Last Updated: August 31, 2023

This Privacy Policy explains how The University of Chicago Medicine (“we”, “us”, or “our”) uses and shares the information we collect when you use our website (“Website”). This Privacy Policy does not apply to information we may collect about you through other means, such as in our medical centers or at in-person events.

Please review this Privacy Policy carefully.

Changes to the Website Privacy Policy

We may change this Privacy Policy from time to time. If we change it, we will notify you by posting the updated version of the Privacy Policy. We encourage you to check this page regularly to stay current on our privacy practices.

A Note about Your Health Information

This Privacy Policy does not address our privacy practices concerning any protected health information we collect as covered entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including protected health information collected through the Website; we address those practices in a separate HIPAA Notice of Privacy Practices.

The Categories of Information We Collect

We may collect the following categories of information about you:

  • Contact information, such as your name, mailing address, email address, and phone number.
  • Professional information, such as your employment and educational history.
  • Internet activity information, such as your IP address, name of the network domain you use to access the Internet, your browsing history, and information about your interactions with the Website.
  • Location information, such as your ZIP code.
  • Other information you choose to provide, such as information you provide when you contact us.

We may also collect certain sensitive categories of information, including your protected health information. As mentioned above, our practices with respect to your protected health information are described in our HIPAA Notice of Privacy Practices.

The Sources of Your Information

We collect your information from different sources, including through:

  • Our interactions with you, such as when you contact us, submit a survey, or apply for a job.
  • Cookies and other automated technologies, which are deployed on various pages of the Website.
  • Third parties, such as business partners and public sources.

How We Use Your Information

We may use your information for the following purposes:

  • Communicating with you. We use your information to respond to your communications, send you information on our products and services, and contact you regarding upcoming appointments, billing, and professional opportunities. 
  • Improving our products and services. We use your information to understand how our Website is used, improve the quality of the Website and the user experience, and develop and improve our products and services.
  • Consider you for employment. If you apply for a job with us, we use your information to evaluate your candidacy for the position you applied for or other positions.
  • Complying with legal obligations. We use your information to comply with legal requirements, including requests from law enforcement and court orders. We may also use your information to exercise and defend our legal rights.
  • Security and fraud protection. We use your information to maintain the security of the Website and to prevent fraudulent, malicious, or illegal activity.

How We Share Your Information

We share your information under the following circumstances:

  • Service providers. We may share this information with companies that provide services to us, such as technology and software providers.
  • Corporate transactions. We may transfer your information in the event that we are involved in a merger, acquisition, sale of all or a portion of our business or assets, or other similar transaction.
  • As required or permitted by law. If we believe it is appropriate or necessary, we may share your information to (i) comply with any applicable statute, regulation or other law, order, or legal process; (ii) protect our rights, property, or safety, and those or our business partners or others; (iii) enforce policies and procedures; and (iv) pursue damages or other remedies; and/or (v) respond to an emergency.
  • With your consent. We may otherwise disclose your information if we have your consent.

We may also share de-identified or aggregate information in our discretion.

Cookies and Similar Technologies

We use cookies, pixels, and other data collection technologies to collect your information. "Cookies" are small text files that are sent to your web browser or device hard drive to store information. We use cookies and related technologies to improve your experience while using the Website and browsing the Internet. While the cookies we may use change from time to time, they generally fall into one of the following categories:

  • Strictly necessary cookies. These cookies are strictly necessary in order for you to use the Website, load and view content, and access your account.
  • Functionality cookies. These cookies help us remember you and personalize features and content for you on the Website.
  • Preference cookies. These cookies allow us to capture and store your information privacy related preferences (e.g., your opt-in and opt-out), account settings, and certain login information.
  • Analytics cookies. These cookies help us and our service providers compile statistics and analytics about platform users, including traffic, usage, demographic, and trend data, which will enable us to understand how users engage with our Website.  
  • Advertising cookies. These cookies will display advertising on the Website and on third-party websites and services. Some of these advertisements may be interest-based, meaning that they are tailored to your interests or behaviors on the Website or on other websites. 

Certain of the pages on the Website may also include social sharing widgets, like the LinkedIn Share button or the Facebook Like button. These features may collect your IP address, which page you are visiting on the Website, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on the Website. Your interactions with these features are governed by the privacy statement of the companies that provide them.

