Commitment to Privacy
This policy addresses the use of Personal Information collected, used, processed and disseminated by Irvine University.
Irvine University (Irvine) is committed to maintaining the privacy and security of any collected confidential or highly sensitive Personal Information from students, faculty, staff, alumni and others (aka data subjects) who share information with Irvine.
Lawful Basis for Collecting and/or Processing Personal Data
Irvine University has a lawful basis to collect and process personal data. Most of the university’s collection and processing of personal data falls under the following categories:
- Processing is necessary for compliance with a legal obligation to which Irvine University is subject
- Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into an agreement
- Processing is necessary for the purposes of the legitimate interests pursued by Irvine University
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes
Security via Encryption
Irvine University maintains physical, electronic, and procedural safeguards to protect against the loss, misuse or alteration of the information under its control. Safeguards include restricted access to computer systems and paper files, firewalls, encryption (for electronic safeguards) and secure authentication methods.
For example: when either: a) the university’s online admission application; or b) form for payments asks a data subject to enter personally identifiable information for online transactions, that electronic/digital information is protected using Secure Sockets Layer protocol (SSL encryption). Any information supplied by the data subject is encrypted when it is sent from the subject’s browser to the university’s server. To learn more about SSL encryption, visit the Verisign Resource Center: https://www.verisign.com/en_US/security-services/resource-center/index.xhtml
Likewise, when student performance information is evaluated in either the university’s Student Information System (SIS) or the Global Academic Portal (GAP), the information is encrypted by SSL protocols.
Data Protection and Integrity
Irvine University protects all personal data and sensitive personal data that it collects or processes for a lawful basis. Any personal data and sensitive personal data collected or processed by Irvine University are:
- Processed lawfully, fairly, and in a transparent manner
- Collected for specified, explicit, and legitimate purposes, and not further processed in a manner that is incompatible with those purposes
- Limited to what is necessary in relation to the purposes for which they are collected and processed
- Accurate and kept up to date
- Retained only as necessary
All collection, storage, and maintenance of centrally-managed institutional data are appropriately managed and maintained by centrally-administered institutional systems and processes.
Data Authorization and Access
Access to institutional data in its many forms is vital to the successful operation of the university. Faculty, staff, students and authorized university parties need appropriate access to university data in support of legitimate university business functions. Likewise, all users authorized to access institutional data are obligated to appropriately use and effectively protect institutional data. Authorization is granted based on the classification of university data to be accessed, the individual’s roles and responsibilities, and need-to-know.
University data are categorized as follows:
- Public: Information that is currently released or approved to be released to the public without restriction by the appropriate information owner. Information in this classification does not need protection from unauthorized access or disclosure; however, Irvine University makes every attempt to protect the integrity and availability of such
- Internal: Information that is intended for official Irvine University business purposes only. It is not appropriate for information in this classification to be made available to the general
- Confidential: Information that is specifically protected by law, contracts, third-party agreements, or for other university business reasons as established by the appropriate information owner.
- Regulated: Information that is specifically protected by international, federal, state, local, or industry policies and/or laws and regulations, for which strict protection, use and handling requirements are Access may be granted to this classification of information by the appropriate information owner to only authorized personnel with a legitimate need-to-know.
As an institution of higher education, Irvine University collects, stores, and processes sensitive data in conducting its day-to-day business operations and is therefore subject to various information security and privacy laws that regulate the access, use, and handling of that information. The following includes, but is not limited to, specific laws and regulations that are included in this classification:
- European Union General Data Protection Regulation (EU GDPR) (https://gdpr-info.eu)
- Federal Trade Commission (FTC) Red Flag Rule (Identity theft regulation)
- Family Educational Rights and Privacy Act (FERPA)
- Gramm-Leach-Bliley Act (GLBA)
- California Senate Bill 1177, Privacy: Students. BPC Code, Division 8, Chapter 22.2, Section 22584
European Economic Area (EEA) Data Subject Rights
If an individual is only located in the EEA, that person has the following rights with regard to their Personal Data:
Right of access
You may request details of your Personal Information that we hold. We will confirm whether we are processing your Personal Information and we will disclose supplementary information including the categories of Personal Information, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding Personal Information transfers to non- EEA countries, subject to the limitations set out in applicable statutes, regulations and other laws.
Right of correction
We will comply with your request to edit and update incorrect Personal Information promptly.
Right to be forgotten
At your request, we will delete your Personal Information promptly if:
- It is no longer necessary to retain your Personal Information;
- You withdraw the consent which formed the basis of your Personal Information processing;
- You object to the processing of your Personal Information and there are no overriding legitimate grounds for such processing;
- The Personal Information was processed illegally; or
- The Personal Information must be deleted for us to comply with our legal obligations.
We will inform any third parties we might have shared your Personal Information with of your deletion request.
