Online Privacy Statement

The University of Alabama at Birmingham (UAB) respects your privacy and collects no personally identifiable information about you unless you affirmatively choose to make such information available to us. The University does not actively share personal information about web site visitors. Personal information provided by visitors, such as e-mail addresses or information submitted via online forms, is used by the University to assist individual visitors as necessary. This assistance may involve redirecting an inquiry or comment to another University individual or unit better suited to provide resolution.

The University analyzes its web server log files to collect summary information about visitors to its web site. The University also subscribes to Google Analytics, which uses cookies to collect anonymous traffic data. This information is analyzed by UAB and by Google Analytics to generate summary statistics for purposes such as guiding design considerations, determining successful site segments, determining problem areas and tracking marketing activities. However, because The University of Alabama at Birmingham is a public institution, some information collected from The University of Alabama at Birmingham's Web site may be subject to the Alabama Open Records Act, or in some instances, the University may be compelled by law to release information gathered from University of Alabama at Birmingham web servers.

The University of Alabama at Birmingham is a public, major research-intensive institution of higher education with an academic medical center. At any given time, there are numerous online surveys being conducted on the University of Alabama at Birmingham Web site. The functions of the University may involve the collection and dissemination of scientific, technical, economic, scholarly, and in some instances, personal information. Confidential information gathered in these online surveys is used only for the research purpose indicated in the survey. Unless otherwise noted on the specified survey, your answers are confidential and individual responses will not be shared with other parties unless required by law. Aggregate data from surveys may be shared with external third parties.

UAB complies with applicable federal and state laws, as well as the University of Alabama System and UAB policies and procedures, for the collection, use, disclosure, retention, and disposition of personal information. The University of Alabama at Birmingham also complies with the Family Educational Rights and Privacy Act ("FERPA"), which prohibits the release of educational records without student permission. For more details on FERPA, currently enrolled students should consult the University of Alabama at Birmingham Student Handbook or University Registrar.

Please direct any questions about this privacy statement, the practices of any University of Alabama at Birmingham Web site, or your use of this Web site to the Office of University Relations.

GDPR Privacy Statement

Introduction

The University of Alabama at Birmingham (UAB) is an institution of higher education. For UAB to fulfill its mission to educate its students in person and online; engage in world-class research; provide community services; and operate a major academic medical center, it is necessary to collect, process, use, and maintain data of its students, employees, applicants, research subjects, patients, and others involved in its educational, research, healthcare, and community programs.

The European Union (EU) General Data Protection Regulation (GDPR) broadly applies to organizations that process data about people who reside in the European Union or data about living individuals when it is transferred from the EU. The EU GDPR limits when and how personal data can be collected, processed, used, disclosed, retained and disposed. It also provides these individuals with certain rights related to their personal data, including notice or consent, rights of access, and in some cases, requests for deletion. Such individuals are referred to in the GDPR as Data Subjects. UAB may be a data “controller” or “processor” with regard to certain activities as defined under the EU GDPR. UAB is committed to protecting the privacy rights of individuals.

Definitions

Data Controllers determine the purposes and means of processing personal data while collecting, using, and protecting personal data.
Data Processors are responsible for processing, analyzing, storing, and deleting personal data on behalf of the controller.
Data Subject is an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal data under the EU GDPR, personal data is defined as any information relating to an identified or identifiable natural person. An identifiable natural person is an actual living person (not a corporation or other business entity) who can be identified, directly or indirectly, by reference to:

  • Any identifiers, such as name, ID numbers, location data, online identifier; or
  • Factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Special Categories of Personal Data are any data that:

  • Reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership.
  • Are patient healthcare data sufficient to uniquely identify a natural living person.
  • Are genetic data or biometric data sufficient to uniquely identify a natural living person.
  • Are concerning a natural person’s sex life or sexual orientation.

Lawful Basis for Collecting and Processing of Personal Data

UAB complies with applicable federal, state, and local laws and regulations in carrying out its mission to serve students, patients, the community and the global need for discovery, knowledge dissemination, education, creativity and the application of ground-breaking solutions. Accordingly, UAB has lawful basis to collect, process, use, and maintain data of its students, employees, applicants, research subjects, patients, and others involved in its educational, research, academic medicine, and public service programs. Lawful purposes for processing personal data include, without limitation: admission; registration; delivery of classroom, online, and study abroad education; grades; communications; employment; applied research; academic medicine; development; program analysis for improvements; and records retention.

