Skip to the main content

UC San Diego Website Privacy Statement

Last updated: September 14, 2023

Please read below to see how UC San Diego uses – or processes – your data and how we protect your privacy when you use our websites. We care about your privacy and aim to be clear when we collect personal information.


Website Privacy at a Glance

Who we are:  UC San Diego
Scope:  Campus websites m.xktt.net
What we collect:

  • From you: Registration info; payment info; inquiries; emails; survey responses; application info
  • Automatically: Device and connection log data; authentication data; analytics data; location data; cookies and tracking data
  • From others: UC info; social media info; marketing and surveys; analytics data; community partners data; public sources

Why we use your data:

  • Contractual obligations
  • Day-to-day operations
  • Registration
  • Communication
  • Respond to your inquiries
  • Surveys and feedback
  • Marketing and advertising
  • Features and functionality of the website
  • Personalize our Services
  • Research, educational, and publication
  • Analyze trends, administer the website, track movement
  • Improve and customize our Services
  • Test, enhance, update our Services
  • Distinguish you from other users
  • Maintain system and data safety, security, and integrity
  • Enforce our Terms of Use and agreements
  • Legal and regulatory obligations
  • Other lawful purposes

Sharing of data:

  • Within the University of California
  • Marketing Providers
  • Customer Service and Communication Providers
  • Survey Providers
  • Academic Research and Education
  • Other Service Providers (e.g., website hosting, payment processing)
  • Online Advertising Partners
  • Legal Obligations and Rights
  • With Your Consent

Your rights:

  • Access records
  • Modify and in some cases delete
  • Withdraw consent
  • Not use our services

Safeguards:

  • Legal, administrative, physical, and technical


Please read the full statement below for details and more information.

I. WHO WE ARE

UC San Diego, a campus operated by the Regents of the University of California, is a higher education research institution in the United States. UC San Diego is transforming California and a diverse global society by educating, by generating and disseminating knowledge and creative works, and by engaging in public service.

II. SCOPE

This Privacy Statement explains how the University of California San Diego (“UC San Diego,” “we,” “us” or “our”) collects, uses, discloses, and otherwise processes personal information (as defined below) in connection with our campus website m.xktt.net and other websites we own and operate that link to this Privacy Statement (the “Sites”), and the related content, platform, services, products, and other functionality offered on or through our Sites (collectively, the “Services”).

This Privacy Statement does not address our privacy practices related specifically to UC San Diego employees, students, or other affiliates, except where these individuals are interacting with UC San Diego Sites in their capacity as a member of the public.

It does not apply to the collection, use, and disclosure of your protected health information. Please see the UC San Diego Health Notice of Privacy Practices for more information about how UC San Diego collects, uses, and discloses your protected health information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

When we collect personal information that is part of a student or an applicant’s educational record (“Student Data”), we collect, use, store, and otherwise process such information in accordance with the Family Educational Rights and Privacy Act (FERPA). To the extent that our processing practices in connection with Student Data differ from this Privacy Statement, the practices described in this Privacy Statement will not apply.

Except when operating the Preuss School and UC San Diego youth program and related Sites, our Services are not 1) directed to, 2) intended for, or 3) knowingly collecting or soliciting personal information from children under the age of 13. If an individual is under the age of 13, they should not use our Services or otherwise provide us with any personal information either directly or by other means, except when done with the explicit permission of the child’s parent or legal guardian in connection with the Preuss School or a UC San Diego youth program. In all instances, if we learn that any personal information we collect has been provided by a child under the age of 13, and in the case of youth programs without the parent or legal guardian consent, we will delete that personal information.

Our Services may include links to third-party websites, plug-ins, and applications. Except where they post, link to, or expressly adopt or refer to this Privacy Statement, or have a contract in place with the University, this Privacy Statement does not apply to, and we are not responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective websites.

