Privacy Policy

Last update: November 15, 2023

I. Overview and Scope

The University of Michigan (“U-M,” “University”) recognizes and values the privacy of the university community members and its guests, and strives to be the leaders and best in the ways in which we manage your personal information. This value is reflected in Regent’s Bylaw Sec. 14.07. Privacy and Access to Information, which states in part:

“In collecting, utilizing, and releasing information about individuals associated with the university, the university will strive to protect individual privacy, to use information only for the purpose for which it was collected, and to inform individuals of the personal information about them that is being collected, used, or released.”

In principle, the University of Michigan strives to:

  • Collect, store, and use the minimum amount of personal information that is necessary for its legitimate business purposes, and to comply with legal obligations.
  • Take reasonable steps to ensure the personal information we manage is accurate and up-to-date.
  • Limit who has access to the personal information in our possession to only those who need it for a legitimate, specific purpose.
  • Protect personal information through appropriate physical and technical security measures tailored to the sensitivity of the personal data we hold.
  • Communicate with our students, faculty, employees, suppliers, partners, and others about how we use personal information in our day-to-day operations.
  • Provide opportunities to control your personal information, as permitted by applicable United States and other laws.
  • Integrate privacy in the design of our activities when that involves the use of personal data.

The University of Michigan’s Center for Academic Innovation (“CAI,” “we,” “our”) respects your privacy and is committed to protecting it. This Privacy Policy details the ways in which your personal data may be collected, secured, shared, and used when you interact with Sites, Software, and Michigan Online® Courses, as defined below (collectively, “Services”). When applicable, specific Services are listed by name or category to indicate where data processing activities are unique only to the Services named or described. By accessing or using our Services, you agree to the terms of this Privacy Statement.

Specifically, this Privacy Policy applies to: 

This Privacy Policy does not, unless otherwise stated, apply to other U-M learning experiences that may be advertised on online.umich.edu or other U-M websites but are accessed through a third-party platform, such as Coursera, edX, or FutureLearn. Please review the unique privacy policies maintained by these third-party platform providers for additional information, which are made available in website footers for each website linked above.      

II. Sites and MO Courses 

The Information We Collect

We collect personal information when you access our Sites and MO Courses in the following ways:

  • Through direct collection: When you directly provide it to us, such as when you sign up for a newsletter on one of our Sites or register for an MO Course.
  • Through automated processes: This includes information you provide us through technology, such as through a cookie placed on your browser when you visit our Sites or participate in MO Course activities.
  • From others: We may receive information from other organizations for legitimate, specific purposes, such as for bulk enrollment in an MO Course.

Our goal is to limit the information we collect to the information needed to focus on the needs and interests of our visitors, support our business operations, and improve the overall functionality of our Sites and MO Courses.

During a user’s visit to our Sites, we automatically collect and store certain information about the visit. Information collected includes:

  • The Internet domain from which a visitor accesses the website
  • The IP address assigned to the visitor’s computer
  • The type of browser the visitor is using
  • The date and time of visit
  • The address of the website from which the visitor has linked to our Sites

In addition, we may collect the following information from users that visit our Sites, including those hosting MO Courses, or through University of Michigan contracted-for third-party advertising and marketing providers (e.g., Google Analytics, Google Adwords):

  • Content viewed during the visit
  • Date and time of visit
  • Amount of time spent on the website
  • Visitor location based on IP address
  • Demographic information

Our Sites as well as MO Courses may also provide opportunities for visitors to voluntarily provide personally identifiable information, such as their email address, name, telephone number or street address.

Cookies

When you view our Sites, including those that host MO Courses, we may store some information on your computer in the form of a cookie. Cookies allow us to tailor our website to better match your interests and preferences. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience all features and content of our Sites.

Our Sites use the following types of cookies:

Google Analytics Cookies

Purpose: Google Analytics uses cookies to count visits and traffic sources in order to measure and improve the performance of our websites. See details about Google Analytics’ usage of cookies on websites and privacy policy

The Google signals service, which is active as part of our Google Analytics account, captures aggregated data, including additional demographic and interest information through existing Google features and cookies, such as DoubleClick cookies (described below) and cross-device reports if visitors are signed in to their Google accounts with Ads Personalization turned on. Visitors to our Sites may later see targeted ads for our Services, across multiple devices, depending on their individual Google account settings. 

