Privacy Policy

Last Updated October 19, 2018

The University of Redlands (“University”) is committed to ensuring the privacy of confidential information, accuracy of personal data, and compliance with international, federal, and state laws and regulations concerning the use of personal information. Other than as required or permitted by law, Personally Identifiable Information (“PII”) is not shared. In particular, and regardless of how the information was collected, the University does not sell PII and it does not re-distribute PII for any non-University purpose.

Information Collected
The University collects and processes PII from individuals only as necessary in the exercise of the University's legitimate mission, interests, functions, and responsibilities as a private, non-profit institution of higher education. The majority of PII comes from students (and members of their families), employees, alumni, friends, and people who apply to be students or employees. 

Use of Collected Information
PII collected from students or student applicants is used to register or enroll persons in the University, provide and administer housing to students, manage student accounts, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruitment, retention, regulatory reporting, auditing, maintenance of accreditation, and other related University processes and functions. The University also uses PII to conduct general demographic and statistical research to improve University programs, to identify appropriate support services or activities, provide reasonable accommodations, enforce University policies, or comply with applicable laws. The University collects and processes PII from individuals who are employees or applicants for employment for the purpose of administering various employment benefits and functions.  The University also collects and processes PII from alumni, donors, parents, and friends of the University to advance the University’s mission.  PII may be shared by the University with third parties who have entered into contracts to perform functions on behalf of the University, but only when the third parties agree to protect PII and prevent unauthorized disclosure.

Distribution of Collected Information
The University will not disclose PII, without consent, except for certain explicit circumstances in which disclosure is permitted or required by law. Additionally, the University will not sell PII to third-party organizations for any non-University purpose.

Third Party Use of Personal Information
The University may disclose PII and other information as follows:

  • Consent: We may disclose information if we have an individual’s consent to do so.
  • Emergency Circumstances: We may share information when necessary to protect health and safety interests, even if an individual is physically or legally incapable of providing consent.
  • Employment: We may share information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the imposition of appropriate safeguards to prevent unauthorized disclosure.
  • Public Information: We may share information if the information already has been made public.
  • Archiving: We may share information for archival purposes in the public interest, and for historical research and statistical purposes.
  • Performance of a Contract: We may share information when necessary to comply with a contractual obligation.
  • Legal Obligation: We may share information when the disclosure is required or permitted by international, federal, or state laws and regulations. The University will comply with lawfully-issued subpoenas.
  • Service Providers: We use third parties who have entered into a contract with the University to support the administration of University operations. In such cases, we share information with such third parties subject to the imposition of appropriate safeguards to prevent unauthorized disclosure.
  • University-Affiliated Individuals, Programs, and Services: We may share information with individuals and other third parties that are affiliated with the University for the purpose of contacting you about goods, services, charitable giving or experiences that may be of interest to you. This information is made available on the condition that it is used only for the purposes for which it was shared, is kept confidential, and is safeguarded from unauthorized disclosure.
  • De-Identified and Aggregate Information: We may use and disclose information in de-identified or aggregate form without limitation.

Notification of Changes
The University Privacy Policy is reviewed periodically and may be modified at the discretion of the University. Changes to the privacy policy will be incorporated and posted on the University’s web site. Information will be handled according to the privacy policy in effect at the time the information is used.

Security
The University will implement appropriate technical and organizational security measures to protect PII collected by the University, regardless of the method of collection.

Students Privacy Notice

Parents Privacy Notice

Alumni & Friends Privacy Notice

European Union Privacy Notice


Questions
If you have any questions about this privacy statement or the University’s privacy practices, please contact:

          University of Redlands
          Information Security Office
          P.O. Box 3080, Redlands, CA 92373-0999
          iso@redlands.edu

STUDENTS PRIVACY NOTICE

Student Records
The Family Educational Rights and Privacy Act of 1974, as amended (“FERPA”) protects the privacy of students’ educational records. Access to academic and disciplinary records is limited to students, dependent students’ parents, and authorized school officials.

For more information on FERPA, please visit The Family Educational Rights and Privacy Act web site.

No one outside the University shall have access to, nor will the University disclose any information from students' education records, without the consent of students.

The following exceptions are permitted under FERPA.

  • to certain officials of the University to officials of other institutions in which students seek to enroll
  • to persons or organizations providing students financial aid
  • to accrediting agencies carrying out their accreditation function
  • to persons in compliance with a judicial order
  • to persons in an emergency in order to protect the health or safety of students or other persons
  • in accordance with the Solomon Amendment (requiring the disclosure of certain information to military recruiters)

Within the University, only those officials, individually or collectively, acting in the students' legitimate educational interests are permitted access to student education records. A “legitimate educational interest” will be present if the school official needs to review an education record to fulfill the official’s professional responsibility.

"Disclosure" means to permit access to or the release, transfer or other communication of education records, or the personally identifiable information contained in those records, to any party, by any means, including oral, written or electronic means.

Directory Information
The University maintains student records in compliance with FERPA, which assures students and parents of their right to privacy of information. The University further complies with the California Education Code, sections 22509 through 22509.18, which state that the management of student records shall be a matter of Federal and State law and regulation.

The following is considered directory information and may be released or published without the student's consent:

Student name, date and place of birth; major field of study; dates of attendance; degrees, honor and awards received; most recent educational institution attended; campus address and telephone number and student assigned e-mail; home address and telephone number; cell phone number; participation in special academic programs; participation in recognized student activities; participation in officially recognized sports; class level, weight and height of athletic team members.

Students who wish directory information to be withheld from all individuals outside the University must sign a request in the Registrar's Office.

Release of Academic Information
Confidential information is defined as any information contained in a student education record not included in "Directory Information".  The University respects the privacy rights of all students.  Students need to be aware that, under FERPA regulations, the University is permitted to disclose student education records to parents without the student’s specific consent if a student is a “dependent” (generally, by being designated as such on a parent’s federal tax form).  Students or parents who wish for the University to exercise this permission should make a written request and submit proof of dependency to the Registrar’s Office.

The University will not release confidential information for independent students (students over the age of 23, or "independent" as defined by University Financial Aid Policy) without written request of the student.

The student has the right to restrict disclosure/release of directory information to third-parties.

Online Release of Information Forms

Transcripts
An official transcript of a student's academic record is issued only upon the student's written, signed request. Transcripts submitted to the University for admission or credit transfer become the property of the University and cannot be returned to the student, copied or forwarded to other institutions.

Review of Academic Records
FERPA provides students with the right to inspect and review information contained in their education records, to challenge the contents of their education records, to have a hearing if the outcome of a challenge is unsatisfactory, and to submit explanatory statements for inclusion in their files if they feel the decisions of the hearing panels are unacceptable. Note: a) The Registrar coordinates the inspection and review procedures for student education records, which include admissions, personal, academic, and cooperative education records; b) the Financial Aid Officer coordinates the inspection and review procedures for financial aid files; c) the Office of Business and Finance coordinates the inspection and review procedures for financial and billing files.

Students wishing to review their education records must make written requests to the Registrar’s Office, or other appropriate campus official, listing the item or items of interest. Only records covered by FERPA will be made available within forty-five days of the request. Students may have copies made of their records with certain exceptions (for example a copy of an academic record for which a financial "hold" exists, or a transcript of an original or source document which exists elsewhere). These copies will be made at the students' expense at prevailing rates which are listed in the catalog.

Students have the right to file a complaint with the U.S. Department of Education concerning alleged failures by University to comply with the requirements of FERPA.

Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202-5920

Back to top

PARENTS PRIVACY NOTICE

Parent Data Confidentiality Policy
Parent data records are proprietary information maintained by the University for official use and are not released to the general public or business community. Official use includes but is not limited to: dissemination of University news and publications; invitations to University events and activities; sanctioned University student clubs and organizations; approved communications and authorized campaigns of the University; and authorized third party communications approved by the University. Parent contact information may be released to third parties on the condition the information is to be used for University communications, activities or projects approved by appropriate University officials. Parent information released to third parties may not be copied, reproduced or otherwise distributed without the written consent of the University office that provided the information. Parent information may never be used for personal, commercial, or political uses. Additionally, third parties are prohibited from using information obtained from the University for creating and/or maintaining independent databases.

Back to top

ALUMNI & FRIENDS PRIVACY NOTICE

General Statement
The University of Redlands recognizes and respects the importance of confidentiality and security of the PII of our alumni, donors, family members, and friends (collectively, our “constituents”). This Alumni and Friends Privacy Notice addresses concerns about personal data collection and provides information about what is collected and how it is used. We strongly encourage you to read this notice in its entirety in advance of submitting any personal information to us. 

Constituent Data Confidentiality Policy
Constituent records are proprietary information maintained by the University for official University use and are not released to the general public or business community. Official University use includes, but is not limited to: dissemination of University news and publications; invitations to University, athletic, and alumni events; class reunion planning and activities; sanctioned University student clubs and organizations; alumni activities; offering volunteer and engagement opportunities; solicitations for the Redlands Fund, endowment funds, and other authorized campaigns of the University; and authorized third-party communications endorsed by the University.  Select constituent information may be released to authorized individuals on the condition the information is to be used for University activities or projects approved or endorsed by the Alumni Association and/or an authorized University Advancement official. Information released to third parties may not be copied, reproduced or otherwise distributed without the written consent of the University office that provided the information. Constituent information may never be used for personal, commercial, or political uses. Additionally, third parties are prohibited from using information obtained from the University for creating and/or maintaining independent databases.

Why We Collect Your Personal Information
University Advancement supports all of our core constituencies – students, faculty, staff members, and the community – by working to provide students with financial assistance, faculty with teaching and research opportunities, and the greater University community with resources to establish and expand programs that enable the institution to fulfill its non-profit educational mission. To achieve this, we seek to build and sustain key relationships with alumni, parents, friends, and community members. Acquiring and maintaining information about constituents allows University Advancement to distribute meaningful communications, raise funds in support of University priorities, and engage alumni and friends in programs and events that add value to their lives. Additionally, alumni feedback and outcomes are important to our understanding of how to improve and expand programs.

How We Collect Your Personal Information
The University may collect PII from or about you in a number of ways.  For example, you or a family member may have attended the University and provided or updated contact information during or after enrollment, signed up for a University-sponsored event, shared news about your career and life, made a gift, inquired about a program, or otherwise communicated with us in person, by telephone, by email or through our website. The University may combine information you provide to us with information available from external sources to gather updated contact information and to better our understanding of our constituents to improve our methods of engaging with them. You may have voluntarily provided information to third parties with whom we partner. We may also acquire PII from publicly-available sources.  We encourage you to review the privacy practices of any organization with whom you choose to share your personal information.

Types of Personal Information We Collect
We may collect the following types of personal information about you (this is a representative list):

  • Your name and contact information, such as your address, email address, telephone numbers, date of birth;
  • Information relating to your education and employment history;
  • Information about your family or personal circumstances; and
  • Information needed to process credit card transactions such as contributions, event registrations, and memberships.

Sharing Your Personal Information with Others
For the purposes referred to in this Alumni & Friends Privacy Notice, we may share your PII with select third parties. Examples of sharing are listed below. The University will not share your personal information with individuals outside the University or with certain third parties if you ask us not to.

  • We may disclose information to third parties if we have your consent to do so.
  • We may share information with third parties that are affiliated with the University for the purpose of contacting you about goods, services, charitable giving or experiences that may be of interest to you. This may include University volunteers who contribute important work in support of the University’s outreach efforts. We may also use third parties who have entered into a contract with the University to support the delivery of ordinary services and functions. In such cases, we share your information with such third parties on the condition that they use it only for the purposes for which it was shared, they keep it confidential, and they safeguard it from unauthorized disclosure.
  • We use and disclose information about our constituents in de-identified or aggregate form.
  • Information may be shared with third parties without your consent if the information already is public.
  • We will share your information with third parties to the extent we are required to do so by law, court order, or subpoena.

Process for Handling Privacy Concerns
The University is committed to resolving complaints about your privacy and our processing of your PII. If you have an inquiry or complaint regarding this privacy notice, please contact

          Director of Advancement Services
          advancementservices@redlands.edu
          909-748-8150

          Or

          University’s Data Security Officer
          iso@redlands.edu
          909-748-8318

For our constituents residing in the EU, please refer to the European Union Privacy Notice.

Back to top

EUROPEAN UNION PRIVACY NOTICE

GDPR
The purpose of the General Data Protection Regulation ("GDPR") is to protect all European Union ("EU") citizens from privacy and data breaches by allowing citizens to maintain control of the personal information retained and processed by organizations, which includes the University. The GDPR also protects the personal information of individuals, regardless of citizenry, conducting business in the EU.

The University is committed to safeguarding the privacy of personal information. This privacy policy outlines the collection, use, and disclosure of personal information provided to the University by students, faculty and staff, alumni, other members of the University community, and third parties. When information is submitted to the University, or you use University's websites and services, you consent to the collection, use, and disclosure of that information as described in this policy.

The University will not share personal information with any third party for the purpose of direct marketing without your consent.

Access to Your Own Information
You have the right to request access to, a copy of, modification, restriction in the use of, or erasure of your information in accordance with all applicable laws. The erasure of your information shall be subject to applicable retention periods of international, federal, and state laws. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of the University's use of the information prior to receipt of your request.

Information created in the European Union will be transferred out of the European Union to the University. If you feel the University has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.

Retention and Destruction of Your Information
Your information will be retained by the University in accordance with applicable retention periods of international, federal and state laws. Your information will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period, or University operations necessitate its retention. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value and criticality to the University.

Back to top