- Transparency Regarding the Use of Your Personal Data
As part of our commitment to protecting your privacy, this statement is designed to provide you with information regarding how Continuing and Professional Education (CPE), part of UC Davis, collects and processes the information you share when you use our websites located at cpe.ucdavis.edu, humanservices.ucdavis.edu, and cie.ucdavis.edu, and each of its associated domains (together, the "Sites"), utilize the services of ours which include inquiring about, applying for and enrolling in classes and webinars, applying for scholarships to CPE programs or when you otherwise communicate with CPE (“CPE Services”). This statement is applicable to individuals using CPE Services who are located in the European Economic Area (“EEA”).
For purposes of the General Data Protection Regulation (“GDPR”), the data controller is the Regents of the University of California, with a location at Davis One Shields Avenue, Davis, CA 95616.
- Your Personal Data We Use
Information you provide directly to UC: CPE collects personal information about you called Personal Data. Your Personal Data is collected when you register or fill in a form on the CPE Services websites or contact CPE. This includes information you provide when you register to use our Services, inquire about, apply for or enroll in our classes or programs, subscribe to newsletters or email alerts, sign up for a webinar or information session, place an order, apply for scholarships, or participate in discussion boards on our Services. Depending upon the specific CPE Service you use, the information you give us includes your name, address and telephone number, e-mail address, payment information, birth date, Social Security Number, and educational transcripts, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data.
We also collect more sensitive information about you, with your explicit consent, where the processing is necessary to meet a legal or regulatory obligation, the processing is in connection with UC establishing, exercising or defending legal claims, or is otherwise expressly permitted by GDPR. This sensitive information includes information about your age, gender, ethnicity, income and education level.
In addition to log and cookie data, we also collect information about the device you’re using to access the Services, including what type of device it is, what operating system you are using, device settings, unique device identifiers and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings. For example, different types of information are available depending on whether you are using a Mac or a PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
Information from Other Sources: We also obtain information about you from other sources and combine that information with information we collect from you directly. For example, our international university and recruiting partners collect information that you give them directly and they provide it to us so we can send you information and assist with your enrollment. The information we obtain from these sources could include your name, email address, phone number and address, program of interest, gender, date of birth, emergency contact, English level, TOEFL score, preferred housing situation, plans after your program ends, and dependent information, as well as any information about you that is associated with or linked to, or could be linked to, any of the foregoing data.
- How We Use Your Personal Data and the Lawful Basis for Such Processing
CPE processes your Personal Data for the following purposes and bases:
- Providing you with information regarding CPE programs, events and initiatives. We will generally only do this where it is in our legitimate interest and where you have not objected or withdrawn any prior consent given,
- Evaluating your eligibility for admission into CPE programs. This is generally required for programs that have prerequisites or applications,
- Evaluating your eligibility and qualifications for scholarship applications. This is generally required as part of our decision-making process to ensure we select appropriate candidates,
- UC may also be required to disclose your Personal Data to authorities who can request this information by law that is binding on UC,
- Utilizing sensitive personal data in connection with CPE Services, with your consent,
- Making automated decisions in order to provide tailored products and services. Examples of this include emailing you content based upon a program you’ve expressed interest in or the timeframe within which you’ve indicated you’d like to enroll, informing you of future classes that are related to classes you’ve taken, serving you advertising on third-party sites based on pages you’ve visited on CPE’s site or links you’ve clicked on in a CPE email, etc. For more information on automated decisions, including instructions on how to opt-out of such activities, please see below.
In certain instances, UC may be required to obtain your consent to collect and process your Personal Data for a specific purpose. This depends on the specific category of data collected and the intended use of the data. In these instances, the UC Service will inform you of the specific category of Personal Data that will be collected and the intended purpose of the collection, and will request that you affirmatively indicate that you consent to the intended collection of your Personal Data for that purpose, prior to collecting the data.
In these instances, if you do not consent to the collection and intended processing purpose, UC will refrain from collecting and processing your Personal Data.
- Recipients of Your Personal Data
CPE may share your Personal Data with the following recipients:
- Other UC locations or departments: Other UC locations or departments in order to provide you with a UC Service or where it is in UC’s legitimate interests.
- Service Providers: Vendors that need access to your Personal Data in order to provide CPE’s Services. Technology vendors such as Salesforce, for example, have access to your data as part of the data management, outreach, maintenance and system implementation services they provide.
