GDPR—General Data Protection Regulation

NOTICE SPECIFIC TO PERSONS WITHIN THE EUROPEAN UNION

If you are in the EU and you interact digitally with the University of Minnesota, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”) and under the legal framework of Directive 2002/58/EC (“ePrivacy” Directive). In these circumstances and as applicable, the University of Minnesota may be the controller of the processing of your personal data. Please see also our GDPR resources webpage at www.privacy.umn.edu for more information.

LEGAL BASIS FOR PROCESSING

When we process your personal information, we will endeavor to have a valid lawful ground for processing in place. We process your personal information relying on different lawful grounds for processing, depending on the context of the processing activity.

YOUR RIGHTS

The University of Minnesota is committed to facilitating the exercise of the rights granted to you by EU data protection law (the right to access your data, to ask for erasure, correction, restriction, portability of your data or to object to the processing of your data) in a timely manner for personal information that properly falls under the GDPR.

In order to be able to reply to your request for exercise of your rights, and if we are not certain of your identity, we may need to ask you for further identification data to be used only for the purposes of replying to your request. If you have any inquiries or requests, please write to GDPRINFO@umn.edu or mail to Records & Information Management; 360 McNamara Alumni Center; 200 Oak Street SE; Minneapolis, MN  55455.  

In addition to your rights under the GDPR, the University of Minnesota is also subject to the Minnesota Government Data Practices Act, Minnesota Statutes Chapter 13. Information on Public Access to University Information, as well as Information on Rights of Subjects of Government Data can be found here: https://policy.umn.edu/operations/publicaccess.

RETENTION PERIOD

We strive to keep personal data in our records only as long as they are necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate purposes and all applicable legal requirements.  More information on the University of Minnesota records management program is available at:  https://policy.umn.edu/operations/recordretention.

TRANSFERS

When you interact with the University of Minnesota, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have obtained an adequate level of protection from the European Commission. To ensure the lawful transfers of personal data from the EU, the University of Minnesota relies on the derogations laid out in Article 49 GDPR. Be advised that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this website privacy notice.