University Privacy Statement
Privacy Statement Summary
The curation and use of personal data are integral to Cornell’s mission to discover, preserve, and disseminate knowledge, to educate the next generation of global citizens, and to promote a culture of broad inquiry throughout and beyond the Cornell community. In furtherance of its mission, Cornell acquires information from those with whom it interacts, such as students, employees, visitors, etc.
Types of Personal Data Cornell May Collect About You
The University collects Personal Data (including data provided by you and, in some cases, data collected automatically or data obtained from third party sources) to carry out its educational mission. The ways in which the University collects and uses Personal Data vary depending upon the relationship between you and the University, as well as the particular unit with which you interact. Depending on the reason for your engagement with Cornell, the university might collect varied information about you, based on the requirements of the program, service, or other purpose of the encounter. The following examples are not collected in every circumstance, and any collection of information is done in accordance with applicable laws.
- Contact Information: Name, physical address, country, province, phone number, email address, emergency contact information and family and significant other contact information
- Cornell Information: Cornell identifiers (e.g., NetID and/or EmployeeID), university affiliation, current grade level, current college if transferring, graduation date, and group and organization memberships
- Bio-demographic Information: Race, ethnicity, citizenship, gender, gender identity, pronouns, age, date of birth.
- Employment Information: Company name, address, phone, fax, email, website, description, parent organization, union membership status, position/title, years in job, responsibilities, position you report to, next step in career path, previous positions, employers and years, resume (file-upload), family and significant other employment information, payroll data, title, years of service, and tax information
- Academic Information: High school (HS), HS address, HS GPA, Test Scores: SAT, ACT, GMAT, TOEFL, IELTS, AP/IB scores, summer college and GPA, previous college names, degrees, GPAs, current college, current class (Freshman – Senior), major/concentration, course grades, bursar data, and family and significant other educational background
- Travel Information: Date/time of arrivals and departures, flight numbers and airlines, mode of transportation if not flying, accommodations while in Ithaca, and other travel information.
- Engagement Information: Event attendance, volunteer interests, organization affiliations, committee participation, memberships, awards and honors
- Giving Information: Information regarding any donation which is made, information that indicates your interest in giving back to Cornell
- Device Information: Device and browser related information that is automatically collected when engaging with Cornell websites and services.
- Location Information (see additional information in section below)
At Cornell we frequently provide an option to edit or remove yourself from any specialty mailing list and/or service you may have joined that collected personal data about you. If you find a Cornell service which you signed up for and these edit features are not available, please contact the IT Service Desk (607)255-5500.
Select retention of information about individuals may not contain an opt-out option if they are considered to be a critical for life, safety, research,administrative, or regulatory compliance needs.
How Cornell May Use Your Personal Data
Cornell hosts a complex, rich, and evolving research and teaching community. The university's scope of engagements reaches an expansive global community. In support of this community, and while striving to honor the EU-U.S. Data Privacy Framework, Personal Data is used to enable Cornell's mission. Select examples of how Cornell may use your Personal Data include, but are not limited to, the following:
- To provide access to educational programs and services offered by Cornell
- To consider your application for admission to our colleges, schools and programs
- To enable outreach to audiences such as prospective students, event attendees, enrolled students, staff and faculty members, alumni, and corporate sponsors
- To associate you with your Cornell records and engagements, as well as for internal, administrative, and academic support needs
- To assist you with your travel plans and your stay while attending our programs here at Cornell
- To provide disability and dietary accommodations for events and programs, as well as linking you with opportunities and events on campus
- To share Cornell-related news, publications, courses, events, programs, and other opportunities tailored to your interests
- To offer assistance, web or printed materials, services, and support upon your request
- To provide health and safety services
- To facilitate athletic events and participation
- To perform analytics
- To participate in research projects
- To fundraise
- To perform outreach and marketing about Cornell
Location Information: With rare and approved exceptions, as a matter of policy, Cornell does not use its data to track the location of individuals on campus. In instances of emergencies involving life and safety, where the need to find an individual at risk is urgent, the university may access individual location data in ways deemed appropriate by campus health or safety experts and in accordance with university policy.
Collection of Cookies and Use of Other Technologies within Cornell websites
Cornell may gather information to track user trends and site usage with the goal of improving our website users' experiences and optimizing our websites. Cornell also uses the information to administer websites and prevent abuse.
Cookies are text files stored on your computer and accessible only to the websites which create them. Cornell websites may use cookies to keep you logged into secure areas of the website and/or to keep track of your preferences as you interact with certain services. You may disable cookies in your browser; however, Cornell websites may not work as designed if you do so. Cornell may automatically collect certain data in conjunction with third party tools to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network. Cornell may use technical methods to determine if individuals have viewed emails Cornell sends. This information is often used to make Cornell websites, and emails you have agreed to receive, more interesting to you. As outlined above, web information (cookies, site navigation, etc.) gathered may also be shared with third parties to improve programs, outreach, and other campus initiatives. Additionally, aggregated metrics may be shared with vendors to improve communications related to these activities.
Web Tracking Technologies: Cornell may automatically collect certain data in conjunction with third party tools to gather metrics on site usage including geographic location of visitors, pathways navigated through the website, and which portion of our audience is internal to the Cornell network.
Social Media: If you share our content through official Cornell social media properties, such as liking us on Facebook, interacting with us on LinkedIn or Instagram, or tweeting about us on Twitter, those social networks will record that you have done so and may set a cookie for this purpose. If you wish to opt-out of any of these social interactions, please refer to the specific social media platform for instructions on how to do so.