To learn more about cookies and similar technologies, please visit https://allaboutcookies.org/. Most web and mobile device browsers automatically accept cookies and you can change your browser to prevent that or to notify you each time a cookie is set. You may also choose to opt out of receiving interest-based advertising by visiting the Network Advertising Initiative’s Opt-Out Tool.

Opting Out of Marketing Emails

We may send you emails with marketing or other promotional content. If you do not want to receive marketing emails from us, you may unsubscribe by clicking the “Unsubscribe” link that appears in the marketing emails that we send. Alternatively, you may contact us using the information that appears in the “Contact Us” section. Please be aware that, even if you unsubscribe from emails, you might continue to receive emails from us concerning legal matters and other important topics. 

Notice to International Users

The information we collect about you will be stored in the United States and shared with third parties located in the United States and elsewhere in the world. The laws in the United States may differ from those in your home country. When we transfer your information from your local jurisdiction to the U.S. and other countries, we take steps to ensure such information is transferred in compliance with applicable data protection laws.

Notice to EEA and UK Users

We comply with applicable privacy and data protection laws in the European Economic Area (“EEA”) and the United Kingdom (“UK”) when our services are marketed to individuals located there. When we collect personal data subject to these laws, we process such data pursuant to one of the following lawful bases:

  • for us to carry out a contract with you, such as a contract for our services;
  • so that we can comply with our legal or regulatory obligations, and/or cooperate with regulators and other authorities; or
  • for the purposes of pursuing our legitimate interests and where these are not overridden by your interests or fundamental rights or freedoms which require protection of Personal Data, such as to manage and improve our business and user engagements and relationships.

We will process your personal data only for purposes permitted by law. This includes processing where necessary for the following purposes:

  • to comply with a request or order from a competent court, law enforcement authority or other government agency; and/or
  • to enforce, exercise or defend legal claims.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.

Certain individuals located in the EEA and UK may request to exercise the following rights with respect to the personal data we maintain:

 

  • Right to request information. You have the right to ask us questions about our processing of your personal data, including if you feel information is missing from this Privacy Policy.
  • Right to access. You have the right to request access to your personal data.
  • Right to rectification. You have the right to ask us to correct errors, or to complete omissions, in your personal data.
  • Right to erasure. You may have the right to ask us to delete your personal data. Some people call this the “right to be forgotten.”
  • Right to restriction of processing. You may have the right to limit our processing of your personal data.
  • Right to object. Under certain circumstances, you have the right to object to any processing based on our legitimate interests. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case.
  • Right to data portability. You may have the right to receive, or have us transmit to another person, a portable copy of your personal data.

In addition, you can always reach out to your local data protection authority for more information on your rights. The identity of your local data protection authority depends on where you live, so we are unable to identify it for you. If you live in the European Union, the following link may help you find contact information for your local authority:  https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-are-data-protection-authorities-dpas_en.

Notice to Canadian Users

You may request access to or correction of your personal information in our control. These rights are subject to certain exceptions, and we may take steps to verify your identity before responding to your request.

How We Protect Your Information

We have security policies and technology in place designed to prevent the loss, misuse, and alteration of the information under our control. However, it is impossible to completely guarantee the security of your information. We encourage you to exercise caution when sharing your information on the Internet.

Linking to Other Sites

The Website may include references or links providing direct access to other Internet sites of third parties. We are not responsible for the data collection or privacy practices of any third party. If you visit a third party’s linked website, the privacy practices will be governed by that website’s privacy policy not by this Privacy Policy. To ensure your privacy is protected, we recommend that you review the privacy policies of any internet site you visit.

Do Not Track Signals

Some web browsers include a “Do Not Track” feature that signals to websites that a user does not want to have their Internet activity tracked. While we are committed to respecting your privacy choices, these features are not uniform. For that reason, we do not currently recognize or respond to these Do Not Track signals.

Children’s Privacy

The Website is intended for a general audience and not intended for or directed at children under the age of 13. As a non-profit organization, our collection of children’s personal information is not governed by the U.S. Children’s Online Privacy Protection Act (“COPPA”). We do not intend to collect personal information as defined by COPPA (“Children’s Personal Information”) from minors under the age of 13 without parental consent.

Contact Information

If you have questions about this Privacy Policy or concerns, please contact:

The University of Chicago Medicine Privacy Program
Chief Privacy Officer 
5841 S Maryland
MC 1000
Chicago, Illinois 60637
773-834-9716

hpo@uchicagomedicine.org