Commitment to Protection of Individual Privacy
The University of Colorado (“CU” or the “University”) supports the protection of individual privacy and is committed to ensuring the confidentiality of personally identifiable information provided by its employees, students, and other members of the university community. However, because the University of Colorado is a public institution, some personally identifiable information may be subject to disclosure pursuant to the Colorado Open Records Act. In addition, the University may disclose information to third parties when such disclosure is required or permitted by law.
What information does the University collect?
You may access most University of Colorado websites without providing personally identifiable information, however you may need to provide personal information to use certain services. The amount and type of personal information to use these services varies. It is the practice of the University of Colorado to collect the least amount of personally identifiable information necessary to provide services and meet any legal obligations.
The personal data that University of Colorado collects about you may include: name, e-mail address, mailing address, phone number, date of birth, social security number (or other national ID), academic records, employment records, past military service, state/country of residence, criminal history, ethics/disciplinary history, ethnic origin, native language, gender, preferred name, test scores, social media account information, athletic achievements, financial information, billing information, passport information, etc.
How does the University collect this information?
You directly provide most of the personal information that the University collects when you use our services. However, in some cases, we may collect information from a third-party that has the authority to share your personal information with the University. For example, the University may receive personal data through the Common App college application system.
The University may collect non-personal usage information for website administration purposes. Usage Information includes number of visitors, number of page views, IP address, website pages visited prior to visiting the site(s), browser information, technical information about your device, etc. This information may be collected using third-party services like Google Analytics and using techniques including web browser cookies.
How does the University use this information?
The University uses personal and usage information to:
- Provide and improve services to our students, employees and other community members. This includes, but is not limited to the accessing and processing of:
- Personal data related to services and tools that support admission applications, online learning, student and employee self-service, course and degree management, financial aid management, personnel management, research administration, event management and ticketing, academic advising, housing and dining services, public safety, communication with employees and students, etc.
- Usage Information to help identify and diagnose service problems, monitor service performance, identify popular and unpopular aspects of services, improve service designs, better understand which technologies are used to access services, etc.
- Communicate with the members of our community – Many groups in the university may collect contact information in order to communicate with community members.
- Meet obligations as an institution of higher education and employer - For example, required reporting to the Department of Education, the Department of Homeland Security and the Internal Revenue Service.
- Measurement and analysis – collected information may be used for internal analysis to better understand and improve the experiences of our community members. For example, student academic data may be analyzed to identify key factors in graduation rates that can be used to improve future graduation rates.
- Raise funds to provide the best educational experience possible – The University uses information to perform fund raising activities to finance research, scholarships, educational programs, and services at the university.
- Protect the safety of our community – Information may be used to contact community members about safety issues and, as required, work with government agencies on safety issues.
- Fulfill the University’s legal obligations - For example, responding to authorized legal requests and appropriate open records requests.
- To advance the University’s legitimate interests.
If the University collects your information based on your consent, the University will conform to the processes outlined in the applicable consent form. If you provided information based on consent, you may generally withdraw your consent at any time. However, withdrawal will not affect the processing based on such consent prior to withdrawal.
In general, information is used and stored within the United States. In some cases, third-party services may require the use and storage of information outside of the United States.
How does the University share my information?
The University may share personal information within the University. However, the University restricts access to Personal Information to individuals and groups who have a legitimate need to access the data.
The University of Colorado will only share your personal information with third parties in the following situations:
- When using the services from third party vendors, consultants and other service providers who do work for the University and need access to your information to do that work.
- To comply with applicable law and our legal obligations, such as to comply with a subpoena or similar legal process.
- To comply with an appropriate request under the Colorado Open Records Act.
- When University of Colorado believes in good faith that disclosure is necessary to protect its rights, your safety, or the safety of others.
- To investigate potential crimes, fraud or to respond to a government request.
When sharing personal information with third parties, the University has processes to assess the security and privacy protections used by the third parties and includes appropriate security and privacy language in contracts with third parties.
The University does not sell personal information to third parties.
How does the University protect my information?
The University has security policies and standards regarding the protection of personal information. These standards include both administrative and technical requirements to ensure information receives appropriate protection. Each campus has an information security officer and team who assist departments in providing appropriate protection for personal information. This includes active monitoring and assessments to detect potential security issues. Additionally, the University has an internal audit team that periodically performs security related audits.
When information is handled by third parties, the University relies on a combination of contractual requirements, security reviews/assessments and third-party audits to ensure information is appropriately protected. Some third-party websites use UCCS branding but are governed by separate privacy policies. Users are encouraged to review all third-party privacy practices, including those linked on UCCS or UCCS-related websites.
For more information on the policies and standards used by the university in protecting data, you can visit this site:
How is my information retained and / or destroyed?
The University has a data retention policy and schedule that instructs departments on their obligations to keep different types of information for different periods of time. You can review this policy and the retention schedules here:
What rights do I have in regard to my information and privacy?
The specifics of information and privacy rights depend on the nature of your relationship to the University. Please be aware that personal data rights under International, United States, and Colorado information and privacy laws may differ. However, in general, you may request:
- That the University correct inaccurate information about you (For example, updates to your name and contact information etc.)
- That the University delete information about you (Depending on your role at CU and the information the University stores, the University may be required to keep copies of your information.)
- To have the University limit or stop processing your information (limiting the processing of information may also limit what services are available to you.)
You should direct all requests to exercise these rights to the contact information provided in the Comments and Feedback section.
Children’s Privacy Rights
The University of Colorado websites are intended for adults and young adults age 13 and over. If you are under the age of 13, you should not register to use any portion of the University of Colorado website, or provide any personal information through the website. It is not the University of Colorado intent to collect and store any personal information from any person under the age of 13. If the University of Colorado is made aware that it is collecting information of a child under the age of 13, it will delete this information.
Student Privacy Rights
In general, the Family Education Rights and Privacy Act (“FERPA”) prohibits the release of students’ educational records. For more information about FERPA contact the UCCS registrar’s office at 719.255.3361 or email .
In general, the Health Insurance Portability and Accountability Act (“HIPAA”) prohibits the release of personal health information. For more information about HIPAA, contact the HIPAA Privacy Officer at 719.255.3837 or email at .
How do I opt out of personalized Google Ads?
Google provides information on their advertising processes, including controlling preferences on this page: This information includes a link to their online tool that will allow you to disable personalized advertising from Google. You can access that tool here:
Comments and Feedback
Please send comments, questions, concerns or inquiries about our use of your personal data and its privacy to the Compliance Office / Privacy at . Please do not send attachments with the message.
The information provided in this privacy statement should not be construed as business, legal or other advice, or as guaranteeing the security of information provided through the University’s websites.
Effective Date: 10/29/2018