Web Privacy Statement
Web Privacy Statement
Web Privacy Notice
The Big Ten Academic Alliance (“Consortium”) owns, controls, operates and/or maintains Web sites under a number of domains hosted by the University of Illinois (collectively, “Consortim Web”). This Web Privacy Notice applies to all domains within Consortium Web.
As part of its commitment to maintain the privacy of users of Consortium Web sites, the Consortium has developed this privacy notice. The notice has three purposes:
- To inform users and Web practitioners about specific privacy guidelines employed at the Consortium.
- To notify users about the terms and conditions governing use of the Consortium Website.
- To notify users this notice applies generally to the provision of personal information by individuals in the European Economic Area. It explains how the Consortium meets its obligations under the European Union General Data Protection Regulation with respect to such information.
Rule on Sharing of Information
The Consortium uses the Consortium Web for business purposes and is committed to ensuring the privacy of personal information. Use of the Consortium Web is subject to all applicable state and federal laws, as well as our general policies. It is our usual practice not to share any personal information with those outside the Consortium. However, when circumstances arise for the need to share information gathered from its Consortium Web servers, the Consortium may share as:
- authorized by law,
- permitted under our policies,
- authorized by an approved Consortium contract,
- clearly stated at a Consortium Web site that such information will be shared and the user indicates consent by providing the information,
- consent is otherwise given,
- available, certain student and employee demographic information with the Consortium member institutions and other educational institutions with questions about students who have been admitted or earned a degree from a member institution, or
- authorized for good cause by the Provosts of the Consortium.
Exceptions to Rule
The Consortium Web consists of several Web servers. Some servers hosted by the Consortium may adopt diﬀerent privacy notices as their speciﬁc needs require. If another Consortium Web server has a privacy notice that is diﬀerent from this notice, then that notice must be approved by the Consortium Executive Director or equivalent administrator responsible for that domain, and it must be posted on the site that has adopted the diﬀerent notice. However, those sites cannot adopt a privacy notice that in any way supersedes federal or state laws or regulations or our policies.
Online Surveys and Other Information Provided by the User
In the course of using Consortium Web sites, a user may choose to provide information to help the Consortium serve that user’s needs. At any time there are numerous online surveys being conducted on Consortium Web sites. Person(s) responsible for conducting online surveys that collect personally‑identiﬁable information should clearly state at the survey site the extent to which any information provided will be shared. Aggregate data from surveys may be shared with external third parties in ways that do not compromise privacy.
Some units of the Consortium provide mailing lists, forums, and message boards for their users. Any information that is disclosed in these areas may become public information and a user should therefore exercise caution when deciding to disclose one’s personal information in such places. Message board sessions and discussion forums may be logged.
Several sites within the Consortium enable payment for products or services online with a credit card. These transactions are commercially secure and utilize a centralized process. The Consortium follows the policies set forth by the University of Illinois at Urbana‑Champaign. For additional details, see Section 21 of the University’s Business and Financial Policies and Procedures Manual (“Credit Card Sales Through Unit Web Sites”) at:
Rules for Individuals under Thirteen Years of Age
The Consortium is committed to complying fully with the Children’s Online Privacy Protection Act. Accordingly, if a user of the Consortium Web is under the age of thirteen, such user is not authorized to provide the Consortium with personally identifying information, and the Consortium will not use any such information in its database or other data collection activities. The Consortium appreciates cooperation with this federally mandated requirement. Users under the age of thirteen and their parents or guardians are cautioned that the collection of personal information volunteered by unauthorized children online or by e‑mail will be treated the same as information given by an adult until the Consortium becomes aware that the user is under the age of thirteen and such information may be subject to public access.
Server Log Information the University Gathers
Consortium Web servers generate logs that may contain information about computers or devices used to access the Consortium Web, or about general activity on the Consortium Web, such as the following:
- Internet address of computer or device
- Type of browser or other client application used
- The operating system of the computer or device
- Web pages requested
- Referring Web pages
- Time spent on the site
The Consortium Web server administrators may produce summary reports from these logs and share that information with Consortium Web content managers. Consortium Web content managers typically use this information in aggregate to understand what pages are popular, how users are navigating to and within their site, and when their sites are used most frequently. The Consortium strongly discourages the inclusion in server logs of information that could identify individuals. The above Rule on Sharing of Information and the Exceptions to Rule detail when such associations occur.
