Skip to Content

Privacy Policy

I. General Statement

PRIVACY is a word that conjures up strong convictions and an emotional reaction from many of us. In the modern world, however, wondrous forms of electronic communication render the protection of privacy interests much more difficult. We in the university community are not immune from the lure of convenience and speed when we utilize our information technology and electronic communication tools. It is, of course, part of our mission to share knowledge and to collaborate within our academic community. In doing so, however, we must recognize that these modern devices are never completely secure. It is a fact of life that all computer systems and communication systems are the subject of constant probing by outsiders ranging from the curious to the criminal.

The University of Denver will endeavor to take reasonable precautions to maintain privacy and security within the sphere of operations. The University cannot guarantee that these efforts will always be successful and, therefore, users must assume the risk of a breach of University privacy and security systems. Individuals are advised to be discreet and cautious in their use of our systems. The University of Denver Privacy Guidelines are reviewed periodically and may be modified in the discretion of the University. These changes will be posted on this site.

If you are accessing this site from the European Economic Area, please see the European Privacy Notice here.

II. Personal Information

The University of Denver recognizes and respects the importance of confidentiality and security of personal information in this increasingly open electronic age. The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, outside the scope of ordinary University functions, your name, mailing address, telephone number, e-mail address, or other information you provide. While the University makes reasonable efforts to protect information provided to us, we cannot guarantee that this information will remain secure and are not responsible for any loss or theft.

When an individual is connected to the University of Denver network or uses a University-owned computer, or other University-owned equipment, he/she agrees to abide by the rules and regulations of the University (see the University Acceptable Use Policy incorporated herein by this reference). While the University of Denver respects the desire and need for privacy in this setting, the University reserves the right, at all times, to search any and all hardware or software owned by the University, or connected to the University network, for the purposes of preventing or investigating improper or illegal use of University systems, or preventing or investigating system problems or efficiencies. In the course of an individual's involvement with the University community, software or third party systems that are used may require the individual to divulge private or personal information. The University is not responsible for the content, use or privacy of this information.

III. University Website(s)

When users visit the University of Denver website(s), the webmaster collects information concerning their Internet connection, which pages they visit on the site, the Internet Protocol Number (IP) from which they accessed du.edu, and other general information about their visit to the website. (Information associated with an individual IP Number may be used for internal diagnostics and investigation of misconduct or security issues.) The collection of this information is intended to help the University deliver efficient and useful service and it may be used to analyze trends, create summary statistics for determining technical design specifications, and to otherwise aid in monitoring system performance. Such information is stored on a temporary basis and the University will exercise reasonable care to release it only if legally mandated by law enforcement investigators, required by court proceedings, or it is deemed necessary to internal investigations of violations of University rules and regulations. The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, information regarding the behavior, habits, or demographics of those who visit University controlled websites. Certain parts of the University website(s) may require tracking techniques to follow the user's progress through courses, materials or programs or to verify information acquired from other sources. The University provides links to websites outside the du.edu network and is not responsible for the content or privacy policies of any website to which it may link.

IV. Email

The University does not intend to monitor the contents of e-mail sent to or from University servers, except to identify and correct problems with E-mail delivery or receipt, to work with email system problems, or to deal with misconduct or security issues. Electronic logs of who sends and receives e-mail through University servers are maintained for a short period of time. This information may be used to analyze trends, create summary statistics for internal planning purposes, and to otherwise aid in maintaining system performance and security. E-mail related information is stored on a temporary basis and may only be released if legally mandated by law enforcement investigators, required by court proceedings, or it is deemed necessary to internal investigations of violations of University rules and regulations. The names and e-mail addresses of University of Denver students, faculty, and staff are available in a searchable index. An individual may opt out of this index and have his/her name removed by contacting the Digital Team at DigitalTeam@du.edu.