REGION-SPECIFIC DISCLOSURES:  European Economic Area

If you are located in the European Economic Area (“EEA”), United Kingdom, or Switzerland or otherwise engage with UC San Diego’s campus European operations, please see the Privacy Disclosures for the European Economic Area, United Kingdom, and Switzerland for additional specific privacy disclosures, including what constitutes your personal information, the lawful bases we rely on to process your personal information, how we use cookies when you access our Sites from the EEA, UK, or Switzerland and your rights with respect of your personal information.

III. What is Personal Information?

When we use the term "personal information” in this Privacy Statement, we mean any data or information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular natural person or household or any other data or information that constitutes “personal data,” "personal information,” or “personally identifiable information.” As noted above, it does not include protected health information under HIPAA.

IV. Our Collection of Personal Information

We obtain personal information about you in the following ways:

Personal Information We Create or Collect Directly from You

We collect the following categories of personal information submitted to us by individuals through the Services:

  • Registration, Account Setup, and Contact Information. When you create your online account during a registration process, for example when you register for an event or program, we collect personal information from you, including, but not limited to, your lived or legal name, email address, phone number, address, country or region, communication preferences, payment information, gender, date of birth, and/or grade level.
  • Payment Information. We may collect payment information in order to complete transactions, such as purchases, registrations, and donations, through our websites. We use third-party payment processors to process credit card payments made to us. As such, we do not retain any personally identifiable financial information in connection with credit card payments, such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal information is governed by their privacy notice.
  • Inquiry and Communications Information. We collect personal information when we communicate with you, for example, in custom messages sent through forms, in chat messages, to one of our email addresses, or via phone. Some Sites give you the option of using our Live Chat or chatbot feature (provided by an outside vendor) to communicate with us. This feature collects information such as your name and communication between you and our staff.
  • Newsletter and Marketing Emails, including email address and applicable interests and communication preferences.
  • Surveys and Feedback Information. We may collect feedback from you relating to our Services through surveys or other means. Information collected may include responses to questions, testimonials, and demographic information.
  • Employment, Volunteer, Internship, and Other Application Information, including your contact and demographic information, educational and work history, employment interests, information obtained during interviews, and any other information you choose to provide, if you apply for these positions.

Personal Information We Collect Automatically

As is true of most websites, we and our third-party partners may automatically collect the following information from or in connection with your device when visiting or interacting with our Services:

  • Log Data, including internet protocol (IP) address, operating system, device type and version, MAC addresses, browser type and version, browser id, the URL entered and the referring page/campaign, date/time of visit, other hardware or software data, the time spent on our Services, how frequently you access our Services, and any errors that may occur during the visit to our Services. Log data may overlap with other categories of data below.
  • Authentication Data. Some Sites require authentication in order to grant access. Authentication systems will use information such as logins, passwords, and authentication tokens to verify your identity.
  • Analytics data, including the electronic path you take to our Services, through our Services and when exiting our Services, as well as your usage and activity on our Services, such as the time zone, first and last active date and time, usage history (flows created, campaigns scheduled, emails opened, total logins) as well as the pages, links, objects, services you view, click, or otherwise interact with. We may also use third-party tools (see below) to collect information about how you use our Services and may record your mouse movements, scrolling, clicks, and keystroke activity on the Services, and other browsing or search behavior on University websites. These tools may also record information you enter when you interact with our Service or engage in chat features through our Service.
  • Location data, such as location information we derive from your IP address or other device information.

Personal Information from Other Entities

We also obtain personal information from others, and sometimes we combine it with personal information we collect either automatically or directly from you.

We may receive the same categories of personal information as described above from the following entities:

