I. General Statement
The University of Central Florida (“UCF”) strives to collect only the minimum amount of personal and confidential information necessary to support our students, faculty, staff, visitors, and collaborators, and will protect that information when it is in our possession. With new methods of sharing, processing, and storing all forms of data emerging at unprecedented rates, we put forth a consistent effort to limit the access of data to only those authorized individuals that need this access to carry out their respective job duties.
It is imperative that we all recognize that threats to the privacy and security of individuals’ personal data remain on the rise. UCF has and will continue reasonably and appropriately securing its systems and applications, maintaining policies to properly guide our staff, faculty, students, and others, and investigating all issues involving suspected and actual data-related issues.
A cookie contains a small amount of visitor and website information stored on an individual’s computer. These files interact with the visitor and the website to provide a webpage tailored to the user through its awareness of information held within the file. Cookies also can carry all, or parts, of the information stored within the file to other websites that the individual may visit or to third parties.
Your personal information will be retained and/or disposed of in accordance with Florida law and UCF’s records management policies and practices.
The following describes the types of cookies UCF uses on our main website (www.ucf.edu/):
- Required or Strictly Necessary Cookies are essential to enable you to navigate our websites, interact with the content, and use the features. Without these cookies, services you may ask for, such as registering for an account, cannot be provided.
- Functionality Cookies allow our websites to remember choices you make and provide more personal features. For instance, a functional cookie can be used to remember the volume level you prefer to use when watching videos on our websites. The information these cookies collect may be anonymized and they cannot track your browsing activity on other websites.
- Social Media Cookies may be set by third parties, such as YouTube and Twitter, to collect information about your social media experience.
- Analytics Cookies collect information about how visitors use our websites, for instance which pages visitors go to most often or how long they spend on a particular page. This information is used to improve our websites and to aid us in investigating problems raised by visitors. Analytics cookies do not collect information that identifies a visitor; they are utilized to assess patterns of usage, rather than the behavior of a single person.
- Targeting/Advertising Cookies are employed by dedicated partners and platforms to advertise on our behalf. Affiliate tracking cookies simply allow us to see what external site/experiences connect you to UCF. We use these cookies to make advertising more engaging and relevant to you and to avoid showing ads you’ve already seen. These cookies anonymously collect information about your browsing habits to help us produce better content and more dynamic web interactions.
III. Electronic Mail (E-Mail) Communications
Under Florida law, most emails sent to UCF are considered public record. If you do not want your email address released in response to a public records request, do not send email to UCF. Instead, contact the office you wish to reach by phone or in person as appropriate.
IV. Student Rights to Privacy
The Family Educational Rights and Privacy Act (“FERPA”) (20 U.S.C. § 1232g; 34 CFR Part 99) is a United States law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the United States Department of Education.
FERPA gives parents certain rights, e.g., right of inspection or correction of their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are “eligible students.”
Generally, UCF must have written permission from the parent or eligible student in order to release any information from a student’s education record. However, FERPA allows schools to disclose those records, without consent, to certain parties or under the specified conditions stated in 34 CFR § 99.31).
UCF may also disclose, without consent, information considered to be “directory” information.
If you are a student who would like to suppress the display of your directory information, you can do so by logging into myUCF, navigating to Student Self Service > Student Center > Personal Information and clicking on FERPA/Directory Restriction.
Learn more about FERPA protections at UCF.
V. Health Insurance Portability and Accountability Act
UCF has designated itself as a hybrid “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and has its own privacy and security obligations with respect to protected health information (“PHI”).
Where UCF operates as a “business associate” under HIPAA, we have agreements in place with healthcare providers requiring that we only use and disclose PHI as healthcare providers are permitted to under HIPAA. This Privacy Notice and the privacy and security practices described therein are designed to comply with these agreements. As such, among other obligations, we:
- use reasonable and appropriate safeguards to keep your PHI that we collect private and confidential;
- notify you in accordance with the guidelines set forth under HIPAA if we are made aware of any unauthorized access to your PHI that we have collected; and
- provide you access in a reasonable time and manner to your PHI we have collected and make any reasonably requested amendment thereto.
UCF may de-identify PHI pursuant to HIPAA and aggregate patient de-identified information with other UCF patient information and use such aggregated information for population-based research activities and analytics. Treatment, enrollment, payment, health care operations, or eligibility for benefits do not require written authorization, consent, or any other form of release in most cases. When such information is used or disclosed, it may be subject to re-disclosure and may no longer be protected by U.S. privacy laws.
