General Data Protection Regulation

The European Union’s General Data Protection Regulation (GDPR), effective May 25, 2018, aims to strengthen data protection for individuals in the European Union (EU).

General Data Protection Regulations

In some circumstances, the GDPR’s reach extends to entities with no physical presence in the EU that control and process personal information from persons in the EU. When applicable, the GDPR provides when and how the University of Mississippi (UM) can collect, process, store, and use certain personal information received from persons in the EU. Under the GDPR UM may be a data “controller” or “processor”. 

Information protected under the GDPR includes information that can be used to identify an individual (e.g., name, address, identification number, location data, IP address, health information, criminal offense data, and photographs). Additional protections apply to information that (1) reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation; or (2) is genetic or biometric sufficient to uniquely identify a natural person.

To further the its mission, it is necessary for UM to collect, process, use and maintain data of its current and former students, employees, applicants, research subjects, supporters and others involved in the University’s educational, research, and public service programs.

Lawful Basis for Collecting and Processing Personal Information

UM has a lawful basis to collect, process, use, and maintain data of its students, employees, applicants, research subjects, supporters and others involved in its educational, research, and public service programs. The lawful basis includes, without limitation: admission; registration; delivery of classroom, online, and study abroad education; grades; communications; employment; applied research; development; program analysis for improvements; and records retention.

Most of UM’s data collection and processing will fall into the following categories:

  • Necessary for the purpose of the legitimate interests pursued by UM or third parties in providing education, employment, research and development, and public service;
  • Necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering a contract;
  • Necessary for compliance with a legal obligation to which UM is subject;
  • The data subject has given consent for UM to use his or her personal data for one or more specified purposes.

There will be some instances where UM will collect and process personal data for other lawful bases.

Information Collected

Types of personal information UM may collect, process and/or maintain include:

  • Personal details such as name, title, address, telephone number, email address, marital status, nationality, date of birth, photograph, household income, parental status, details of dependents;
  • Emergency contact information;
  • Education and employment information (including the school(s), college(s), and other educational locations you have attended; places where you have worked; the courses you have completed; dates of study and examination results);
  • Other personal background information collected during the admissions process, e.g. your socioeconomic classification, and details of your parents’ occupation and education;
  • Examination records (including records relating to assessments of your work, details of examinations taken, and your predicted and actual examination grades);
  • Information captured in your student record, including progression, achievement of milestones and progression reports;
  • Visa, passport, and immigration information;
  • Fees and financial support record (including records relating to the fees paid, student loan information and financial support, scholarships, and sponsorship);
  • Supervision, teaching, and tutorial activities;
  • Placement and internship record or study at another institution as an established component of your course of studies, or career development opportunity;
  • Information about your engagement with University support services or University facilities;
  • Information about your use of library facilities, including borrowing and fines;
  • Information about disciplinary actions (including academic misconduct), dispensations from regulations, and about any appeals and complaints raised;
  • Attendance at University degree and award ceremonies and other on-campus events;
  • Information about your use of our information and communications systems, including building access information;
  • We may also process the following "special categories" of more sensitive personal data:
    • Information about your sex and gender identity;
    • Information about your race or ethnicity and religious beliefs;
    • Information about your health, including any disability and/or medical condition;
    • Information about criminal convictions and offenses, including proceedings or allegations.

When you view pages on our site, the web server and related systems automatically collect certain technical information from your computer and about your connection. This information includes: 

  • Your IP address
  • The domain name from which you visit our site
  • User-specific information on which pages are visited
  • Aggregate information on pages visited
  • The referring website
  • The date and time of visit
  • The duration of visit
  • Your browser type
  • Your screen resolution
  • Your interactions with the web page
  • Aggregate information collected by Google Analytics

We also collect information using the following methods:

Cookies and Web Beacons: A cookie is a file that is written to your computer containing information about your visit. A web beacon (also known as a pixel tag or clear GIF) is a tiny transparent image embedded in a webpage or an email to measure usage and activity. In some cases, a web beacon triggers the placement of a persistent cookie on your device. If you prefer not to receive cookies, you may configure your browser not to accept them at all, or to notify and require approval before accepting new cookies. Some web pages may not function properly if the cookies are turned off, or you may have to provide the same information each time you visit those pages.


Third Party Services: This website uses Google Analytics, a web analytics service provided by Google, Inc. including Demographics and Interest Reporting. Google Analytics uses cookies to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google. You can use the Google Analytics Opt-Out Browser Add-on to disable tracking by Google Analytics. For more information, please visit Google’s Privacy Policy.

How We Use Information We Collect

By providing this information you acknowledge that, where permitted by federal or state law, UM may use this information for the express purposes for which the information was provided, which may include to:

  • Respond to your requests for information
  • Process applications for admission or employment
  • Process information for administrative purposes
  • Process orders for goods or services
  • Notify you of products, services, or events
  • Improve online content and communications
  • Improve University services
  • Process information for purposes as may be detailed on University websites or mobile applications

Sharing Information With Third Parties

UM works with many vendors and contractors who assist UM in fulfilling its mission. Personal information that you provide to UM, or which UM automatically collects, is used or shared with these organizations for the express purposes for which the information was collected or as otherwise expressed in this privacy statement. UM vendors and contractors are only permitted to use personal information for the express purposes permitted in their agreements with the UM. Otherwise, personal information is not released to third parties unless permitted by applicable law, including in instances where the information needs to be disclosed to protect the safety and security of the UM community or UM property, or where the UM is legally compelled by law or judicial order

Rights of the Data Subject Under the EU GDPR

If you are an individual data subject under the EU GDPR, you may obtain the following information and exercise the following rights:

  • the identity and the contact details of the controller and, where applicable, the controller’s representative;
  • an explanation of the purposes and legal basis/legitimate interests of the data collection/processing;
  • the identification of the recipients of the personal data;
  • notice if UM intends to transfer personal data to another country or international organization;
  • notice of the time period that the personal data will be stored;
  • the right to access personal data, rectify incorrect personal data, erase personal data, restrict or object to processing, and the right to data portability;
  • the right to withdraw consent at any time, if processing is based on consent;
  • the right to lodge a complaint with a supervisory authority (established in the EU);
  • an explanation of why the personal data are required, and possible consequences of the failure to provide the data;
  • notice of the existence of automated decision-making, including profiling; and
  • notice if the collected data are going to be further processed for a purpose other than that for which the information was collected.

Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.

Any data subject who wishes to exercise any of the above-mentioned rights may do so by submitting such request to helpdesk@olemiss.edu.