  • University of California: We may receive personal information from other units or departments that are part of the University of California.
  • Social Media: When you interact with our Services through various social media networks, such as when you “Like” us on Facebook or follow us, comment, or share our content on Facebook, X, or other social networks, we may receive some information about you that you permit the social network to share with third parties. The data we receive is dependent upon your privacy settings with the social network and their privacy and data practices, and it may include certain profile information.
  • Service Providers: Our service providers that perform services on our behalf, such as survey and marketing providers and payment processors, collect personal information and often share this information with us. The information may include contact information, demographic information, transaction information, and information about your communications and related activities.
  • Analytics Tools: We utilize Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies to collect information about your interactions with our Services. The information generated by the cookie, including your IP address, browser type, operating system, referring URLs, pages visited, and the date and time of your visit, is transmitted to and stored by Google on servers in the United States. If you have a Google account, Google has information about you, such as your age, gender, interests, and online behaviors that it can combine with other information about you. Adsense and DoubleClick tracking data are also used to ascertain a user's interests based on browsing behavior, eventually forming a pattern that can be assigned to market segments.
  • Community Partners: We may receive your personal information, such as name and email address, from our community partners through which we may offer events, programs, or services that contribute to improving the lives and livelihoods of our communities.
  • Other Sources: We may also collect Personal Information about individuals that we do not otherwise have from, for example, publicly available sources, third-party data providers, or through transactions such as mergers and acquisitions.

V. OUR USE OF PERSONAL INFORMATION

We use personal information we collect to:

  • Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services you have requested, and to process transactions;
  • Manage our organization and its day-to-day operations;
  • Register you for and provide you access to events and conferences;
  • Communicate with you, including via email, social media and/or telephone calls, in accordance with your preferences;
  • Investigate and respond to your inquiries;
  • Request you to complete surveys about our university, organizations we partner with, and our Services;
  • For marketing communications and advertising purposes, including but not limited to, marketing to you or offering you through digital display, search, email, or direct mail, information and updates on products or services we think that you may be interested in (where applicable, we may send you marketing messages if you have given us your consent to do so); to conduct market research, and to inform our marketing and advertising activities;
  • Operate, maintain, and provide you with the features and functionality of the Service;
  • Administer, facilitate, improve, and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services;
  • Identify and analyze trends, administer the website, track user movement, and gather broad demographic information for aggregate use to understand how individuals use our Services, and to improve and customize our Services to address the needs and interests of our user base and other individuals we interact with;
  • Test, enhance, update and monitor the Services, or diagnose or fix technology problems;
  • Distinguish you from other users of our Services, which helps us monitor and analyze how you use and interact with our Services. It also helps us and our partners to determine products and services that may be of interest to you.
  • Help maintain the safety, security, and integrity of our property and Services, technology assets, and business;
  • To enforce our Terms of Use and agreements, resolve disputes, carry out our legal and regulatory obligations, and enforce our rights, and to protect our business interests and the interests and rights of third parties;
  • To fulfill any other purpose for which you provide personal information or any other lawful purpose, or other purpose that you consent to; and
  • For research, educational, and publication purposes 1) in accordance with Institutional Review Board (“IRB”), Campus Privacy Office, and Office of Information Assurance requirements, if in identifiable form, or 2) in aggregated format such that no identifying information from you will be contained in the release.

Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries.

VI. Our sharing of Personal Information

We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to others, as follows:

  • Within the University of California: We may share personal information with other locations, units, or departments that are part of the University of California.
  • Marketing Providers: We coordinate and share personal information with our marketing providers in order to communicate with individuals about the Services we make available.
  • Customer Service and Communication Providers: We share personal information with third parties who assist us in providing our customer services and facilitating our communications with individuals that submit inquiries.
  • Other Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, infrastructure provisioning, IT services, analytics services, employment application-related services, payment processing services, and administrative services.
  • Survey Providers: We share personal information with third parties who assist us in delivering our surveys and processing the responses.
  • Academic Research and Education: Data may be provided for research, educational, and publication purposes 1) in accordance with IRB, Campus Privacy Office, and Office of Information Assurance requirements, if in identifiable form, or 2) in aggregated format such that no identifying information from you will be contained in the release.
  • Online Advertising Partners: We may also share personal information with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers, to serve targeted ads to you or to groups of other users who share similar traits, such as likely interests and demographics, on third-party platforms.
  • Legal Obligations and Rights: We may disclose personal information to third parties, such as legal advisors and law enforcement:
    • in connection with the establishment, exercise, or defense of legal claims;
    • to comply with laws or to respond to valid, lawful requests and legal process;
    • to protect our rights and property and the rights and property of others, including to enforce our agreements and policies;
    • to detect, suppress, or prevent fraud;
    • to protect the health and safety of us and others; or
    • as otherwise required by applicable law
  • With Your Consent: We may disclose personal information about you to certain other third parties or publicly with your consent or at your direction. For example, with an individual’s consent or direction we may post their testimonial on our Sites or service-related publications.

