Internet Privacy and Security Statement
The University of Texas at San Antonio (UTSA) maintains the UTSA website, www.utsa.edu, as a service to its students, employees and external constituencies. UTSA has created this privacy statement in order to demonstrate our firm commitment to privacy and to address concerns about the types of information gathered and how it is used for all pages on the official UTSA site. Some University websites may have additional policies and practices regarding privacy posted on their respective sites. The following discloses UTSA’s information gathering and dissemination practices for this website: www.utsa.edu.
1. Personal Information Collected and Processed by UTSA
Personally identifiable information may be collected by Web pages, applications for enrollment or work, surveys or other voluntarily provided information which may include:
- Internet location (Internet domain and IP address of computer being used);
- Type of browser and operating system used to access our site;
- Date and time site was visited;
- Web pages requested and visited on our site;
- Search terms used on our search engines;
- Personally Identifiable Information used to fill out forms such as names, email address, address, phone number, date of birth, place of birth, student ID number, social security number, photograph, credit card number or other physical, psychological, genetic, mental, economic, cultural or social identity of that person.
Employee Applicants: UTSA collects and processes Information and Sensitive Information from individuals who are applying to UTSA for employment only as necessary in the exercise of the University's legitimate interests, functions and responsibilities as a public research higher education institution and employer under Texas and federal laws. UTSA will use the details you provide on your application form, together with the supporting documents requested, additional details provided by any references. Information and Sensitive Information is collected from applicants and shared with internal and external parties to identify you; process your application; verify information, employment suitability and eligibility; communications with you; regulatory reporting; auditing; and other related University processes and functions.
Student Applicants and Students: UTSA collects and processes Information and Sensitive Information from individuals who are applying for admission to UTSA or are admitted students only as necessary in the exercise of the University's legitimate interests, functions and responsibilities as a public research higher education institution. Information is collected from students and shared with internal and external parties to register or enroll persons in the University, provide and administer housing to students, manage a student account, provide academic advising, develop and deliver education programs, track academic progress, analyze and improve education programs, recruitment, regulatory reporting, auditing, communicating, maintenance of accreditation, and other related University processes and functions.
Employees: UTSA collects and processes Information and Sensitive Information from employees only as necessary in the exercise of the University's legitimate interests, functions and responsibilities as a public research higher education institution and employer under Texas and federal laws. The University will keep a record of the details employees provided on their application form, any supporting documents requested and additional details provided by any references and recorded following any interview process. We will maintain various administrative and financial records about their employment at UTSA and use of the academic and non-academic facilities and services that UTSA offers. Information and Sensitive Information is collected to assess suitability for a particular role or task; to support in implementing any accommodations; where relevant, to monitor, evaluate and support research and commercialization activity; to administer remuneration, payroll, pension and other standard employment functions; to administer HR-related processes, including those relating to performance/absence management, disciplinary issues and complaints/grievances; to provide access to facilities, services and staff benefits, and where appropriate to monitor use of such in accordance with University policies; for communications; to support training, health, safety, welfare and religious requirements; to compile statistics and conduct surveys and research for internal and statutory reporting purposes; to fulfil and monitor UTSA responsibilities under equal access, right to work and public safety legislation; and to enable us to contact others in the event of an emergency.
Research Subjects: UTSA also collects and processes Information and Sensitive Information from individuals who are research subjects in the exercise of scientific, historical research, or statistical purposes.
Retirees, Alumni, and Supporters: UTSA collects and processes Information and Sensitive Information from individuals who are UTSA alumni, its past, current and future supporters, whether donors, volunteers, participants in UTSA membership groups, or attendees at UTSA events only as necessary in the exercise of the University's legitimate interests, functions and responsibilities as a public research higher education institution under Texas and federal laws. Information and Sensitive Information is collected and shared with internal and external parties for communication purposes, surveys, providing services, solicitations, research, internal record keeping, and administrative purposes.
UTSA will not disclose or share personally identifiable information without your consent except for disclosures allowed by law.
2. Email and Form Information
If a member of the general public sends an email message with a question or comment that contains personally identifying information or fills out a web-based form, that information will only be used to directly respond to the requestor or send information regarding enrollment, unless the web-based form indicates otherwise. The information will also be used in analyzing internet trends within the UTSA domain for future navigation enhancement. The request for information may be directed to another part of the University, institution, government agency or person that may be in a better position to respond to the request.
Except for records governed by the Family Educational Rights and Privacy Act, the Health Insurance Portability and Accountability Act as amended by the Health Information Technology for Economic and Clinical Health Act or other information made confidential by law, all information provided to and collected by UTSA may be subject to the Texas Public Information Act. Per Sections 552.021 and 552.023 of the Texas Government Code, you are entitled to request access to certain information maintained by UTSA deemed public information. Under Section 559.004 of the Texas Government Code, you are entitled to have UTSA correct public information about you UTSA maintains and that is incorrect, in accordance with the procedures set forth in the University of Texas System Business Procedures Memorandum 32. UTSA will retain and maintain collected public information as required by Texas records retention laws (Section 441.180 et seq. of the Texas Government Code) and rules. Also, it should be noted that electronic mail and other Internet communications channels are not necessarily secure against interception. While we take precautions, such as encrypting communications where appropriate, if your communication is very sensitive or it includes information such as academic history or grades, you might want to send it by other secure means.
A "cookie" is a small file containing information that is placed on a user’s computer by a web server. Any information that UTSA may store in cookies is used exclusively for internal purposes only and will not disclose personally identifiable information to outside parties unless legally required to do so or disclosure is allowed by law.
