Privacy


Emory University Privacy Statement

Effective Date: August 1, 2021

Emory is committed to protecting your personal information and respecting your privacy.

This Privacy Statement ("Statement") describes how we use, disclose, and protect the information that we collect about you when you:

  • Visit Emory's main website (emory.edu) and other websites that we own or control and that link to this Statement (collectively, the "Sites");
  • Interact with us through the mail, over the phone, and at events;
  • Participate in any event at which recordings are made and/or photos taken;
  • Use our mobile applications;
  • Apply for admission as a student;
  • Apply for employment or other working relationships;
  • Volunteer to participate in a research study; or
  • Otherwise interact with us and we refer you to this Statement.

This Statement also contains information about your privacy rights and how you can exercise them. Unless otherwise stated, Emory University ("Emory") is the data controller for all information collected under this Statement. Contact information for Emory is listed at the end of this Statement.

This Statement does not apply to information collected from or about current or former employees, contractors, volunteers, post-doctorate fellows, and other workers of Emory ("Personnel") as part of their employment or other working relationship with Emory.

Personal Information

Effective Date: August 1, 2021

"Personal Information" is any information that we can reasonably use to identify you. If you are located in the European Economic Area ("EEA"), which consists of the European Union countries, Iceland, Lichtenstein, and Norway, or the United Kingdom, Personal Information includes all Personal Data as defined under EEA laws. We collect the following categories of Personal Information:

  • Contact information, such as your name, street address, phone number, email address, employer, and Employee ID;
  • Technical information, such as your IP address, device ID, and data collected about your interaction with the Site (such as the webpages you visited on our Sites) and our email communications;
  • Recruitment information, such as curriculum vitae/resume, work history, and qualifications;
  • Student application information, such as demographic information, educational history, test scores, and reference letters;
  • Financial information, such as salary history, tax forms, credit/debit card number, bank account information, and gift information; and
  • Any other information that you provide to us that can be used to identify you.

"Sensitive Personal Information" includes special categories of Personal Information (e.g., racial or ethnic origin, citizenship and/or immigration status, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, and data concerning a natural person's sex life or sexual orientation) for which applicable law provides enhanced protections.

Find out more about the information Emory collects

Learn more about the personal information and sensitive personal information that Emory University collects, why we collect it, and our legal basis for processing it.

Download the PDF

Learn More

We will share your Personal Information as disclosed to you at the time of collection or in the following circumstances: 

  • Internally at Emory: We share your information internally at Emory to facilitate and manage the purposes listed above. 
  • Service providers: We may provide your Personal Information to our services providers that help us run and manage our organization and process Personal Information solely on our behalf. The categories of service providers include: marketing, application processing, web hosting vendors, and data management. 
  • Corporate transaction: In the event Emory is involved in a merger, reorganization, acquisition or sale of all or a portion of its assets, or other corporate transaction, we may disclose your Personal Information as part of that transaction. 
  • As required by law: We may disclose your Personal Information if we determine that the disclosure is necessary: (i) comply with a legal process, subpoena, order or other legal or regulatory requirement applicable to us; (ii) to protect the legitimate rights, privacy, property, interests or safety of Emory, our business partners, personnel, or the general public; (iv) to pursue available remedies or limit damages; (v) to enforce any of our Terms of Use; or (vi) to respond to an emergency. 
  • Other third parties: Finally, Emory may share information with other third parties as you may request as permitted by this and other Emory policies and applicable laws and regulations. 

Emory will not sell any personal information to third parties for their use in direct marketing, advertising, or promotion of their products or services, except for certain “affinity groups” maintained by the Emory Alumni Association. These “affinity groups” are interest groups that allow Emory Alumni to connect with others with similar interests. Descriptions of the existing “affinity groups” may be found at Emory Advancement and Alumni Engagement

   

We use Cookies, Web Beacons (also known as pixel tags and clear GIFs), and other similar technology (together, “Data Collection Technology”) on our Sites to help us improve your online experience. For more information about the types of Data Collection Technology we use, and how to communicate your preferences about Data Collection Technology, please visit our Cookie Policy. 

Our Policy on Do Not Track Signals: Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. We do not follow the DNT signals we receive from your browsers. 

You have the right to request access and modifications to the Personal Information we maintain about you. We will respond to your inquiry within a reasonable timeframe and may charge you a reasonable fee if you request additional copies of your Personal Information or make other requests that are unfounded or excessive. 

If you wish to exercise any of your rights (including the rights described below for individuals in the EEA), please contact us using the information in the “Contact Us” section at the end of this Privacy Statement. Please note that if you decide to exercise some of your rights, we may be unable to provide you certain services, or you may not be able to use or take full advantage of the services we offer. 