To the extent permitted by law, UC San Diego will not share personal information collected through our Services for immigration enforcement purposes or for purposes of reproductive rights infringement.

VII. YOUR RIGHTS AND CHOICES OVER YOUR INFORMATION

You may control your information in the following ways:

  • You may choose not to visit or use our Sites or use our Services.
  • You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. 
  • You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may not opt-out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).

Depending on your jurisdiction or state of residence, you may also have a right to:

  • Access records associated with your account;  
  • Rectify or correct inaccurate or incomplete information concerning you, taking into account the purposes of the processing, and the right to have incomplete data completed;
  • Have your personal information erased in certain circumstances;
  • Withdraw your consent to the processing of your personal information collected through our Services. The withdrawal does not affect the lawfulness of processing based on your consent before its withdrawal.

UC may be obligated to retain your personal information as required by law, regulation, or policy. 

You may exercise your rights and submit any questions or concerns using the procedure under “Contacting Us.” Please do not include any sensitive information in an email or voicemail message.

VIII. HOW WE SAFEGUARD YOUR INFORMATION

UC San Diego's information management practices conform to the requirements of the Information Practices Act of 1977 (Civil Code Section 1798, et seq.), the Public Records Act (California Government Code Section 6250, et seq.), California Government Code Section 11015.5, and other applicable laws pertaining to information privacy.

Any information acquired by UC San Diego through the Services is subject to the limitations set forth in the Information Practices Act. Electronically collected personal information is exempt from requests made pursuant to the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1).

IX. Updates to This Privacy Statement

We may update this Privacy Statement periodically to reflect any material changes in our programs and practices. When we make changes to this Privacy Statement, we will change the date at the beginning of this Privacy Statement. If we make material changes to this Privacy Statement, we will notify individuals by email to their registered email address, by prominent posting on our Services, or through other appropriate communication channels. Treatment of information is subject to the version of the Privacy Statement in effect at the time such information is collected.

X. Contact Us

If you have any questions or requests in connection with this Privacy Statement or other privacy-related matters, please contact the UC San Diego Campus Privacy Office at ucsdprivacy@xktt.net.


PRIVACY DISCLOSURES FOR THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND

Last Modified: September 14, 2023

These Privacy Disclosures set out information about how we use your personal data if you are located in the European Economic Area (“EEA”), United Kingdom ("UK"), or Switzerland, or otherwise engage in or access our Services from those regions. Please ensure that you have read and understood these Privacy Disclosures before you access or use the Service.

Personal Data: When we use the term “personal data” in these Privacy Disclosures, we mean information relating to an identified or identifiable natural person.

Controller: The Regents of the University of California, organized under the laws of the United States of America, having its registered address at 1111 Franklin St. Oakland, California, 94607, is the “controller” responsible for the processing of personal data in connection with our Service. This means that the Regents determine and are responsible for how your personal data is used.

Please contact UC San Diego, by email at ucsdprivacy@xktt.net, if you have any questions in relation to your rights, these Privacy Disclosures, and our Privacy Statement, or general privacy matters. Please ensure you reference our entity name (i.e., UC San Diego) in any correspondence you send our representative.

