University of Pittsburgh
School of Medicine Graduate Office University of Pittsburgh School of Medicine University of Pittsburgh
School of Medicine
Graduate Admissions System
University of Pittsburgh – Privacy Notice For Admissions & Financial Aid

What Constitutes "Personal Data"

Personal data is information that the University holds about you and which identifies you.This includes information such as your date of birth and address, as well as information like exam results, funding information, and disciplinary records. Special categories of personal data are afforded an extra level of security and confidentiality. This includes information about racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, data concerning health or data concerning sex life or sexual orientation.

How We Collect Personal Data

The personal data that the University holds about you is obtained from a number of sources and may include the following types of information:

  • Admissions information, including information you have provided on your application form(including applications made via a third party such as AMCAS); information from references; test scores; and information from educational institutions attended previously
  • Information about your education, including information that you provide to us during the course of your education and information related to your education, such as your grades, courses taken, etc
  • Funding information, such as information from the Free Application for Federal Student Aid (FAFSA)
  • Partner organizations, such as professional bodies, employers, and other educational establishments for the purposes of study abroad or exchange programs
  • Medical information, such as information about any disabilities that you disclose or pertinent medical conditions
  • Criminal history information, such as previous convictions

Why We Process Your Personal Data

Our primary reason for using your personal data is to provide you with an education. When you apply and accept an offer to attend the University, you enter into a contract with the University and agree that we can process your personal data for administrative and educational purposes. The purposes of processing include, but are not limited to:

  • Administering and providing education and training
  • Managing and administering our services, including accommodation services
  • Administering grants and loans
  • Providing advice and support to you, including health care services, health and safety, attendance monitoring, and career information and guidance
  • Managing behavioral or disciplinary issues and complaints
  • Recruitment, admission and enrollment
  • Providing you with information about educational programs and services
  • Maintaining your student record and managing academic processes
  • Administering financial matters including payment of fees
  • Managing University facilities including libraries and athletic facilities
  • Research including monitoring quality and performance
  • Graduation and confirmation of awards
  • Alumni membership
  • Statistical and archival purposes

Sending Personal Data to Other Countries

For these purposes, personal data may also be transferred to countries outside of the United States, to countries which may not have data protection laws that offer the same protections as your home country. Examples of circumstances when personal data may be transferred outside the U.S. include:

  • Managing collaborations with overseas educational institutions including study abroad and exchange programs
  • Working with overseas recruitment agencies
  • Information posted on our website that is accessible outside the U.S.
  • Some of the systems and services the University uses to store data in the cloud that may include storage facilities based outside the U.S.

The European Commission has produced a list of countries that have adequate data protection rules.The list can be found here: https://ec.europa.eu/info/law/law-topic/data-protection_en.

If the country that we are sending your information to is not on the list or, is not a country within the EEA (which means the European Union, Liechtenstein, Norway and Iceland) then, it might not have the same level of protection for personal data as the EEA provides.

We will provide you with details about the safeguards which we have in place outside of this privacy notice. If you have any questions about the safeguards that are in place please contact gdpr@pitt.edu.

How We Share Your Personal Data

We may share your personal data with the following third parties or for the following purposes:

  • With our service providers: We may share your personal data with third parties that help us provide services to you. For example, we may share some information with our insurance company to make sure that we have the insurance coverage that we need.
  • To improve our services: For example, we may occasionally use consultants, experts, or other advisors to assist the University in fulfilling its obligations and to help run the university properly. We might need to share your information with them if this is relevant to their work.
  • With government entities In response to a valid government request, we may share your personal data with a government agency or law enforcement. We may also be required to report certain personal data, for example, to the Department of Education, to comply with our obligations under U.S. law or to protect our rights or the rights of others, prevent fraud or other criminal activity.
  • With parents or legal guardians: If you are a minor, we may be required by law to share certain personal data with your parents or legal guardians.
  • With other educational institutions: If you choose to continue your education at another institution, we may, with your consent, share information about your education at our University with such institution.
  • With the public: We may share information about you on our website, such as information about your achievements or photographs of attendees at university events.

Our Legal Basis for Processing Your Personal Data

This section contains information about the legal bases that we are relying on when processing your personal data.

Legitimate Interests

We may legally process your personal data for our legitimate interests except where the processing is unfair to you. Specifically, the University has a legitimate interest in:

  • Providing you with an education
  • Safeguarding and promoting your welfare and the welfare of other students
  • Promoting the objectives and interests of the university, including fundraising and marketing
  • Facilitating the efficient operation of the university
  • Ensuring that the university complies with all relevant legal obligations

In addition your personal data may be processed for the legitimate interests of others. For example, we may process your personal data when investigating a complaint made by another student.

If you object to us using your personal data where we are relying on our legitimate interests as explained above please contact gdpr@pitt.edu.

Legal Obligation

The University may process your personal data in order to comply with a legal obligation, for example, to report a concern about your wellbeing to the appropriate government agency. We may also have to disclose your information to third parties such as the courts, local authorities, or law enforcement where legally obliged to do so.

Vital Interests

The University may need to process your personal data to prevent someone from being seriously harmed or injured.

Public Interest

The University believes that it is acting in the public interest when providing students with an education.

Processing Special Categories of Personal Data

The University must comply with additional conditions where it processes special categories of personal data. These special categories include: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, health information, and information about sex life or orientation. The University may process special categories of personal data under the following legal bases:

Substantial Public Interest

The processing is necessary for reasons of substantial public interest.

Vital Interests

To protect the vital interests of any person where that person cannot give consent, for example, if they are seriously hurt and are unconscious.

Legal Claims

The processing is necessary for the establishment, exercise or defense of legal claims. This allows us to share information with our legal advisors and insurers.

Medical Purposes

This includes medical treatment and the management of healthcare services.

Consent

We may ask for your consent to use your personal data in certain ways. If we ask for your consent to use your personal data you can revoke this consent at any time. Any use of your personal data before you withdraw your consent remains valid. Please contact gdpr@pitt.edu if you would like to revoke any consent given.

How Long We Retain Your Personal Data

We keep your personal data for as long as we need to in order for you to complete your education. If you stop attending the University prior to completing your education, we will retain your personal data. We will keep certain personal data after you are no longer attending the University, for example, so that we can share your personal data with another educational institution should you choose to apply for admission elsewhere.

We can keep certain personal data indefinitely if we need this for historical, research, or statistical purposes.

Your Rights With Regards to Your Personal Data

You have the following rights with regards to the processing of your personal data:

  • Right of access: You have the right to request a copy of the personal data that we hold about you.
  • Right of rectification: You have the right to correct personal data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten: In certain circumstances, you have the right to request that the personal data we hold about you be erased from our records.
  • Right to restriction of processing: Where certain conditions apply, you have the right to restrict processing of your personal data.
  • Right of portability: You have the right to request that personal data we hold about you be transferred to another organization.
  • Right to object: You have the right to object to certain types of processing of your personal data, such as direct marketing (to the extent applicable).
  • Right to judicial review: In the event that we refuse a request under rights of access, we will provide you with a reason as to why. Individuals in the EEA have the right to complain as outlined in "Further Information and Guidance" section below.

Further information and guidance

The University has established a dedicated email address for any questions or concerns you may have about the EEA GDPR. Please contact gdpr@pitt.edu if:

  • You object to us using your personal data for marketing purposes, e.g., to send you information about university events. We will stop using your personal data for marketing purposes if you tell us not to.
  • You would like us to update the personal data we hold about you.
  • You would prefer that certain information is kept confidential.

If you believe that we have not acted properly when using your personal data, you may also contact gdpr@pitt.edu.