Skip to main content

University Privacy Statement

Introduction

The curation and use of data are integral to Cornell’s mission to discover, preserve, and disseminate knowledge, to educate the next generation of global citizens, and to promote a culture of broad inquiry throughout and beyond the Cornell community.  In furtherance of its mission, Cornell acquires information from those with whom it interacts, such as students, employees, visitors, etc.

How Cornell May Use Your Information

Cornell hosts a complex, rich, and evolving research and teaching community. The university's scope of engagements reaches an expansive global community. In support of this community, and while striving to honor the EU-U.S. Data Privacy Framework, information is used to enable Cornell's mission. Select examples of how Cornell may use your information include, but are not limited to, the following:  

  • To consider your application for admission to our colleges, schools and programs
  • To enable outreach to audiences such as prospective students, event attendees, enrolled students, staff and faculty members, alumni, and corporate sponsors
  • To associate you with your Cornell records and engagements, as well as for internal, administrative, and academic support needs
  • To assist you with your travel plans and your stay while attending our programs here at Cornell
  • To provide disability and dietary accommodations for events and programs, as well as linking you with opportunities and events on campus
  • To share Cornell-related news, publications, courses, events, programs, and other opportunities tailored to your interests
  • To offer assistance, web or printed materials, services, and support upon your request
  • To provide health and safety services
  • To facilitate athletic events and participation
  • To perform analytics on the information you provide to help you in decision making (this information is private and not shared with third parties)
  • To participate in research projects
  • To provide access to services offered by Cornell
  • To fundraise
  • To perform outreach and marketing about Cornell

No mobile opt-in or text message consent will be shared with third-parties or affiliates for marketing purposes.

Types of Information Cornell May Collect About You

Depending on the reason for a person’s engagement with Cornell, the university might collect varied information about that person, based on the requirements of the program, service, or other purpose of the encounter. The following examples are not collected in every circumstance, and any collection of information is done in accordance with applicable laws. 

  • Contact Information: Name, physical address, country, province, phone number, email address, emergency contact information and family and significant other contact information
  • Cornell Information: Cornell identifiers (e.g., NetID and/or EmployeeID), current grade level, current college if transferring, graduation date, and group and organization memberships
  • Biodemographic Information: Race, ethnicity, citizenship, gender, gender identity, pronouns, age, date of birth
  • Employment Information: Company name, address, phone, fax, email, website, description, parent organization, union membership status, position/title, years in job, responsibilities, position you report to, next step in career path, previous positions, employers and years, resume (file-upload), family and significant other employment information, payroll data, title, years of service, and tax information
  • Academic Information: High school (HS), HS address, HS GPA, Test Scores: SAT, ACT, GMAT, TOEFL, IELTS, AP/IB scores, summer college and GPA, previous college names, degrees, GPAs, current college, current class (Freshman – Senior), major/concentration, course grades, bursar data, and family and significant other educational background
  • Travel Information: Date/time of arrivals and departures, Flight numbers and airlines, mode of transportation if not flying, accommodations while in Ithaca, and other travel information.
  • Engagement information: Event attendance, volunteer interests, organization affiliations, committee participation, alumni memberships, awards and honors
  • Giving information: Information regarding any donation which is made, information that indicates your interest in giving back to Cornell
  • Location information: With rare and approved exceptions, as a matter of policy, Cornell does not use its data to track the location of individuals on campus. In instances of emergencies involving life and safety, where the need to find an individual at risk is urgent, the university may access individual location data in ways deemed appropriate by campus health or safety experts.  In all cases, requests for such data use are first reviewed by the appropriate data stewards per university Policy 4.12 Data Stewardship and Custodianship.

At Cornell we frequently provide an option to edit or remove yourself from any specialty mailing list and/or service you may have joined that collected personal information about you. If you find a Cornell service which you signed up for and these edit features are not available, please get Support from the IT Help Desk (607) 255-5500 

Select retention of information about individuals may not contain an opt-out option if they are considered to be a critical for life, safety, research, administrative or regulatory compliance needs.

Collection of Cookies and Use of Other Technologies within Cornell websites

Cornell may gather information to track user trends and site usage with the goal of improving our website users' experiences and optimizing our websites. Cornell also uses the information to administer websites and prevent abuse.

Cookies are text files stored on your computer and accessible only to the websites which create them. Cornell websites may use cookies to keep you logged into secure areas of the website and/or to keep track of your preferences as you interact with certain services. You may disable cookies in your browser; however, Cornell websites may not work as designed if you do so. Cornell may automatically collect certain data in conjunction with third party tools to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network. The information Cornell collects in this manner does not identify you as an individual. Cornell may use technical methods to determine if individuals have viewed emails Cornell sends. This information is often used to make Cornell websites, and emails you have agreed to receive, more interesting to you. As outlined above, non-personally identifiable web information (cookies, site navigation, etc.) gathered may also be shared with third parties to improve programs, outreach, and other campus initiatives. Additionally, aggregated metrics may be shared with vendors to improve communications related to these activities.

