The University of Tennessee Foundation, Inc. (UT Foundation or UTFI) is committed to protecting the privacy of University of Tennessee students, alumni, donors, faculty, and friends. This Privacy Statement describes the types of personal data we collect and the policies and procedures we have implemented to safeguard it. If you have additional questions or concerns not addressed in this Privacy Statement, please contact [email protected].

What personal information do we collect?

While specific information may vary from individual to individual, the UT Foundation may collect, store, use, and share (with authorized users and third-party vendors) the following types of personal data:

How do we collect personal information?

The UT Foundation receives personal information from multiple sources on each UT campus. We typically receive and load student data for new alumni within two months of commencement. We also collect personal information directly from our alumni, donors, faculty, and students when they make a gift, register for an event, fill out a form, or, as is often the case, contact us directly and request to have their records updated.

On occasion, we also partner with third-party sources who have contracted with us in order to assist in updating information and providing informational materials. We also collect data from standard Internet searches and from other publicly-accessible resources, including social media.

How do we use personal information?

The UT Foundation uses personal information only for secure and legitimate purposes that directly support the primary missions of the University of Tennessee, including:

Every magazine, postcard, event invitation, email, and phone call that an alumnus or donor receives from UT begins with our data. The system also allows us to note and honor communication preferences. For example, if an alumna requests to no longer receive magazines, we will exclude her from all future mailings.

Personal information drives the University of Tennessee’s philanthropic efforts, from planning years-long campaign efforts, identifying potential donors, and tracking progress to making solicitations, processing gifts, and thanking donors for their support. As with UT’s communication efforts, we also use this data to note and honor solicitation preferences.

Our data is an invaluable tool for better understanding the University of Tennessee’s constituents and, as a result, for more effectively and efficiently addressing their widely varying needs. Alumni attitude surveys are a key building block for the university’s strategic planning processes, and information about our alumni, donors, faculty, and students—presented in aggregate and completely anonymous—has been used in academic, statistical research.

How is personal information stored and accessed?

The UT Foundation has put in place reasonable physical, technical, and administrative safeguards to prevent unauthorized access to or use of personal information. Only authenticated users with specific permissions may access our data. We use firewalls and regular monitoring to evaluate any attempts at accessing the system without permission.

The primary users of UT’s personal data are full-time employees of the UT Foundation. Access is granted by an administrator only after the employee has been trained and has agreed to abide by all policies governing the use of confidential information. All personal information transferred from a UT Foundation database must be properly secured and then promptly destroyed upon completion of the task. When a UT employee or alumni volunteer receives data from the UT Foundation—for example, a file containing mailing addresses for an alumni magazine—he or she must follow identical protocols.

The UT Foundation also occasionally shares personal information with third-party vendors but only under the terms of an approved contract and after the signing of a vendor confidentiality form. The UT Foundation will not share your information with third parties except:

How long do we store personal information?

The mission of the UT Foundation is to honor and cultivate a lifelong relationship between the University of Tennessee and its students, alumni, donors, faculty and friends. Certain student records and gift transaction details must be stored permanently for auditing purposes. Otherwise, we accommodate to the best of our ability all requests to change contact and solicitation preferences. For more information, see the UT Foundation’s Records Retention Schedule.

What are my rights under the GDPR?

If you are in the European Economic Area, you may have the right to:

If you wish to exercise any of the above-mentioned rights, please do so by submitting your request to the Data Protection Officer for the applicable UT campus or institute.

If you provide information directly to the UT Foundation from the European Economic Area (EEA), you consent to the transfer of personal information outside of the EEA to the United States. If you understand that the current laws and regulations of the United States may not provide the same level of protection as the privacy laws and regulations of the EEA.

Your consent is voluntary and can be withdrawn at any time by using our GDPR Access and Rights Request Form.

Additional Information

We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on our website or by contacting you directly.

This Policy Statement was last updated on May 25, 2018.

Suggested text: Our website address is:


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.