Please note that this summary of the University of California Davis’ Privacy Notice does not constitute the full University of California Davis Website Privacy Notice. For a full description of how we collect, use, and otherwise process your personal information, we encourage you to consult our Privacy Notice.
This Privacy Notice Summary provides a high-level overview of how the University of California Davis (“UC Davis,” “we,” “us” or “our”) collects, uses, and discloses your personal information when you visit our website https://health.ucdavis.edu/, https://www.ucdavis.edu/ (or other websites we own and operate that link to this Privacy Notice), and otherwise access our services (collectively, the “Services”).
This Privacy Notice Summary does not apply to the collection, use, and disclosure of your protected health information. Please see our HIPAA Notice of Privacy Practices (https://health.ucdavis.edu/compliance/privacy/hipaa/) for more information about how UC Davis Health collects, uses, and discloses your protected health information under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Collection and Use of Personal Information
We may collect the following categories of personal information from you when you access or use our Services: (i) information collected directly from you (for example, your contact information or payment information); (ii) information we automatically collect using online tracking technologies (for example, log and analytics data); and (iii) information we collect from third parties (for example, from other locations, units, or departments that are part of the University of California). We may use such personal information to, among other things, deliver the Services you have requested; manage our operations; communicate with you; request that you complete surveys about our organization and Services; or market products and services that we think you may be interested in.
Disclosure of Personal Information
We may disclose or otherwise share your personal information with third parties, such as with other locations, units, or departments within the University of California; marketing providers; online advertising partners; and customer service providers (among other third parties). We may also disclose your personal information with third parties at your direction or with your consent. We will not distribute or share “electronically collected personal information” (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances set forth in our detailed Privacy Notice. We will not sell any electronically collected personal information to any third party.
Control Over Your Information
You can choose to stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. If you have any questions about reviewing, modifying, deleting, or would like to have your personal information discarded without reuse or distribution, you may contact us directly at the contact information below. We may not be able to modify or delete your information in all circumstances.
Privacy Disclosures for The European Economic Area (“EEA”), United Kingdom (“UK”), And Switzerland
If you have any questions about our processing of your personal information after consulting the UC Davis Website Privacy Notice, please contact us via one of the following methods:
For UC Davis Campus:
For UC Davis Health:
Mail: UC Davis Health
Compliance and Privacy Services
2315 Stockton Blvd.
Sherman Way Bldg., Suite 3100
Sacramento, CA 95817
Last Updated: Aug. 30, 2023
This Privacy Notice explains how the University of California Davis (“UC Davis”, “we”, “us” or “our”) collects, uses, discloses, and otherwise processes personal information (as defined below) in connection with our website https://health.ucdavis.edu/, https://www.ucdavis.edu/, and other websites we own and operate that link to this Privacy Notice (the “Sites”), and the related content, platform, services, products, and other functionality offered on or through our services (collectively, the “Services”). It does not address our privacy practices relating to UC Davis employees, students, affiliates, and other personnel, except where these individuals are interacting with the UC Davis Sites in their capacity as a member of the public.
UC Davis is the controller of the personal information we hold about you in connection with your use of the Services. This means that we determine and are responsible for how your personal information is used.
This Privacy Notice does not apply to the collection, use, and disclosure of your protected health information. Please see our HIPAA Notice of Privacy Practices (PDF) (https://health.ucdavis.edu/compliance/privacy/hipaa/) for more information about how UC Davis Health collects, uses, and discloses your protected health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
This Privacy Notice is designed to apply to our Site visitors and users of our Services. We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions or states. Please refer below for disclosures that may be applicable to you:
When we collect personal information that is part of a student or an applicant’s educational record (“Student Data”), we collect, use, store, and otherwise process such information in accordance with the Family Educational Rights and Privacy Act (FERPA). To the extent that our processing practices in connection with Student Data differ from this Privacy Notice, the practices described in this Privacy Notice will not apply.
I. WHAT IS PERSONAL INFORMATION?
When we use the term “personal information” in this Privacy Notice, we mean any data or information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or any other data or information that constitutes “personal data”, “personal information,” or “personally identifiable information.” As noted above, it does not include protected health information under HIPAA.
II. OUR COLLECTION AND USE OF INFORMATION
We collect personal information in a variety of ways. For example, you may provide us your personal information when you contact us or send us messages, conduct a search on our Sites, subscribe to our mailing lists, newsletters or other forms of marketing communications, submit a job application, participate in a survey, make a purchase at our gift shop, or use some other feature of our Service.
