May 25th, 2018
Last reviewed date:
May 21st, 2018
This policy governs the collection of personally identifiable information through the University of the People website.
If you do not agree to the terms and conditions set forth herein, do not use the website.
Collection of Personal Information
To apply for admission to University of the People (“UoPeople”, or the “University”), you must submit personally identifiable information to the UoPeople website (“Website”). “Personally identifiable information” (“PII”) refers to data that allows University of the People to identify you, such as your name, gender, mailing address, telephone number, date and country of birth, government-issued identification number, e-mail address, and other personal information.
Information and How We Use It
- We may process data about your use of our Website and Services (“User Data”). User Data may include your IP address, location, type of browser and version, operating system, referral source, visit length, page views and website navigation paths, as well as information about the frequency and timing of your use of the Service. The source of the User Data is an analytics tracking system. User Data may be processed for the purposes of analyzing the use of the Website and Services, operating our Website, improving and customizing the Services, ensuring the security of our Services, maintaining back-ups of our databases and communicating with you.
- When registering or inquiring on our Website you may be asked to enter your name, email address, mailing address, telephone number, email address, gender, date of birth, or other details (“Entered Data”). You are the source of such account data, and such data may be processed for the purposes of operating the Website, providing the Services, ensuring the security of the Website and Services, maintaining back-ups of our databases and communicating with you. The UoPeople will use your Entered Data for internal purposes including, but not limited to, academic and financial advising, record-keeping and tracking.
- We may process information contained in any enquiry you submit to us regarding Services (“Enquiry Data”).
- We may process information relating to transactions that you enter into with us and/or through our Website, such as the purchasing of goods (“Transaction Data”). The Transaction Data may include your contact details, your card details and the transaction details. The Transaction Data may be processed for supplying the purchased goods and Services and keeping records of transactions.
- We may process information that you provide to us for the purpose of subscribing to our email notifications, offering you services, or promotions which may interest you (“Notification Data”). The Notification Data may be processed for the purposes of sending you relevant Notification Data.
- We may process information contained in or relating to any communication that you send to us (“Correspondence Data”), for example, when you sign up for our newsletter or respond to a survey or remarketing communication. The Correspondence Data may include communication content and/or metadata associated such communication. The Correspondence Data may be processed for communicating with you and recordkeeping.
- Please do not supply any other person’s PII to us without the specific and explicit consent of all parties, including the owner of such PII.
International transfers of your PII
In this Section, we provide information about the circumstances in which your PII may be transferred to countries inside and outside the European Economic Area (“EEA”).
You acknowledge that PII submitted by you for publication through the Services may be available around the world via the internet. We cannot prevent the use or misuse of published PII by others once you submit it for publication, nor are we liable for such third-party use or misuse.
Such use may involve transfer of personally identifiable information to servers located outside the country from which you access the Website.
We and our other group companies have facilities in The United States, the Middle East, and India. “Adequacy decisions” of the European Commission have been made with respect to the data protection laws of each of these countries.
Transfers to countries inside and outside the EEA will be protected by appropriate safeguards, namely the provisions of applicable law which relate to the protection of individuals with regards to the processing of PII to which a party may be subject including, without limitation, the Data
Protection Act 1998, the Data Protection Directive 95/46/EC, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000, the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and, where applicable, the guidance and code of practice issued by the Information Commissioner’s Office from time to time, directions of any competent regulatory authority, relevant regulatory guidance and codes of practice (collectively “Data Protection Regulation”) or to the extent transfers will cross borders to outside the EEA, such transfer shall be carried out in accordance with standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of Personal Data to Processors established in Third Countries under the Directive (the “Model Clauses”).
The hosting facilities for our Website are situated in The United States and Europe. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. If you have opted-in and knowingly subscribe to our newsletter or other forms of correspondence, we may also use your information to inform you of new services UoPeople will be providing, inform you of scholarship applications and academic programs provided by third parties, and send you requested information and promotional materials for marketing purposes and research.
Collection and Use of Non-Personal Information
The University automatically collects non-personal information about your computer hardware and software for the purpose of improving the administration and content of the Website, facilitating use of the University’s Website by its users, and to properly diagnose server problems and other issues.
The University may contract with third party providers to assist in better understanding visitors to the Website. Third party providers are prohibited from using any information they collect on behalf of UoPeople for any purpose other than helping the University conduct and improve its services to you.