Cookies and Login Security
Cookies are small pieces of data stored by a Web browser on a user’s computer. Cookies are often used to retain information about preferences and pages a user has visited. For example, when a user visits some sites on the Web, one might see a “Welcome Back” message. The ﬁrst time one visited the site a cookie was probably stored on the user’s computer; when the user returns, the cookie is read again. One can refuse to accept cookies, one can disable cookies, and one can remove cookies from one’s hard drive.
Transactional Versus Permanent Cookies
Since it the Consortium is hosted by the University of Illinois, itis committed to fully complying with the State Agency Web Site Act (Public Act 093‑117) which becomes eﬀective January 1, 2004. Consequently, Consortium Web sites may use transactional cookies that facilitate business transactions and may not use permanent cookies or any other invasive tracking programs that monitor and track Consortium Web site viewing habits unless:
- the use of permanent cookies adds value to the user otherwise not available;
- there is a comprehensive online statement at the particular Consortium Web site where such permanent cookies or other invasive monitoring and tracking programs are utilized that discloses:
- all types of information collected at that site;
- the Consortium's use of that information; and
- how the collection and use of this information adds value to the user; and
- there is a link to this comprehensive Web Privacy Notice from that particular Big Ten Academic Alliance Web site where such permanent cookies or other invasive monitoring and tracking programs are utilized.
The Consortium follows the policy of the University of Illinois on Permanent Cookies.
The University Policy on Permanent Cookies can be found at https://www.vpaa.uillinois.edu/resources/cookies.
Social Security Numbers
The Consortium follows the policies of the University of Illinois for Social Security Number. The policy for the proper procedures in collecting, maintaining and disseminating social security numbers of students, employees and individuals can be found online at the following locations:
The Consortium also complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission. The Consortium follows the University of Illinois Urbana campus policy For more details on FERPA, see the explanation at:
However, FERPA does permit the release of public or “directory” information about students. Information about suppressing the release of “directory” information can be obtained at:
Consortium Privacy Notice for certain persons in the European Economic Area (“EEA”).
1. Commitment to protecting privacy and transparency
The Consortium is committed to respecting and protecting the privacy rights of persons in the EEA—comprised of the European Union (“EU”) and the countries of Iceland, Norway, and Lichtenstein—pursuant to the EU General Data Protection Regulation(“GDPR”). This Supplemental Notice describes our commitment to the privacy of persons in the EEA.
2. Does this GDPR Notice apply to me?
This GDPR Notice applies to you if:
You are a “Person” or “Data Subject”—meaning a natural person, not a corporation, partnership, or other legal entity—who is physically present in the EEA;
It is with respect to your “Personal Information”—meaning any information relating to an identified or identifiable person—that is provided while you are physically present in the EEA;
Such Personal Information is not earlier or later provided to the Consortium while you are outside the EEA; and
Such Personal Information is provided to the Consortium:
During the course of offering you goods or services;
While we are monitoring your behavior; or
While you are associated with any of the Big Ten Academic Alliance’s establishments in the EEA.
3. What Personal Information does the Big Ten Academic Alliance process?
The Consortium processes the following general categories of Personal Information: names; addresses; telephone numbers; email addresses; identiﬁcation numbers including but not limited to social security numbers, University identiﬁcation numbers, usernames; passwords; demographic information; transcripts; personal references; ﬁnancial information such as credit and debit card numbers, and ﬁnancial aid information; IP addresses; device information; metadata; education records such as coursework, correspondence, and other information to support the purposes set forth in Table 1, below.
The Consortium requires Personal Information only when necessary. Table 1 identifies the purposes for which the Consortium processes Personal Information and the legal basis for each purpose.
In order to fulfill certain of the purposes identified in Table 1, we may need to request special categories of Personal Information—information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; data concerning health; or data concerning a natural person’s sex life or sexual orientation.
Before we process your special category Personal Information or your criminal conviction Personal Information, if any, the Consortium will ask for your affirmative consent unless we have another legal basis for the processing, in which case we will inform you of that basis.
