Last updated: June 26, 2024
The University of Redlands (“University”) is committed to ensuring the privacy of confidential information, the accuracy of personal data, and compliance with international, federal, and state laws and regulations concerning the use of personal information. Other than as required or permitted by law, Personally Identifiable Information (“PII”) is not shared. The university does not sell or redistribute Personally Identifiable Information (PII) for non-university purposes, regardless of how it was collected.
Information Collected
The university collects and processes Personally Identifiable Information (PII) from individuals only as needed to fulfill its educational mission and responsibilities as a non-profit higher education institution. The majority of PII comes from students (and members of their families), employees, alumni, friends, and people who apply to be students or employees.
Use of Collected Information
PII collected from students or student applicants is used to register or enroll persons in the university, provide and administer housing to students, manage student accounts, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruitment, retention, regulatory reporting, auditing, maintenance of accreditation, and other related university processes and functions.
The university also uses PII for the following purposes: conducting general demographic and statistical research to improve university programs, identifying appropriate support services or activities, providing reasonable accommodations, enforcing university policies, and complying with applicable laws.
The university collects and processes PII from individuals who are employees or applicants for employment for the purpose of administering various employment benefits and functions.
The university also collects and processes PII from alumni, donors, parents, and friends of the university to advance the university’s mission.
PII may be shared by the university with third parties who have entered into contracts to perform functions on behalf of the university, but only when the third parties agree to protect PII and prevent unauthorized disclosure.
Distribution of Collected Information
The university will not disclose PII without consent, except in certain explicit circumstances in which disclosure is permitted or required by law. Additionally, the university will not sell PII to third-party organizations for any non-university purpose.
Third-Party Use of Personal Information
The university may disclose PII and other information as follows:
-
Consent: We may disclose information if we have an individual’s consent to do so.
-
Emergency Circumstances: We may share information when necessary to protect health and safety interests, even if an individual is physically or legally incapable of providing consent.
-
Employment: We may share information when necessary for administering employment or social security benefits in accordance with applicable law, subject to the imposition of appropriate safeguards to prevent unauthorized disclosure.
-
Public Information: We may share information if the information has already been made public.
-
Archiving: We may share information for archival purposes in the public interest and for historical research and statistical purposes.
-
Performance of a Contract: We may share information when necessary to comply with a contractual obligation.
-
Legal Obligation: We may share information when the disclosure is required or permitted by international, federal, or state laws and regulations. The university will comply with lawfully issued subpoenas.
-
Service Providers: We use third parties who have entered a contract with the university to support the administration of university operations. In such cases, we share information with such third parties subject to the imposition of appropriate safeguards to prevent unauthorized disclosure.
-
University-Affiliated Individuals, Programs, and Services: We may share information with individuals and other third parties that are affiliated with the university for the purpose of contacting you about goods, services, charitable giving, or experiences that may be of interest to you. This information is made available on the condition that it is used only for the purposes for which it was shared, is kept confidential, and is safeguarded from unauthorized disclosure.
-
De-Identified and Aggregate Information: We may use and disclose information in de-identified or aggregate form without limitation.
Notification of Changes
The university's privacy policy is reviewed periodically and may be modified at the discretion of the university. Changes to the privacy policy will be incorporated and posted on the university’s website. Information will be handled according to the privacy policy in effect at the time the information is used.
Security
The university will implement appropriate technical and organizational security measures to protect PII collected by the university, regardless of the method of collection.
View the University of Redlands Privacy of Education Records Policy for more information.
Students Privacy Notice
Student Records
The Family Educational Rights and Privacy Act of 1974, as amended ("FERPA"), protects the privacy of students’ educational records. Access to academic and disciplinary records is limited to students, dependent students’ parents, and authorized school officials.
For more information on FERPA, please visit The Family Educational Rights and Privacy Act web site.
No one outside the university shall have access to, nor will the university disclose, any information from students' education records without the consent of students.
The following exceptions are permitted under FERPA.
-
to certain officials of the university to officials of other institutions in which students seek to enroll
-
to persons or organizations providing students with financial aid
-
to accrediting agencies carrying out their accreditation function
-
to persons in compliance with a judicial order
-
to persons in an emergency in order to protect the health or safety of students or other persons.
-
in accordance with the Solomon Amendment (requiring the disclosure of certain information to military recruiters).
Within the university, only those officials, individually or collectively, acting in the students' legitimate educational interests are permitted access to student education records. A “legitimate educational interest” will be present if the school official needs to review an education record to fulfill the official’s professional responsibility.
"Disclosure" means to permit access to or the release, transfer, or other communication of education records, or the personally identifiable information contained in those records, to any party by any means, including oral, written, or electronic means.