Opt-out: Find out more about managing cookies through your browser. You can also opt out of Google’s ad personalization from Google Ads Settings

DoubleClick Cookies

Purpose: DoubleClick, which is run by Google, uses cookies to improve advertising. The cookies collect information specific to your browsing activity and keep it linked to your unique cookie ID. See DoubleClick’s cookie policy.

Opt-out: You can opt out of Google’s ad personalization from Google Ads Settings.

CrazyEgg Cookies

Purpose: CrazyEgg Cookies provide information on how visitors use our Sites. See here the Privacy Policy and the Cookie Policy of CrazyEgg.

Opt-out: Find out how to opt out here. This Site may also use a third-party click tracking analytics tool (such as Google Analytics and the Salesforce Marketing Cloud) to capture clickthrough statistics.

Because there is not yet a common understanding of how to interpret web browser-based “Do Not Track” (DNT) signals, CAI does not process or respond to DNT signals.

Social Media Plugins

Some of the pages on our Sites have embedded social media sharing buttons. Social media platforms use cookies or other tracking technologies when a button is embedded on our website. We do not have access to, or control of, any information collected through these buttons. The social media platforms are responsible for how they use your information. For specific privacy controls on how these buttons track how users access our Sites, see the cookies policies of Twitter, Facebook, Pinterest, LinkedIn, Instagram, and YouTube.

How Your Information Is Used and Shared

When you do provide us with personal data, we may use that information to provide you with information about CAI news and events, as well as the things like:

  • Fulfilling Site or MO Course user requests (e.g., create login credentials, send marketing or promotional materials including emails, change newsletter preferences, etc.)
  • Responding to your requests for information
  • Contacting you about promotional offers, marketing programs, or communications from CAI, and other University of Michigan programs and services based on your website or email activity and/or selected interests
  • Tracking, measuring and analyzing your use of and activity relating to the Site or MO Course, and your engagement with CAI, the University of Michigan and their programs, services and activities, in order to enhance CAI’s and the University’s relationships with you
  • Fulfilling a request for or to develop new products or services
  • Contacting you if necessary in the course of processing or shipping an order for products or services
  • Generating analytics that improve our Site layouts, content, product offerings and Services
  • Making inferences and predictions about your potential areas of interest
  • Complying with legal requirements
  • Compiling aggregate and statistical data to help in website design and to identify popular features
  • Measuring site and MO Course activity to allow us to update our Services to better meet user wants and needs
  • Processing credit card information to properly bill your account(s) (when applicable)

We may also use MO Course data, including personal information, to:

  • provide and administer the course or program in which you are participating, including evaluating your success in and engagement with the education offering;
  • improve student interventions and outcomes;
  • respond to your requests and communicate with you regarding current or future courses or programs;
  • troubleshoot to support a user’s experience;
  • conduct research (for example, in the areas of education and cognitive science) and analytics related to our education offerings;
  • satisfy legal, regulatory and contractual obligations;
  • use as source information to building learning analytics models to enhance teaching and learning at scale; or
  • make improvements to MO Courses.

We may use personal information collected through Sites and MO Courses to enhance performance and user experience and for other legitimate educational interests. We may also share your personal information in limited circumstances, such as with University partners or external service providers that support business activities. 

For MO Courses, we may share your personal information, including registration and performance data, with your employer or other third parties when the third party has registered you as a learner or included you on a group registration list. We may also share this personal information with third parties otherwise affiliated with you or the MO Courses you are enrolled in, such as when the third party is providing credentialing or evaluation services (e.g., a licensing agency or professional development organization) or has partnered with an academic unit in the development of the course. When applicable, additional information concerning information sharing with such third parties will be provided to you as part of course description or registration materials.  

We may also share your personal information associated with any Service when required by law, or when we believe sharing will help to protect the safety, property, or rights of the University, members of the University community, and University guests. We will not sell or rent your personal information

If we use your personal information to contact you for marketing purposes, we will provide you with a method allowing you to opt-out of future communication. You can also contact us by emailing, writing, or calling using the contact information provided at the bottom of this Privacy Policy.

Finally, we may use an unaffiliated payment service to allow you to purchase a product or service offered through our Sites and MO Courses (Payment Service). If you wish to purchase a service or make a payment using a Payment Service, you will be directed to a Payment Service webpage. Any information you provide to a Payment Service is subject to the applicable Payment Service’s privacy policy rather than this Privacy Policy. We have no control over, and are not responsible for, any Payment Service’s use of information collected through any Payment Service.

