About ET · IT Policies

Web
Privacy Policy

How The University of Texas at Austin collects, uses, protects, and shares personal data across its web domains — including your rights as a data subject.

EffectiveFebruary 2025
GDPR AlignedYes
DPOChristopher Hutto
Scope Data Collection Your Rights Retention Contact
Purpose & Scope

About this policy

This Web Privacy Policy establishes data privacy standards for UT Austin's collection, maintenance, and use of personal information across University web domains. It aims for compliance with EU GDPR while respecting applicable state and federal law. The policy applies to all UT web domains and University data processing activities, and excludes third-party external websites linked from UT sites.

Personal data means any information that relates to or identifies a person as an individual.

Data Collection

What we collect and why

The University collects personal data through several channels. Processing occurs on the grounds of contractual obligations, legitimate business operations, legal compliance, research and archiving (with anonymization where possible), fraud prevention, and equal opportunity monitoring.

Application submissions

Admissions, employment, financial aid, and service applications collect data necessary to process your request.

Web server logs

IP addresses, page requests, browser information, and timestamps are captured automatically when you visit UT web domains.

Cookies & analytics

UT EID authentication uses encrypted cookies. Google Analytics tracks non-personal website usage metrics. User preference data cannot be shared externally.

Third-party embedded content

Content embedded on UT pages from third-party providers may collect data subject to those providers' privacy policies.

Your Rights

Data subject rights

As a data subject, you have the following rights regarding personal information held by the University:

  • Access personal information held by UT Austin
  • Request corrections to inaccurate data
  • Request deletion or processing restrictions (subject to retention laws)
  • File GDPR complaints with EU supervisory authorities

FERPA protections apply to educational records. Healthcare departments (University Health Services, Dell Medical School) comply with HIPAA and provide separate Privacy Notices.

Retention Schedule

How long we keep your data

Non-admitted applicants

1 year post-application

Admitted students

5 years post-graduation

Non-hired employment applicants

2 years post-application

Hired employees

5 years post-termination

Contact

Data Protection Officer & contacts

For privacy questions, data access requests, or to report a concern:

Back All IT Policies → Related Web Linking Policy → Related Web Accessibility Policy →