Privacy Statement

The University of Tennessee Foundation, Inc. (UT Foundation or UTFI) is committed to protecting the privacy of University of Tennessee students, alumni, donors, faculty, and friends. This Privacy Statement describes the types of personal data we collect and the policies and procedures we have implemented to safeguard it. If you have additional questions or concerns not addressed in this Privacy Statement, please contact yourprivacy@utfi.org.

What personal information do we collect?

While specific information may vary from individual to individual, the UT Foundation may collect, store, use, and share (with authorized users and third-party vendors) the following types of personal data:

Biographic and demographic information, including names, mailing addresses, email addresses, phone numbers, social media accounts, birth and death dates, gender, and ethnicity.
Student information, including degrees, years of graduation, majors, college and department affiliations, student activities, awards, and athletics.
Employment information, including job titles, occupations, specializations, company names, business mailing addresses, email addresses, and phone numbers.
Family information, including names of spouses/partners and children. We also link the accounts of family members in order to share credit for philanthropic gifts and to reduce print mailings.
Alumni information, including volunteer activities and participation, event attendance, board participation, honors, and awards.
Donor information, including individual giving transactions, pledged gifts, stewardship efforts, contact reports, wealth assessments, and other indicators of a person’s likelihood to donate to UT.
Web analytic information, including email engagement data, authenticated activity on UTFI websites, and public social media usage.

How do we collect personal information?

The UT Foundation receives personal information from multiple sources on each UT campus. We typically receive and load student data for new alumni within two months of commencement. We also collect personal information directly from our alumni, donors, faculty, and students when they make a gift, register for an event, fill out a form, or, as is often the case, contact us directly and request to have their records updated.

On occasion, we also partner with third-party sources who have contracted with us in order to assist in updating information and providing informational materials. We also collect data from standard Internet searches and from other publicly-accessible resources, including social media.

How do we use personal information?

The UT Foundation uses personal information only for secure and legitimate purposes that directly support the primary missions of the University of Tennessee, including:

Communication
Every magazine, postcard, event invitation, email, and phone call that an alumnus or donor receives from UT begins with our data. The system also allows us to note and honor communication preferences. For example, if an alumna requests to no longer receive magazines, we will exclude her from all future mailings.

Fundraising
Personal information drives the University of Tennessee’s philanthropic efforts, from planning years-long campaign efforts, identifying potential donors, and tracking progress to making solicitations, processing gifts, and thanking donors for their support. As with UT’s communication efforts, we also use this data to note and honor solicitation preferences.

Research
Our data is an invaluable tool for better understanding the University of Tennessee’s constituents and, as a result, for more effectively and efficiently addressing their widely varying needs. Alumni attitude surveys are a key building block for the university’s strategic planning processes, and information about our alumni, donors, faculty, and students—presented in aggregate and completely anonymous—has been used in academic, statistical research.

How is personal information stored and accessed?

The UT Foundation has put in place reasonable physical, technical, and administrative safeguards to prevent unauthorized access to or use of personal information. Only authenticated users with specific permissions may access our data. We use firewalls and regular monitoring to evaluate any attempts at accessing the system without permission.

The primary users of UT’s personal data are full-time employees of the UT Foundation. Access is granted by an administrator only after the employee has been trained and has agreed to abide by all policies governing the use of confidential information. All personal information transferred from a UT Foundation database must be properly secured and then promptly destroyed upon completion of the task. When a UT employee or alumni volunteer receives data from the UT Foundation—for example, a file containing mailing addresses for an alumni magazine—he or she must follow identical protocols.

The UT Foundation also occasionally shares personal information with third-party vendors but only under the terms of an approved contract and after the signing of a vendor confidentiality form. The UT Foundation will not share your information with third parties except:

As necessary to meet one of UTFI’s lawful purposes, including but not limited to: any legitimate interest related to UTFI’s mission or operation, contract compliance, pursuant to consent provided by you, and as required by law.
As necessary to protect UTFI’s interests.
With service providers acting on our behalf who have agreed to protect the confidentiality of the data by signing our vendor confidentiality form.

How long do we store personal information?

The mission of the UT Foundation is to honor and cultivate a lifelong relationship between the University of Tennessee and its students, alumni, donors, facult and friends. Certain student records and gift transaction details must be stored permanently for auditing purposes. Otherwise, we accommodate to the best of our ability all requests to change contact and solicitation preferences. For more information, see the UT Foundation’s Records Retention Schedule.

What are my rights under the GDPR?

If you are in the European Economic Area, you may have the right to:

Acquire contact details for the controller and UT’s Data Protection Officers
An explanation of the purposes and legal bases of the data collection and identification of the recipients of the personal data
Written notice if UT intends to transfer personal data to another country or international organization, along with notice of the time period that the personal data will be stored
Access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability
Withdraw consent at any time, if processing is based on consent, and to lodge a complaint with a supervisory authority (established in the EU)
An explanation of why the personal data are required, and possible consequences of the failure to provide the data
Notice of the existence of automated decision-making, including profiling, and notice if the collected data are going to be further processed for a purpose other than that for which it was collected

If you wish to exercise any of the above-mentioned rights, please do so by submitting your request to the Data Protection Officer for the applicable UT campus or institute.

If you provide information directly to the UT Foundation from the European Economic Area (EEA), you consent to the transfer of personal information outside of the EEA to the United States. If you understand that the current laws and regulations of the United States may not provide the same level of protection as the privacy laws and regulations of the EEA.

Your consent is voluntary and can be withdrawn at any time by using our GDPR Access and Rights Request Form.

Additional Information

We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on our website or by contacting you directly.

This Policy Statement was last updated on May 25, 2018.