- Public and Governmental Authorities: Entities that regulate or have jurisdiction over UC such as regulatory authorities, law enforcement, public bodies, and judicial bodies.
- Advertising Platforms: Sites such as Facebook, LinkedIn and Google to serve you advertising about CPE products and services and/or to help identify individuals with similar interests and demographics as you to serve advertising about CPE products and services.
If your Personal Data is shared with a third party, UC will require that the third party use appropriate measures to protect the confidentiality and security of your Personal Data.
We may also need to share your Personal Data as required to respond to lawful requests and legal process; to protect our rights and property and those of our agents, customers and others, including to enforce our agreements and policies; and in an emergency, to protect UC and the safety of our students, faculty and staff or any third party.
UC takes appropriate physical, administrative and technical measures to protect Personal Data that are consistent with applicable privacy and data security laws and regulations. We maintain safeguards to protect the security, integrity, and privacy of your Personal Data, including the following practices: (a) storing information we collect on computer systems located in controlled facilities with limited access; (b) protecting the transmission of your information over the Internet, through the use of encryption, such as the Secure Socket Layer (SSL) protocol; (c) using a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosures; and (d) limiting access to data to only authorized personnel. We endeavor to protect the privacy of the Personal Data we hold in our records, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Data. For more information about how UC protects data, refer to the UC Davis Web Privacy Page.
- Retaining and Deleting Your Personal Data
UC will only retain your Personal Data for the duration necessary for the data collection purposes identified above, unless there is a legal requirement to maintain it for a longer period.
- International Transfer of Your Personal Data
In order to fulfill the intended processing purposes described above, your Personal Data will be transferred outside of the European Economic Area (EEA), specifically to the United States, which does not protect Personal Data in the same way that it is protected in the EEA. UC will undertake appropriate measures to ensure adequate protection of Personal Data, including utilizing appropriate physical, administrative, and technical safeguards to protect Personal Data, as well as executing standard contractual clauses approved by the European Commission or a supervisory authority under GDPR, or obtaining your consent, where appropriate.
- Automated Decisions and Behavioral Advertising
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved or that have similarly significant impact.
CPE makes automated decisions and utilizes profiling for the purpose of providing tailored products, services, content and advertising.
In certain instances, UC may be required to obtain your consent to make automated decisions or profile. In these instances, UC will inform you of the automated decision-making or profiling, and will request that you affirmatively indicate that you consent to the intended use of your Personal Data for that purpose, prior to the automated decision-making or profiling. Where automated decisions are made or profiling is used, affected persons will be given an opportunity to express their views on the automated decision in question and instructions on how such persons can object to, or opt out of such processing.
- Your Rights
As required by the General Data Protection Regulation and applicable EU Member State and EEA state law, if you are located in the European Economic Area, you have a right to:
- Access your Personal Data, as well as information relating to the recipients of your Personal Data, the purposes of processing your Personal Data, the duration for which the Personal Data will be stored, and the source of Personal Data that has not been provided by you;
- Rectify or correct inaccurate or incomplete Personal Data concerning you, taking into account the purposes of the processing, and the right to have incomplete Personal Data completed;
- Move your Personal Data to another controller or processor. UC will facilitate the lawful transfer of your data to the extent possible;
- Have your Personal Data erased in certain circumstances;
- Restrict the processing of your Personal Data in certain circumstances;
- Object to the processing of Personal Data in certain circumstances;
- Withdraw your consent to the processing of your Personal Data, should UC ask for your consent for the processing of your Personal Data. The withdrawal does not affect the lawfulness of processing based on your consent before its withdrawal.
- Know whether your Personal Data is being used for automated decision-making, including profiling. In those cases, UC will give you meaningful information about the logic involved, the significance and the envisaged consequences of such processing for your data, and the right to request human intervention; and
- Lodge a complaint with a supervisory authority.
UC may be obligated to retain your Personal Data as required by U.S. federal or state law. If you wish to exercise your rights, you can contact the UC Privacy Official identified below. [Optional – you may add the following:
- Questions and Complaints; UC Privacy Official
If you have questions or complaints about our treatment of your Personal Data, or about our privacy practices more generally, please feel free to contact: UC Davis Campus Privacy Officer or UC Davis Continuing and Professional Education Interim IT Director Brent Martin.
Effective Date: This statement is effective as of 6/2/22.