Purposes for which the Consortium processes Personal Information
|To respond to requests for information about participating in online courses or other programs at members of the Consortium||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To recruit, evaluate, and manage persons who, take courses at the Consortium, participate in programs offered by us, and to perform related activities needed to foster and maintain these relationships||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To operate and facilitate the registration and participation in online and in-person education programs, including those relating to professional licensing requirements||Performance of a contract or to take steps at the Data Subject’s request prior to entering into a contract|
|To conduct study abroad programs offered by or coordinated through the Consortium|
| To provide on-campus and distance learning information technology and other services to students, including network, authentication and help desk services
|To engage the services of an independent contractor and all uses incident to that engagement|
|To conduct transactions and business with individuals, such as processing payments made by credit card to the Consortium and payments made by us to you|
|To host and allow individuals to attend and participate in our educational events|
|To facilitate review and evaluation of our programs, including academic, and other programs, by accrediting organizations, government entities, third-party ranking organizations, and other appropriate bodies||Legitimate interests of the Consortium - legitimate interest in providing and maintaining a world-class higher education experience|
|To promote safety, integrity, and security of our information technology systems||Legitimate interests of the Consortium – legitimate interest in maintaining IT and network security|
|To protect our community, including you, and to keep its members safe wherever they are located||Legitimate interests of the Consortium – legitimate interest in physical security|
|To report salary data to social security or tax authorities and otherwise comply with applicable EU or Member State laws||Necessary for compliance with a legal obligation|
|To allow individuals to visit our facilities||Legitimate interests of the Consortium - legitimate interest in physical security|
|To facilitate and administer the reservation and use by individuals of Consortium facilities|
|To respond to subpoenas, court orders, agency requests, and other legal requests for records relating to an individual’s time at the Consortium, such as transcripts, tax documents, employment documents, etc||Legitimate interest of the Consortium – legitimate interest in complying with U.S. and state laws and not being held in contempt of court or having penalties imposed|
|To engage third parties to collect sums owing to the Consortium or to otherwise take action to collect outstanding debt from an individual||Legitimate interests of the Consortium —legitimate interest in recovering sums owed to it and enforcing its legal claims whether in or out of court|
|To respond to proper requests for information as required by the U.S. federal Freedom of Information Act||Legitimate interests of third parties—legitimate interest in publication of data for purposes of transparency and accountability|
|To stay connected with program alumni||Legitimate interests of the Consortium —legitimate interest in communicating unsolicited non-commercial messages|
4. How does the Consortium receive your Personal Information?
From you The Consortium may receive your Personal Information when you visit our websites, attend our programs, apply for or take online courses, work for the Consortium at a location in the EEA, attend events sponsored by the Consortium, or otherwise interact with the Consortium. From third parties The Consortium may also receive your Personal Information from third parties. Examples include online course registration information received from third parties that administer online courses (e.g., Coursera, Inc.).
5. Who receives/processes your Personal Information?
Your Personal Information may be processed by Consortium employees and others, as may be necessary to carry out the purposes for processing the information and the activities of the Consortium.
Consortium Related Organizations
The Consortium may share your Personal Information with Related Organizations, such as the Consortium Member Institutions
The Consortium may share your Personal Information with third parties, such as: educational platform providers and course partners to further the purposes for processing the information and the activities of the Consortium; U.S. and foreign government entities to fulfill regulatory obligations (e.g., visa processing) and to facilitate access to funding sources (e.g., financial aid); partner institutions to facilitate study abroad activities; and vendors to provide services related to your affiliation with the Consortium (e.g., arrange housing).
Please note that the Consortium may provide anonymized data developed from Personal Information to third parties, such as government entities and research collaborators, and that such anonymized data is outside the scope of this Supplemental Notice.
6. How long does the Consortium keep your Personal Information?
The Consortium retains Personal Information in accordance with applicable law. The Consortium follows records retention schedules for the University of Illinois and these can be found on the Records and Information Management records management webpage: https://www.uillinois.edu/cio/services/rims/retention_and_disposal/records_retention/.
7. What are your rights as a Data Subject?
As a Data Subject pursuant to the GDPR, you have certain rights. This Supplemental Notice summarizes what these rights under the GDPR involve and how you can exercise these rights. More detail about each right, including exceptions and limitations, can be found in Articles 15-21 and 77 of the GDPR.
Please note: Nothing in this Notice is intended by the Consortium to waive sovereign immunity or any other defenses or immunities afforded by any or all U.S. federal law, Illinois state law, and EU law.
Right of access
You have the right to request that the Consortium confirm whether it is processing your Personal Information. If the Consortium is processing your Personal Information, you have the right to access that Personal Information, and the Consortium will provide you with a copy of that Personal Information unless prevented by applicable law.