EU GDPR, Article 6, “Lawfulness and processing,” stipulates that at least one of the following apply:

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • Processing of personal data is necessary for the performance of a contract in which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
  • Processing is necessary to comply with a legal obligation that the controller is subject;
  • Processing is necessary to protect vital interests of the data subject or another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Most of UAB’s collection and processing of personal data will fall under the following categories:

  • Processing which is necessary for the purposes of the legitimate interests pursued by UAB or third parties in providing education, employment, research and development, academic medicine, and public service.
  • Processing which is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject before entering into a contract.
  • Processing which is necessary for compliance with a legal obligation to which UAB is subject.
  • Processing for which the data subject has given consent for UAB to use his or her personal data for one or more specific purposes.

Note: There will be some instances where the collection and processing of personal data will be pursuant to other lawful bases, which will be specified.

Types of Personal Data Collected and How it Will be Used

UAB collects a variety of personal data to meet lawful basis, as referenced above. Most often the data is used for academic admissions, enrollment, educational programs, job hiring, provision of medical services, participation in research, development, and public service.

The information we hold about you may include the following:

  • Personal details such as name, title, address, telephone number, email address, marital status, nationality, date of birth, photograph, household income, parental status, details of dependents;
  • Emergency contact information;
  • National Insurance number (where you have voluntarily provided it);
  • Education and employment information (including the school(s), college(s), and other educational locations you have attended; places where you have worked; the courses you have completed; dates of study and examination results);
  • Other personal background information collected during the admissions process, e.g., your socioeconomic classification, and details of your parents’ occupation and education;
  • Examination records (including records relating to assessments of your work, details of examinations taken, and your predicted and actual examination grades);
  • Information captured in your student record, including progression, achievement of milestones and progression reports;
  • Visa, passport, and immigration information;
  • Fees and financial support record (including records relating to the fees paid, student loan information and financial support, scholarships, and sponsorship);
  • Supervision, teaching, and tutorial activities; and training needs analysis and skills acquisition records;
  • Placement and internship record or study at another institution as an established component of your course of studies, or career development opportunity;
  • Information about your engagement with University support services or University facilities;
  • Information about your use of library facilities, including borrowing and fines;
  • Information about disciplinary actions (including academic misconduct), dispensations from regulations, and about any appeals and complaints raised;
  • Attendance at University degree and award ceremonies and other on-campus events;
  • Information about your use of our information and communications systems, including CCTV and building access information.


We may also process the following "special categories" of more sensitive personal data:

  • Information about your sex and gender identity
  • Information about your race or ethnicity and religious beliefs;
  • Information about your health, including any disability and/or medical condition;
  • Information about criminal convictions and offenses, including proceedings or allegations.

If you have specific questions regarding the collection and use of your personal data, please contact the UAB Data Protection Officer at 205-934-8181 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it.

Where UAB Acquires Personal Data

UAB receives personal data from multiple sources. Most often, UAB acquires this data directly from the data subject or under the direction of the data subject who has provided it to a third party.

Rights of the Data Subject under the EU GDPR

If you are an individual data subject under the EU GDPR, for example, you may obtain the following information and exercise the following rights:

  • the identity and the contact details of the controller and, where applicable, the controller’s representative;
  • the contact details of UAB’s Privacy Compliance Program, including GDPR;
  • an explanation of the purposes and legal basis/legitimate interests of the data collection/processing;
  • the identification of the recipients of the personal data;
  • notice if UAB intends to transfer personal data to another country or international organization;
  • notice of the time period that the personal data will be stored;
  • the right to access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability;
  • the right to withdraw consent at any time, if processing is based on consent;
  • the right to lodge a complaint with a supervisory authority (established in the EU);
  • an explanation of why the personal data are required, and possible consequences of the failure to provide the data;
  • notice of the existence of automated decision-making, including profiling; and
  • notice if the collected data are going to be further processed for a purpose other than that for which the information was collected.

