Skip to main content

International Privacy Disclosures

Privacy Statement Summary

The curation and use of personal data are integral to Cornell’s mission to discover, preserve, and disseminate knowledge, to educate the next generation of global citizens, and to promote a culture of broad inquiry throughout and beyond the Cornell community.  In furtherance of its mission, Cornell acquires information from those with whom it interacts, such as students, employees, visitors, etc. 

Background and Scope of these Additional Privacy Disclosures

These privacy disclosures (“Disclosures”) provide additional information concerning Cornell’s collection and use of data about individuals located in a Relevant Country (as defined below).

For purposes of these Disclosures,

  • “Personal Data” means information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, by use of any identifier or characteristic specific to that individual.
  • “Relevant Law” means any non-U.S. jurisdiction’s personal data protection law that applies to the processing of Personal Data by a Cornell Entity.
  • “Relevant Country” means a country which has enacted a Relevant Law.
  • “In-scope Processing” means the collection, use, handling, processing or sharing of Personal Data by a Cornell Entity when those activities are within the scope of any Relevant Law.  
  • “Cornell Entity” means a Cornell University school, center or other Cornell unit or Cornell-controlled entity. Where the words “we”, “us” or “our” are used in these Disclosures, they shall refer to the relevant Cornell Entity.

Please note that these Disclosures apply only to In-scope Processing, and that, depending on the situation, some of the Cornell activities described below may, in the given case, not constitute In-scope Processing as that term is used in these Disclosures.  

Please carefully read and understand these Disclosures before using our services and contact us using the details at the bottom of these Disclosures if you have any questions or concerns about the manner in which your Personal Data is processed. 

Types of Personal Data Cornell May Collect About You

The University collects Personal Data (including data provided by you and, in some cases, data collected automatically or data obtained from third party sources) to carry out its educational mission.  The ways in which the University collects and uses Personal Data vary depending upon the relationship between you and the University, as well as the particular unit with which you interact. Depending on the reason for your engagement with Cornell, the university might collect varied information about you, based on the requirements of the program, service, or other purpose of the encounter. The following examples are not collected in every circumstance, and any collection of information is done in accordance with applicable laws.  

  • Contact Information: Name, physical address, country, province, phone number, email address, emergency contact information and family and significant other contact information
  • Cornell Information: Cornell identifiers (e.g., NetID and/or EmployeeID), university affiliation, current grade level, current college if transferring, graduation date, and group and organization memberships
  • Bio-demographic Information: Race, ethnicity, citizenship, gender, gender identity, pronouns, age, date of birth.
  • Employment Information: Company name, address, phone, fax, email, website, description, parent organization, union membership status, position/title, years in job, responsibilities, position you report to, next step in career path, previous positions, employers and years, resume (file-upload), family and significant other employment information, payroll data, title, years of service, and tax information
  • Academic Information: High school (HS), HS address, HS GPA, Test Scores: SAT, ACT, GMAT, TOEFL, IELTS, AP/IB scores, summer college and GPA, previous college names, degrees, GPAs, current college, current class (Freshman – Senior), major/concentration, course grades, bursar data, and family and significant other educational background
  • Travel Information: Date/time of arrivals and departures, flight numbers and airlines, mode of transportation if not flying, accommodations while in Ithaca, and other travel information.
  • Engagement Information: Event attendance, volunteer interests, organization affiliations, committee participation, memberships, awards and honors  
  • Giving Information: Information regarding any donation which is made, information that indicates your interest in giving back to Cornell
  • Device Information: Device and browser related information that is automatically collected when engaging with Cornell websites and services.
  • Location Information (see additional information in section below)

At Cornell we frequently provide an option to edit or remove yourself from any specialty mailing list and/or service you may have joined that collected personal data about you. If you find a Cornell service which you signed up for and these edit features are not available, please contact the IT Service Desk (607)255-5500.  

Select retention of information about individuals may not contain an opt-out option if they are considered to be a critical for life, safety, research,administrative, or regulatory compliance needs. 

How Cornell May Use Your Personal Data

Cornell hosts a complex, rich, and evolving research and teaching community. The university's scope of engagements reaches an expansive global community. In support of this community, and while striving to honor the EU-U.S. Data Privacy Framework, Personal Data is used to enable Cornell's mission. Select examples of how Cornell may use your Personal Data include, but are not limited to, the following:  

  • To provide access to educational programs and services offered by Cornell
  • To consider your application for admission to our colleges, schools and programs
  • To enable outreach to audiences such as prospective students, event attendees, enrolled students, staff and faculty members, alumni, and corporate sponsors
  • To associate you with your Cornell records and engagements, as well as for internal, administrative, and academic support needs
  • To assist you with your travel plans and your stay while attending our programs here at Cornell
  • To provide disability and dietary accommodations for events and programs, as well as linking you with opportunities and events on campus
  • To share Cornell-related news, publications, courses, events, programs, and other opportunities tailored to your interests
  • To offer assistance, web or printed materials, services, and support upon your request
  • To provide health and safety services  
  • To facilitate athletic events and participation
  • To perform analytics
  • To participate in research projects
  • To fundraise
  • To perform outreach and marketing about Cornell

Location Information: With rare and approved exceptions, as a matter of policy, Cornell does not use its data to track the location of individuals on campus. In instances of emergencies involving life and safety, where the need to find an individual at risk is urgent, the university may access individual location data in ways deemed appropriate by campus health or safety experts and in accordance with university policy.

