The Trustees of the University of Pennsylvania, on behalf of the University of Pennsylvania, Penn Medicine, and other entities owned or controlled by the Trustees ("Penn") wants you to be familiar with how we collect, use and disclose information. This Privacy Policy describes our practices in connection with information that we collect:
- Through websites operated by us from which you are accessing this Privacy Policy (the "Websites"),
- through the software applications made available by us for use on or through computers and mobile devices (the "Apps"),
- through our social media pages and apps located at (collectively, our "Social Media Pages")
- through HTML-formatted email messages that we send to you that link to this Privacy Policy
- through offline activities as detailed in this policy
Collectively, we refer to the Websites, the Apps and our Social Media Pages as the "Services".
Personal Information
"Personal Information" is information that identifies you as an individual or relates to an identifiable individual including, but not limited to:
- Name
- Postal address (including billing and shipping addresses)
- Telephone number
- Email address
- Credit and debit card number
- Profile picture
- Social media account ID
- PennKeys or other Penn-issued system credentials
- Other information that you voluntarily provide through your use of the Services, and may include sensitive information, such as health, financial, or racial and ethnic origin information.
Collection of Personal Information
We and our third party service providers collect Personal Information in a variety of ways, including:
- Through the Services
- We collect Personal Information through the Services, for example, when you sign up for a newsletter, register an account to access the Services, or make a purchase.
- Offline
- We collect Personal Information from you offline, e.g., when you visit our campus or other facilities, attend one of our seminars, place a request over the phone, or contact Penn.
- From Other Sources
- We may receive your Personal Information from other sources, for example:
- publically available databases
- joint marketing partners or other partners, when they share the information with us;
- If you connect your social media account to your Services account, you will share certain Personal Information from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.
If you disclose any Personal Information relating to other people to us or to our third party service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
Use of Personal Information
We and our third party service providers use Personal Information for legitimate business purposes including:
- Providing the functionality of the Services and fulfilling your requests.
- To provide the Services' functionality to you, such as arranging access to your registered account, and providing you with related services or communications. If you do not provide the information requested, we may not be able to provide the Services' functionality.
- To respond to your inquiries and fulfill your requests, when you contact us via one of our online contact forms or otherwise, for example, when you send us questions, suggestions, compliments or complaints, or when you request other information.
- To complete your transactions, and provide you with related services or communications.
- To send administrative information to you, such as changes to our offerings, terms, conditions and policies.
- To allow you to send messages to another person if you choose to do so.
We will engage in these activities to manage our relationship with you and/or to comply with any legal obligation.
- Providing you with our newsletter and/or other promotional materials and facilitating social sharing
- To send you promotional related emails, with information about our services, offerings, new initiatives and other news about our organization.
- To facilitate social sharing functionality that you choose to use.
We will engage in this activity with your consent or where we have a legitimate interest.
- Analysis of Personal Information for business reporting and providing personalized services.
- To analyze or predict our users' preferences in order to prepare aggregated trend reports on how our digital content is used, so we can improve our Services.
- To better understand you, so that we can personalize our interactions with you and provide you with information and/or offers tailored to your interest
- To better understand your preferences so that we can deliver content via our Services that we believe will be relevant and interesting to you.
We will provide personalized services either with your consent or because we have a legitimate interest.
- Aggregating and/or anonymizing Personal Information.
- We may aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information. We do so to generate other data for our use, which we may use and disclose for any purpose.
- For our business and operational purposes.
- For data analysis, for example, to improve the efficiency of our Services;
- For audits, to verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements;
- For fraud and security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft;
- For developing new offerings, initiatives and services;
- For enhancing, improving, or modifying our current offerings, initiatives and services;
- For identifying usage trends, for example, understanding which parts of our Services are of most interest to users;
- For determining the effectiveness of our promotional and informational campaigns, so that we can adapt our campaigns to the needs and interests of our users; and
- For operating and expanding our business activities, offerings, and services, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users' interests;
We engage in these activities to manage our contractual relationship with you, to comply with a legal obligation, and/or because we have a legitimate interest.
Disclosure of Personal Information
We may disclose Personal Information:
- To our affiliates, owned or controlled by Penn, including but not limited to affiliates in the United Kingdom and Hong Kong, for the purposes described in this Privacy Policy.
- To our third party services providers to facilitate services they provide to us.
- These can include providers of services such as website hosting, data analysis, payment processing, order fulfillment, event registration, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
- To third parties to permit them to send you promotional communications, consistent with your choices.
- By using the Services, you may elect to disclose Personal Information
- On message boards, chat, profile pages, blogs and other services to which you are able to post information and content (including, without limitation, our Social Media Pages). Please note that any information you post or disclose through these services will become public and may be available to other users and the general public.
- Through your social sharing activity. When you connect your Services account with your social media account, you will share information with your friends associated with your social media account, with other users, and with your social media account provider. By doing so, you authorize us to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider's privacy policy.
Other Uses and Disclosures
We also use and disclose your Personal Information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:
- To comply with applicable law and regulations.
- This can include laws outside your country of residence.
- To cooperate with public and government authorities.
- To respond to a request or to provide information that we, in our sole discretion, believe is important or is necessary to protect our interests. These can include authorities outside your country of residence.
