Skip Navigation
Skip to Menu Toggle Button

UMGC Policy X-1.28 Privacy Policy

I. Introduction

This UMGC Privacy Policy (“Privacy Policy” or “Policy”) provides information on the Processing of Personally Identifiable Information (“PII”) by University of Maryland Global Campus (“UMGC”, “we”, or “us”) in connection with your use of UMGC websites, mobile applications, and social media pages that link to or are otherwise subject to this Privacy Policy, or other UMGC-related activities such as in-person meetings at t facilities or at t events. This Privacy Policy also explains the privacy rights you have in relation to these Processing activities.

As used in this Privacy Policy, PII means Information that relates to the data subject. PII is also referred to as “Information about you”.

Back to Top

II. Scope

This Policy applies to all members of the community, visitors to UMGC, and Users of UMGC Information Systems with access to PII, including but not limited to students, alumni, Employees, Contractors, and outside entities. All members of the University community who have access to PII must adhere to this Policy and applicable standards and guidelines.

This Policy applies to all PII, regardless of the relationship an individual may have with UMGC, including but not limited to current, past, and prospective students, alumni, parents, Employees, and Contractors.

This Policy applies regardless of the origin of the PII, including but not limited to existing UMGC data sets, new UMGC-collected data, and data sets received from or created by outside entities.

This Policy also applies to all locations and operations of UMGC including but not limited to applications, projects, systems, or services that seek to access, collect, or otherwise use PII. Certain UMGC divisions, Employees, Contractors, or operations may be subject to heightened privacy obligations.

Back to Top

III. Definitions

Defined terms are capitalized throughout this Policy and can be found in theInformation Governance Glossary.

Back to Top

IV. How Do We Collect Information About You and What Do We Collect?

  • UMGC may Process Information about you collected directly from you both offline and online, including when you create a UMGC Account to access UMGC Information Systems or attend a UMGC-sponsored event. Information about you may also be provided to UMGC by select outside entity sources, such as data aggregators who may not have a direct relationship with you or by outside entities who collect Information about you on behalf of UMGC.
  • UMGC’s website allows Users to request Information, opt-in to receive messages/updates, register for events, purchase goods and services, and complete various tasks. To do so, UMGC uses electronic forms which collect necessary PII. This Information is provided voluntarily and can be inspected and updated at a User’s request.
  • collects Information about you that in combination may be used to identify you
    • Background Check Information
    • Biometric Data
    • Contact Information (e.g., address, phone number, or e-mail address)
    • Demographic Information
    • Education Information
    • Employment Information
    • Financial Information (e.g., financial account information, tuition and loan information, or credit card number)
    • Government ID Information (e.g., Individual Taxpayer Identification Number, social security number, driver’s license number, or passport number)
    • Military Information
    • Online Activity Information (e.g., IP address, cookies, type of browser, or internet domain)
  • Review UMGC Social Media Guidelines for guidelines on (1) contributing to University social media through engagement and participation on University blogs, social networking pages, wikis, webpages, multimedia platforms, or any other kind of social media; (2) University moderation practices on social media; (3) creation of University social media and (4) contributing to University social media within the scope of University employment. Information posted online may be difficult to remove or fix, leaving an Internet trail that is essentially permanent. Carefully consider what you post and make an effort to be clear, complete, and concise. You are fully responsible for the content of your contributions.

Back to Top

V. Why and How Do We Use Your PII?

We may use your PII for the following business purposes which are described below in further detail:

  • to communicate and respond to your requests and inquiries to UMGC;
  • to create and administer a UMGC Single Sign-on (SSO) Account (also referred to as a “UMGC Account”) and to deliver functionality on our sites and for their technical and functional management;
  • to analyze, develop, improve, and optimize the use, function and performance of our sites, products and services, or advertisements;
  • to administer subscriptions of UMGC publications and newsletters;
  • to manage the security and operation of our sites, facilities, and networks and systems;
  • to comply with applicable laws and regulations and to operate our business;
  • to provide our educational programs; and
  • for the purpose of employment.