III. Software

The Information We Collect

User-Provided Information – Wherever prior and separate registration is needed to use Software, we will collect and store the information you enter into our systems when you create an account on an applicable Software hosting site, which will generally be accessed via links provided through an organization’s Learning Management System (LMS). We will also collect and store information you provide when engaging with the Software or when contacting us for other purposes or through other methods, such as over email. Information you provide generally will include:

  • your name, email address, user name, password and other registration information;
  • information you provide us when you contact us for help;
  • depending on the Software, transaction-related information, such as when you create or submit an assignment, make a grade prediction, submit or receive feedback on an assignment, create an announcement, or otherwise use features in Software that rely on user input; and
  • information you enter into our system when using Software, such as contact information and project management information.

Automatically Collected Information – In addition, the Software may collect certain information automatically, such as the type of device you use, the IP address of your device, your operating system, the type of Internet browsers you use, location data or sites used to access/leave each page, and information about the way you use the Software, including your digital interactions with the Software and the date, time, and length of your visits. This information may be collected through the use of cookies and web beacons and is automatically stored in log files each time you visit our Sites and log into the Software. Cookies administered by the Center for Academic Innovation are used to identify a user across page loads during a session and are therefore necessary for an integrated user experience. Some of this automatically-collected data may be linked to user-provided information.

Information Provided by Others – We may receive information collected by other organizations that are using Software. Additionally, certain Software (specifically: Gallery, Write and Revise, Write and Annotate, and Recommender) can be easily integrated with third-party learning management systems and platforms using the Learning Tools Interoperability® (LTI) standard (collectively, “LTI Applications”). For LTI Applications, we may receive information collected by LMS providers through LTI-enabled transfers or from the organizations and LMS providers directly. For all Software, including LTI Applications, information provided by others may include all of the same categories listed in the “User-Provided Information” and “Automatically Collected Information” sections above. LTI-enabled transfers occur automatically when using the LTI Application through your LMS and include account information (username and/or email address connected to the account) linked to the LMS you are using to access the LTI Application. The automatic transfer of account information is necessary to provide a fully integrated and seamless user experience between the LMS and LTI Application.

The User-Provided Information, Automatically Collected Information, and Information Provided by Others described above shall be collectively referred to as “Software Data.”

How Your Information Is Used

We use Software Data collected through the Software to enhance the Software’s performance and user experience and for other legitimate educational interests or as required by law. We do not sell or rent your personal data.

We may use Software Data to:

  • provide and administer the course or program in which you are participating, including evaluating your success in and engagement with the education offering;
  • improve student interventions and outcomes;
  • respond to your requests and communicate with you regarding current or future courses or programs;
  • troubleshoot to support a user’s experience;
  • conduct research (for example, in the areas of education and cognitive science) and analytics related to our education offerings;
  • satisfy legal, regulatory and contractual obligations;
  • use as source information to building learning analytics models to enhance teaching and learning at scale; or
  • make improvements to the Software or other Services.

Additionally, we may use Software Data collected about learners enrolled in U-M learning experiences to send advertisements or other marketing materials via email about other programs, promotions or services to students enrolled in U-M courses and programs if they have requested or agreed to receive such information, or where we are otherwise permitted by local law to contact these learners for these purposes.

How Your Information Is Shared

We will only disclose your personal data to:

  • school officials (instructors and administrators) for them to conduct their educational responsibilities, including individuals who work for the LMS provider and, where applicable, at the organization offering the LMS experience;
  • government officials, as required by law, such as to comply with a subpoena, or similar legal process or when we believe in good faith that disclosure is necessary to protect our rights (including in legal proceedings), protect your safety or the safety of others, investigate fraud, or respond to a government request; and
  • trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.

How Your Software Data is Secured

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our Services. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches. We maintain the Software and its associated data in ways that comply with the Family Education Rights and Privacy Act (FERPA) and U-M FERPA policies.

Data Retention Policy, Managing Your Information

The Center for Academic Innovation administers cookies to identify a user across page loads during a session and provide an integrated user experience. These cookies may be blocked through settings in your browser, but doing so would affect the functioning of the Software.