Legal Bases for Processing

Cornell will only collect, store, access, use or otherwise handle your Personal Data when permitted or required by applicable law and there is a legitimate reason and legal basis for doing so. In most cases, Cornell uses your Personal Data when necessary to fulfill a legitimate interest of Cornell in furtherance of its mission or to fulfill statutory duties or responsibilities, for example to comply with state and federal obligations. Other bases for the lawful processing of Personal Data may include the existence of a contractual relationship between the user and Cornell and where the user has given their consent. Where the legal basis is individual consent, collection and use will be consistent with the consent that was provided. 

Collection of Cookies and Use of Other Technologies within Cornell websites

Cornell may gather information to track user trends and site usage with the goal of improving our website users' experiences and optimizing our websites. Cornell also uses the information to administer websites and prevent abuse.

Cookies are text files stored on your computer and accessible only to the websites which create them. Cornell websites may use cookies to keep you logged into secure areas of the website and/or to keep track of your preferences as you interact with certain services. You may disable cookies in your browser; however, Cornell websites may not work as designed if you do so. Cornell may automatically collect certain data in conjunction with third party tools to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network. Cornell may use technical methods to determine if individuals have viewed emails Cornell sends. This information is often used to make Cornell websites, and emails you have agreed to receive, more interesting to you. As outlined above, web information (cookies, site navigation, etc.) gathered may also be shared with third parties to improve programs, outreach, and other campus initiatives. Additionally, aggregated metrics may be shared with vendors to improve communications related to these activities.

Web Tracking Technologies: Cornell may automatically collect certain data in conjunction with third party tools to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network.  

Social Media: If you share our content through official Cornell social media properties, such as liking us on Facebook, interacting with us on LinkedIn or Instagram, or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose. If you wish to opt-out of any of these social interactions, please refer to the specific social media platform for instructions on how to do so.

Non-Cornell Websites We May Link To: From time-to-time, we will provide links to external websites that we neither own nor control. Cornell University is not responsible for the content, privacy practices, or web accessibility needs on these websites. Cornell can’t assure websites not owned by Cornell follow Cornell’s privacy practices. We encourage users to read the privacy statements of such sites to understand the privacy practices of those sites.  

User-Generated Content and Public Posts: Certain of our online activities, such as course websites, listservs, chat rooms and bulletin boards enable users to submit their own content.  Any Personal Data that you choose to submit or post in such circumstances will be available to anyone who has access to that content, and as a result, may be seen by others or become public.  You should exercise caution when choosing whether to disclose your Personal Data or other information in such submissions or posts.  Cornell is not responsible for the results of such postings and cannot prevent others from using posted information in a manner that may violate these Disclosures, the law, or your privacy.  

How We Share and Disclose Personal Data

We share your information internally within Cornell as needed to fulfill our mission. In addition, Cornell works with many external service providers, institutions, and other collaborators to advance its mission. In doing so, we perform data security and privacy due diligence on our service providers and collaborators, and put appropriate contracts in place with them to safeguard the confidentiality and security of your information.  Cornell may share your Personal Data as described below.

Service Providers: We may share your Personal Data with third-party service providers that complete transactions or perform services on our behalf or for your benefit, including, but not limited to, the following:

  • Educational or research operations and collaborations;
  • Course platforms or tools that enable or enhance our offerings;
  • Registration, enrollment verification and coordination for courses and events;
  • Course administration, evaluation, and assessment;
  • Payment and contribution processing;
  • Customer relationship management services;
  • Processing admissions and financial aid applications;
  • Student, alumni, and donor outreach and engagement;
  • Social networking, email and communications services;
  • Workforce administration and operations;
  • Travel support services;
  • System maintenance, security and other technology services;
  • Marketing and data analytics;
  • Facilitating other transactions with you; and
  • Legal and regulatory compliance.

Other Institutions & Collaborators: We may share your Personal Data with other institutions for the purposes of delivering programs and services including, but not limited to, the following:

  • Registration, enrollment verification and coordination for courses and events, including cross-registration for courses and events with other universities;
  • Course administration, evaluation, and assessment;
  • Study at other universities, including study abroad at foreign universities;
  • Online education offerings through online platforms;
  • Research arrangements with other universities or collaborators; and
  • Events and activities of Cornell-affiliated clubs and special interest groups.

