Privacy Policy and Disclaimer

Privacy Policy

Effective Date: April 1, 2026

Contact: CIO and Vice President for Innovation Technology

PURPOSE

The purpose of this policy is to set forth the ways in which the 91³ÉÈË (the "University" or "91³ÉÈË") collects, uses, manages, and protects personal information submitted to or gathered by the University. It outlines the University's obligations with respect to data collection, usage, and storage to ensure transparency and accountability across the University system.

SCOPE

This policy is applicable to all students, faculty, staff, administrators, and the greater University community, including various affiliate groups that register or provide information to the University such as alumni and affiliate groups, and the general public interacting with the University at their election.

DEFINITIONS

Consent. Consent means a clear affirmative act signifying an individual's freely given, specific, informed, and unambiguous agreement to process personal information relating to the individual. The term includes a written statement, including a statement written by electronic means, or any other unambiguous affirmative action.

Deidentified Data. Deidentified data means data that cannot reasonably be linked to an identified or identifiable individual, or device linked to that individual.

Personal Information. Personal Information means any information, including sensitive data, that is linked or reasonably linkable to an identified or identifiable individual. The term includes, but is not limited to, an individual's full name, phone number, email address, permanent address, mailing address (if different from permanent address), city and country of birth, citizenship status, country of citizenship, and education information. The term does not include deidentified data or publicly available information.

Publicly available Information. Publicly available information means information that is lawfully made available in the public domain, or through government records, or information that an institution has reasonable basis to believe is lawfully made available to the general public through widely distributed media, by an individual or by a person to whom an individual has disclosed the information, unless the individual has restricted the information to a specific audience.

Process or Processing: Process or processing means an operation or set of operations performed, whether by manual or automated means, on personal information or on sets of personal data, such as the collection, use, storage, disclosure, analysis, deletion or modification of personal information.

Website-Use Information. Website-Use information means any information automatically collected on an aggregated, deidentified basis by web server logs relating to the user of a website. This term includes, but is
not limited to, the user's IP address, browser type, pages visited, the data and times webpages were visited, and the total time spent on the website.

1.1 PRIVACY POLICY – GENERAL

The University takes privacy rights seriously and has safeguards in place to ensure personal information is collected and maintained in a manner that is safe, secure, and in accordance with applicable law, as may be updated from time to time. This policy is intended to comply with, but is not limited to, the requirements set forth by the Family Educational Rights and Privacy Act (codified in 34 CFR Part 99), the Texas Data Privacy and Security Act (codified in Cha. 541 of the Texas Business and Commerce Code), and other, applicable privacy and data security laws.

Before or at the time of collecting personal information, the University will identify the purpose for which the information is being collected. Information will be collected lawfully and used solely to fulfill the identified purpose and for no other objective unless further consent is obtained or required by law. Personal information will be retained only for the period of time required to fulfill the stated purpose or objective or as required by law. The University will protect personal information by reasonable security safeguards against loss of theft, as well as unauthorized access, disclosure, copying, use and modification. In the event of a data security breach, the University will notify affected users within a 72 hour time period. The University is committed to conducting its operations in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.

1.2 DATA COLLECTION ONLINE

When visiting the University’s website, users may provide two types of personal data: personal information, which is collected on a volunteer basis, and website-use information, which is collected on an aggregate basis.

Personal Information.

(a) Personal information provided in request for information form: A user may provide the University with their full name, email address, education information, city and country of birth, country of citizenship, citizenship status, permanent address, mailing address (if different from permanent address) and phone number in an online request for information form. A user will also have the option of submitting additional comments or documents regarding their individual interests, personal needs, and academic goals. The University may retain the content of all submitted forms and resulting correspondence together with the user’s name and email address in the University’s database.

(b) Personal information provided in application for admission: During the user account creation process, users are prompted to give consent to the website and must take explicit action to authorize the collection and storage of their personal information. Any user that does not respond to the consent message will not be permitted to proceed further until consent is granted. Upon admission to the University and confirmation of attendance, the University will have the right to use the user’s personal information for academic, marketing, tracking, and immigration purposes.

Website-Use Information. The University also uses web server logs to collect information regarding how the University’s website is being used. The collected information may include, but is not limited to, the user’s IP address, browser type, the pages viewed, the date and time of the user’s visit, and the total time spent on the website. This information may be used to improve the University’s website so that the University can maintain its high-quality service, as well as to provide general statistics related to website usage. The automatically collected website-use information is used only on an aggregated, anonymous basis, and never in conjunction with, or linked to, any information concerning your personal identity.

Withdrawing Consent. In order to withdraw consent authorizing the University to use a user’s personal information, the user must email the University’s Registrar’s Office at registrar@uiwtx.edu indicating that consent to use the user’s personal information is being withdrawn. Processing an individual’s personal information is necessary for the University to provide the user with educational services. Accordingly, withdrawing consent to use personal information will result in a withdrawal from the academic program(s) and course(s) in which the user is enrolled and a loss of access to all associated University information systems. Any refund of tuition and fees paid will be subject to University policies.

Personal Information of Alumni and Supporters. The University collects and processes personal information from University alumni; its past, current, and future supporters, including donors; volunteers; participants in University’s membership groups; or attendees at University events only as necessary in the exercise of the University’s legitimate interests, functions, and responsibilities as a higher education institution. Personal information is only collected and shared with internal and third parties as necessary for communication purposes, surveys, providing services, solicitations, research, internal record keeping, and administrative purposes. To revoke alumni or support opt-in consent, please email advancementservices@uiwtx.edu.