Exercising of these rights provides the assurance that you will be afforded a diligent process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the rights mentioned above may do so by submitting such request by email to This email address is being protected from spambots. You need JavaScript enabled to view it..

Information We May Collect Automatically

To the extent permitted by law, UAB and our third-party vendors may supplement the information we collect from and about you with information from other sources, such as publicly available information about your online and offline activity from social media services, commercially available sources, and information from other business partners.

IP Address and Other Identifiers: When you access and interact with our website or programs, UAB and our third party providers may collect information about your visits in order to permit you to connect to and obtain the services and to understand the frequency with which specific visitors visit various parts of our site. For example, we may collect your Internet Protocol (“IP”) address, which identifies the computer or third party that you use to access our services, or information about your browser type, authentication identifiers, and other software and hardware information. If you access the UAB website through a mobile or other device, we may collect your mobile device identifier, geolocation data (including your precise location), or other transactional information for that device. We may combine this information with other information that we have collected to make our services and our communications to you more targeted to your interests.

Social Media Information and Content: If you access or log in to our site through a social media service or connect a service to a social media service, the information we collect may also include your user ID and/or user name associated with that social media service, any information or content you have permitted the social media service to share with us, such as your profile picture, email address or friends lists, and any information you have made public in connection with that social media service. When you access our sites through social media services or when you connect a service to social media services, you are authorizing UAB to collect, store, and use such information and content in accordance with this statement and UAB’s Privacy Statement.

Cookies and Other Tracking Technologies: Our services may also use cookies. Cookies are small text files that are stored on a user’s computer and allow websites to remember information about users. UAB and our third parties use cookies for a variety of purposes to enhance the quality of our sites. We use transient (also called “session ID”) cookies to provide continuity from page to page. A session ID cookie expires when you close your browser. We also use persistent cookies. Persistent cookies allow your browser to be recognized when you return after your first visit to that part of our site. Cookies allow us to personalize your return visits to our site. You have the choice to set your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.) It is up to you whether to allow us to send you cookies. Please note that by blocking any or all cookies, you may not have access to certain features, content, or personalization available through our site.

Web beacons and other tracking technologies: The site may use other tracking tools, including so-called “pixel tags,” “web beacons,” “web bugs,” “clear GIFs,” etc. (collectively “Web Beacons”) to collect user activity information about your activities on our site. These are small electronic images embedded in web content (including online ads) and email messages and are ordinarily not visible to users. Like cookies, web beacons enable us to track pages and content (including ads) accessed and viewed by users. Also, when we send HTML-formatted (as opposed to plain text) emails to you, web beacons may be embedded in such emails to allow us to monitor readership levels so that we can identify aggregate trends and individual usage to provide our audiences with more relevant content or offers. Web beacons in emails may recognize activities such as when an email was opened, how many times an email was forwarded, which links in the email were clicked on, etc. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

Third Party Tracking: Third parties that support UAB by serving advertisements or providing services, such as allowing you to share content or tracking aggregate usage statistics of our site, may also use these technologies to collect similar information when you interact with our services (such as websites and emails). These third parties may also use these technologies, along with activity information they collect, to recognize you across the devices you use, such as a mobile device and a laptop or other computer. UAB does not control these third-party technologies, and their use is governed by the privacy policies of third parties using such technologies.

Non-university Websites: This statement applies solely to information collected on the UAB online network. If you click on a link that directs you to a website or resource outside of the UAB online network, you are subject to the privacy policies of that site.

Information Contained in User Content

Some parts of our site may allow users to post or transmit messages, comments, screen names, computer files, and other materials. You should be careful about what personal information you choose to make public through these services.

Information from Other Sources

To the extent permitted by law, UAB and our third-party vendors may supplement the information we collect from and about you with information from other sources, such as publicly available information about your online and offline activity from social media services, commercially available sources, and information from other business partners.

Security of Personal Data, Subject to the EU GDPR, and other Applicable Privacy Laws

UAB is committed to ensuring the security of your information. We have put in place reasonable physical, technical, and administrative safeguards designed to prevent unauthorized access to or use of the information collected online. All personal data collected or processed by UAB under the scope of the EU GDPR will comply with the University’s security controls, systems, processes, and standards.

