Privacy Statement
Thank you for visiting the University of Miami website. The University of Miami is a private, independent, international university and an equal opportunity/affirmative action employer.
At the University of Miami, we respect and value your privacy. We believe in transparency and want you to understand what information we collect from you when you visit the University’s websites and what control you have over that information. This Privacy Statement describes, in general terms, how we collect your information, why we collect your information, how we use or share your information, and what control you have over your information.
- Who Will Process My Personal Information
- Information Collected or Received
- How We Use the Information We Collect
- How We Share the Information We Collect
- Third Parties
- Children’s Guidelines
- Your Rights
- Security
- Contact Us
Who Will Process My Personal Information?
Our Privacy Statement applies to the use of your personal information by the University of Miami through the browsing or use of its main website (umiamihealth.org) or any website with the University of Miami domain. The information published here is limited to the use of personal information by University of Miami websites.
When this statement mentions “University,” “we,” “us,” or “our,” it refers to the University of Miami in its capacity as the Data Controller. That is, the responsible party for your information under this Privacy Statement. The University of Miami’s websites and applications, collectively, will hereinafter be referred to as the “University Website.”
This site contains links to other non-University of Miami sites. The University of Miami does not process this information and is not responsible for the privacy practices and/or the content of such websites. Please be sure to check the individual privacy policies of those sites. Additionally, we are not responsible for the privacy practices and/or content of our business partners’ websites, even if the University of Miami’s brand appears on their page. The University of Miami has no control over the information gathered by those websites and is not responsible for any information collected by such websites.
Information Collected or Received
When visiting the University Website, we collect or receive your personal information in different ways. At times, you may choose what information you want to provide to us but sometimes we obtain information when you browse through our website. There are three general categories of information we collect.
Information We Automatically Collect from Your Use of Our Websites
The University automatically receives and records information from your browser or mobile device when you visit the University Website. This information is necessary given our legitimate interest in being able to provide and improve the functionalities of the University Website and to enable us to comply with legal obligations.
- Usage information: We collect information about your interactions with the University Website, such as the pages or content you view, searches you make, and other actions on the University Website.
- Log data and device information: We automatically collect certain technical and device information when you access and use the University Website, even if you have not created a CaneID or logged in through your CaneID. That information includes, among other things: details about how you have used the University Website (including if you clicked on links to third party applications), IP address, access dates and times, specific hardware and software information, device information, unique identifiers, crash data, cookie data, and the pages you have viewed or engaged with before or after using the University Website.
- Analytics: We use data analytics to ensure site functionality and improve the University Website. We use mobile analytics software to allow us to understand the functionality of the applications on your phone. This software may record information such as how often you use the applications, what happens within the applications, aggregated usage, performance data, app errors and debugging information, and where the applications were downloaded from.
- Cookies and similar technologies: Along with your IP address, we use cookies and similar technologies regarding which pages you visit on our site, information about which page led you to our site, and the software you use to visit our site. We may automatically collect device- specific information when you install, access, or use our website or applications. This information may include information such as the hardware model, operating system information, app version, app usage, debugging information, browser information, and unique device identifiers. We may also allow our business partners to use these tracking technologies on the University Website, or engage others to track your behavior on our behalf. For more information about our use of these technologies, see our University of Miami Website Cookie Notice.
- Payment transaction information: We collect information related to your payment transactions through the University Website, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, PayPal email address, IBAN information, your address, and other related transaction details. This information is necessary to allow the provision of payment services.
Information You Give Us
In addition to information collected automatically, we collect information you share with us while using the University Website. In order to provide you certain services, we ask for and collect the following personal information about you:
- Account information: A CaneID is a username and password authentication process that provides access to multiple University systems and services via use of that username and password. When you sign up for a CaneID, we require certain information such as your Social Security number, first name, last name, permanent address, email address, and date of birth. The University maintains proper security measures to ensure this information is kept confidential and only accessed by the appropriate University workforce members.
- Appointment information: When you submit an online appointment request, the University of Miami may use any information provided by you.
- Payment information: In order to pay any outstanding bills to the University, or to pay for certain services, we may require you to provide certain financial information, such as your bank account or credit card information, in order to facilitate the processing of payments and comply with applicable law.
- Communications with the University of Miami and others: When you communicate with the University or use the University Website to communicate with others, those platforms may collect information about your communication and any information you choose to provide. This may be communications made through direct messages, message boards, forums, and/or new groups available to you. Please remember that information disclosed by you or others in certain message boards, forums, or groups, is not private and becomes public information. You should exercise caution when deciding to disclose your personal information in these or similar areas of our websites and applications.
- Other information: You may otherwise choose to provide us information when you fill out a form, fill out an application, ask a question, conduct a search, respond to surveys, update or add information to your CaneID account, participate in promotions, or use other features of the University Website.