- To cooperate with law enforcement.
- For example, when we respond to law enforcement requests and orders or provide information that we, in our sole discretion, believe is important.
- For other legal reasons.
- To enforce any terms and conditions; and
- To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.
- In connection with a sale or business transaction.
- We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings
Other Information
"Other Information" is any information that does not reveal your specific identity or does not directly relate to an identifiable individual
- Browser and device information
- App usage data
- Information collected through cookies, pixel tags and other technologies
- Demographic information and other information provided by you that does not reveal your specific identity
- Information that has been aggregated in a manner such that it no longer reveals your specific identity
If we are required to treat Other Information as Personal Information under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Information as detailed in this Policy.
Collection of Other Information
We and our third party service providers may collect Other Information in a variety of ways, including:
- Through your browser or device:
- Certain information is collected by most browsers or automatically through your device. We use this information to ensure that the Services function properly.
- Through your use of the App
- When you download and use the App, we and our third party service providers may track and collect App usage data.
- Using cookies
- Using technology to track use of services and improve the services
- Pixel tags. Pixel Tags (also known as web beacons or clear GIFs) may be used to, among other things, track the actions of users of the Services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the Services and response rates.
- Analytics. In some instances, we may use Google Analytics, which uses cookies and similar technologies to collect and analyze information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources. You can learn about Google's practices by going to https://policies.google.com/technologies/partner-sites, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
- Adobe Flash technology (including Flash Local Shared Objects ("Flash LSOs")) and other similar technologies. We may use Flash LSOs and other technologies to, among other things, collect and store information about your use of the Services.
- IP Address
- Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address.
- Physical Location
- We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device's physical location to provide you with personalized location-based services and content. We may also share your device's physical location, with our promotional partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device's location, but if you do, we and/or our promotional partners may not be able to provide you with the applicable personalized services and content.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.
Security
We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the "Contacting Us" section below.
Choices and Access
Your choices regarding our use and disclosure of your Personal Information
We give you certain choices regarding our use and disclosure of your Personal Information for promotional purposes. You may opt-out from receiving electronic communications from us. If you no longer want to receive promotional-related emails from us on a going-forward basis, you may opt-out according to instructions in such communications.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
Access to, change of or deletion of your Personal Information
To the extent these rights are provided to you by applicable law, if you would like to request to review, correct, update, suppress, restrict or delete Personal Information that you have previously provided to us, object to the processing of Personal Information or if you would like to request to receive an electronic copy of your Personal Information for purposes of transmitting it to another entity, please contact us at privacy@upenn.edu. We will respond to your request consistent with applicable law.
Retention Period
We retain Personal Information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Third Party Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
Third Party Advertising
We use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services.
You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Policy, please visit http://optout.aboutads.info and http://optout.networkadvertising.org. You may download the AppChoices app at https://youradchoices.com/appchoices to opt out in mobile apps.
Use of Services by Minors
The Services are not directed to individuals under the age of thirteen (13), and we do not knowingly collect Personal Information from individuals under 13.
Jurisdiction and Cross-border Transfer
Your Personal Information may be stored and processed in any country where we have facilities or in which we engage third party service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.
For transfers from the European Economic Area to countries not considered adequate by the European Commission, we have put in place safeguards to protect your Personal Information.
Third Party Payment Service
We may use a third-party payment service to process payments made through the Services. If you wish to make a payment through the Services, your Personal Information will be collected by such third party and not by us, and will be subject to the third party's privacy policy, rather than this Privacy Policy. We have no control over, and are not responsible for, this third party's collection, use and disclosure of your Personal Information.
Additional Terms Regarding the myPennMedicine Mobile App
myPennMedicine may access and use your sensitive data to provide certain features, such as video visits or mobile appointment check-in. The first time you try to use certain features such as your camera or microphone, we will ask for your consent within the app and will allow you to use these features only if you have given consent. myPennMedicine may offer location-based check-in for in-person appointments or allow you to find healthcare providers near you. The first time you try to use any features that use your location, we will ask for your consent within the app and will access your location only if you give consent. You do not have to provide consent if you do not want to allow myPennMedicine to use your location. We do not store your location data.
Information collected through myPennMedicine will be used and shared with third parties only as permitted by the Health Insurance Portability and Accountability Act (“HIPAA”) and other laws protecting the privacy of health information.
myPennMedicine is developed by Epic Systems Corporation; please refer to Epic’s Mobile Application Privacy Policy for Patients for more detailed information about the limited ways they may interact with your information to make your use of myPennMedicine possible.
Updates to This Privacy Policy
The "Last Updated" legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.
Contacting Us
The Trustees of the University of Pennsylvania, on behalf of the University of Pennsylvania, Penn Medicine, and other entities owned or controlled by the Trustees ("Penn) is the company responsible for collection, use and disclosure of your Personal Information under this Privacy Policy.
If you have any questions about this Privacy Policy, please contact us at privacy@upenn.edu or:
Office of Audit, Compliance and Privacy
Attention: Chief Privacy Officer
3819 Chestnut Street, Suite 214
Philadelphia, PA 19104
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Additional Information
In accordance with applicable law, you may lodge a complaint with the relevant privacy or data protection regulatory authority.