We will decline your request for deletion if processing of your Personal Information is necessary:
- To comply with our legal obligations;
- In pursuit of a legal action;
- To detect and monitor fraud; or
- For the performance of a task in the public
Right to restrict processing of your Personal Information
At your request, we will limit the processing of your Personal Information if:
- You dispute the accuracy of your Personal Information;
- Your Personal Information was processed unlawfully and you request a limitation on processing, rather than the deletion of your Personal Information;
- We no longer need to process your Personal Information, but you require your Personal Information in connection with a legal claim; or
- You object to the processing pending verification as to whether an overriding legitimate ground for such processing
Right to notice related to correction, deletion, and limitation on processing
In so far as it is practicable, Irvine University will notify you of any correction, deletion, and/or limitation on processing of your Personal Information.
Right to data portability
At your request, Irvine University will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if: (i) you provided the university with Personal Information; (ii) the processing of your Personal Information is based on your consent or required for the performance of a contract; or (iii) the processing is carried out by automated means.
Right to object
Where Irvine University processes your Personal Information based upon its legitimate interest then you have the right to object to this processing.
Right not to be subject to decisions based solely on automated processing
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given us your explicit consent or where the information is necessary for a contract with us.
Right to withdraw consent
You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting, using, and sharing of your Personal Information up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use your information that has been fully anonymized and does not personally identify you.
Right to complain to a supervisory authority
If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
If you wish to contact Irvine University in connection with the exercise of your rights listed above, please contact the university’s Data Protection Officer through firstname.lastname@example.org. The university will respond to your written request without unreasonable delay and in accordance with any deadlines imposed by law. Unless the university notifies you at the time of your request, we will not charge any fee in connection with the exercise of your rights.
This policy applies to the cookies used by Irvine University when a data subject visits Irvine University’s main website (www.irvine.edu).
Cookies can be adjusted or disabled, and this policy provides you with instructions to do so.
Description of a cookie
A cookie is a file designed to contain a small amount of user and website information stored on a user’s computer. The file interacts with the user and the website to provide a webpage tailored to the user through its awareness of information held within the file. Cookies also have the ability to carry all or parts of the information stores within the file to other websites that the user may visit.
Types of cookies
- Third-party cookie: placed by a domain other than that of the website that the user is
- Session cookie: temporary, linking the actions of a user during any given browser session. When the browser is closed, the cookie is
- Permanent cookie: also known as a persistent cookie, is stored for a specific period of time and activates each time the user visits the website that created the cookie.
Irvine University uses third-party, session and persistent cookies and similar technology to collect aggregate (non-personal) information about site usage, and to help the university remember the user and his/her preferences when they revisit the site. These cookies may stay on the user’s browser into the future until they expire or the user deletes them. Irvine University also uses technology to remember the user the next time they log in. Some of these cookies are erased when the user closes their browser window and some persist for a long time. More information about cookies and how they work is available at www.allaboutcookies.org
The cookies used on the Irvine University site may include, but are not limited to, the following:
- Types of cookies that expire when the browser is closed. The purpose of these cookies is to temporarily retain information related to the user’s visit to a site, such as the number of visits, average time spent on the site, and what pages have been
- Cookies that remain in operation, even when the browser is the purpose of these cookies is to retain information to help the user avoid retyping data.
- Third parties install these cookies to collect certain information for statistical purposes and conduct research into behavior, demographics, and similar topics about our university.
- Cookies that help the university understand how our site users engage with our sites. These cookies collect information and report website usage statistics. Some of these cookies are used to see how people use our sites, which helps us improve statistics.
- Security cookies are used to authenticate users, prevent fraudulent use of login credentials, and protect user data form unauthorized parties. Some of these cookies may collect the request made by your browser to the server hosting the website which includes the IP address, the date and time of connection, and the page you ask Irvine University uses this information to ensure the security of its sites. Some of these cookies also help make the sites work and deliver services that the website visitor expects, like navigating around web pages or accessing secure areas of the website. Without these cookies, the sites cannot function properly.
Adjusting cookie settings
The user can change their cookie settings by reviewing their internet browser’s cookie options. Popular browsers may help the user better understand their cookie options. Typically, such information can be found under the browser’s “Help,” “Preferences,” or “Options” menus, such as:
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Internet Explorer
- Cookie settings in Safari – iOS
- Cookie settings in Safari – macOS
Irvine University keeps your personal information for as long as needed to fulfill the particular purpose for which it was collected. The university may also retain records if legally required or to fulfill a legitimate interest.
For more information regarding how Irvine University collects and processes your Personal Information, or if you have any complaints, please contact the university’s Data Protection Officer through email@example.com,
The Data Protection Officer is responsible for enforcing this policy, to ensure data protection and compliance with all applicable laws, such as the EU GDPR. Individuals determined to have violated this policy are subject to sanctions imposed using the procedures set forth in applicable university policies and handbooks.
The effective date of this policy is the date of its public posting by the university, which is January 13, 2020.