Note: UMGC does not engage in the use of automated individual decision-making.

  1. To communicate and respond to your requests and inquiries to UMGC
    If you contact t (such as by submitting contact forms on our sites, reaching out to us via chat, attending UMGC events or other occasions, sending an email, or by visiting social media platforms), we Process Information about you to communicate with you and to respond to your requests or other inquiries. We can also process PII to interact with you on outside entity social networks.
  2. To create an UMGC SSO Account and deliver functionality on our sites and for their technical and functional management
    When you choose to register with us (such as to make use of our communities), we need to process the PII provided by you so that we can create a UMGC Account for you.
  3. To analyze, develop, improve and optimize the use, function and performance of our sites and services
    We may process PII in order to analyze, develop, improve and optimize the use, function and performance of our sites and services, including for quality assurance and training purposes, as well as for marketing and sales campaigns. This includes processing PII to conduct surveys to improve UMGC services. In case the sites permit you to participate in interactive discussions, create a profile, post comments, opportunities or other content, or communicate directly with another User or otherwise engage in networking activities on UMGC sites, UMGC may process PII when moderating these activities.
  4. To administer subscriptions of UMGC publications and newsletters
    If you subscribe to our magazines (such as Achiever), we process Information about you to manage your subscription to our magazines and newsletters.
  5. To manage the security of our sites, facilities, networks, and systems
    We may collect site use data for security and operations management to help keep our sites, facilities, networks and systems secure, or to investigate and prevent potential fraud, including academic fraud and cyber-attacks and to detect bots.
  6. To comply with applicable laws and regulations and to operate our business
    UMGC must comply with Federal, State, and/or local laws and regulations related to privacy. This Policy establishes a framework for UMGC’s compliance with privacy-related regulations. This framework governs the UMGC’s implementation of regulation-specific policies and standards, to address the collection and use of PII in compliance with structures including, but not limited to Family Educational Rights and Privacy Act (FERPA), the Health Information Portability & Accountability Act (HIPAA), Gramm- Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR), and Maryland House Bill 1122 Protection of Personally Identifiable Information – Public Institutions of Higher Education law.

    In some cases, we have to process PII to comply with applicable laws and regulations. For example, to respond to a legally issued subpoena for records, request from a regulator, or to defend a legal claim. We may also process PII in the performance and operation of our business, such as to conduct internal audits and investigations or for finance and accounting and archiving and insurance purposes.
  7. To provide our educational programs
    We must Process Information about students for admissions, enrollment, and academic assessment and support purposes. This includes but is not limited to Processing Information about students to:
    • evaluate background to make admissions decisions;
    • administer student Accounts (including charging and collecting tuition and fees);
    • administer student financial assistance and scholarship programs;
    • process registration and completion of classes necessary to satisfy enrollment requirements (which may also be a condition to eligibility for certain benefits) and degree requirements;
    • schedule and staff courses;
    • assign coursework, administer exams, and/or facilitate group instruction and learning;
    • maintain student educational records;
    • provide student support services;
    • evaluate academic performance; and/or
    • manage access to UMGC Information Resources.
  8. For the purpose of employment
    We collect and Process Information about you to evaluate your personal, educational, and work background in order to make employment decisions and otherwise process such applications, to compile statistical Data to evaluate the University’s diversity and equal opportunity performance. We also Process PII to manage payroll and benefits Accounts, to maintain personnel files and evaluate performance, and to manage access to UMGC Information Resources.