A note about Social Media: If you share our content through social media, such as liking us on Facebook, interacting with us on LinkedIn or Instagram, or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose. If you wish to opt-out of any of these social interactions, please refer to the specific social media platform for instructions on how to do so.

The Use of Non-Cornell Websites We May Link To

From time-to-time, we will provide links to external websites that we neither own nor control. Cornell University is not responsible for the content, privacy practices, or web accessibility needs on these websites. Cornell can’t assure websites not owned by Cornell follow Cornell’s privacy practices. We encourage users to read the privacy statements of such sites to understand the privacy practices of those sites.  

How We Share and Disclose Personal Data 

We share your information internally within Cornell as needed to fulfill our educational mission. In addition, Cornell works with many external service providers, institutions, and other collaborators to advance its mission. In doing so, we may share your personal data as described below.

Service Providers: We may share your personal data with third-party service providers that complete transactions or perform services on our behalf or for your benefit, including, but not limited to, the following: 

  • Educational or research operations and collaborations;
  • Course platforms or tools that enable or enhance our offerings;
  • Registration, enrollment verification and coordination for courses and events;
  • Course administration, evaluation, and assessment;
  • Payment and contribution processing;
  • Customer relationship management services;
  • Processing admissions and financial aid applications;
  • Student, alumni, and donor outreach and engagement;
  • Social networking, email and communications services;
  • Workforce administration and operations;
  • System maintenance, security and other technology services;
  • Marketing and data analytics;
  • Facilitating other transactions with you; and
  • Legal compliance.

Other Institutions & Collaborators: We may share your personal data with other institutions for the purposes of delivering programs and services including, but not limited to, the following:    

  • Registration, enrollment verification and coordination for courses and events, including cross-registration for courses and events with other universities;
  • Course administration, evaluation, and assessment;
  • Study at other universities, including study abroad at foreign universities;
  • Online education offerings through online platforms;
  • Research arrangements with other universities or collaborators; and
  • Events and activities of Cornell-affiliated clubs and special interest groups.

Legal Process, Safety and Contract Enforcement: We may disclose your personal data to legal or government regulatory authorities as required by applicable law.  We may also disclose your personal data to third parties in connection with claims, disputes or litigation, or when we believe, in good faith, that such release is reasonably necessary to:

  • Comply with applicable law;
  • Enforce or apply the terms of any of our user agreements;
  • Protect the rights, property, or safety of Cornell, or any college, departments or offices affiliated with Cornell, our users, or others; or
  • Enforce our legal rights or contractual commitments that you have made.    

By using Cornell websites or otherwise providing your information to us, you consent to the collection, use, and disclosure of your information in accordance with this Policy. For more information about unique operating unit collection of Personally Identifiable Information (PII) and data processor use, please contact us.

No mobile opt-in or text message consent will be shared with third-parties or affiliates for marketing purposes.

GDPR Rights Requests 

Special Note to the Cornell Community:

GDPR rights requests are centrally managed through Cornell University CIT. This is to ensure consistency, transparency, and accountability in our university response.

Note to our European Constituents:

If you are located within the European Economic Area (“EEA,” European Union member states, Norway, Liechtenstein, and Iceland), we acknowledge the rights granted to you under the GDPR. If you are located in the United Kingdom (U.K.), which has left the European Union, but has adopted legislation substantially similar to the GDPR, we acknowledge the rights granted to you under the Data Protection Act of 2018.  

For purposes of this note:

  • GDPR means the European Union’s General Data Processing Regulation;
  • With respect to individuals in the U.K., references to “GDPR” should be read as referring to the U.K.’s similar legislation, “the Data Protection Act of 2018”;
  • “Personal data” means information relating to an identified or identifiable individual who can be identified, directly or indirectly, by use of any identifier or factor specific to that individual; and
  • “GDPR processing activities” means the collection, use, processing or sharing of personal data when those activities are within the scope of GDPR.  

Please note that, depending on the situation, some of the processing of personal data we do in the various circumstances described in this statement may not fall within the scope of the GDPR or the Data Protection Act of 2018.

Upon your reasonable, good faith request, we will provide you with information about whether we hold any of your personal data as part of our GDPR processing activities, to the extent required and in accordance with applicable law.  In certain cases, you may also have a right, with respect to your personal data collected and used in GDPR processing activities, to:

  1. access your information held by us;
  2. correct inaccurate or incorrect information about you;
  3. the erasure of your information when it is no longer necessary for us to retain it;
  4. restrict processing of your personal information in specific situations;
  5. object to processing your information, including sending you communications that may be considered direct-marketing materials;
  6. object to automated decision-making and profiling, where applicable; and
  7. complain to a supervisory authority in your EEA jurisdiction.

Subject to certain legal limits, you also have the right to withdraw your consent to our processing of your personal data as part of our GDPR processing activities, where our processing is solely based on your consent.  However, in certain cases, we may continue to process your personal data after you have withdrawn consent, if we have a legal basis to do so. For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure or to safeguard our rights or the rights or safety of others.  

If you wish to exercise your rights or have other questions or concerns related to your rights under the GDPR, fill out the Request Form or call (607) 255-5500