Directory Information
The university maintains student records in compliance with FERPA, which assures students and parents of their right to the privacy of information. The university further complies with the California Education Code, sections 22509 through 22509.18, which state that the management of student records shall be a matter of federal and state law and regulation.
The following is considered directory information and may be released or published without the student's consent:
Student name, date, and place of birth; major field of study; dates of attendance; degrees, honors, and awards received; most recent educational institution attended; campus address and telephone number; student assigned email; home address and telephone number; cell phone number; participation in special academic programs; participation in recognized student activities; participation in officially recognized sports; class level, weight, and height of athletic team members.
Students who wish directory information to be withheld from all individuals outside the university must sign a request in the Registrar's Office.
Release of Academic Information
Confidential information is defined as any information contained in a student education record not included in "Directory Information." The university respects the privacy rights of all students. Under FERPA regulations, the university may disclose student education records to parents without the student's explicit consent if the student is considered "dependent" based on designation in a parent's federal tax form. If students or parents want the university to disclose student education records based on dependency, they should submit a written request and provide proof of dependency to the registrar's office.
The university will not release confidential information for independent students (students over the age of 23, or "independent" as defined by the university's financial aid policy) without the written request of the student.
Online Release of Information Forms
-
Student-Initiated Authorization for Release of Information - Former students should contact the Registrar's Office. Current students should use the Online Student-Initiated Release of Information Form.
Transcripts: An official transcript of a student's academic record is issued only upon the student's written, signed request. Transcripts submitted to the university for admission or credit transfer become the property of the university and cannot be returned to the student, copied, or forwarded to other institutions.
Review of Academic Records
FERPA provides students with the right to inspect and review information contained in their education records, to challenge the contents of their education records, to have a hearing if the outcome of a challenge is unsatisfactory, and to submit explanatory statements for inclusion in their files if they feel the decisions of the hearing panels are unacceptable. Note: a) The Registrar coordinates the inspection and review procedures for student education records, which include admissions, personal, academic, and cooperative education records; b) the Financial Aid Officer coordinates the inspection and review procedures for financial aid files; c) the Office of Business and Finance coordinates the inspection and review procedures for financial and billing files.
Students wishing to review their education records must make written requests to the Registrar’s Office or other appropriate campus official, listing the item or items of interest. Only records covered by FERPA will be made available within forty-five days of the request. Students may request copies of their records, with exceptions such as records with a financial "hold" or transcripts of original documents located elsewhere. These copies will be made at the students' expense at the prevailing rates listed in the catalog.
Students have the right to file a complaint with the U.S. Department of Education concerning alleged failures by the university to comply with the requirements of FERPA.
Family Policy Compliance Office
U.S. Department of Education
400 Maryland Avenue, SW
Washington, D.C. 20202-5920
Parents Privacy Notice
Parent Data Confidentiality Policy
Parent data records are proprietary information maintained by the university for official use and are not released to the public or business community.
Official use includes but is not limited to: dissemination of university news and publications; invitations to university events and activities; sanctioned university student clubs and organizations; approved communications and authorized campaigns of the university; and authorized third party communications approved by the university.
Parent contact information may be released to third parties on the condition that the information is used for university communications, activities, or projects approved by appropriate university officials.
Parental information released to third parties may not be copied, reproduced, or otherwise distributed without the written consent of the university office that provided the information.
Parental information may never be used for personal, commercial, or political purposes. Additionally, third parties are prohibited from using information obtained from the university for creating and/or maintaining independent databases.
Alumni and Friends Privacy Notice
General Statement
The University of Redlands recognizes and respects the importance of confidentiality and security of the PII of our alumni, donors, family members, and friends (collectively, our “constituents”). This Alumni and Friends Privacy Notice addresses concerns about personal data collection and provides information about what is collected and how it is used. We strongly encourage you to read this notice in its entirety in advance of submitting any personal information to us.
Constituent Data Confidentiality Policy
Constituent records are proprietary information maintained by the university for official university use and are not released to the general public or business community. Official university use includes, but is not limited to: dissemination of university news and publications; invitations to university, athletic, and alumni events; class reunion planning and activities; sanctioned university student clubs and organizations; alumni activities; offering volunteer and engagement opportunities; solicitations for the Redlands Fund, endowment funds, and other authorized campaigns of the university; and authorized third-party communications endorsed by the university. Specific constituent information may be shared with authorized individuals for university activities or projects approved by the Alumni Association and/or a University Advancement official. Information released to third parties may not be copied, reproduced, or otherwise distributed without the written consent of the university office that provided the information. Constituent information may never be used for personal, commercial, or political purposes. Additionally, third parties are prohibited from using information obtained from the university for creating and/or maintaining independent databases.