4. Logs and Network monitoring
For site administration functions, information is collected for analysis and statistical purposes of navigation trends to the UTSA server. This information is used to help diagnose problems with the server and to carry out other administrative tasks, such as assessing what information is of most interest, determining technical design specifications and identifying system performance and/or problem areas.
The following is an example of types of information collected for analysis needs:
- Hostname: The hostname and/or IP address of the computer requesting access to the site.
- User-Agent: The user-agent information includes the types and version of a particular internet browser, and the operating system on which it runs.
- Referrer: The web page from which the client accessed the current page.
- System Date: The date and time on the server at the time of access.
- Full Request: The exact request of the user/client.
- Status: The status code that the server returned, e.g., fulfilled request, file not found, etc.
- Content Length: The content length, in bytes, of the document sent to the user/client.
- Method: The request method used by the browser, e.g., post, get.
- Universal Resource Identifier (URI): The location of the particular resources requested (URL).
- Query String of the URI: Anything after a question mark in a URI.
- Protocol: the transport protocol and version used, e.g., ftp, http 1.0, etc.
The above stated information is not used in any way that would reveal personally identifiable information to third parties unless UTSA is legally required to do so or it is allowed by law.
This site has security measures in place to protect from loss, misuse, fraud, hacking and alteration of the information under the control of the UTSA web server administrators.
In case of a data breach or some other incident that places information held by the University in jeopardy, immediately notify the Chief Information Security Officer at firstname.lastname@example.org.
This site contains links to other sites outside of the utsa.edu domain. UTSA is not responsible for the privacy practices or the content of such web sites.
7. Data Protection Laws
Data protection laws exist within the states, the nation and in numerous other countries. General Data Protection Regulation (GDPR) in the European Union (EU) and the Personal Information Protection Law (PIPL) in China address the protection of people physically within the EU (“Data Subjects”) and China, respectively, with regard to the processing of their personal data and rules relating to the movement of such data. There is no distinction based upon an individuals’ permanent place of residence or citizenship. For UTSA, the data protection officers include the Chief Legal Officer, the Chief Privacy Officer and the Chief of Information Security Officer.
The scope of the GDPR also extends to United States and other foreign entities outside the EU that are processing the ‘personal data’ of EU residents. For further information, please see Frequently Asked Questions regarding the GDPR. Additionally, if you will be processing personal data of a current resident of the EU, then also consult with The Office of Legal Affairs and fill out the “Lawful Basis Form” and, if collecting sensitive data, the “Consent Form.”
Like GDPR, PIPL is a extra-territorial law applicable to entities doing business both within and outside of China that process personal information on natural persons with the territory of China for the purpose of (i) providing products or services to individuals in China; (ii) analyzing or assessing behavior of individuals in China; or (iii) for other purposes to be specified. Also similar to GDPR, PIPL requires a lawful bases for the data processing and specific informed consent.
When information is submitted to UTSA in any form or you use UTSA’s websites or other services, you hereby consent to the collection, use and disclosure of that information as described in this Statement. If you are temporarily or permanently residing in the EU or China, you have the right to request access to, a portable copy of, rectification, restriction in the use of, erasure or objection to your information maintained by UTSA in accordance with all applicable laws. The erasure of your information will be subject to the retention periods of applicable federal and Texas state laws and UTSA’s Record Retention Schedule. You also have the right to withdraw consent without affecting the lawfulness of UTSA's use of the information prior to receipt of your request. A Data Subject may exercise their rights by contacting UTSA’s Chief Legal Officer and/or Chief Privacy Officer at email@example.com.
If you feel UTSA has not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.
As a general rule, in cases where Texas or United States federal law conflicts with the laws of other countries in regard to the processing, use or maintenance of a data subject’s personal information, including provisions of the GDPR or PIPL, UTSA will treat Texas and United States federal law as controlling.
UTSA employees who receive a request by a Data Subject to have their data forgotten or who have other questions regarding the rights of Data Subjects provided by the GDPR should contact UTSA’s Chief Legal Officer and/or the Chief Privacy Officer.
The www.utsa.edu site gives users the following options for reviewing, removing or correcting their public information:
Employees: To review, correct or restrict the release of your home address, home telephone number and emergency contacts, go to https://my.utshare.utsystem.edu and log in with your myUTSA ID and passphrase. Then, click on the “Employee Self-Service” tab and My Current Profile Link under the Personal Information section.
Students: To restrict the release of directory information (See Handbook of Operating Procedures 5.01 for list of all directory information), student must fill out and file the “Restrict Student Directory Information Request” form with One Stop, which can be found at https://onestop.utsa.edu/forms/registrar/. To opt-out of UTSA SMS/Text Messaging, simply text STOP to the shortcode or phone number that sent you the text message. For further UTSA SMS information, see https://onestop.utsa.edu/sms/.
To lodge a complaint relating to an alleged violation of privacy laws, you may contact the UTSA Institutional Compliance & Risk Services Office at their toll-free number 877-270-5051 24 hours a day seven days a week or file an online report at https://www.reportlineweb.com/UTSA.
All other issues may be directed to firstname.lastname@example.org.
9. Contacting the Web Site
If you have any questions about this privacy statement, the practices of this site, or your dealings with this Web site, you can contact
University Web Team
The University of Texas at San Antonio
One UTSA Circle
San Antonio, TX 78249-1644