Additionally, we may use Google Analytics Cookies to count visits and traffic sources in order to measure and improve the performance of our Sites. See details about Google Analytics’s usage of cookies on websites and privacy policy. You may find out more about managing cookies through your browser. Opting out of or blocking cookies may impact performance.

We will retain User-Provided Information for as long as you use the Software and for a reasonable time thereafter.

IV. Your Consent 

By using our Services you signify that you agree with the terms of our current Privacy Policy. If you do not agree with any terms in this Privacy Policy, please discontinue use. 

V. Access to Your Personal Information

Upon request you can review, update and correct the personal information you provided to us through our Services.To access this information, please contact us at [email protected] or call us at 734.764.2010.

You can write to us at University of Michigan, Center for Academic Innovation, 317 Maynard St., Ann Arbor, MI 48104.

We strive to promptly respond to your request, and will do our best to address your concern. 

VI. Opting-Out of Certain Activities 

If you do not want us to contact you with marketing communications or other information regarding our products and services (or if you agreed to be contacted for such purposes at the time your personal information was collected by us but you no longer wish to be contacted or have your information used in such a way), you can let us know by following the unsubscribe instructions on any communications sent to you

You can also unsubscribe at any time by emailing us at [email protected] and including the name of the Service(s) you are concerned with in your email. 

Please note that if you have registered an account for an individual Service, including an MO Course or Software account, opting out of marketing messages will not result in your removal from all other (i.e., non-marketing) messages relating to those Services. We reserve the right to send you certain communications relating to your account, your registration, and your use of our Software and MO Courses, such as messages relating to account management, customer service, systems maintenance, and updates to terms of service and privacy policies. These transactional account messages will thus be unaffected if you choose to opt-out of marketing communications.

VII. Our Commitment to Security

The University of Michigan recognizes the importance of maintaining the security of the information it collects and maintains. We maintain physical, electronic, and procedural safeguards to protect against the loss, misuse or alteration of the information under our control.

Unless shared in a manner consistent with this Privacy Policy, all of your information is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information. If you are uncomfortable sharing your personal data on the Internet, please contact us at the below addresses or telephone number.

VIII. Changes to this Statement

We may occasionally decide to change our Privacy Policy, especially as new features are added to our Services. We will indicate at the top of this Privacy Policy when it was last updated.

IX. How to Contact Us

If you’d like us to access, update, correct, or delete your personal information associated with our Services, we can be reached via email at [email protected]. Please list the specific Service of concern in your email and we will respond in a reasonable time. Please note that some or all of the information we collect may be required in order for the Services to function properly, and we may be required to retain certain information by law. 

Other ways to contact us are provided below.  

Our postal address:

Center for Academic Innovation
317 Maynard Street
Ann Arbor, Michigan 48109

Telephone: 734-764-2010.

X. Notice Specific to Persons Within the European Union

If you are in the EU and you interact with the University of Michigan in the context of this website, then our processing of your personal information may fall under Regulation 2016/679 (the General Data Protection Regulation, or the “GDPR”) and under the legal framework of Directive 2002/58/EC (“ePrivacy” Directive). In these circumstances and as applicable, the University of Michigan may be the controller of the processing of your personal data. Please see also our GDPR resources webpage for more information.

Legal Basis for Processing 

When we process your personal information, we will endeavor to have a valid lawful ground for processing in place. We process your personal information relying on different lawful grounds for processing, depending on the context of the processing activity.

Your Rights

The University of Michigan is committed to facilitating the exercise of the rights granted to you by EU data protection law (the right to access your data, to ask for erasure, correction, restriction, portability of your data or to object to the processing of your data) in a timely manner for personal information that properly falls under the GDPR.

In order to be able to reply to your request for exercise of your rights, and if we are not certain of your identity, we may need to ask you for further identification data to be used only for the purposes of replying to your request. If you have any inquiries or requests, please write to [email protected] or contact us through our postal address.

Retention Period

We strive to keep personal data in our records only as long as they are necessary for the purposes they were collected and processed. Retention periods vary and are established considering our legitimate purposes and all applicable legal requirements.

Transfers

When you interact with the University of Michigan, your personal information is transferred to the United States. The United States is not currently among the countries outside the European Union that have obtained an adequate level of protection from the European Commission. To ensure the lawful transfers of personal data from the EU, the University of Michigan relies on the derogations laid out in Article 49 GDPR. Be advised that we provide safeguards for the information transferred, as required by the GDPR itself and in accordance with this website privacy notice.