We may link or combine your activities and information collected from you on our websites and mobile apps with information we receive from third parties, as well as information we collect automatically through tracking technologies (defined below). This allows us to provide you with a personalized experience regardless of how you interact with us.
We may collect the following categories of personal information submitted to us by individuals through the Services:
As is true of many digital properties, we and our third-party partners may automatically collect certain information from or in connection with your device when visiting or interacting with our Services, such as the list below and in the sub-sections here:
We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies, and logging technologies (collectively, “cookies”) to automatically collect this personal information. We may also use this information to distinguish you from other users of our Services. This helps us monitor and analyze how you use and interact with our Services. It also helps us and our partners to determine products and services that may be of interest to you.
For more information about these practices and your choices regarding cookies, please see the Cookie Notice.
We also obtain personal information from third parties, which we often combine with personal information we collect either automatically or directly from an individual.
We may receive the same categories of personal information as described above from the following third parties:
Through the provision of our Services, we may also process anonymous or otherwise deidentified information that cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer or household. UC Davis commits to maintain and use the information in deidentified form and will not attempt to reidentify the information, except in instances where necessary for determining whether the deidentification process used by UC Davis satisfies the requirements under applicable law.
We may use personal information we collect to:
Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry/request and/or personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.
UC Davis’s information management practices conform to the requirements of the Information Practices Act of 1977 (Civil Code Section 1798, et seq.), the Public Records Act (California Government Code section 7920.000 et seq.), California Government Code Section 11015.5, the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), and other applicable laws pertaining to information privacy
Any information acquired by UC Davis through the Sites is subject to the limitations set forth in the Information Practices Act. UC Davis will not distribute or share electronically collected personal information (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances set forth in this Notice. UC Davis will not sell any electronically collected personal information to any third party. Such electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (commencing with section 7920.000) of Division 10 of Title 1).
III. Our Disclosure of Information
We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:
UC Davis will not distribute or share “electronically collected personal information” (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances as set forth in this Privacy Notice, such as instances when authorized under law (including but not limited to the Information Practices Act), or to assist another state agency or public law enforcement organization in any case where the security of a network operated by a state agency has been, or is suspected of having been, breached. UC Davis will not sell any electronically collected personal information to any third party. Such electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (commencing with section 7920.000 of Division 10 of Title 1).
IV. Your RIGHTS AND CHOICES Over Your Information
You may control your information in the following ways:
You may exercise your rights and submit any questions or concerns using the procedure under “Contacting Us.”
V. CHILDREN’S PERSONAL INFORMATION
Our Sites are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If an individual is under the age of 13, they should not use our Sites or otherwise provide us with any personal information either directly or by other means. Note that as part of some of our programs or services (i.e., campus summer programs), we may collect the personal information from or about children under 13 with parental or legal guardian consent. If a child under the age of 13 has provided personal information to us without parent or guardian consent, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. In all instances, if we learn that any personal information we collect has been provided by a child under the age of 13, we will promptly delete that personal information.
VI. LINKS TO THIRD-PARTY WEBSITES OR SERVICES
Our Services may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices.
VII. UPDATES TO THIS PRIVACY NOTICE
We may update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.
VIII. CONTACT US
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please contact us by using one of the following methods:
For UC Davis Campus, please contact:
UC Davis Campus Privacy Officer
For UC Davis Health, please contact:
UC Davis Health Chief Privacy Officer
Last Modified: Aug. 30, 2023
Unless otherwise expressly stated, terms in this notice have the same meaning as defined in the Privacy Notice.
1. SCOPE OF NOTICE
2. WHAT ARE COOKIES AND RELATED TECHNOLOGIES
We use the following types of cookies:
3. WHAT WE COLLECT WHEN USING COOKIES
We may include or engage in the following as part of our Services:
4. HOW WE USE INFORMATION COLLECTED VIA COOKIES
Please note that we link some of the information we collect through cookies with the other personal information that we collect about you and for the purposes described in our Privacy Notice.
Note UC Davis will not distribute or share “electronically collected personal information” (as defined in subdivision (d) of California Government Code Section 11015.5) about users to any third party without the permission of the user, except in narrow circumstances as set forth in our Privacy Notice. UC Davis will not sell any electronically collected personal information to any third party.