V. Questions About Our Online Privacy Policy

If there are any questions or concerns about the University's online privacy policy, the practices of the University's website, or use of the website, please contact the Digital Team's office by e-mail at DigitalTeam@du.edu, or through regular mail at:

Digital Team
University of Denver
Division of Marketing and Communications
2199 S. University Blvd.
Denver, CO 80208

VI. Family Educational Rights and Privacy

The University is bound by the Family Educational Rights and Privacy Act (FERPA) regarding the release of student education records and, in the event of conflict with the University Policy, FERPA will govern. A guide to understanding FERPA is available in the office of the Registrar. The full text of the University's policy with regard to FERPA can be found at du.edu/registrar/privacy.

VII. Health Records/ Information

Users of the University Health and Counseling Center are protected under federal Health Insurance Portability and Accountability Act (HIPAA) regulations and state of Colorado laws regarding confidentiality of medical and mental health information/records. The full text of the University Health and Counseling Center's policy can be found in Appendix A immediately following this document.

VIII. University Bookstore

The University Bookstore online privacy policy is, by reference here, incorporated in the University of Denver Privacy Policy. The full text of the Bookstore's online privacy policy can be found in Appendix B immediately following this policy.

IX. Release or Access

All requests for release of or access to confidential information maintained in the records of the University must be directed to the office of the University's Legal Counsel. Disposition of such requests will be made by the University's Legal Counsel in consultation with the appropriate custodian of the particular University record(s).

European Privacy Notice

  • Overview

    EUROPEAN PRIVACY NOTICE

    This European Privacy Notice governs the manner in which Colorado Seminary, which owns and operates the University of Denver (“DU,” “we,” or “us”) collects, uses, maintains, and discloses information collected from individuals located in the European Economic Area (the “EEA”).

    For purposes of European privacy law (including the General Data Protection Regulation), Colorado Seminary is the data controller.

    PRIVACY PRINCIPLES

    We follow the following principles in order to protect your privacy:

    • We do not collect any more personal data about you than is necessary;
    • We only use your personal data for the purposes we specify in this Privacy Notice, unless you agree otherwise;
    • We do not keep your personal data if it is no longer needed; and
    • Other than as we specify in this Privacy Notice, we do not share your personal data with third parties:
  • Collection of Information

    Collection of Information

    We collect personal data directly from you, from third parties (please see “Personal Data Obtained from Third Parties” below for further information about third party sources of personal data), and automatically when you use our websites. We may collect information associated with your device using cookies and similar technologies. We may also receive information about your location. Such personal data may include the following:

    Website and Mobile Applications: We collect certain personal data automatically when you use our websites and mobile applications (“Services”), such as your IP address, browser type and device type, and when you complete our web forms. We process this personal data for the primary purposes of responding to your requests, providing you with relevant information, and conducting analytics. Personal data that we collect may include:

    • Contact information such as your name, physical address, email address, phone number and social media usernames;
    • Log files, which contain information collected automatically when you interact with the Services, for example, IP address, browser type, internet service provider, pages visited (including referring/exit pages), operating system, date/time stamp and/or clickstream data;
    • Cookies and similar technologies, as further described below;
    • Location information, such as your IP address to identify the general geographic area from which you access our Services. Our mobile applications may collect more precise location information about you to provide functions identified in the application, such as a map feature; and
    • Mobile device sensor information. For example, some of our mobile applications may use various sensors and components of your mobile device (e.g., your camera or microphone) to collect information for the purposes of providing you with additional functions and features.


    Admissions and Financial Aid: We collect various kinds of personal data when you apply for admission to DU, whether as an online or in person student, and if you seek financial aid. The primary source of this personal data is your application. We may solicit additional personal data, for example, from interviewers as part of the admissions process, if applicable, or from other available sources when identifying potential candidates for admission in connection with recruiting activities. We process this personal data for the primary purposes of considering your application for admission to DU; and evaluating your eligibility for financial aid. Such personal data may include:

    • Contact information, such as your name, home address, email address and phone number;
    • Demographic information, such as your gender, age, and other information you may volunteer, such as in your application or essay;
    • Education history, such as your prior schools, transcripts, school activities and disciplinary records;
    • Testing history, such standardized testing and corresponding identity verification documentation;
    • Personal information and history, such as personal interests, extracurricular activities, recommendations, other personal information you may choose to volunteer, including in your application or your essay, and other information we may learn about your background;
    • Employment history, such as job title, location and work experience;
    • Personal financial information, such as government identification number, personal and business tax reports, wage reports and statements, bank statements, socioeconomic status, scholarships and grants, and family support;
    • Family information, such as family member names, ages, education information, occupations, wages and savings; and
    • Payment information, such as your payment card number or your bank account number.


