applicable laws including, for students, the Family Educational Rights and Privacy Act (FERPA). The disposition of your Information and Sensitive Information shall be subject to the retention periods of applicable federal and state law, University Policy 605.3, Retention, Disposition, and Security of University Records, and the University of North Carolina System Records Retention and Disposition Schedule. If you have provided consent to the use of your Information or Sensitive Information, you have the right to withdraw consent without affecting the University’s lawful use of the Information or Sensitive Information prior to receipt of your request.

Individuals may exercise these rights by contacting the Office of Ethics and Compliance.

In some cases, your Information and Sensitive Information created in the European Union may be transferred out of the European Union to the University. If you feel the University has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.

IX. Updates to this Privacy Notice

This GDPR Privacy Notice may be amended from time to time. Any such changes will be posted on this page. The effective date of this GDPR Privacy Notice is May 25, 2018.