The University does not sell, rent or lease your personally identifiable information to third parties without your prior written consent. Personally identifiable information collected in connection with applications for admission is, however, collected by a third-party service provider that hosts the Website, and that information is released to application reviewers who may include University employees, contractors, volunteers and other parties. These individuals are prohibited from using your personally identifiable information except in connection with UoPeople services and any other products and/or services you have requested, and they are required to maintain the confidentiality of your information.
UoPeople may disclose your personally identifiable information, without notice, (i) if required to do so by law, or (ii) in the good faith belief that disclosure is necessary to protect or defend the rights, system, network, property or personal safety of the University, its personnel or its students. UoPeople may disclose your personally identifiable information, with prior notice, subject to your consent, to a potential or actual partner or buyer in connection with a merger, acquisition, or any form of sale of some or all of the University’s assets.
The University requires opt-in consent (meaning, your express permission) to share any sensitive personally identifiable information, such as medical information or information concerning race or ethnicity, political or religious beliefs, and sexuality.
In this Section, we have done our best to summarize the rights that you have under data protection law. These are complex, and not all of the details have been included herein. In light of this, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority; and (h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data by visiting the UoPeople Self–Service Portal when logged into the website.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. UoPeople will also correct, amend or delete any personal information that is inaccurate and notify any third-party recipients of the necessary changes. UoPeople may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, are extremely impractical, or for which access is not otherwise required by local law or GDPR.
In some circumstances you have the right to the erasure of your personal data [by providing adequate evidence attesting to your identity] without undue delay. Those circumstances include: the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. There are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: [for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims].
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defense of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defense of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
To the extent that the legal basis for our processing of your personal data is consent, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to file complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us in addition to the other methods specified in this Section 5.
When you provide us with PII for a secondary reason, like marketing or other secondary reasons which we will convey to you from time to time if applicable, we will ask for your consent. After you opt-in, you may withdraw your consent anytime, by contacting us at [email protected] or [email protected]. Or, please go to this site to withdraw your consent to processing.
Security of your Personal Information
The University maintains reasonable measures to protect your personally identifiable information from unauthorized access, use or disclosure. The University stores the personally identifiable information you provide on computer servers in a controlled environment that has implemented protections against unauthorized access, use or disclosure. UoPeople has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of the Website as part of University’s continuing commitment to the security of electronic content as well as the electronic transmission of information.
For website security purposes and to maintain the availability of the Website for all users, the University employs software to monitor traffic and identify unauthorized attempts to upload or change information or otherwise damage the Website. When personally identifiable information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
The Family Educational Rights and Privacy Act (FERPA) of 1974 was designed to protect the privacy of educational records, establish the rights of students to inspect and review their educational records, and provide guidelines for the correction of inaccurate or misleading information through informal and formal hearings. While FERPA does not apply to the University, since it is not a federally-funded institution, the University nonetheless strives to meet FERPA’s provisions to the extent reasonably feasible.
The University will not disclose a student’s educational record without obtaining the student’s prior written consent, except that a student’s educational record may be disclosed (i) to other school officials, including teachers with a legitimate educational interest and contractors, consultants, volunteers, or other parties to whom UoPeople has outsourced educational or institutional services or functions; (ii) to parents of a dependent student, as defined in section 152 of the Internal Revenue Code of 1986; (iii) to accrediting organizations; (iv) in compliance with a judicial order or lawfully issued subpoena; or (v) for any other reason permitted under 34 CFR § 99.31.
The University depends on the accuracy of the records submitted by its students. False information on an application, or any other act to intentionally mislead or misinform instructional personnel or administrators, is grounds for disciplinary action, including dismissal from the University. Students seeking access or amendment of their educational records should contact the Office of Student Services at [email protected]
Children’s Online Privacy Protection Act
Although neither this website nor any of the University’s services are intended for children under 13 years of age, the University complies with the Children’s Online Privacy Protection Act of 1998 (“COPPA”) and does not knowingly collect any personal information online from children under the age of 13.
The UoPeople Website may use “cookies”, subject to your consent if you are a resident of the European Union or are subject to GDPR, to help you personalize your online experience. A cookie is a small data file that is placed on your hard disk by a web page server. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalize Website pages, or apply for admission to UoPeople, a cookie helps the University recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as your name and mailing address. When you return to the Website, the information you previously provided can be retrieved, so you can more easily use the UoPeople features.
Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
Your California Privacy Rights and Do Not Track Notices
California Civil Code Section 1798.83 permits customers of a company who are California residents to request certain information regarding its disclosure of personally identifiable information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] Please note that the University is only required to respond to one request per customer each year.
Note that the University does not respond to “Do Not Track” signals.
The Microsoft CRM
The University’s Customer Relationship Management (CRM) system is hosted by Microsoft. There is a seamless transition from the University’s main website to the CRM. You enter the CRM every time you work on your application to the University or otherwise log in to the Student Portal. The CRM processes and maintains all UoPeople applications, student records such as course registration history and grades, and data related to payment history such as invoices and tracking numbers. Note that the CRM does not store any of your personal bank account or PayPal information.
Microsoft is not allowed to use your personally identifiable information other than for the provision of services to the University or as otherwise permitted by law. For more information about the Microsoft Dynamics CRM, you can review the security and privacy pages at the Microsoft Dynamics CRM Trust Center and the Microsoft Privacy & Cookies page.
The Moodle Learning Platform
All of the University’s courses, classroom discussions, assignments, testing, the academic advising messages system, and student and faculty forums are conducted through Moodle, an opensource learning platform.
There is a seamless transition from UoPeople’s main website to the University’s Moodle platform.
No one outside the UoPeople community is permitted to access the UoPeople Moodle platform. However, the UoPeople Moodle site administrators have access to nearly everything in the system and certain private information is also accessible by other UoPeople students, faculty and staff:
- UoPeople profile page. Every UoPeople student has a profile page in Moodle, which contains their first and last name, email address (optional), profile picture (optional) and description (optional). This information is visible to classmates for each course in which a student is enrolled, and to all students, faculty and staff through the Academic Advising Virtual Office. UoPeople profile pages are NOT available to the general public.
- UoPeople discussion forums. Since UoPeople is based on the peer-learning model, the University makes great use of discussion forums in its courses. Anything posted in a discussion forum is visible to the instructor and to all students enrolled in that course. For large classes that are divided into groups, only members of your group can see your posts. Your posts will include your full name and profile picture if you have chosen to upload it to the system.
- UoPeople peer-assessed assignments. All assignments assessed by other students in a particular course are submitted anonymously. Unless you put your name on your peer- assessed assignment, which is not a requirement, only instructors and administrators will be able to see who has evaluated your assignment.
- Private messaging system. Only the sender and receiver can view the content of messages sent through the Moodle privacy messaging system.
If you withdraw from the University, your account will be disabled and will no longer visible to students and instructors. Old and inactive accounts are usually deleted after four years of nonuse.
The UoPeople Yammer Enterprise Network
UoPeople’s Yammer Enterprise Network provides a collaborative environment for UoPeople students, faculty, alumni, staff and volunteers from throughout the globe (“UoPeople
Community”) to connect and share meaningful information. Note that there is a seamless transition from UoPeople’s main website to the University’s Yammer Network.
By enrolling in UoPeople’s Yammer Network, you understand and agree that your personal profile and any content you post will be visible to other members of the UoPeople Community and to anyone outside the community who manages to log in to the UoPeople Yammer Network.
Confidential student information and other sensitive or private content should not be posted on the Yammer Network.
Although UoPeople administrators monitor all posts and comments to the UoPeople Yammer Network, you are ultimately responsible for the content you post and UoPeople has a right and obligation to report any user who posts illegal content and threats of violence to the authorities.
Third Party Websites, Cookies and Privacy Policies
Certain pages of the Website may contain links to websites that are not controlled by the
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers. In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So, if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. For example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your PII used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.
Occasionally, at our discretion, we may include or offer third-party products or Services on our Website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Age of Consent
By using this site, you represent that you are at least the age of majority in your state, province or country of residence, or that you are the age of majority in your state, province or country of residence and you have given us your consent to allow any of your minor dependents to use this site.
Retaining and Deleting PII
This Section 4 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
We will retain and delete your personal data as follows:
PII will be retained for 25 years following the point of first contact with the University at the end of which period it will be deleted from our systems.
Changes to this Policy
Compliance with this Policy