The University of Tennessee Foundation, Inc. (UT Foundation or UTFI) is committed to protecting the privacy of University of Tennessee students, alumni, donors, faculty, and friends. This Privacy Statement describes the types of personal data we collect and the policies and procedures we have implemented to safeguard it. If you have additional questions or concerns not addressed in this Privacy Statement, please contact [email protected].
What personal information do we collect?
While specific information may vary from individual to individual, the UT Foundation may collect, store, use, and share (with authorized users and third-party vendors) the following types of personal data:
- Biographic and demographic information, including names, mailing addresses, email addresses, phone numbers, social media accounts, birth and death dates, gender, and ethnicity.
- Student information, including degrees, years of graduation, majors, college and department affiliations, student activities, awards, and athletics.
- Employment information, including job titles, occupations, specializations, company names, business mailing addresses, email addresses, and phone numbers.
- Family information, including names of spouses/partners and children. We also link the accounts of family members in order to share credit for philanthropic gifts and to reduce print mailings.
- Alumni information, including volunteer activities and participation, event attendance, board participation, honors, and awards.
- Donor information, including individual giving transactions, pledged gifts, stewardship efforts, contact reports, wealth assessments, and other indicators of a person’s likelihood to donate to UT.
- Web analytic information, including email engagement data, authenticated activity on UTFI websites, and public social media usage.
How do we collect personal information?
The UT Foundation receives personal information from multiple sources on each UT campus. We typically receive and load student data for new alumni within two months of commencement. We also collect personal information directly from our alumni, donors, faculty, and students when they make a gift, register for an event, fill out a form, or, as is often the case, contact us directly and request to have their records updated.
On occasion, we also partner with third-party sources who have contracted with us in order to assist in updating information and providing informational materials. We also collect data from standard Internet searches and from other publicly-accessible resources, including social media.
How do we use personal information?
The UT Foundation uses personal information only for secure and legitimate purposes that directly support the primary missions of the University of Tennessee, including:
Every magazine, postcard, event invitation, email, and phone call that an alumnus or donor receives from UT begins with our data. The system also allows us to note and honor communication preferences. For example, if an alumna requests to no longer receive magazines, we will exclude her from all future mailings.
Personal information drives the University of Tennessee’s philanthropic efforts, from planning years-long campaign efforts, identifying potential donors, and tracking progress to making solicitations, processing gifts, and thanking donors for their support. As with UT’s communication efforts, we also use this data to note and honor solicitation preferences.
Our data is an invaluable tool for better understanding the University of Tennessee’s constituents and, as a result, for more effectively and efficiently addressing their widely varying needs. Alumni attitude surveys are a key building block for the university’s strategic planning processes, and information about our alumni, donors, faculty, and students—presented in aggregate and completely anonymous—has been used in academic, statistical research.
How is personal information stored and accessed?
The UT Foundation has put in place reasonable physical, technical, and administrative safeguards to prevent unauthorized access to or use of personal information. Only authenticated users with specific permissions may access our data. We use firewalls and regular monitoring to evaluate any attempts at accessing the system without permission.
The primary users of UT’s personal data are full-time employees of the UT Foundation. Access is granted by an administrator only after the employee has been trained and has agreed to abide by all policies governing the use of confidential information. All personal information transferred from a UT Foundation database must be properly secured and then promptly destroyed upon completion of the task. When a UT employee or alumni volunteer receives data from the UT Foundation—for example, a file containing mailing addresses for an alumni magazine—he or she must follow identical protocols.
The UT Foundation also occasionally shares personal information with third-party vendors but only under the terms of an approved contract and after the signing of a vendor confidentiality form. The UT Foundation will not share your information with third parties except:
- As necessary to meet one of UTFI’s lawful purposes, including but not limited to: any legitimate interest related to UTFI’s mission or operation, contract compliance, pursuant to consent provided by you, and as required by law.
- As necessary to protect UTFI’s interests.
- With service providers acting on our behalf who have agreed to protect the confidentiality of the data by signing our vendor confidentiality form.
How long do we store personal information?
The mission of the UT Foundation is to honor and cultivate a lifelong relationship between the University of Tennessee and its students, alumni, donors, faculty and friends. Certain student records and gift transaction details must be stored permanently for auditing purposes. Otherwise, we accommodate to the best of our ability all requests to change contact and solicitation preferences. For more information, see the UT Foundation’s Records Retention Schedule.
What are my rights under the GDPR?
If you are in the European Economic Area, you may have the right to:
- Acquire contact details for the controller and UT’s Data Protection Officers
- An explanation of the purposes and legal bases of the data collection and identification of the recipients of the personal data
- Written notice if UT intends to transfer personal data to another country or international organization, along with notice of the time period that the personal data will be stored
- Access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability
- Withdraw consent at any time, if processing is based on consent, and to lodge a complaint with a supervisory authority (established in the EU)
- An explanation of why the personal data are required, and possible consequences of the failure to provide the data
- Notice of the existence of automated decision-making, including profiling, and notice if the collected data are going to be further processed for a purpose other than that for which it was collected
If you wish to exercise any of the above-mentioned rights, please do so by submitting your request to the Data Protection Officer for the applicable UT campus or institute.
If you provide information directly to the UT Foundation from the European Economic Area (EEA), you consent to the transfer of personal information outside of the EEA to the United States. If you understand that the current laws and regulations of the United States may not provide the same level of protection as the privacy laws and regulations of the EEA.
Your consent is voluntary and can be withdrawn at any time by using our GDPR Access and Rights Request Form.
We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on our website or by contacting you directly.
This Policy Statement was last updated on May 25, 2018.
Suggested text: Our website address is: https://utfi.org.
Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Suggested text: If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Suggested text: Visitor comments may be checked through an automated spam detection service.