1. LEGAL BASES FOR THE PROCESSING

We may use your personal data based on the following legal grounds according to the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR:

  • Perform our contractual services, including prior to entering into a contract with you. If you order or request Services from us or if you contact us to order or request our Services, we use your personal data to provide you with these Services, including for account and contract management, to facilitate user benefits and services, including customer support, and to evaluate your candidacy for employment or admittance and to facilitate the onboarding process.
  • Justified by our legitimate interests. The usage of your personal data may also be necessary for our own business interests. For example, we may use some of your personal data to market our Services to individuals; administer, improve and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services and analyzing our user-base; process payment for our Services; conduct market research; opportunity tracking, conversion, and lead generation; test, enhance, update, and monitor the services, or diagnose or fix technology problems; help maintain the safety, security and integrity of our property and services, technology assets and business; enforce our agreements, resolve disputes, carry out our obligations and enforce our rights, and protect our business interests and the interests and rights of third parties; and prevent, investigate or provide notice of fraud or unlawful or criminal activity.
  • Consent. In some cases, we may ask you to grant us separate consent to use your personal data.
  • Compliance with legal obligations. We are obligated to retain certain personal data because of legal requirements, for example, tax or commercial laws, or we may be required by law enforcement to provide personal data with a valid legal process.

The table at Annex 1 and Annex 2 set out further detail about the categories of personal data we collect about you, how we use that information when you use the Services, as well as the legal basis which we rely on to process the personal data and recipients of that personal data.

We may link or combine the personal data we collect about you and the information we collect automatically.

We may anonymize and aggregate any of the personal data we collect (so that it is no longer linked to you and does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, and improving the Service. We may also share such anonymized and aggregated information with others.

Some information, such as your name, address, payment transaction information, and information on your requested services, may be necessary for your use of certain features and functionalities of the Service. If you choose not to provide personal data marked as mandatory, we may not be able to provide those aspects of the Service to you, or to respond to your questions and other requests.

2. HOW LONG WE STORE YOUR PERSONAL DATA

We generally store your personal data for the duration necessary for the data collection purposes identified by the specific UC application or program, unless we are required to do so to comply with applicable law or if we believe your personal data may be necessary to deal with a complaint or legal claim.

3. MARKETING AND ADVERTISING

We may contact you with information about our Services, including sending you marketing messages and asking for your feedback on our Services. For some marketing messages, we may use personal data we collect about you to help us determine the most relevant marketing information to share with you.

4. STORING AND TRANSFERRING YOUR PERSONAL INFORMATION

Security. We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, change, or damage. All personal data we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.

International Transfers of your Personal Information. The personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom, or Switzerland your personal data may be processed outside of those regions, including in the United States.

In the event of such a transfer, we ensure that: (i) the personal data is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards that require the recipient to treat the personal data in a manner that is essentially equivalent to that guaranteed in the country you are in. If you are located in the EEA, United Kingdom, or Switzerland, these safeguards include entering into agreements that incorporate the standard contractual clauses adopted by the European Commission and approved by the UK Information Commissioner.

5. PROFILING AND AUTOMATED DECISION-MAKING

We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use personal data about you to detect and reduce fraud and credit risk.

We may use your personal data for automated individual decision-making, in which case we will inform you of such processing activities and any potential impact of such processing activities.

6. YOUR RIGHTS WITH RESPECT TO YOUR PERSONAL DATA

In accordance with applicable privacy law, you have the following rights with respect to your personal data that we hold:

  1. Right of access. You have the right to obtain:
    1. confirmation of whether, and where, we are processing your personal data;
    2. information about the categories of personal data we are processing, the purposes for which we process your personal data, and information as to how we determine applicable retention periods;
    3. information about the categories of recipients with whom we may share your personal data; and
    4. a copy of the personal data we hold about you.
  2. Right of portability. You have the right, in certain circumstances, to receive a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person or entity.
  3. Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal data we hold about you without undue delay.
  4. Right to erasure. You have the right, in some circumstances, to require us to erase your personal data without undue delay if the continued processing of that personal data is not justified. We may not be able to delete your information in all circumstances. We may be obligated to retain your personal information as required by law, regulation, or policy;
  5. Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
  6. Right to withdraw consent. There are certain circumstances where we require your consent to process your personal data. In these instances, and if you have provided consent, you have the right to withdraw your consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.

You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case.  You can object to marketing activities for any reason.

If you wish to exercise one of these rights, please complete the Data Subject Request to Access, Restrict, Object to, or Delete Personal Records form, and email it to us at: ucsdprivacy@xktt.net.