If we are unable to honor your request, or before we charge a fee, we will let you know why. 

If you are in the European Economic Area and we maintain your Personal Information, you have the following additional rights (under the European Union General Data Protection Regulation) regarding your Personal Information: 

  • Right of access: You may request details of your Personal Information that we hold. We will confirm whether we are processing your Personal Information, and we will disclose supplementary information including the categories of Personal Information, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding Personal Information transfers to non-EEA countries, subject to the limitations set out in applicable statutes, regulations, and other laws. 
  • Right of correction: We will comply with your request to edit and update incorrect Personal Information promptly. 
  • Right to be forgotten: At your request, we will delete your Personal Information promptly if: (a) it is no longer necessary to retain your Personal Information; (b) you withdraw the consent which formed the basis of your Personal Information processing; (c) you object to the processing of your Personal Information and there are no overriding legitimate grounds for such processing; (d) the Personal Information was processed illegally; or (e) the Personal Information must be deleted for us to comply with our legal obligations. We will inform any third parties we might have shared your Personal Information with of your deletion request. We will decline your request for deletion if processing of your Personal Information is necessary: (w) to comply with our legal obligations; (x) in pursuit of a legal action; (y) to detect and monitor fraud; or (z) for the performance of a task in the public interest. 
  • Right to restrict processing of your Personal Information: At your request, we will limit the processing of your Personal Information if: (a) you dispute the accuracy of your Personal Information; (b) your Personal Information was processed unlawfully and you request a limitation on processing, rather than the deletion of your Personal Information; (c) we no longer need to process your Personal Information, but you require your Personal Information in connection with a legal claim; or (d) you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists. 
  • Right to notice related to correction, deletion, and limitation on processing: Insofar as it is practicable, we will notify you of any correction, deletion, and/or limitation on processing of your Personal Information. 
  • Right to data portability: At your request, we will provide you free of charge with your Personal Information in a structured, commonly used and machine-readable format, if: (a) you provided us with Personal Information; (b) the processing of your Personal Information is based on your consent or required for the performance of a contract; or (c) the processing is carried out by automated means. 
  • Right to object: Where we process your Personal Information based upon our legitimate interest then you have the right to object to this processing. 
  • Right not to be subject to decisions based solely on automated processing: You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given us your explicit consent or where they are necessary for a contract with us. 
  • Right to withdraw consent: You have the right to withdraw any consent you may have previously given us at any time. If you withdraw your consent, this will not affect the lawfulness of our collecting, using and sharing of your Personal Information up to the point in time that you withdraw your consent. Even if you withdraw your consent, we may still use information that has been fully anonymized and does not personally identify you or as otherwise permitted by law. 
  • Right to complain to a supervisory authority: If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction. 

Personal Information provided to us by individuals located outside of the United States may be transferred to other countries such as the United States, where data protection laws may differ from those of your home country. By providing us with your Personal Information, you acknowledge that your information will be transferred to the United States and processed on servers in the US. We will take reasonable steps to protect your privacy in accordance with the applicable data protection laws. 

Emory takes appropriate steps, as required by applicable law, to obtain parental or guardian consent prior to collecting Personal Information from children. Each country within the EEA may determine the age at which an individual may consent to the collection of his or her Personal Information, and that age may vary from 13 to 16 years of age. 

Emory takes the security of your Personal Information seriously. Our minimum-security standards can be found at Emory's Policies and Procedures.

We will keep your Personal Information for as long as necessary to fulfill the purposes for which we collected it, including any legal, professional, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information, whether we can achieve those purposes through other means, and all applicable legal requirements.

When interacting with us, you may come across links or references to third-party websites and services that we do not operate or control. If you provide your Personal Information to that third party through its websites or services, you will be subject to that third party’s privacy practices and policies and terms of use. This Statement does not apply to any Personal Information that you provide to a third-party website or service. We recommend that you read the privacy policy that applies to that third-party website or service. A link or reference to a third-party website or service does not mean that we endorse that third party or the quality or accuracy of the information presented on its website or service. 

Emory reserves the right to modify this Statement at any time. We will notify you via the Sites or other reasonable means prior to any material changes to the Statement take effect. Any modified Statement will supersede the current Statement.

For more information on how we collect and process your Personal Information, or if you have any complaints, please contact the Emory University Office of Ethics and Compliance at compliance@emory.edu or 404.727.2398. 

FERPA

Emory University adheres to a policy of compliance with the Family Educational Rights and Privacy Act.

Learn More About Our FERPA Policy