University Privacy Policy

The scope of this policy applies to all personal information collected by and provided to UNCG through web applications.  It must be adhered to by all persons who access, use, process, control or otherwise deal with personal information on UNCG’s behalf. This policy applies to independent contractors and job applicants, as well as individuals who provide UNCG with personal information.

University web applications that are directly associated with research may expand beyond this policy to support the specific needs and concerns of performing research.

University web applications that are directly associated with community or grant funding partnerships may expand beyond the scope this policy to include the specific needs and concerns of targeted audiences.

Personal Information is information about an identifiable individual that is recorded in any form. This includes opinions and beliefs, financial information, birth dates and other identifying data not publicly available. The definition does not include the name, title or business address or telephone number of an employee of an organization. Business contact information (title, position, company name address, etc.) and certain publicly available information are excluded from the definition. 

Collection is the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means. 

Disclosure is making personal information available to others outside the University. 

Use refers to the treatment and handling of personal information within the University. 

Consent is a voluntary agreement to the collection, use and disclosureof personal information for a stated purpose. Consent can be either express or implied. 

Express Consent is permission that is explicitly sought and applied to the collection, use or disclosure of information, particularly for sensitive/personal information or when there has been a significant change from the original purpose for which information was collected. Express Consent is unequivocal and does not require any inference on the part of the organization seeking consent. 

Implied Consent arises where consent to the collection, use or disclosure of information may reasonably be inferred from the action or inaction of the individual. For example, consent could be implied for using the return address on a donation check to send a receipt to the donor for income tax purposes. 

Purpose Statement is the stated purpose for which personal information is being collected, used, or disclosed. 

Web Applications are client-server software applications that run in a web browser via website or mobile app. 

Chief Information Officer has the overall responsibility for the University’s Information Security Program. 

Chief Information Security Officer has the responsibility for coordinating the implementation of privacy requirements, and for ensuring that the University’s information technology systems that handle private data meet privacy requirements, laws, and regulations. 

Office of Institutional Integrity and General Counsel has the responsibility for providing legal advice and assistance on privacy laws and regulations. 

Vice Chancellor for Strategic Communications has the overall responsibility of University communications, public relations, marketing/distribution, and social media.

For all who choose to visit UNCG web applications to browse, read pages, submit forms, or download information, the University automatically collects and stores the following information:  

• The Internet domain and IP address from which users access UNCG’s portal; 

• The date and time users access the web application; 
• The pages users visit within the web application;  
• If users linked to the web application from another web application, the address of that web application; 
• The type of browser and operating system used to access the web application; 
• The search terms used to get to the web application, in addition to search terms used in the web application’s search engine; 
• The type of device used to access the web application; 
• How often users visit the web application; and 
• The links made to other web applications through the web application. 

UNCG uses this information to help make its web applications more useful to visitors, to learn about the number of visitors to its web applications and the types of technology visitors use. 

UNCG utilizes Google Analytic service(s) to assist in tracking traffic to University web applications, measuring volume of traffic, determining utilization levels of pages and modules, as well as other data analysis.  

UNCG may utilize digital marketing agencies to help promote the University through non-University web applications. These agencies will typically provide data on advertising/promotion effectiveness and, unless specifically shared and permission given by the consumer, will anonymize and aggregate the data provided to the University.  

​​​​​​​​​UNCG will not collect any personal information about users of its web applications, unless an individual chooses to provide that information to UNCG.  UNCG will, however, collect statistical information that can be used to make its web applications more effective. Except for authorized law enforcement investigations, or as otherwise required by law, UNCG will not disclose any personal information it receives to anyone outside the University without written consent from the individual to whom the record pertains.

For web application security purposes and to ensure that its service remains available to all users, the University’s computer systems employ software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Use of UNCG’s web applications constitutes Consent to such monitoring. Unauthorized attempts to upload information and/or change information on UNCG’s web applications are strictly prohibited and subject to legal action to include the Computer Fraud and Abuse Act of 1986.

The University conducts public business in a transparent manner that is consistent with federal and state laws and regulations and effectively applies any relevant qualifying statutes or laws related to confidentiality, professional privilege, and personal use to all records generated in the course of University business. In accordance with University policy and the North Carolina Public Records Act (N.C. Gen. Stat. Chapter 132), the University will, as promptly as possible, provide responses to public records requests.  

With respect to confidentiality, it is the policy of the University to comply with various state and federal laws and to provide for the confidentiality of certain records protected by law, including,  but not limited to, the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the State Personnel Act, and the North Carolina Public Records Act.

If individuals send the University personal information via email, by filling out a form, or using any other communication methods on any of its web applications, the University may use that information in responding to their request. Individuals are advised to send only the information that is necessary to answer their question or process their request. Emails from individuals may be forwarded to the University employee who can best answer their questions.  

The University does not disclose, give, sell, or transfer any personal information provided by visitors to UNCG’s web applications, unless required by law enforcement or statute. All communications are subject to the North Carolina Public Records Act.

A persistent cookie is generally defined as a piece of data that is stored on the user’s hard drive. The University does not use persistent cookies on its web applications; however, the University engages with advertising agencies that may request the University load tracking into our analytics. 

Temporary or session cookies are used on all uncg.edu web application pages. These cookies are stored in memory and are only available during an active browser session. Session cookies are also used by some of the applications deployed on UNCG’s web applications to temporarily save information entered by a user as long as the user’s browser is open. These cookies do not collect personal information on users, and they are erased as soon as users close their web browser. No personal information about users is maintained as a result of a temporary or session cookie. 

Users can configure their web browser to accept or decline cookies, or to alert them when cookies are in use. Users do not have to accept cookies from UNCG, but if a user chooses not to, some of the functions on UNCG’s web applications may not be available to that user.

UNCG is committed to the protection of children’s online privacy. UNCG does not knowingly collect personal information from children or minors as defined by the Children’s Online Privacy Protection Act (COPPA).

UNCG’s web applications provide links to other web applications. This privacy policy does not necessarily apply to any external web applications. Individuals are advised to read the privacy policies of other web applications they visit.  Each individual is the person best qualified to protect their own privacy. 

Where the University manages a presence on social media web applications to share UNCG information and engage with its audience, it does not collect any personal information through those web applications. If an individual submits a question or comment to UNCG via a social media tool or platform, UNCG may reply directly to the individual via that platform, but UNCG does not track or record any information about individuals who use or interact with UNCG via those platforms.

The UNCG Mobile app is available in both the Apple (iOS) and Google (Android) operating systems for mobile devices. This policy applies to UNCG Mobile where the technology and capability is similar to web applications.

All information provided in UNCG’s web applications is believed to be accurate and reliable; however, UNCG assumes no responsibility for the use of this information. Please note that other web applications that do not have this privacy statement in the footer may contain additional or different privacy statements.

Acceptable Use of Electronic Computing Resources Policy  

Information Security Policy 

Information Security Incident Reporting and Notification Policy  

Data Classification Policy  

UNCG GDPR Privacy Notice  

UNCG Privacy Statement 

Portions of this policy were informed by the language found in multiple regulations, including the ISO/IEC 27002:2013 Standard and the EU GDPR.

The Chancellor is responsible for approval of this policy.

Responsible Executive:  Vice Chancellor for Information Technology Services and Chief Information Officer (CIO) 

Responsible Administrator: Chief Information Security Officer (CISO)