Due to the confidential nature of data processing, we may ask you to confirm your identity when exercising the above rights.

You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner's Office (http://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch/edoeb/en/home/deredoeb/kontakt.html).

7. COOKIES AND SIMILAR TECHNOLOGIES USED ON OUR SERVICES


ANNEX 1 – PERSONAL INFORMATION YOU PROVIDE TO US

Category of Personal Data How we use the Personal Data Legal Bases for Processing

Registration, Account Setup, and Contact Information, including first and last name, email address, your country or region and communication preferences. We use this information to fulfill your request, to communicate with you directly, and to send you marketing communications in accordance with your preferences.

We use this information to communicate with you regarding your use of the Service, including sending service-related communications.

The processing is necessary for the performance of a contract with you.

We use this information to deal with inquiries and complaints made by or about you relating to the Service.

The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your questions or complaints.

We use this information in connection with providing you with marketing communications in accordance with your preferences.

We will only use your personal data in this way to the extent you have given us consent to do so.

Payment information, including first and last name, email address, your country or region and communication preferences.

If you make a purchase at one of our stores, register for one of our events, programs, or conferences, or donate to us, we may collect payment information in order to complete your transaction.

The processing is necessary for the performance of a contract.

We use this information to verify your identity in connection with the detection and prevention of fraud or financial crime.

The processing is necessary for our and third parties' legitimate interests, namely the detection and prevention of fraud and financial crime.

Inquiry and Communications Information, including information provided in custom messages sent through the forms, in chat messages, to one of our email addresses, or via phone.

We use this information to deal with inquiries and complaints made by or about you relating to the Service.

The processing is necessary for our legitimate interests, namely administering the Service, and for communicating with you effectively to respond to your questions or complaints.

Newsletter and Marketing Emails, including email address, applicable interests, and communication preferences. 

We use this information to manage our communications with you and send publications highlighting our work and Services.

We will only use your personal data in this way to the extent you have given us consent to do so.

Survey and Feedback Information, including responses you provide to questions in surveys or content of any testimonials.

We use this information to administer and facilitate the Services, to respond to your submission, to communicate with you, to conduct market research, inform our marketing and advertising activities and improve and grow our Services.

This processing is necessary for our legitimate interests; namely improving our education, research, and public service offerings.

We will also use your personal data in this way to the extent you have given us consent to do so.

Employment, Admission, Volunteer, Internship, and Other Application Information, including your contact and demographic information, educational and work history, employment interests, essay responses, information obtained during interviews, and any other information you choose to provide, if you apply.

We use this information to evaluate your job application.

This processing is necessary for our legitimate interests, namely evaluating your application.

ANNEX 2 – PERSONAL INFORMATION COLLECTED AUTOMATICALLY

Category of Personal Data How We May Use It Legal Basis for the Processing

Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.

We use information you provide to us about your location to monitor and detect fraud or suspicious activity in relation to your account.

The processing is necessary for our legitimate interests, namely to protect our Services and your account from fraud and other illegal activities.

We use this information to tailor how the Service is displayed to you (such as the language in which it is provided to you).

We will only process your personal data in this way to the extent you have given us your consent to do so.

Information about how you access and use the Service. For example, how frequently you access the Service, the time you access the Service and how long you use it for, the approximate location that you access the Service from, the site from which you came and the site to which you are going when you leave our website, the UCSD website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service.

We may use information about how you use and connect to the Service to present the Service to you on your device.

The processing is necessary for the performance of a contract with you.

We may use this information to determine products and services that may be of interest to you for marketing purposes.

We will only process your personal data in this way to the extent you have given us your consent to do so.

We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services.

We will only process your personal data in this way to the extent you have given us your consent to do so.

Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers, and applications connected to the Service through the device, your mobile network, your IP address, and your device’s telephone number (if it has one).

We may use information about how you use and connect to the Service to present the Service to you on your device.

The processing is necessary for the performance of a contract with you.

We may use this information to monitor and improve the Service and business, resolve issues and to inform the development of new products and services.

We will only process your personal data in this way to the extent you have given us your consent to do so.