Employers Sponsoring Educational Programs: If you enroll in an educational program sponsored by your employer, we may (depending on the agreement and with your consent, where required) disclose education information such as courses and grades to employers to facilitate the company's tuition billing process.

Other Alumni or Students: If you choose to use certain services, such as the alumni directory, the alumni and student mentoring system, or the volunteer management system, the Personal Data you enter may be shared with other alumni or students. You may opt out of sharing your information in the alumni directory by accessing your profile and changing the “Hide from Directory” setting under “Contact Information.”

Legal Process, Safety and Contract Enforcement: We may disclose your Personal Data to legal or government regulatory authorities as required by applicable law.  We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, or when we believe, in good faith, that such release is reasonably necessary to:

  • Comply with applicable law;  
  • Enforce or apply the terms of any of our user agreements;  
  • Protect the rights, property, or safety of Cornell, or any college, departments or offices affiliated with Cornell, our users, or others; or  
  • Enforce our legal rights or contractual commitments that you have made.    

By using Cornell websites or otherwise providing your information to us, you consent to the collection, use, and disclosure of your information in accordance with this Policy. For more information about unique operating unit collection of Personally Identifiable Information (PII) and data processor use, please contact us.

How We Protect and Store Your Personal Data

Cornell takes appropriate security measures according to industry standards including physical, managerial, organizational, and technical safeguards designed to protect your Personal Data and prevent unauthorized access to, disclosure, use, modification, damage or loss of information. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Cornell strives to use commercially reasonable means to protect Personal Data, Cornell cannot guarantee its absolute security. More information is available in University Policy 5.10, Information Security.

Cornell strives to delete or anonymize Personal Data when it is no longer needed for the purposes for which it was collected, unless required or allowed by policy or law to keep it for a longer period. More information regarding data retention and disposal of Personal Data is provided in University Policy 4.7, Retention of University Records and University Policy 4.21, Research Data Retention.

Location of Processing and International Data Transfers

Cornell University is located in the United States and is subject to U.S. and New York law.  If you provide Personal Data to Cornell University, you will be transmitting your data to personnel in the United States and your data generally will be hosted on U.S. servers and might be transmitted to or accessed from the United States or other jurisdictions outside of the Relevant Country when necessary for business or other valid purposes.

Such jurisdictions might have different data protection laws, or even no relevant laws. Under such circumstances, we will take measures to comply with applicable data protection laws regarding the protection of Personal Data. For example, we may ask you for your consent to the cross-border transmission of your Personal Data, or we may employ information de-identification and other security measures before the cross-border transmission of information.

Rights and Choices You May Have and How to Exercise Them

Upon your reasonable and good faith request, we will provide you with information about whether we hold any of your Personal Data as part of our In-scope Processing, to the extent required and in accordance with Relevant Law.  In certain cases, you may also have a right under Relevant Law, with respect to your Personal Data collected and used in our In-scope Processing, to:

  • obtain a copy of your Personal Data in an easily accessible format;
  • request that we correct or update any of your Personal Data that is inaccurate;
  • restrict or limit the ways in which we use your Personal Data;
  • object to the processing of your Personal Data;
  • request the deletion of your Personal Data; and
  • request that we transmit your Personal Data to another party.

If you wish to make a data subject rights request in accordance with the Relevant Law in your country or have other questions or concerns related to your rights under the Relevant Law in your country, fill out the Data Subject Rights Request Form.  To avoid taking action regarding your Personal Data at the direction of someone other than you, we may ask you for information verifying your identity.  

Cornell University will review the request and act as it discerns appropriate. Cornell’s ability to respond to your request may be governed by multiple laws, some of which may grant you certain rights to your data, others of which may prevent Cornell from fulfilling your request.  

If our In-scope Processing as to your Personal Data is solely based on your consent, in certain cases you may also have the right under a Relevant Law to withdraw your consent to our processing.  If you withdraw your consent to the use or sharing of your Personal Data for the purposes set out in these Disclosures, or otherwise limit our use of your Personal Data or request its deletion, we may no longer be able to provide you some or all of the related services.  

Please note that, in certain cases, we may continue to process your Personal Data after you have withdrawn consent or requested that we delete your Personal Data, if we have a legal basis to do so.  For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure or to safeguard our rights or the rights or safety of others.

If you have any complaints regarding our privacy practices, you may be able to make a complaint to your national data protection authority, supervisory authority, or other legal authority. 

Contacts

University Contacts

If you have any questions, comments, requests or concerns about these Disclosures or other privacy-related matters, you may contact us at:

Online: Contact Us

Cornell University
Attention: University Privacy, University Compliance Office
395 Pine Tree Road, Suite 330
Ithaca, NY 14850 

General Data Protection Regulation (GDPR) - European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Cornell University has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

  • By using EDPO’s online request form
  • By writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, Cornell University has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

  • By using EDPO’s online request form   
  • By writing to EDPO UK at: 8 Northumberland Avenue, London WC2N 5BY, United Kingdom 

Last Updated: April 3, 2025