Why We Collect Your Personal Information
University Advancement supports all of our core constituencies—students, faculty, staff members, and the community—by working to provide students with financial assistance, faculty with teaching and research opportunities, and the greater university community with resources to establish and expand programs that enable the institution to fulfill its non-profit educational mission. To achieve this, we seek to build and sustain key relationships with alumni, parents, friends, and community members. Acquiring and maintaining information about constituents allows University Advancement to distribute meaningful communications, raise funds in support of university priorities, and engage alumni and friends in programs and events that add value to their lives. Additionally, alumni feedback and outcomes are important to our understanding of how to improve and expand programs.
How We Collect Your Personal Information
The university may collect PII from or about you in a number of ways. For example, you or a family member may have attended the university and provided or updated contact information during or after enrollment, signed up for a university-sponsored event, shared news about your career and life, made a gift, inquired about a program, or otherwise communicated with us in person, by telephone, by email, or through our website. The university may combine the information you provide us with information available from external sources to gather updated contact information, better understand our constituents, and improve our methods of engaging with them. You may have voluntarily provided information to third parties with whom we partner. We may also acquire PII from publicly available sources. We encourage you to review the privacy practices of any organization with whom you choose to share your personal information.
Types of Personal Information We Collect
We may collect the following types of personal information about you (this is a representative list):
-
Your name and contact information, such as your address, email address, telephone numbers, and date of birth;
-
Information relating to your education and employment history;
-
Information about your family or personal circumstances; and
-
Information is needed to process credit card transactions such as contributions, event registrations, and memberships.
Sharing your personal information with select third parties is essential for the purposes referred to in this Alumni & Friends Privacy Notice.
For the purposes referred to in this Alumni & Friends Privacy Notice, we may share your PII with select third parties. Examples of sharing are listed below. The university will not share your personal information with individuals outside the university or with specific third parties unless you request otherwise.
-
We will only disclose information to third parties with your explicit consent.
-
We may share information with university-affiliated third parties to contact you about goods, services, charitable giving, or experiences that may interest you. This may include university volunteers who contribute important work in support of the university’s outreach efforts. We may also use third parties who have entered into a contract with the university to support the delivery of ordinary services and functions. In such cases, we share your information with such third parties on the condition that they use it only for the purposes for which it was shared, they keep it confidential, and they safeguard it from unauthorized disclosure.
-
We use and disclose information about our constituents in de-identified or aggregate form.
-
Information may be shared with third parties without your consent if the information is already public.
-
We will share your information with third parties to the extent we are required to do so by law, court order, or subpoena.
Process for Handling Privacy Concerns
The university is committed to promptly and effectively resolving any complaints about your privacy and the handling of your Personally Identifiable Information (PII). If you have a question or concern about this privacy notice, please reach out to the following contacts:
Director of Advancement Services
advancementservices@gregorybgallagher.com
909-748-8150
Or
University’s Data Security Officer
iso@gregorybgallagher.com
909-748-8318
EU constituents should consult the European Union Privacy Notice for more information.
European Union Privacy Notice
GDPR
The purpose of the General Data Protection Regulation ("GDPR") is to protect all European Union ("EU") citizens from privacy and data breaches by allowing citizens to maintain control of the personal information retained and processed by organizations, which includes the University. The GDPR also protects the personal information of individuals, regardless of citizenship, conducting business in the EU.
The university is committed to safeguarding the privacy of personal information. This privacy policy outlines the collection, use, and disclosure of personal information provided to the university by students, faculty and staff, alumni, other members of the university community, and third parties. When information is submitted to the university or you use the university's websites and services, you consent to the collection, use, and disclosure of that information as described in this policy.
The university will not share your personal information with any third party for direct marketing purposes without your consent.
Access to Your Own Information
You have the right to request access to, obtain a copy of, modify, restrict the use of, or erase your information in accordance with all applicable laws governing data protection. The erasure of your information shall be subject to applicable retention periods under international, federal, and state laws. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of the university's use of the information prior to receipt of your request.
Information created in the European Union will be transferred out of the European Union to the university. If you feel the university has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.
Retention and destruction of your information
Your information will be retained by the university in accordance with applicable retention periods under international, federal, and state laws, which may vary from a few years to several decades. Your information will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period or university operations necessitate its retention. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information, given the level of sensitivity, value, and criticality to the university.
Questions
If you have any questions about this privacy statement or the university’s privacy practices, please contact:
University of Redlands
Information Security Office
P.O. Box 3080, Redlands, CA 92373-0999
iso@gregorybgallagher.com