Right to have inaccurate Personal Information corrected
You have the right to request that the Consortium correct any inaccurate Personal Information that it maintains about you. You also have the right to request that the University complete any incomplete Personal Information that it maintains about you, which could be accomplished by incorporating a supplementary statement that you submit. If the Consortium concurs that the Personal Information is incorrect or incomplete, the Consortium will promptly correct or complete it.
Right to erasure
You have the right to request the erasure of Personal Information that the Consortium maintains about you in certain circumstances. These circumstances are identified in Article 17 of the GDPR and include that the Personal Information is no longer necessary in relation to the purpose(s) for which it was collected.
Subject to applicable U.S., state, and EU law and our policies, including but not limited to its Web Privacy Notice, and provided that there are no overriding legitimate grounds for the Consortium to retain the Personal Information, the Consortium will comply with the request and will take reasonable steps to inform any third parties with whom the Personal Information was shared.
Right to restriction of processing
You have the right to request that the Consortium restrict the processing of your Personal Information where one of the reasons identified in Article 18 of the GDPR apply. These reasons include that the Personal Information is inaccurate, the processing is unlawful, or the Consortium no longer needs the Personal Information.
If the Consortium grants your request to restrict processing, the Consortium will only process that Personal Information with your consent, for the protection of the rights of another natural or legal person, for reasons of important public interest, for the establishment, exercise or defense of legal claims, or as otherwise required by applicable U.S., state, or EU law.
Right to data portability
Where the basis for processing is either consent or performance of a contract between you and the Consortium, and where the processing is carried out by automated means, you have the right to receive your Personal Information that you have provided to the Consortium. The Consortium will provide the Personal Information in a structured, commonly used, and machine-readable format. Where technically feasible and upon your request, the Consortium will transmit the Personal Information directly to another entity.
Right to withdraw consent
If the basis for processing your Personal Information is consent, you may revoke your consent at any time. Upon receipt of your notice withdrawing consent, and if there are no other legal grounds for the processing, the Consortium will stop processing the Personal Information unless the processing is necessary for the establishment, exercise, or defense of legal claims. Revoking consent does not affect the lawfulness of processing that occurred before the revocation.
Right to object to processing
In certain situations, you may have the right to object to processing of your Personal Information
Public Interest or Legitimate Interests.If the basis for processing your Personal Information is public interest or legitimate interests, you have the right to object to processing the Personal Information. The Consortium will cease processing unless the Consortium demonstrates overriding legitimate grounds for processing or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to file a complaint
You have the right to submit a complaint with an EU supervisory authority, in particular the one in the EU Member State of your habitual residence, place of work, or place of the alleged violation, if you believe that the Consortium’s processing of your Personal Information violates the GDPR.
For more information on the process for submitting a complaint, consult the relevant EU supervisory authority: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
8. How to exercise your rights
In order to exercise any of these rights, except the right to file a complaint with an EU supervisory authority, you should submit your request to Consortium GDPR Compliance:
Big Ten Academic Alliance
Attn: Coordinator of Operations
1819 S Neil Street, Suite D
Champaign, IL 61820
Telephone: +1 217-333-8475
At that time, you will be asked to: 1) identify yourself; 2) provide information to support that the GDPR applies to you (see Section 2, above); 3) identify the specific information or data that you are concerned about; and 4) state what right(s) you wish to exercise.
To expedite processing your request, please identify the data collection location (e.g., the website where your Personal Information was collected), if known.
9. How does the Consortium respond to requests for Personal Information?
In addition to the rights provided by the GDPR, you may also have rights with respect to your Personal Information pursuant to U.S. federal law, state law, or our policy. When you submit a request to the Consortium to exercise your rights, the Consortium will respond in accordance with existing Consortium policies and procedures that implement the relevant privacy law(s). These include, but are not limited to, policies pertaining to student education records and other policies maintained by the Consortium.
10. Transfer of Personal Information outside the EEA
The Consortium is based in the U.S. and is subject to U.S. and Illinois law. Personal Information that you provide to the Consortium will generally be hosted on U.S. servers. To the extent that the Consortium needs to transfer your information either (a) from the EEA to the U.S. or another country or (b) from the U.S. to another country, the Consortium will do so on the basis of either (i) an “adequacy decision” by the European Commission; (ii) EU-sanctioned “appropriate safeguards” for transfer such as model clauses, a copy of which you may request, if applicable, by contacting the Consortium as set forth in Section 12; (iii) your explicit and informed consent; or (iv) it being necessary for the performance of a contract or the implementation of pre-contractual measures with the Consortium, in which case the Consortium will inform you of the intent to transfer the Personal Information. Please note that the U.S. is not currently considered a safe harbor country under the GDPR.
