Rice University Privacy Notice

This document is a notice of the privacy practices for Rice University (“Rice” or “we”) websites and online applications with the intention of providing individuals who interact with these websites or online applications an understanding of how Rice may collect, use, and store personal information. By using Rice websites or online applications you are consenting to the following policies.

  1. Websites and Cookies

When you visit www.rice.edu, and other websites owned and controlled by Rice, information such as your IP address, browser type, geolocation, and pages you visit may be tracked. This information is used to analyze trends or viewing habits, monitor for abuse or malicious activity, and for website administration.

This information may be shared with a third party, at the discretion of Rice, when sharing is necessary to further these purposes. We may also provide your information to third parties in circumstances where we believe that doing so is necessary or appropriate to satisfy any applicable law, regulation, legal process or governmental request; detect, prevent or otherwise address fraud, security, or technical issues; or protect our rights and safety and the rights and safety of the users of our website or others.

Cookies are small files that are stored on your computer that help Rice understand your preferences and basic information about your visit to a Rice website. You may disable cookies for any of Rice websites by consulting the help section of your browser. 

The Rice website may be accessed from or link to third party websites (such as YouTube, Twitter, Facebook and other social media), and those websites may also use cookies; however, Rice is not responsible for these third-party cookies. You should consult those websites for information about their privacy practices.

  1. Data Security and Information Protection

Rice takes the security of your information seriously and has dedicated resources to the protection of your data. This includes technological controls that meet or exceed industry standards, and a staff that is trained in information confidentiality, integrity, and availability of electronic data, resources, and communications.  More information is available at https://iso.rice.edu/.

  1. Data Retention

Rice will keep your data for as long as it is necessary to fulfill the purpose for which it was collected. We may also keep data if such data is necessary towards fulfilling a legal obligation or demonstrating compliance with an applicable statute or regulation.  Some data is considered part of a student’s “Permanent Record,” and as such it will be securely maintained in perpetuity. 

More information about retention may be found in the following two policies:  Student Record Retention, Access, and Disposition Policy (Policy 837);  Records Management (Policy 812)

  1. Individuals in the European Economic Area and GDPR

Individuals in the European Economic Area have rights under the General Data Protection Regulation (GDPR), and should be aware that information collected by Rice websites or online applications will be processed in the United States. 

Individuals in the European Economic Area should also refer to the European Economic Area Privacy Notice, which supplements this Privacy Notice, and is available at www.rice.edu/gdpr.

  1. Personal Information of Children

Rice University websites and online applications do not knowingly solicit or accept information or data about children under the age of 13 without parental consent. If you are aware that a child under the age of 13 has provided personal information to Rice University without parental consent please contact our Chief Information Security Officer, immediately so that appropriate action may be taken.

  1. Your Rights and Contact information for questions or concerns

You may have specific rights granted to you by law, including (but not limited to):

  • Family Education Rights and Privacy Act (FERPA), applicable to certain student records
  • Health Insurance Portability and Accountability Act (HIPAA), applicable to certain medical information
  • General Data Protection Regulation (GDPR), applicable to individuals and data collected in the European Economic Area
  • Gramm-Leach-Bliley Act (GLBA), applicable to certain consumer information

You may contact the Chief Information Security Officer (CISO) with any question or concern about privacy or personal information. The CISO has also been designated as the Data Protection Officer for inquires related to the GDPR.

CISO

Marc Scarborough
Marc.Scarborough@rice.edu
713-348-6754

Information Security Office
Rice University - MS 119, P.O. Box 1892
Houston, TX 77251-1892  USA

Importantly, you may also contact the relevant governmental authority directly with any concerns.

You may also contact the Rice University Chief Compliance Officer at chetna.koshy@rice.edu or the Office of General Counsel at legal@rice.edu for any question or concern you may have.

  1. Updates and Version

Rice may update this Notice at any time. Individuals should always consult www.rice.edu/privacy for the latest version.    This version was updated on June 1, 2018.