Learn more about your rights under HIPAA.
VI. Children’s Online Privacy Protection
If you are under the age of 13, you are not permitted to use this website. If you are a minor between the ages of 13 and 18, you may only use the site under the supervision of your parent, legal guardian, or another responsible adult. We impose these age restrictions to ensure compliance with the Children’s Online Privacy Protection Act (COPPA). For details see 15 U.S.C. §§ 6501–6506 (Pub.L. 105–277, 112 Stat. 2681-728, enacted October 21, 1998.)
VII. Use of Third Party Services
UCF does not sell your personal information, yet we may share that information with third party service providers for the purposes of communicating with you regarding our educational programs and services or to facilitate improvement of our services, our websites and our marketing efforts, or to help us provide services to the university community (e.g., software/information technology providers). With your consent, some university departments may contact you using text messaging (SMS).
Some pages within the UCF website may contain content that is provided by external third parties (graphics, logos, scripts, or similar). When you visit one of our pages that contains this third-party content, information such as IP address, date, browser, and device type, and requested page may be transmitted to that third party. Some pages may contain links to external third parties in order to provide services or products to you. UCF is not responsible for the privacy practices of these external third parties. While we request these third parties protect your information, we do not make any representations about their practices and policies. These third parties are not subject to this Privacy Notice.
VIII. Individual Rights under the GDPR and Similar Laws
UCF is based in the State of Florida within the United States of America (U.S.), operates primarily in Florida, with its primary place of business in Florida. The administration of UCF is based in Orange County, Florida, and that is UCF’s home venue. Thus, UCF follows U.S. and Florida laws, as well as UCF regulations and policies.
However, there are occasions when a particular foreign law may apply to UCF, such as the General Data Protection Regulation (GDPR).
The GDPR applies to any person who is located within the European Economic Area (EEA) regardless of citizenship or permanent residency.
The GDPR applies to entities wholly located outside of the EEA if:
- they process personal data of anyone located within the EEA, or
- offer goods and services or monitor behavior in the EEA, or
- transmit personal information to the EU for any purpose. For example: cloud server, payroll processor, or vendor. GDPR applies to all different types of entities.
Although UCF may be subject to a foreign law (e.g., GDPR) under limited circumstances, if there is any conflict between such foreign law and any U.S. or Florida law, as a state entity of the State of Florida, UCF will resolve that conflict in favor of U.S. and Florida law.
The GDPR, as well as similar laws and regulations, provide individuals who are covered by those laws and regulations the right to request, from UCF, access to and rectification or erasure of their personal data, restriction of processing, objection to processing, the right to portability of their personal information, and the right to opt out of receiving communications for the purpose of marketing; however, the foregoing is specifically subject to U.S. and Florida law and in the event of a conflict between the GDPR or a similar law or regulation and the rights afforded individuals thereunder and U.S. and Florida law, UCF will follow U.S. and Florida law. That means, for example, that if you request erasure of your personal data, which is a right granted under the GDPR, but this right conflicts with UCF’s obligations under Florida law, UCF will follow Florida law and it may not be possible to erase your personal data, if Florida law requires for that data to be retained for a longer period of time.
There are also occasions when another U.S. State (non-Florida) law may apply to UCF. In such cases, if there is any conflict between such law and Florida law, as a state entity, UCF will resolve that conflict in favor of Florida law.
Any individual who wishes to exercise any of the aforementioned rights may do so by filing such request with the UCF Data Protection Officer as instructed below.
IX. Personal Data Transfers To/From Countries Outside the USA
UCF is a metropolitan research university located in the U.S. In order to provide you with the services and otherwise fulfill our obligations to you, it is necessary for your personal data to be transferred to, and processed within, the U.S. Data protection laws differ around the world and the U.S. may not provide the same level of protection for personal data as your jurisdiction of residence.
X. Digital Millennium Copyright Act (DMCA)
The agent designated by UCF to receive and act on copyright violations under the DMCA can be reached by sending an email too email@example.com.
Learn more about the Digital Millennium Copyright Act.
XI. Questions / More Info
If you have questions or requests involving your data privacy or similar, please contact us via postal or email:Data Protection Officer
University Compliance, Ethics, and Risk
Millican Hall – 3rd Floor
4365 Andromeda Loop N.
Orlando, FL 32816Contact us online
XII. Updates to this Privacy Notice
Updates to this Privacy Notice occur periodically; this page was last updated January 10, 2023.
Additional Privacy Resources
If you have questions about UCF’s Privacy Notice, please feel free to send us an email.