Sharing Your Information

UAB will not share your information with third parties except as necessary to meet one of UAB’s lawful purposes, including but not limited to:

  • legitimate interest;
  • contract compliance;
  • pursuant to consent provided by you;
  • as required by law;
  • as necessary to protect UAB’s interests; or
  • with third parties acting on our behalf who have agreed to protect the confidentiality of the data.

Data Retention

Data collected by UAB which falls under the purview of University Archives and the Data Protection Officer is collected for the time periods specified by the current UAB Records Retention Schedule and Alabama Department of Archives and History, Public Universities of Alabama Functional Analysis & Records Disposition Authority

Children's Online Privacy Protection Act (COPPA) Privacy Statement

The University of Alabama at Birmingham (UAB) is committed to protecting the rights of children and specifically those privacy rights established by the U.S. Federal Trade Commission as defined in the Children’s Online Privacy Protection Act (COPPA). For more information about COPPA and your child's rights to online privacy, visit the Federal Trade Commission website at https://www.ftc.gov/tips-advice/business-center/privacy-and-security/children%27s-privacy.

Notice to Children

If you are under age 13 and you wish to participate in an event at, conducted by or sponsored by UAB, your parent or guardian must register you and provide their consent as well as your information. Please ask your parent or guardian to fill out your online registration form or any other forms requesting your information.

Notice to Parents/Guardians

UAB complies with the requirements of the Children's Online Privacy and Protection Act (COPPA) and provides the UAB Privacy Statement and this UAB COPPA Privacy Statement. This statement describes our practices for collecting, using, and disclosing personal information from and about children under the age of 13. If you have any questions about privacy at UAB, contact the UAB Compliance & Risk Assurance Office.

Parent/Guardian Consent

Through our various program registration systems, we collect information from parents and legal guardians who choose to register their child in the programs that target participants who are under the age of 13. We require parental/legal guardian consent to certify that UAB has permission to collect/save the personally identifiable and non-personal information. UAB will not collect/save data from children under the age of 13 without the express consent of the child’s parent(s) or legal guardian(s). You may grant consent by providing one of the following:

  • a credit card in your name for payment,
  • a check in your name for payment, or
  • a signed statement of consent specific to the program or activity that will involve your child.

Reviewing Information

To review any information about your child, please contact the program director or the department offering the program. If you do not want UAB or a specific program to release any information about you or your child or if you wish to have your information or that of your child removed from our database, you must notify UAB in writing of your request. If you are unable to contact the office or program staff, contact the UAB Compliance & Risk Assurance Office for assistance.

Revoking Consent and Deleting Information

At any time, a parent or guardian may revoke consent and direct us to delete your child’s information from our online data storage. If you revoke your consent, your child may not be able to participate in an event; please check with the event manager or program director for more information. If you ask us to delete your child's information, UAB will not use it for any purpose except where required by applicable laws or regulations. To revoke consent, you must contact the program or designated office at UAB conducting the event. If you are unable to contact the office, please contact the UAB Data Protection Officer at 205-934-8181 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

Information We Collect

The University of Alabama at Birmingham collects two types of information at our site: personally identifiable information and non-personally identifiable information.

  • Personally identifiable information includes first and last name, street address, phone numbers, email addresses, medical information, financial information for the purposes of billing and payment, and credit card information for payment.
  • Non-personally identifiable information includes sex, the name of the school the student attends, and grade in school.

How We Use the Information

We use the information about your child to register your child for an event at UAB and to ensure appropriate content and safety for participants. Program staff use this information for educational and residential program payment processing and to send parents and program participants information about additional program opportunities. Non-personally identifiable information that we collect might be used for research and marketing purposes.

UAB does not share or distribute any personally identifiable information about participants or their families with external organizations. UAB may disclose the personal information we collect to comply with the law, a judicial proceeding, court order, subpoena, or other legal process.

We reserve the right to modify the terms of this policy to meet customer concerns and changes in the law. Updates to our privacy statements will be posted online and are effective immediately upon posting. If you have any privacy-related questions, you may contact the UAB Data Protection Officer at 205-934-8181 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it. for assistance.