11. How do I contact the data controller?
The Consortium is the data controller. If you have any questions about anything contained in this Supplemental Notice, please contact Big Ten Academic Alliance GDPR Compliance:
Telephone: +1 217-333-8475
Big Ten Academic Alliance 1819 S Neil Street, Suite D
Champaign, IL 61820
Attn: Coordinator of Operations
If you are interested in reviewing an English version of the GDPR, please see http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN.
13. Updates to Web Privacy Notice
The Consortium may update this Web Privacy Notice from time to time. Any changes will become effective upon posting of the revised Web Privacy Notice.
LEGAL NOTICES OF TERMS AND CONDITIONS
Access to the Consortium Web is provided subject to the following terms and conditions. Please read these terms carefully as use of the Consortium Web constitutes acceptance of all of the following terms and conditions:
Disclaimer of Liability
Neither the Consortium, nor any of its units, programs, employees, agents or individual trustees, shall be held liable for any improper or incorrect use of the information described and/or contained in the Consortium Web and assumes no responsibility for anyone’s use of the information. In no event shall the Consortium Web, the Consortium or its units, programs, employees, agents or individual trustees be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this system, even if advised of the possibility of such damage. This disclaimer of liability applies to any damages or injury, including but not limited to those caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, alteration of, or use of record, whether for breach of contract, tortious behavior, negligence or under any other cause of action.
Disclaimer of Warranties and Accuracy of Data
Although the data found using the Consortium’s access systems have been produced and processed from sources believed to be reliable, no warranty, express or implied, is made regarding accuracy, adequacy, completeness, legality, reliability or usefulness of any information. This disclaimer applies to both isolated and aggregate uses of the information. The Consortium provides this information on an “as is” basis. All warranties of any kind, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, freedom from contamination by computer viruses and non-infringement of proprietary rights are disclaimed. Changes may be periodically made to the information herein; these changes may or may not be incorporated in any new version of the publication. If a user has obtained information from any of the Consortium Web pages via a source other than the Consortium pages, be aware that electronic data can be altered subsequent to original distribution. Data can also quickly become out of date. It is recommended that careful attention be paid to the contents of any data associated with a file, and that the originator of the data or information be contacted with any questions regarding appropriate use. If a user finds any errors or omissions, please report them to:
Disclaimer of Endorsement
The Consortium is a distributor of content sometimes supplied by third parties and users. Any opinions, advice, statements, services, offers, or other information or content expressed or made available by third parties, including information providers, users, or others, are those of the respective author(s) or distributor(s) and do not necessarily state or reflect those of the Consortium and shall not be used for advertising or product endorsement purposes. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the Consortium.
Disclaimer for External Links
Disclaimer of Duty to Continue Provision of Data
Due to the dynamic nature of the Internet, resources that are free and publicly available one day may require a fee or restricted access the next, and the location of items may change as menus, pages, and files are reorganized. The user expressly agrees that use of the Consortium Web is at the user’s sole risk. The Consortium does not warrant that the service will be uninterrupted or error free. The documents and related graphics published on this Web or server could contain technical inaccuracies or typographical errors. Changes are periodically added to the information herein. The Consortium and/or its respective units and programs may make improvements and/or changes in the information and/or programs described herein at any time.
The technology management teams of the Consortium have taken several steps to safeguard the integrity of its communications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption. Security measures have been integrated into the design, implementation and day-to-day practices of the entire BConsortium operating environment as part of its continuing commitment to risk management.
This information should not be construed in any way as giving business, legal, or other advice, or warranting as fail proof, the security of information provided via Consortium supported Web sites.
Choice of Law
Construction of the disclaimers above and resolution of disputes thereof are governed by the laws of the State of Illinois. The laws of the State of Illinois, U.S.A., shall apply to all uses of this data and this system. By use of this system and any data contained therein, the user agrees that use shall conform to all applicable laws and regulations and user shall not violate the rights of any third parties.
If a user has questions about this privacy notice or believes that the user’s personal information has been released without consent, then send e-mail to: