This document is a notice of the privacy practices for Rice University (“Rice” or “we”) websites and online applications with the intention of providing individuals who interact with these websites or online applications an understanding of how Rice may collect, use, and store personal information. By using Rice websites or online applications you are consenting to the following policies.
- Websites and Cookies
When you visit www.rice.edu, and other websites owned and controlled by Rice, information such as your IP address, browser type, geolocation, and pages you visit may be tracked. This information is used to analyze trends or viewing habits, monitor for abuse or malicious activity, and for website administration.
This information may be shared with a third party, at the discretion of Rice, when sharing is necessary to further these purposes. We may also provide your information to third parties in circumstances where we believe that doing so is necessary or appropriate to satisfy any applicable law, regulation, legal process or governmental request; detect, prevent or otherwise address fraud, security, or technical issues; or protect our rights and safety and the rights and safety of the users of our website or others.
Cookies are small files that are stored on your computer that help Rice understand your preferences and basic information about your visit to a Rice website. You may disable cookies for any of Rice websites by consulting the help section of your browser.
- Data Security and Information Protection
Rice takes the security of your information seriously and has dedicated resources to the protection of your data. This includes technological controls that meet or exceed industry standards, and a staff that is trained in information confidentiality, integrity, and availability of electronic data, resources, and communications. More information is available at https://vpit.rice.edu/information-security.
- Data Retention
Rice will keep your data for as long as it is necessary to fulfill the purpose for which it was collected. We may also keep data if such data is necessary towards fulfilling a legal obligation or demonstrating compliance with an applicable statute or regulation. Some data is considered part of a student’s “Permanent Record,” and as such it will be securely maintained in perpetuity.
- Individuals in the European Economic Area and GDPR
Individuals in the European Economic Area have rights under the General Data Protection Regulation (GDPR), and should be aware that information collected by Rice websites or online applications will be processed in the United States.
Individuals in the European Economic Area should also refer to the European Economic Area Privacy Notice, which supplements this Privacy Notice, and is available at www.rice.edu/gdpr.
- Personal Information of Children
Rice University websites and online applications do not knowingly solicit or accept information or data about children under the age of 13 without parental consent. If you are aware that a child under the age of 13 has provided personal information to Rice University without parental consent please contact our Chief Information Security Officer, immediately so that appropriate action may be taken.
- Your Rights and Contact information for questions or concerns
You may have specific rights granted to you by law, including (but not limited to):
- Family Education Rights and Privacy Act (FERPA), applicable to certain student records
- Health Insurance Portability and Accountability Act (HIPAA), applicable to certain medical information
- General Data Protection Regulation (GDPR), applicable to individuals and data collected in the European Economic Area
- Gramm-Leach-Bliley Act (GLBA), applicable to certain consumer information
You may contact the Chief Information Security Officer (Marc Scarborough) with any question or concern about privacy or personal information. He has also been designated as the Data Protection Officer for inquires related to the GDPR.
He may be contacted at Marc.Scarborough@rice.edu or at 1-713-348-6754, or by mail at:
CISO, Office of Information Technology
Rice University - MS 119, P.O. Box 1892
Houston, TX 77251-1892 USA
Importantly, you may also contact the relevant governmental authority directly with any concerns.
- Updates and Version
Rice may update this Notice at any time. Individuals should always consult www.rice.edu/privacy for the latest version. This version was updated on June 1, 2018.