Personal data is information that the University holds about you and which identifies you.This includes information such as your date of birth and address, as well as information like exam results, funding information, and disciplinary records. Special categories of personal data are afforded an extra level of security and confidentiality. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or sexual orientation.
The personal data that the University holds about you is obtained from a number of sources and may include the following types of information:
Our primary reason for using your personal data is to provide you with an education. When you apply and accept an offer to attend the University, you enter into a contract with the University and agree that we can process your personal data for administrative and educational purposes. The purposes of processing include, but are not limited to:
For these purposes, personal data may also be transferred to countries outside of the United States, to countries which may not have data protection laws that offer the same protections as your home country. Examples of circumstances when personal data may be transferred outside the U.S. include:
The European Commission has produced a list of countries that have adequate data protection rules.The list can be found here: https://ec.europa.eu/info/law/law-topic/data-protection_en.
If the country that we are sending your information to is not on the list or, is not a country within the EEA (which means the European Union, Liechtenstein, Norway and Iceland) then, it might not have the same level of protection for personal data as the EEA provides.
We will provide you with details about the safeguards which we have in place outside of this privacy notice. If you have any questions about the safeguards that are in place please contact gdpr@pitt.edu.
We may share your personal data with the following third parties or for the following purposes:
This section contains information about the legal bases that we are relying on when processing your personal data.
We may legally process your personal data for our legitimate interests except where the processing is unfair to you. Specifically, the University has a legitimate interest in:
In addition your personal data may be processed for the legitimate interests of others. For example, we may process your personal data when investigating a complaint made by another student.
If you object to us using your personal data where we are relying on our legitimate interests as explained above please contact gdpr@pitt.edu.
The University may process your personal data in order to comply with a legal obligation, for example, to report a concern about your wellbeing to the appropriate government agency. We may also have to disclose your information to third parties such as the courts, local authorities, or law enforcement where legally obliged to do so.
The University may need to process your personal data to prevent someone from being seriously harmed or injured.
The University believes that it is acting in the public interest when providing students with an education.
The University must comply with additional conditions where it processes special categories of personal data. These special categories include: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, health information, and information about sex life or orientation. The University may process special categories of personal data under the following legal bases:
The processing is necessary for reasons of substantial public interest.
To protect the vital interests of any person where that person cannot give consent, for example, if they are seriously hurt and are unconscious.
The processing is necessary for the establishment, exercise or defense of legal claims. This allows us to share information with our legal advisors and insurers.
This includes medical treatment and the management of healthcare services.
We may ask for your consent to use your personal data in certain ways. If we ask for your consent to use your personal data you can revoke this consent at any time. Any use of your personal data before you withdraw your consent remains valid. Please contact gdpr@pitt.edu if you would like to revoke any consent given.
We keep your personal data for as long as we need to in order for you to complete your education. If you stop attending the University prior to completing your education, we will retain your personal data. We will keep certain personal data after you are no longer attending the University, for example, so that we can share your personal data with another educational institution should you choose to apply for admission elsewhere.
We can keep certain personal data indefinitely if we need this for historical, research, or statistical purposes.
You have the following rights with regards to the processing of your personal data:
The University has established a dedicated email address for any questions or concerns you may have about the EEA GDPR. Please contact gdpr@pitt.edu if:
If you believe that we have not acted properly when using your personal data, you may also contact gdpr@pitt.edu.