    Alumni and Donors. We collect various kinds of personal data about DU’s alumni, donors and prospective donors from a number of sources, for example, when you update your alumni or donor profile, connect with us on social media, complete a donation form or register to attend DU events. If you were a student or studied at DU, some of your personal data may be transferred from your student record into our alumni databases. We may also collect personal data from publicly available sources or third-party sources that support our operations. We process this personal data for the primary purpose of providing you opportunities to engage with DU, alumni, donors, prospective donors and students through interactions, events and your gifts or donations. Such personal data may include:

    • Contact information, such as your name, home address, email address and phone number;
    • Demographic information, such as your gender, age, and other information you may volunteer, such as in your application or essay;
    • Education history, such as your prior schools, transcripts, school activities and disciplinary records;
    • Personal information and history, such as personal interests, charitable activities, other personal information you may choose to volunteer and other information we may learn about your background;
    • Employment information, such as your title, employer, location and work experience;
    • DU affiliations, such as your social network, group memberships and DU-related correspondence;
    • Family information, such as family member names, ages, occupations and relevant medical information (if provided in advance of events);
    • Financial information, such as your contribution history, publicly available data on wealth and assets, and contributions to other organizations;
    • Payment information, such as your payment card number or your bank account number;
    • Health and dietary information, such as medical conditions that may require additional accommodations or dietary preferences, if you volunteer such information; and
    • Your image, for example, when a photograph or other image is used in online networking or announcements, or when you participate in DU events that are recorded by photography or video.


    Your Education. We collect your personal data upon your enrollment for our courses or programs and throughout your DU education. We process this personal data for the primary purpose of providing educational courses and programs, evaluating qualification for educational certificates or credit, and facilitating payment for the courses or programs in which you enroll. Such personal data may include:

    • Contact information, such as your name, home address, email address and phone number;
    • Personal information and history, such as personal interests, other information about yourself that you volunteer in profiles or through or courses or programs, and other information we may learn about your background in the course of your education with us;
    • Employment history, such as job title, location and work experience;
    • Education history, such as your prior schools, transcripts, school activities and disciplinary records;
    • Payment information, such as your payment card number or your bank and bank account number;
    • Tax information, such as your government identification number;
    • Learner interaction information, such as exchanges with other learners, forum contributions and community posts;
    • Course engagement and assessment information, such as attendance records, assignment responses, test scores and course interactions;
    • Health and dietary information, such as medical conditions that may require additional accommodations or dietary preferences, if you volunteer such information;
    • Log files, which contain information collected automatically when you interact with the Services, for example, IP address, browser type, internet service provider, pages visited (including referring/exit pages), operating system, date/time stamp and/or clickstream data;
    • Cookies and similar technologies, as further described below;
    • Location information, such as your IP address to identify the general geographic area from which you access our Services. Our mobile applications may collect more precise location information about you to provide functions identified in the application, such as a map feature; and
    • Your image, for example, where you voluntarily provide a photograph or other image for use in an online course or program (for example, in a profile), or where you have decided to use a remote proctoring third-party service software for the purposes of remotely completing an examination or assessment for DU.


    DU Personnel and Job Applicants: We collect your personal data when you apply to work or volunteer for us. Further personal data collection occurs at hiring and throughout your employment or volunteer relationship with us. We process this personal data for the primary purpose of employee and/or volunteer recruitment, providing employment or enabling authorized persons to utilize our services and facilities. Such personal data may include:

    • Contact information, such as your name, home address, email address and phone number;
    • Payment information, such as your bank and bank account number for processing your compensation;
    • Tax information, such as government identification number, wages and filing status;
    • Personal information and history, such as marital status and other information about your background, and when relevant for your position or required by law, credit history, driving record, self-reported and publicly available criminal records, citizenship and work authorization status;
    • Employment history, such as prior employers, titles, wages, work experience and disciplinary record;
    • Education history, such as prior schools, transcripts, awards, honors and disciplinary records;
    • Family information for inclusion in benefits plans;
    • Demographic information, such as gender, age and date of birth; and
    • Health information, such as medical conditions that may impact your ability to work.


    Research: We may collect your personal data as part of a research study in which you have agreed to participate as a research subject. You may be provided a consent and/or authorization form relating to the specific research project that explains the types of data collected and the purposes for which such data are processed and shared. In such a case, the description of the collection and use of your personal data provided in the consent and/or authorization form will replace the information provided here. We process this personal data for the primary purpose of furthering research and understanding in fields of academic study.

    Such personal data may include:

    • Contact information, such as your name, home address, email address and phone number;
    • Demographic information, such as race, ethnicity, gender, age, education, profession, occupation, income level and marital status;
    • Personal information and history, such as personal interests, profession, and other information about your background;
    • Family information, such as family members, ages, occupations and health;
    • Education history, such as prior schools, transcripts, awards, honors and disciplinary records;
    • Health and dietary information, such as doctor’s records, surgical records, immunizations and medications, allergies and dietary preferences;
    • Biometric information, such as facial measurements, finger prints and retinal scans; and
    • Genetic information, such as genetic information obtained from your biological samples.
  • Purposes of Processing Personal Data

    Purposes for Processing Personal Data

    In addition to the purposes set forth above, your personal data may be processed for some or all of the following purposes:

    • To facilitate payments and communications related to any services that DU or a host institution provides to you, or any services that you provide to DU or its students;
    • To create, manage, and store your educational or personnel records;
    • To facilitate any payments or donations you make to DU;
    • To provide proof of the services that DU has performed;
    • To contact and/or assist you in the event of an emergency;
    • To conduct statistical reporting and analysis;
    • To enable DU to enhance, modify, personalize, or otherwise improve DU's services or communications for the benefit of DU's members and/or the general public;
    • To enhance the security of DU's network and information systems;
    • To better understand how people interact with DU's websites;
    • To determine the effectiveness of promotional campaigns and advertising;
    • To promote the health and safety of DU community members;
    • To monitor academic progress and support students’ educational endeavors
    • To share information about third party institutions or offerings that may be of interest to you;
    • As required by applicable law (including to demonstrate compliance with applicable law), or to comply with our legal or contractual obligations to share personal data with law enforcement;
    • To identify and prevent fraud; and
    • To fulfill any other purpose for which you provide personal data.
  • Legal Basis for Processing

    Legal Basis for Processing

    Our legal basis for collecting and using the personal data described in this Privacy Notice will depend on the personal data concerned and the specific purposes for which we collect it. We collect and use your information for a variety of purposes, including those that (a) are in our legitimate interests (for example, providing educational offerings, evaluating your academic performance, conducting admissions research, managing internal administrative tasks, conducting analytics to improve websites or program offerings, and requesting gifts or donations), (b) are necessary in order to enter into or perform a contract with you (for example, providing educational programs, processing your application for admission, processing your payments or donations, registering you for courses or events, and managing employment or other work relationships), (c) you consent to, or (d) are necessary to comply with our legal obligations (for example, financial aid reporting, tax filing, and reporting of adverse events to regulatory agencies).

    If you wish to learn more about specific legal grounds we rely on to process your information for any particular purpose (including any legitimate interests we have to process this information), please contact us as provided under the Contact Us section.

  • Recipients of Personal Data

    Recipients of Personal Data

    We do not rent or sell your personal data to third parties, and will disclose it only in the following ways:

    • To our third party service providers, as reasonably necessary for the uses described in this Privacy Notice. We ask our service providers to limit their use of personal data, and require them to agree to protect your personal data under written agreements;
    • To other institutions with which we run joint programs;
    • With any potential acquirer, successor or assignee as part of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business or assets;
    • As required or permitted by applicable law, if we believe that such disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us, (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with our Services, (c) helpful to protect our rights, reputation, property, or that of our students, visitors, users, corporate affiliates, or the public, or (d) to enforce compliance with our agreements with you; and
    • As otherwise authorized by you.
  • Personal Data Obtained from Third Parties

    Personal Data Obtained from Third Parties

    We may obtain certain Personal Data about you from third party sources, which we may use for the purposes and in the ways described in “Collection of Information” and “Purposes for Processing Personal Data” above. In some cases, we may obtain your consent for additional uses.

    Service Providers: We use service providers, such as application facilitators (for example, the Common Application and the College Board) and payment processors and analytics providers (for example, Qualtrics), to perform services on our behalf. Some of these service providers have access to personal data about you that we may not otherwise have (for example, when you sign up directly with that provider) and may share some or all these data with us.

    Single Sign-On: Some of our online services or research activities may allow you to register and login to those services through a third-party platform. When you login to our service through a third-party platform, you allow us to access and collect any personal data from your third-party platform account permitted under the settings and privacy statement of that platform.

    Supplemental Personal Data: We may receive additional personal data from third-party sources, such as public or private databases (for example, compilations of email or postal addresses), or companies or institutions that may sponsor or facilitate your participation in one of our programs, which we may also append to existing personal data.

  • Transfers to Third Countries Outside the EEA

    Transfers to Third Countries Outside the EEA

    DU is an educational institution located in the United States of America (“USA”). In order to provide you with the Services and otherwise fulfill our obligations to you, it is necessary for your personal data will be transferred to, and processed in, the USA. Data protection laws differ among jurisdiction, and the USA may not provide the same level of protection for personal data as your jurisdiction of residence. We will take appropriate steps to ensure that your personal data is afforded the same level of protection as described in this Privacy Notice.

  • Cookies

    Cookies

    We use cookies in connection with your use of the Sites. A cookie is a small data file that is placed on your device when you visit a website. Cookies are widely used in order to make websites work or to work more efficiently, as well as to provide reporting information. A cookie may have unique identifiers and reside, among other places, on your device, in emails we send to you, and on the Site.

    Some cookies are necessary for the website to function properly They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging-in, or filling-in forms. You can set your browser to block or alert you about these cookies, but some parts of the site may not work if you block these cookies.

    Our website also uses cookies during your on-line session for certain legitimate business interests, which may include delivering content specific to your interests, collecting the domain name of the server from which you are visiting, and providing us with information about the site’s performance. Cookies allow us to avoid showing you the same ad or other message repeatedly. Our cookies enable us to relate your use of the site to information that you have specifically and knowingly provided to our website. If you do not allow these cookies, the site may be less user-friendly.

    Some of our pages or subsites may use “targeting” cookies. These cookies may be used by us and our advertising partners to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you do not allow these cookies, you will not experience our targeted advertising across different websites.

    You can control and/or delete cookies as you wish - for details, including how to prevent your browser from accepting cookies, or how to disable cookies.

  • Security

    Security

    The security of your personal data is important to us. We have adopted generally accepted industry standards in connection with our data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data, username, password, transaction information, and data stored on the Sites. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

  • Children

    Children

    We do not direct services to, and we do not knowingly collect or solicit personal data directly from, children under the age of 16.

  • Data Retention

    Data Retention

    We will retain your personal data only for so long as is necessary for the purpose for which it was collected, or as otherwise required or permitted by law. Further information about DU’s data retention policies is available.

  • Data Subject Rights

    Data Subject Rights

    You have certain rights with respect to your personal data, including the right to access, correct, update, or request deletion of your personal data. DU takes reasonable steps to ensure that your personal data is reliable for its intended use, accurate, complete, and up to date. If you want to contact us directly about accessing, correcting, updating, or deleting your personal data, or altering your personal data or marketing preferences, you can do so at any time by contacting us as provided in the Contact Us section. We will consider your request in accordance with applicable laws.