Non-Cornell Websites We May Link To: From time-to-time, we will provide links to external websites that we neither own nor control. Cornell University is not responsible for the content, privacy practices, or web accessibility needs on these websites. Cornell can’t assure websites not owned by Cornell follow Cornell’s privacy practices. We encourage users to read the privacy statements of such sites to understand the privacy practices of those sites.
User-Generated Content and Public Posts: Certain of our online activities, such as course websites, listservs, chat rooms and bulletin boards enable users to submit their own content. Any Personal Data that you choose to submit or post in such circumstances will be available to anyone who has access to that content, and as a result, may be seen by others or become public. You should exercise caution when choosing whether to disclose your Personal Data or other information in such submissions or posts. Cornell is not responsible for the results of such postings and cannot prevent others from using posted information in a manner that may violate these Disclosures, the law, or your privacy.
How We Share and Disclose Personal Data
We share your information internally within Cornell as needed to fulfill our mission. In addition, Cornell works with many external service providers, institutions, and other collaborators to advance its mission. In doing so, we perform data security and privacy due diligence on our service providers and collaborators, and put appropriate contracts in place with them to safeguard the confidentiality and security of your information. Cornell may share your Personal Data as described below.
Service Providers: We may share your Personal Data with third-party service providers that complete transactions or perform services on our behalf or for your benefit, including, but not limited to, the following:
- Educational or research operations and collaborations;
- Course platforms or tools that enable or enhance our offerings;
- Registration, enrollment verification and coordination for courses and events;
- Course administration, evaluation, and assessment;
- Payment and contribution processing;
- Customer relationship management services;
- Processing admissions and financial aid applications;
- Student, alumni, and donor outreach and engagement;
- Social networking, email and communications services;
- Workforce administration and operations;
- Travel support services;
- System maintenance, security and other technology services;
- Marketing and data analytics;
- Facilitating other transactions with you; and
- Legal and regulatory compliance.
Other Institutions & Collaborators: We may share your Personal Data with other institutions for the purposes of delivering programs and services including, but not limited to, the following:
- Registration, enrollment verification and coordination for courses and events, including cross-registration for courses and events with other universities;
- Course administration, evaluation, and assessment;
- Study at other universities, including study abroad at foreign universities;
- Online education offerings through online platforms;
- Research arrangements with other universities or collaborators; and
- Events and activities of Cornell-affiliated clubs and special interest groups.
Employers Sponsoring Educational Programs: If you enroll in an educational program sponsored by your employer, we may (depending on the agreement and with your consent, where required) disclose education information such as courses and grades to employers to facilitate the company's tuition billing process.
Other Alumni or Students: If you choose to use certain services, such as the alumni directory, the alumni and student mentoring system, or the volunteer management system, the Personal Data you enter may be shared with other alumni or students. You may opt out of sharing your information in the alumni directory by accessing your profile and changing the “Hide from Directory” setting under “Contact Information.”
Legal Process, Safety and Contract Enforcement: We may disclose your Personal Data to legal or government regulatory authorities as required by applicable law. We may also disclose your Personal Data to third parties in connection with claims, disputes or litigation, or when we believe, in good faith, that such release is reasonably necessary to:
- Comply with applicable law;
- Enforce or apply the terms of any of our user agreements;
- Protect the rights, property, or safety of Cornell, or any college, departments or offices affiliated with Cornell, our users, or others; or
- Enforce our legal rights or contractual commitments that you have made.
By using Cornell websites or otherwise providing your information to us, you consent to the collection, use, and disclosure of your information in accordance with this Policy. For more information about unique operating unit collection of Personally Identifiable Information (PII) and data processor use, please contact us.
How We Protect and Store Your Personal Data
Cornell takes appropriate security measures according to industry standards including physical, managerial, organizational, and technical safeguards designed to protect your Personal Data and prevent unauthorized access to, disclosure, use, modification, damage or loss of information. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While Cornell strives to use commercially reasonable means to protect Personal Data, Cornell cannot guarantee its absolute security. More information is available in University Policy 5.10, Information Security.
Cornell strives to delete or anonymize Personal Data when it is no longer needed for the purposes for which it was collected, unless required or allowed by policy or law to keep it for a longer period. More information regarding data retention and disposal of Personal Data is provided in University Policy 4.7, Retention of University Records and University Policy 4.21, Research Data Retention.
Rights and Choices and How to Exercise Them
Upon your reasonable, good faith request, we will provide you with information about whether we hold any of your personal data to the extent required and in accordance with applicable law. In certain cases, you may also have a right, with respect to your personal data collected and used in processing activities, to:
- access your information held by us;
- correct inaccurate or incorrect information about you;
- the erasure of your information when it is no longer necessary for us to retain it;
- restrict processing of your personal information in specific situations;
- object to processing your information, including sending you communications that may be considered direct-marketing materials;
- object to automated decision-making and profiling, where applicable; and
- complain to a supervisory authority.
Subject to legal limits, you may also have the right to withdraw your consent to our processing of your personal data where our processing is solely based on your consent. However, in some cases, we may continue to process your personal data after you have withdrawn consent, if we have a legal basis to do so. For example, we may retain certain data if we need to do so to comply with an independent legal obligation, if we still need the data for the lawful purposes for which we obtained the data, or if it is necessary to do so to pursue our legitimate interest in keeping our services and operations safe and secure or to safeguard our rights or the rights or safety of others.
If you wish to exercise your rights or have other questions or concerns related to your rights under relevant law, fill out the Request Form.
Contacts
University Contacts
If you have any questions, comments, requests or concerns about these disclosures or other privacy-related matters, you may contact us at:
Online: Contact Us
Cornell University
Attention: University Privacy, University Compliance Office
395 Pine Tree Road, Suite 330
Ithaca, NY 14850