Columbia University Privacy Notice

Effective date: May 22, 2018

This privacy notice describes how Columbia University (“we”, “our” or “us”) collects and processes personal information about you through https://www.columbia.edu/ and all other Columbia websites and applications that link to this privacy notice (the “Services”), or, e.g. for employees, through the course of your employment with Columbia, how we use and protect this information, and your rights in relation to this information.

Columbia University is committed to protecting your privacy.

This privacy notice applies to all personal information we collect or process about you. Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified.

We collect personal information about you from a variety of sources, including from you directly (e.g. when you contact us or sign up for an account), information we generate about you in the course of our relationship with you (e.g. data collected from cookies and other similar technologies which is described in our cookie notice and information we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

We may be required by law to collect certain personal information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfillment of these obligations.

Information we collect directly from you

The categories of information that we may collect directly from you include, but are not limited to, the following:

(a) personal details (e.g. name, date of birth);

(b) contact details (e.g. phone number, email address, postal address or mobile number);

(c) account details (e.g. username and password);

(d) transaction details (e.g. when you pay tuition or make purchases);

(e) communications (e.g. when you participate in message boards or forums, participate in polls or surveys, write a review or contact us with a question, comment or request)

Information we collect about your use of services

The following are examples of the other categories of information which we may collect about you:

(a) Technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system);

(b) Information about your usage of our Websites (e.g. the pages you visit when using the Services, the search terms you enter on the Services, how often you use the Services, and the pages you access before and after accessing the Services);

(c) Information which we generate as a result of your use of the Services (e.g. our understanding of your interests as a result of your use of the Services and whether you are a regular or occasional user of the Services)   

(d) Respecting employees, information about your employment (e.g. line manager information, team designation, performance review information)

(e) Respecting employees, information about your use of the Columbia computer systems (e.g. emails sent and received, websites accessed using Columbia equipment)

(f) Respecting employees, information may include generated information such as appraisals, profiles, history of our relationship with you, etc.

Information we collect from other sources

The following are examples of the categories of information we may collect from other from third parties sources, such as online advertising agencies, fraud prevention agencies, or publicly available information. Please note that this is not an exhaustive list of categories.

(a) personal details (e.g. name, date of birth);

(b) contact details (e.g. phone number, email address, postal address or mobile number);

(c) details about advertising preferences (e.g. products purchased, interaction with advertisements online).

We may use your personal information for the following purposes:

  • Identification and authentication: We use your identification information to verify your identity when you access and use our Services and to ensure the security of your personal information. This is so we can comply with our contractual obligations to you.
  • Operating the Services: We process your personal information to provide the Services you have requested. This is so we can comply with our contractual obligations to you.
  • Improving our Services: We analyze information about how you use our Services to provide an improved experience for our customers of all our Services, including product testing and site analytics. It is in our legitimate business interests to use the information provided to us for this purpose, so we can understand any issues with our Services and improve them.
  • Communicating with you: We may use your personal information when we communicate with you, for example if we are providing information about changes to the terms and conditions or if you contact us with questions. It is in our legitimate interests that we are able to provide you with appropriate responses and provide you with notices about our Services.
  • Marketing: we may use your personal information to build a profile about you and place you into particular marketing segments in order to understand your preferences better and to appropriately personalize the marketing messages we send to you.  It is in our legitimate interest to provide more relevant and interesting advertising messages. Where necessary, we will obtain your consent before sending such marketing messages.
  • Exercising our rights: we may use your personal information to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our Terms of Use or Terms of Service.
  • Complying with our obligations: we may process your personal information to, for example, carry out fraud prevention checks or comply with other legal or regulatory requirements, where this is explicitly required by law.
  • Customizing your experience: when you use the Services, we may use your personal information to improve your experience of the Services, such as by providing interactive or personalized elements on the Services and providing you with content based on your interests.

We may also anonymize your personal information in such a way that you may not reasonably be re-identified by us or any other organization, and may use this anonymized information for any other purpose.

We may share your personal information with third parties under the following circumstances which include but are not limited to:

  • Service providers and business partners: we may share your personal information with our service providers and business partners that perform marketing services and other business operations for us for the purposes set forth above. For example, we may partner with companies to process secure payments, fulfill orders, optimize services, serve online behavioral advertising, send newsletters and marketing messages, support email and messaging services, and analyze information. These service providers and business partners may include advertising agencies and fraud prevention agencies which will use your personal information only in the ways described in this privacy notice.
  • Where required by law: we may share your personal information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

You have certain rights regarding the personal information we hold about you, subject to local law. These may include the rights to access, correct, delete, restrict or object to our use of, or receive a portable copy in a usable electronic format of your personal information. You also may have a right to lodge a complaint with your local data protection or privacy regulator.

We encourage you to contact us at the contact information set forth below to update or correct your information if it changes or if the personal information we hold about you is inaccurate.  Where you have provided your consent to any use of your personal information, you can withdraw this consent at any time.

Please note that we may require additional information from you in order to honor your requests.

If you would like to discuss or exercise any rights you may have under law, please contact us at the contact information set forth below.

Automated decisions about you

We also make automated decisions about you based on your personal information to deliver personalized offers, discounts or recommendations.  

Subject to local legal requirements and limitations, you can contact us to object to our use of automated decision-making.

We implement physical, technical, and organizational security measures designed to safeguard the personal information we process through the Services. These measures are aimed at providing on-going integrity and confidentiality for your personal information. We evaluate and update these measures on a regular basis. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information.

We retain your personal information for as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal obligations.  We may also retain records to investigate or defend against potential legal claims.

Your personal information may be transferred to, stored, and processed in a country that is not regarded as providing the same level of protection for personal information as the laws of your home country, and may be available to the government of those countries under a lawful order made in those countries.

We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to provide adequate protections for your personal information. For more information on the appropriate safeguards in place and to obtain a copy of such safeguards, please contact us at the contact information set forth below.

For purposes of the European General Data Protection Regulation, Columbia University is the controller responsible for the personal information we collect and process.

If you have questions or concerns regarding the way in which your personal information has been used, please contact gdpr-requests@columbia.edu.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.

We may modify or update this privacy notice from time to time. If we make any revisions that materially change the ways in which we process your personal information, we will notify you of these changes before applying them to that personal information.