5. YOUR CHOICES ABOUT COOKIES
If you are located in the European Economic Area, United Kingdom, or Switzerland, other than strictly necessary cookies, which are required for the operation of our Service, we will only place cookies on your device if you give us your consent to do so. We will ask you to tell us which cookies you agree to receive when you first access our Service.
Most browsers will allow you to change the setting of cookies by adjusting the settings on your browser to: (i) notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Be aware that disabling cookies may negatively affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionalities and features of the Services.
Depending on your device and operating system, you may not be able to delete or block all cookies. In addition, if you want to reject cookies across all your browsers and devices, you will need to do so on each browser on each device you actively use. These settings will typically be found in the "options" or "preferences" menu of your browser. In order to understand these settings, the following links may be helpful, otherwise you should use the "Help" option in your browser for more details.
You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.
If you would like to find out more about cookies and other similar technologies, please visit www.allaboutcookies.org. or the Network Advertising Initiative's online sources at www.networkadvertising.org.
Please note that deleting or blocking cookies may not be effective for all types of tracking technologies, such as Local Storage Objects (LSOs) like HTML5.
Last Modified: Aug. 30, 2023
These Privacy Disclosures set out information about how we use your personal data if you are located in the European Economic Area (“EEA”), United Kingdom ("UK"), or Switzerland, or otherwise engage in or access our EEA, UK or Switzerland Services from those regions.. Please ensure that you have read and understood these Privacy Disclosures before you access or use the Service.
Personal Data: When we use the term “personal data” in these Privacy Disclosures, we mean information relating to an identified or identifiable natural person.
Controller: The Regents of the University of California, organized under the laws of United States of America, having its registered address at 1111 Franklin St. Oakland, California, 94607, is the “controller” responsible for the processing of personal data in connection with our Service. This means that we determine and are responsible for how your personal data is used.
Please contact UC Davis if you have any queries in relation to your rights, these Privacy Disclosures and our Privacy Notice, or general privacy matters. Please ensure you reference our entity name (UC Davis or UC Davis Health) in any correspondence you send our representative.
By email at email@example.com.
1. LEGAL BASES FOR THE PROCESSING
We may use your personal data based on the following legal grounds according to the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR:
The table at Annex 1 (PDF) and Annex 2 (PDF) set out further detail about the categories of personal data we collect about you, how we use that information when you use the Service, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.
We may link or combine the personal data we collect about you and the information we collect automatically.
We may anonymise and aggregate any of the personal data we collect (so that it is no longer linked to you and does not identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the Service. We may also share such anonymised and aggregated information with others.
We will also indicate to you, at the point that we collect personal data from you, if the provision of certain personal data is mandatory or optional. Some information, such as your name, address, payment transaction information, and information on your requested services, may be necessary for your use of certain features and functionalities of the Service. If you choose not to provide personal data marked as mandatory, we may not be able to provide those aspects of the Service to you, or to respond to your queries and other requests.
2. HOW LONG WE STORE YOUR PERSONAL DATA
We generally store your personal data for the duration necessary for the data collection purposes identified by the specific UC application or program, unless we are required to do so to comply with applicable law or if we believe your personal data may be necessary to deal with a complaint or legal claim.
3. MARKETING AND ADVERTISING
We may contact you with information about our services, including sending you marketing messages and asking for your feedback on our services. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.
4. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION
Security. We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, change or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
International Transfers of your Personal Information. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom, or Switzerland your personal data may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognised as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards that require the recipient to treat the personal data in a manner that is essentially equivalent to that guaranteed in the country you are in. If you are located in the EEA, United Kingdom or Switzerland, these safeguards include entering into agreements that incorporate the standard contractual clauses adopted by the European Commission and approved by the UK Information Commissioner.
5. PROFILING AND AUTOMATED DECISION-MAKING
We may analyse personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use personal data about you to detect and reduce fraud and credit risk.
We may use your personal data for automated individual decision-making, in which case we will inform you of such processing activities and any potential impact of such processing activities.
6. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA
In accordance with applicable privacy law, you have the following rights in respect of your personal data that we hold:
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
If you wish to exercise one of these rights, please email us at: Privacy@ucdavis.edu.
Due to the confidential nature of data processing we may ask you to confirm your identity when exercising the above rights.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html).
7. COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR SERVICES