Data Privacy Statement

The University of Tennessee at Martin (UTM) automatically collects information from individuals or entities when they access any UTM website. Information that is collected from this contact includes the visitor’s IP address, the URL of the website from which the visitor linked directly to UTM’s website, the date and time of the website access, and the web pages(s) visited. In addition, UTM may also collect any information that it receives from your web browser, including browser type, version, and operating system. This information helps us understand aggregate uses of our site, track usage trends, and improve our services.

The University of Tennessee at Martin is committed to ensuring the security of your information. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information collected online.

The following are examples of information that may be collected in aggregate to provide campus communicators, site owners, content managers, designers, and IT specialists insight into visitor behavior for the purpose of improving university websites and access to university information.

• The Internet Protocol (IP) address of the computer and name of the Internet domain used to access the Internet;
• IP addresses of websites linking directly to sites within the utm.edu domain;
• The date and time a site was accessed within the utm.edu domain;
• Pages visited ("requested”) during this session;
• Web browser and operating system used to access a site within the utm.edu domain;
• Device used to access a site within the utm.edu domain.

University of Tennessee websites commonly use one of the following methods to collect this data:

1. Cookies
   Cookies are files that many websites transfer to users’ web browsers to enable the site to deliver personalized services or to provide persistent authentication. The information contained in a cookie typically includes information collected automatically by the web server and/or information provided voluntarily by the user. Our website uses persistent cookies in conjunction with a third party technology partner to analyze search engine usage and web traffic patterns. This information is used in the aggregate to monitor and enhance our web pages. It is not used to track the usage patterns of individual users.
   
   

2. Third-party Tracking (e.g. Google Analytics)

   Many websites within the tennessee.edu domain use Google Analytics to collect visitor data in aggregate. This data is also collected using cookies set by Google. See Google’s privacy and terms with regard to partner sites for more info: google.com/policies/privacy/partners/

   The University of Tennessee, Martin, may also transmit non-Personally identifiable information (NPII) collected by third-party tracking services (cookies) to other third parties (e.g. Facebook) so that you may see messages from the university when you visit other websites outside of the tennessee.edu domain.

   Users can opt-out of the collection and use of information for ad targeting by blocking third party cookies and tracking mechanisms via browser or operating system settings, browser plugins, or using a service such as aboutads.info/choices or youronlinechoices.eu/.

3. Server logs
   All web servers collect very basic visitor information to monitor site usage and performance.

The following are examples of personal information that visitors may choose to share with the University of Tennessee at Martin, via a website interface (e.g. an online form or survey):

• Name
• E-mail address
• Phone number
• Mailing address
• Subject matter interests
• Date of high school graduation

The university may also collect personal information about you from third parties, including trusted vendors, suppliers, and related companies. This is primarily done for the purpose of recruiting students to attend the university.

If you have shared personal information with UTM, we may use that information to tailor services to you, to fulfill materials requests, to contact you, or to display web content that may be of particular interest to you.

We will not share your information with third parties except:

• as necessary to meet one of UTM’s lawful purposes, including but not limited to:
  • its legitimate interest,
  • contract compliance,
  • pursuant to consent provided by you,
  • as required by law;
• as necessary to protect UTM’s interests; or
• with service providers acting on our behalf who have agreed to protect the confidentiality of the data.

We do not sell any personal information to third parties.

The University of Tennessee, Martin, (“UTM”) may be a data “controller” or “processor” with regard to certain activities as defined under the European Union’s General Data Protection Regulation (“EU GDPR”). UTM is committed to protecting the rights of individuals in compliance with the GDPR.

The University of Tennessee has Data Protection Officers for each campus and institute and its system administration:

• UT Knoxville: Joel Reeves, Associate Vice Chancellor and CIO
• UT Chattanooga: Richard Brown, Executive Vice Chancellor for Administration and Finance
• UT Martin: Amy Belew, Chief Information Officer
• UT Health Science Center: Melanie Burlison, Assistant Vice Chancellor for Compliance and Special Projects
• UT Institute of Agriculture: Sandy Lindsey, Chief Information Security Officer
• UT Institute for Public Service: Scott Gordy, Chief Information Security Officer
• UT Foundation: Michael Carter, Assistant Vice President of Advancement Services
• UT System Administration: Robert Ridenour, Chief Information Security Officer

These Data Protection Officers can be contacted at  privacy@tennessee.edu.

UTM collects a variety of personal data to meet one of its lawful bases, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development, and public service. Data typically includes name, address, transcripts, work history, information for payroll, research subject information, medical and health information (for student health services, or travel), and donations. If you have specific questions regarding the collection and use of your personal data, please contact the Data Protection Officer for the applicable UTM campus or institute as identified herein.

If a data subject refuses to provide personal data that is required by UTM in connection with one of UTM’s lawful bases to collect such personal data, such refusal may make it impossible for UTM to provide education, employment, research, or other requested services.

UTM receives personal data from multiple sources. Most often, UTM gets this data directly from the data subject or under the direction of the data subject who has provided it to a third party (for example, application for admission to UTM through use of the Common App).

If you are an individual data subject under the GDPR, you may obtain the following information and exercise the following rights:

• the identity and the contact details of the controller and, where applicable, the controller’s representative;
• the contact details of UTM’s Data Protection Officers;
• an explanation of the purposes and legal bases/legitimate interests of the data collection/processing;
• the identification of the recipients of the personal data;
• notice if UTM intends to transfer personal data to another country or international organization;
• notice of the time period that the personal data will be stored;
• the right to access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability;
• the right to withdraw consent at any time, if processing is based on consent;
• the right to lodge a complaint with a supervisory authority (established in the EU);
• an explanation of why the personal data are required, and possible consequences of the failure to provide the data;
• notice of the existence of automated decision-making, including profiling; and
• notice if the collected data are going to be further processed for a purpose other than that for which it was collected.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by submitting such request to the Data Protection Officer for the applicable UTM campus or institute as identified herein.

UTM is committed to ensuring the security of your information. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information collected online. All personal data collected or processed by UTM under the scope of the GDPR will comply with the security controls and systems and process requirements and standards as set forth in UTM’s Information Technology Policies, which are available at  https://universitytennessee.policytech.com/?public=true&siteid=1

This website may contain links to other websites not affiliated with UTM. We are not responsible for the privacy practices of these other sites. We encourage you to read the privacy statements of other sites for assurance that their practices safeguard your privacy.

Notwithstanding any language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, or contract of any kind. The data contained herein is for informational purposes only and is not represented to be error free. Any links to non-UTM information are provided as a courtesy. They are not intended to nor do they constitute an endorsement by UTM of the linked materials.

The University of Tennesse at Martin may, in its discretion, periodically update this Privacy Notice. For a broader policy on the expectation of user privacy at the University of Tennessee, please see IT0110—Acceptable Use of Information Technology Resources.