Information We Collect from Third Parties
We may collect information, including personal information, which others provide about you when they use the University Website, or obtain information from other sources and combine that with information we collect through the University Website. We do not control, supervise, or respond for how third parties providing your information process your personal data, and any information request regarding the disclosure of your personal information to us should be directed to such third parties.
- Background information: For individuals in the United States, to the extent permitted by applicable laws, we may obtain reports from public records of criminal convictions or sex offender registrations. For individuals outside of the United States, to the extent permitted by applicable laws and with your consent where required, we may obtain the local version of police, background, or registered sex offender checks. We may use your information, including your full name and date of birth, to obtain such reports.
- Other sources: To the extent permitted by applicable law, we may receive additional information about you, such as demographic data, from third party service providers and/or business associates, and combine it with information we have about you. We may also receive information about you and your activities on and off the University Website through partnerships, or about your experiences and interactions from our partner ad networks.
How We Use the Information We Collect
We use, store, and process information, including personal information, about you to provide, understand, improve, and develop the University Website and comply with our legal obligations.
- Provide, Improve, and Develop the University Website
- Enable you to access and use the University Website.
- Enable you to communicate with us and others.
- Provide you services requested in an appropriate and efficient manner, such as a response to an appointment request.
- Operate, protect, improve, and optimize the University Website and experience, such as by performing analytics and conducting research.
- Send you service or support messages, updates, security alerts, and account notifications.
- Operate, protect, improve, and optimize the University Website and experience, and personalize and customize your experience, we conduct profiling based on your interactions with the University Website, your search history, your profile information, and other content you submit to the University Website.
We process this information given our legitimate interest in improving the University Website and your experience with it.
How We Use the Information We Collect
Create and Maintain a Trusted Website Environment
- Comply with our legal obligations.
- Enforce our agreements with third parties.
- Enforce our Terms of Use and other policies.
- Analyze your communications made on the University Website for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, and customer support purposes.
We process this information given our legitimate interest in protecting the University Website and to comply with applicable laws.
Provide, Personalize, Measure, and Improve Our Advertising and Marketing
- Send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences (including information about the University of Miami or partner campaigns and services, and social media advertising through social media platforms such as Facebook or Google).
- Personalize, measure, and improve our advertising.
- Administer surveys, contests, or other promotional activities or events sponsored or managed by the University of Miami or its third party partners.
- Conduct profiling on your characteristics and preferences (based on the information you provide to us, your interactions with the University Website, information obtained from third parties, and your search history) to send you promotional messages, marketing, advertising, and other information that we think may be of interest to you.
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may interest you. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or by sending an email to webrequest@miami.edu.
Payment Information
- Enable you to access and use secure payment services.
- Detect and prevent fraud, abuse, security incidents, and other harmful activity.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations (such as anti-money laundering regulations).
- Enforce payment policies.
- With your consent, send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences.
We process this information given our legitimate interest in improving payment services and our users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.
How We Share the Information We Collect
Your Consent
Where you have provided consent, we share your information, including personal information, as described at the time of consent, such as when you participate in promotional activities conducted by the University’s partners or third parties.
Compliance with Law, Responding to Legal Requests, Preventing Harm, and Protection of Our Rights
We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary:
- To comply with our legal obligations.
- To comply with legal processes and to respond to claims asserted against the University of Miami.
- To respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability.
- To enforce and administer our Terms of Use, our payment terms, or other agreements.
- To protect the rights, property, or personal safety of the University of Miami, its employees, its users, or members of the public.
Where appropriate, we may notify you about legal requests for your information unless:
- Providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law; or
- We believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon the University of Miami’s property, its users or the University Website.
Service Providers
The University of Miami uses third party service providers to help us provide services related to the University Website. Service providers may help us:
- Conduct background or police checks, fraud prevention, and risk assessment.
- Perform product development, maintenance, and debugging.
- Allow the provision of services through third party platforms and software tools (e.g., through the integration with our APIs).
- Provide customer service, advertising, or payments services.
These providers have limited access to your information to perform these tasks on our behalf, and are contractually bound to protect it and to use it only for the purposes for which it was disclosed and consistent with this Privacy Statement.
Third Parties
The University Website may contain links to third party websites or services, such as third party integrations, co-branded services, or third party- branded services.
The University of Miami does not own or control these third parties and when you interact with them, you may be providing information directly to the third party, the University of Miami, or both. These third parties will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.
Children’s Guidelines
The University of Miami does not knowingly collect online contact information from children under 13 years of age without prior parental consent or parental notification, which will include an opportunity for the parent to prevent use of the information and/or participation in the activity.
