General Data Protection Regulation (GDPR)

Information Statement

International Privacy

If you are located outside the United States, in particular if you are located in Canada, Brazil, the European Union (“EU”), the European Economic Area (“EEA”), New Zealand, the Republic of South Africa, Switzerland, the United Kingdom, or other countries with similar data privacy laws, please note that we and our servers are located in the United States. Any information that you provide to us may be transferred to and processed in the United States or other countries around the world where we do business. Although this may include recipients of information located in countries where there may be a lower level of legal protection for your personal data than in your country, we will make efforts to protect your information in accordance with requirements applicable to the law in your particular jurisdiction and take steps to only share with third parties that offer similar protection. By using our Program, you unambiguously consent to your information being collected, processed, used, and transferred as disclosed herein.

Data Privacy Rights

If you are located in the EU or a jurisdiction with a similar law, the GDPR or its local equivalent may grant you certain rights under the law. In particular, the right to access, correct, and delete the personal data we hold about you. The University of Minnesota will retain your personal data for the length of time you engage with our Programs as described in the retention section of this Privacy Notice, until you request deletion of such personal data. The University of Minnesota is considered the Data Controller (or equivalent distinction) with regard to your personal data. You can find our contact information as described herein or in other Program documentation.

In certain circumstances, you have the following data protection rights:

  • The right to access, update, or delete the personal data we have on you.
  • The right of rectification. You have the right to have your personal data corrected if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your personal data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal data.
  • The right to data portability. You have the right to be provided with a copy of the personal data we have on you in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal data.


In order make a request regarding your personal data, please contact [email protected] or mail to Records & Information Management; 360 McNamara Alumni Center; 200 Oak Street SE; Minneapolis, MN 55455.

If you have a comment, question, or complaint about how we are handling your personal data, we hope that you contact us as described herein to allow us to resolve the matter. In addition, if you are located in the EEA, you may submit a complaint regarding the processing of your personal data to a regulatory authority. The following links may assist you in finding the appropriate regulator:

  • In the EU, you have the right to lodge a complaint with your local data protection authority. To find your local authority, you can check the list on the European Data Protection Board website: https://edpb.europa.eu/about-edpb/board/members_en
  • In the UK, you have the right to lodge a complaint with the Information Commissioner: www.ico.org.uk
  • In Switzerland, you have the right to contact the Federal Data Protection and Information Commissioner (FDPIC): FDPIC

Legal Basis for Processing under GDPR

If you are located in the EEA or a jurisdiction that requires a similar legal basis for processing, our legal basis for collecting and using the personal data described in this Privacy Notice depends on the personal data we collect and the specific context in which we collect it.

We may process personal data because:

  • We need to perform a contract with you;
  • You have given us consent to do so;
  • The processing is in our legitimate interest to offer the Program, when that legitimate interest is not overridden by your rights;
  • To comply with the law.

Where personal data is processed based on consent, you may have the right to withdraw such consent at any time. To do so, please contact us as described in this Notice. If there is a different legal basis that would permit us to continue processing your personal data after withdrawing consent, we will notify you of that legal basis at the time of your request.

Additional information will be posted on this site—privacy.umn.edu. In the meantime, questions can be sent to the following Committee members:

GDPR Resource Links

https://www.aacrao.org/signature-initiatives/trending-topics/gdpr

https://library.educause.edu/topics/policy-and-law/eu-general-data-protection-regulation-gdpr

https://medium.com/highered-insider/gdpr-compliance-checklist-for-higher-education-33660172c038

https://www.hmbr.com/news-insight/gdprs-impact-on-higher-education-in-the-us-an-overview/

https://www.mwe.com/en/thought-leadership/publications/2018/02/does-gdpr-regulate-research-studies-united-states

https://www.wired.com/story/europes-new-privacy-law-will-change-the-web-and-more/

https://www.universitybusiness.com/article/eu-data-regulation-affect-us-colleges-and-universities

https://ico.org.uk/for-organisations/education/

https://www.cupahr.org/data-privacy-gdpr/