2. If a user sends the university an electronic mail message with a question or comment that contains personally identifying information, or fills out a form that emails the university this information, the university will only use the personally-identifiable information to respond to the request and analyze trends. The university may redirect the message to another part of the university, another institution, a government agency or a person who is in a better position to answer the question.
3. For site management functions, information is collected for analysis and statistical purposes. This information is not reported or used in any manner that would reveal personally identifiable information, and will not be released to any outside parties unless legally required to do so in connection with law enforcement investigations or other legal proceedings. Some information may be collected by third parties. These parties supply the information to the university for analytical purposes. Information obtained by third parties is subject to their terms of service. The university is not responsible for privacy practices of third parties.
4. Information collected from the Health Science Center website, including the summary server log information, emails sent to the website, and information collected from web-based forms, may be subject to the Texas Public Information Act.
5. Individuals have rights under Section 559.03(a) of the Texas Government Code to correct any erroneous personal information The University of Texas Health Science Center at San Antonio collects. The university detailed procedures for requesting corrections.
6. Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purpose and are scheduled for regular destruction in accordance with National Archives and Records Administration General Schedule 20.
7. The university uses log analysis tools to create summary statistics, which are used for purposes such as assessing what information is of most interest, determining technical design specifications, and identifying system performance or problem areas. The following information is collected for this analysis:
- User Client hostname – The hostname (or IP address if DNS is disabled) of the user/client requesting access.
- HTTP header, “user-agent” – The user-agent information includes the type of browser, its version, and the operating system it’s running on.
- HTTP header, “referrer” – The referrer specifies the page from which the client accessed the current page.
- System date – The date and time of the user/client request.
- Full request – The exact request the user/client made.
- Status – The status code the server returned to the user/client.
- Content length – The content length, in bytes, of the document sent to the user/client.
- Method – The request method used.
- Universal Resource Identifier (URI) – The location of a resource on the server.
- Query string of the URI – Anything after the question mark in a URI.
- Protocol – The transport protocol and version used.
8. GDPR Privacy Notice: In an effort to protect the personal data and privacy of individuals in the European Union, the University of Texas Health Science Center at San Antonio (“University”) complies with the General Data Protection Regulation (“GDPR”). As such, the University has designated the Chief Information Security Officer as the “Data Protection Officer.” In instances where the GDPR is applicable, the University, in addition to the rights enumerated in Chapter 3 of the GDPR, specifically extends the following rights to students, employees, and members of the public:
- The right of access by the data subject
- The right to rectification
- The right to erasure
- The right to restriction of processing
- The right to data portability
- The right to object
- The right to lodge a complaint with a supervisory authority
For any questions and/or requests related to the GDPR, the Data Protection Officer may be contacted by directing communications to the Department of Information Security’s Governance, Risk and Compliance team at GRC@uthscsa.edu or 210-469-3206.