Back to Top

VI. What is Our Basis For Processing Information About You?

For PII collected about you, our basis for Processing is the following:

  • We rely on our legitimate interest in Processing Information about you in order to communicate adequately with you, to respond to your requests, and to tailor our marketing and sales activities to your educational and professional interests.
  • In order to engage in transactions with customers, suppliers and business partners, and to process purchases and downloads of our products and services, we need to process Information about you as necessary to enter into or perform a contract with you.
  • We process PII for marketing and sales activities (including events) based on your consent where so indicated on our sites at the time your PII was collected, or further to our legitimate interest to keep you updated on developments around our products and services which may be of interest to you.
  • We rely on our legitimate interest to analyze, develop, improve, and optimize our sites, facilities, products and services, and to maintain the security of our sites, networks and systems.
  • In order to comply with applicable laws and regulations, such as to comply with a subpoena or other legal process, or to process an opt-out request.

Back to Top

VII. Do We Retain Information About You?

creates and monitors a Records and Information Management program of retention and disposition to ensure that records are not retained longer than is necessary, but at the same time are maintained as long as needed to meet administrative, fiscal, legal, regulatory, USM, and State of Maryland requirements. For more information, please contact the University Records Manager.

Back to Top

VIII. When and How Can We Disclose Your PII?

  1. Sharing within UMGC
    1. As a global organization, Information about you may be accessed and/or shared globally throughout t ’s worldwide organization.
    2. UMGC may monitor, analyze, and record learner activities such as engagement patterns and behaviors to better understand and support student success.
    3. UMGC Employees and Contractors are authorized to access PII only to the extent necessary to serve the applicable purpose(s) and to perform their job functions.
  2. Disclosing PII to outside entities
    1. We may disclose PII to outside entities in order for those entities to perform business functions on behalf of UMGC.
    2. We also disclose PII as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to government requests, including public and government authorities outside your country of residence, for national security and/or law enforcement purposes.
    3. We may disclose PII to outside entities at the request of the data subject.
    4. When outside entities are given access to PII, we will take appropriate contractual, technical, and organizational measures designed to ensure that PII is processed only to the extent that such processing is necessary, consistent with this Privacy Policy, and in accordance with applicable law.
    5. UMGC does not sell your PII to outside entities.

Back to Top

IX. How is PII Handled Globally?

UMGC is a global organization with operations all over the world and PII is processed globally as necessary in accordance with this Policy. If PII is transferred to a recipient in a country that does not provide an adequate level of protection for PII, UMGC will take adequate measures designed to protect the PII, such as ensuring that such transfers are subject to the terms of the EU Model Clauses or other adequate transfer mechanism as required under relevant data protection laws.

Back to Top

X. How is Your PII Secured?

UMGC has implemented appropriate technical, physical, and organizational measures designed to protect PII against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as all other forms of unlawful processing. Review our Information Governance, Information Security and Information Technology Policies to learn more.

Back to Top

XI. What Cookies and Similar Technologies Do We Use On Our Sites?

  1. Cookies
    1. UMGC websites, Google Analytics, and selected outside entity online advertising networks store small fragments of text, called "cookies," in the visitor's web browser with limited Information such as how the visitor was directed to the website (for example, from an advertisement), which advertisement was displayed to the visitor, whether the visitor has submitted a form, or how recently the visitor last accessed university websites.
    2. UMGC uses these cookies to measure the performance of university websites and advertising, to provide interest-based advertising messages, and to inform development of new content, functionality, or services. Please review your Internet browser's help file for instructions on rejecting or deleting cookies.
  2. Targeted Advertising
    1. UMGC partners with outside entity media agencies to run advertisements and to measure performance of that advertising across a myriad of placements, which may include, websites, mobile applications, streaming television and audio platforms, or a variety of television and radio networks.
    2. UMGC’s advertising efforts include ads targeted to new prospective students; prospective students who have previously visited the university’s web properties; and current and/or former students.
    3. Audiences targeted with UMGC advertisements are identified within advertising networks and/or platforms based on a variety of qualifiers (e.g., demographics, behaviors, etc.) or prior actions. The given qualifiers used are based on advertising performance data and aggregate data on prospective, current, and/or former students. UMGC shares limited PII with outside entities in order to conduct targeted advertising.
    4. UMGC digital advertisements may appear on a variety of sites across the internet, or within applications, including those owned and operated by advertising networks/platforms, such as Google, Bing, Facebook. UMGC advertisements are not guaranteed to appear on all of these sites at any given time and this list is to serve as a representative sample of the types of channels used within UMGC’s digital advertising efforts.
    5. UMGC and its outside entity vendors use first-party or other cookies (such as the Google Analytics cookie) and outside entity cookies (such as the DoubleClick cookie) to inform, optimize, and serve advertisements based on a visitor's past visits to UMGC websites. These cookies are also used to report on data related to the serving of each ad, including impressions, interactions, form completions, and related performance Information.
  3. Opting Out of Targeted Advertising and Other UMGC Marketing Communications
    1. To opt-out of targeted UMGC advertising on specific websites/advertising networks, including but not limited to UMGC targeted advertising, please use the links provided below. As some sites/networks do not provide specific tools to opt out of personalized advertising, you may also want to review how cookies are being used/stored in the internet browser you are using via your browser settings and/or closely monitor your privacy settings on any social media channels utilized.

      Advertising ChannelHow To Opt-Out of Personalized or Targeted Advertising
      Bing/Microsoft
      Centerfield Media
      CyberSecurity Guide
      Facebook
      Google
      Higher Education
      TriAd Media Solutions
      LinkedIn
      OnlineU
      Sirius XM / Pandora
      Spotify
      Taboola
      TikTok
      TradeDesk

    2. After you have opted out from personalized or targeted advertising on a given site or network, you may continue to see targeted advertising from other companies or advertising networks, and you may continue to see UMGC advertising that does not use the selected targeting scripts or networks.
  4. Marketing Communications
    1. You may request removal from University marketing phone calls and emails.
    2. You may from University Alumni Relations emails.

Back to Top

XII. What Are Your Privacy Rights?

  1. You may have multiple privacy rights, subject to applicable law, in respect of the Information we Process about you:
    1. Opt-out of our use or sharing of your PII
      You may withdraw consent you have previously provided for the processing of Information about you, including for email marketing by UMGC.
    2. Delete PII
      You may ask us to erase or delete all or some of the Information about you.
    3. Change or correct PII
      You may request to change, update or correct Information about you in certain cases, particularly if it is inaccurate.
    4. Object to, or limit or restrict use of PII
      You may ask us to stop using all or some of the Information about you (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if the Information about you is inaccurate).
    5. Right to access and/or have your Information provided to you
      You may request a copy of Information about you, and it shall be provided in machine readable form if you reside in the EU or other jurisdiction that provides you this right as a matter of law.
  2. If you are authorized to make an access or deletion request on behalf of a data subject, please reach out to the Data Protection Officer and indicate that you are an authorized agent. We will provide you with instructions on how to submit a request as an authorized agent on behalf of a data subject.
  3. If your inquiry relates to your company’s Service Account or support of UMGC products or services, please note cannot delete, correct, or access Service Account Data or terminate your contracted UMGC product or Service Account. Please go to the UMGC Help Center for resources and contact information to administer Service Account Data.

Back to Top

XIII. Who Can I Contact?

UMGC has appointed a global Data Protection Officer. If you believe your PII has been used in a way that is not consistent with the Privacy Policy or your choices, if you have further questions related to this Privacy Policy, or to request information about sharing of PII to outside entities, please contact our Data Protection Officer:

Shaun Graham
UMGC Data Protection Officer
dpo@umgc.edu
202-841-1819

Back to Top

XIV. GDPR Remedies Include The Right To File A Complaint with a Supervisory Authority

If you believe your rights under the GDPR have been violated, the GDPR gives you the rights and remedies set forth in GDPR Articles 77-82. These include the right to file a complaint with the applicable data protection supervisory authority in the country in which you are physically present.

Back to Top