In the absence of prior parental consent, online information will only be used to respond directly to the child’s request. Such information will not be used for other purposes without prior parental consent. We do not distribute to third parties any personally identifiable information of children without prior parental consent. We do not give the ability to publicly post or otherwise distribute personally identifiable contact information without prior parental consent. We do not offer special games, prizes, or other activities, to entice users to divulge more information than is needed to participate in the activity. We will, however, provide personal information collected about children if required by law, for example, to comply with a court order or a subpoena, protect the rights, property, or personal safety of the University of Miami, its employees, its users, or members of the public or to protect the integrity, safety, and security of our websites.
Your Rights
You may exercise any of the rights applicable to you, which are described in this section, by sending an email to privacy@miami.edu. Please note that we may ask you to verify your identity before taking further action on your request.
If we process your information based on our legitimate interests or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing purposes, you can always object using the unsubscribe link in such communications or by sending an email to webrequest@miami.edu.
Data subjects located in the EU may have certain additional rights in connection with the processing of personal data under the GDPR. For more information about how data subjects may exercise their rights under the GDPR, please visit the University’s GDPR webpage.
Managing Your Information
You may access and update some of your information through your CaneID account settings. You are responsible for keeping your personal information up- to-date.
Rectification of Inaccurate or Incomplete Information
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your CaneID account).
Data Access and Portability
In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technology allows).
Some of the information we collect or that you provide may be saved for a designated or indefinite period of time, but we will not disclose the information to third parties or government agencies, unless required to do so by state or federal law, in support of University-sponsored programs or activities, or to protect the integrity, safety, and security of our websites and applications. If you no longer want us to use your information to provide certain University Website services to you, you can request that we erase your personal information and close your CaneID account. Please note that if you request the erasure of your personal information:
- We may retain some of your personal information as necessary for our legitimate business interests.
- We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for compliance with record retention laws, tax, legal reporting, and auditing obligations.
- Information you have shared with others (e.g., message boards, forum postings) may continue to be publicly visible on the University Website. However, if the posting(s) were made through a CaneID account, attribution of such information to you will be removed. Additionally, some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.
- Because we maintain the University Website to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time.
As mentioned, the efficient management of the University’s records and information is necessary to support its core functions, to comply with its legal and regulatory obligations, and to contribute to the effective management of its activities. However, the University tries to adhere to minimum retention periods for various classes of records and data. For more information about the University’s records management, please see our Records Management Schedule.
Withdrawing Consent and Restriction of Processing
Where you have provided your consent to the processing of your personal information by the University of Miami you may withdraw your consent at any time by changing your CaneID account settings or by sending a communication to the University of Miami specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where:
- You contest the accuracy of your personal information.
- The processing is unlawful and you oppose the erasure of your personal information.
- We no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise, or defense of legal claims.
- You have objected to the processing pursuant to Section 6 below and pending the verification whether the legitimate grounds of the University of Miami override your own.
Objection to Processing
In some jurisdictions, applicable law may entitle you to require the University of Miami not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing, the University of Miami will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise, or defense of legal claims.
Where your personal information is processed for direct marketing purposes, you may, at any time, ask the University of Miami to cease processing your data for these direct marketing purposes by sending an e-mail to webrequest@miami.edu.
Right to Lodge Complaints
You have the right to lodge complaints about the data processing activities carried out by the University of Miami before a supervisory authority at the University or before the corresponding data protection authorities.
The security of your personal information is important to us. We continuously implement and update administrative, technical, and physical security measures to protect your information against unauthorized access, loss, destruction, or alteration.
If you know or have reason to believe that your CaneID account credentials have been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorized use of your CaneID account, please contact the University of Miami Help Desk, help@miami.edu, 305-284-6565 or the Chief Information Security Officer at ciso@miami.edu, 305-284-1526.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100 percent secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security. For CaneID account users, we offer optional advanced security settings, such as two- factor authentication for signing in.
Security
The security of your personal information is important to us. We continuously implement and update administrative, technical, and physical security measures to protect your information against unauthorized access, loss, destruction, or alteration.
If you know or have reason to believe that your CaneID account credentials have been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorized use of your CaneID account, please contact the University of Miami Help Desk, help@miami.edu, 305-284-6565 or the Chief Information Security Officer at ciso@miami.edu, 305-284-1526.
Unfortunately, no method of transmission over the internet or method of electronic storage is 100 percent secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security. For CaneID account users, we offer optional advanced security settings, such as two-factor authentication for signing in.
Contact Us
If you have questions or complaints about this Privacy Statement, the University of Miami’s information handling practices, or the processing of personal data under the GDPR, contact the University’s data privacy officer, Helenmarie Mirle Blake, at privacy@miami.edu or 305-243-5000.