1.3 SHARING DATA WITH THIRD PARTIES

A user’s personal information may be stored and processed in any country where the University operates or engages with service providers. These include, but are not limited to, agencies, hotels, airlines, bus companies, and insurance companies that the University retains in order to fulfill the user’s program requirements and reservations. By using the University’s services, the user understands that their information will be transferred and used only in conjunction with the user’s specific academic program and University business and to meet compliance requirements. The University only provides data that services providers require to perform their specific service.

The user’s information may also be provided to public authorities such as customs or immigration if required by them or as required by law. The user’s information is shared under the jurisdiction of applicable laws and regulations. The University does not sell or otherwise market the user’s personal data to third parties.

1.4 TEXT MESSAGING

Text Messaging Terms and Conditions: The University sends text messages (i.e., SMS messages) using a third-party messaging service to communicate with individuals who opt-in to receive text messages, including but not limited to alumni, parents of current students, and current and prospective students relating to the admissions process; registration deadlines; student activities reminders; event scheduling reminders, changes and cancellations; insurance information; and other important information relating to the operations of the University.

Opt-In: Individuals may opt in to receive text messages by completing an information request form, creating an account, or updating communication preferences. Consent to receive text messages is optional and not a condition of applying, enrolling, or participating in the admissions process.

Opt-Out: Individuals may opt out from receiving text messages by replying to the text message by typing the word: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT. A final automated message will be sent confirming that the opt out has occurred.

1.5 MANAGING PERSONAL DATA

The user may request access to all of their personal information that the University collects in its database by emailing infosec@uiwtx.edu. The user has the right to rectify any information that is inaccurate. The user may request that the University delete their personal data from its database.

Occasionally, personal information that the user requested be deleted will be retained in certain files for a period of time consistent with the University’s legal retention obligations. In addition, some types of information may be stored longer or indefinitely on back-up systems or within log files due to technical constraints, or financial or legal requirements.

1.6 USE OF PLUG-INS

The University may use a variety of social media plug-ins and widgets on its website, including but not limited to Facebook, Instagram, and YouTube. These are provided and operated by third-party companies (e.g. Meta). Social media plug-ins may collect information such as the page visited by the user on the University’s website or the user’s IP address and may set cookies to enable the plug-in to function properly.

If a user is logged into their account with the third party, then the third party may be able to link information about the user’s visit to the University’s website and the user’s social media account with them. Similarly, a user’s interactions with the plug-in may be recorded by the third party.

A user can manage the sharing of information and opt-out from targeted marketing via the user’s privacy settings for the third party social media platform.

1.7 CONFIDENTIALITY OF DATA PROCESSING

The University ensures that any person or entity that is authorized to process a user’s personal information will do so under an appropriate obligation of confidentiality.

1.8 DATA RETENTION

The University will retain the user’s personal information for as long as needed or permitted to achieve the purpose or objective for which it was obtained. The personal information will be retained in compliance with applicable law and for the applicable statutory limitations period of any potential claims.

The criteria used to determine the data retention periods include the length of time the University has an ongoing relationship with the user and provides services to the user; and any legal obligation with which the University must comply.

1.9 DATA SECURITY

The University uses an encryption-based internet security protocol to protect personal information and data transmitted to and from the University’s website. Wherever the University collects personal information, it seeks to use reasonable technical and organizational security measures to protect all information within the institution from loss, misuse, unauthorized access, disclosure, alteration, hacking attacks, destruction or any other problems which may occur.

1.10 DATA BREACH RESPONSE

In the event of a security breach involving users’ personal information, the University will notify affected users within 72 hours and will provide timely information relating to the security incident as it becomes known or is requested.

1.11 PERMISSION TO USE MATERIALS

The University grants users a personal license to access and use the University’s website. Users may download material from the University’s website for their own personal non-commercial use. Users may not, however, otherwise copy, retransmit, distribute, publish or commercially exploit any material from the University’s website without the express written permission of the University.

1.12 WAIVER OF LIABILITY DISCLAIMER

The University is not responsible for any content linked or referred to from any external websites. If any damage occurs due to the use of information presented on external pages, only the author of the respective website will be responsible, not the party who has linked the University to these websites. Furthermore, the University is not liable for any postings or messages published by users of discussion boards, guestbooks or mailing lists provided on these external pages.

1.13 CHANGES TO PRIVACY POLICY

The University’s Privacy Policy may be updated from time to time without prior notice. Any changes to this policy will be made available on the University’s website. It is the user’s responsibility to review the University’s Privacy Policy each time the user provides personal information to the University as the policy may change since the last time the user used the University’s website.

1.14 OVERSIGHT RESPONSIBILITIES FOR THIS POLICY

  1. Oversight of this policy is assigned to the CIO and Vice President of Innovation Technology or his or her designee(s).
  2. The policy will be published in the Policy Library, as well as on various University websites related to impacted programs or software.
  3. The CIO and Vice President of Innovation Technology or his or her designee(s) will assure its compliance, and report results to the Director of Quality Assurance and Compliance
  4. This policy will be reviewed not less than every three (3) years for possible updates or as otherwise required under applicable law.

 

First Approved: May 31, 2018

Revised: March 31, 2026