    You can object to processing of your personal data, ask us to restrict processing of your personal data, or request portability of your personal data. Again, you can exercise these rights by contacting us using the Contact Us section.

    You can complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. Contact details for data protection authorities in the EEA and Switzerland are available.

    Similarly, if we have collected and processed your personal data with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

    We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We may ask you to verify your identity in order to help us respond efficiently to your request.

  • Changes to this Privacy Notice

    Changes to this Privacy Notice

    We have the discretion to update this Privacy Notice at any time. When we do, we will revise the updated date at the top of this page. If we make material changes to this Privacy Notice, we will notify you here, by email, or by means of a notice on the Site prior to the change becoming effective. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal data we collect. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications

  • Contact Us

    Contact Us

    If there are any questions or concerns about DU’s European Privacy Notice, please contact DU by e-mail at EEA.GDPR@du.edu, by phone at 1-303-871-6711, or through regular mail at:

    Office of Business and Financial Affairs
    Attn: DU GDPR Contact
    University of Denver – Mary Reed Building
    2199 S. University Ave., Room 103
    Denver, Colorado USA 80208

    You may also contact DU’s European Representative, DP-Dock GmbH, by e-mail at unidenver@gdpr-rep.com, or through regular mail at:

    DP-Dock GmbH
    University of Denver
    Ballindamm 39
    20095 Hamburg

More Information

  • Appendix A

    University of Denver Health and Counseling Center Policy Regarding Confidentiality of Medical and Mental Health Information/Records

    1. Unless otherwise required by law, confidentiality of any and all medical and mental health information about Student Health and Counseling Center patients, active and inactive, must be maintained at all times, except when a request is made for release of that information by appropriately executed written consent of the patient. In urgent situations, witnessed and properly documented verbal consent may be appropriate.
    2. In the case of patients less than 18 years of age, medical information may be released without consent to parents or legal guardians. However, medical information of a sensitive nature, i.e., information regarding sexually transmitted diseases, contraception, pregnancy, abortion, etc., may not be released without patient consent. Mental health information may not be released without specific consent. When a question exists as to whether or not medical or mental health information may be released to the parent or legal guardian, the Student Health and Counseling Center Director, or the Director's representative, should be consulted before release of information occurs.
    3. "Medical and mental health information" includes all information present in the medical or mental health record, information given or received over the telephone, by facsimile, e-mail, or other forms of communication, and medical or mental health information acquired formally or informally by any means within and outside the Student Health and Counseling Center on a Student Health and Counseling Center patient.
    4. "Medical/mental health information" includes, but is not limited to, information about a patient's physical or mental health condition, drug and alcohol use, and HIV status.
    5. Medical and mental health information may be released without documented patient consent to a provider treating a patient on an emergency basis.
    6. Information about whether or not a patient has been seen ("yes" or "no") at the Student Health and Counseling Center for medical reasons cannot usually be released without patient consent, and request for that information should be evaluated and answered only on a case-by-case basis. For example, it might be appropriate to tell a coach or athletic trainer who has referred an athlete to the Student Health and Counseling Center for treatment whether or not the student has been seen. However, no other information can be given about the visit(s) without patient consent (if consent is present in the Department of Athletics and Recreation, it should be faxed over before the information is released). Other requests for information about whether or not a student has been seen should be referred to the Student Health and Counseling Center Director, or the Director's representative, if patient consent is not available. No information about whether or not a student has been seen for mental health reasons should ever be given without specific patient consent, except to referring counselors/providers.
    7. Subpoenas for medical or mental health records, no matter how official in appearance, do not automatically trigger release of records. The Student Health and Counseling Center Director, or the Director's representative, must be consulted before any release of medical or mental health records consequent to a subpoena.
    8. Requests for medical or mental health information about a patient from law enforcement officers, campus security officers, governmental agencies, etc., do not automatically allow release of that information. The Student Health and Counseling Center Director, or the Director's representative, must be consulted before such information is released when written patient consent is not available.
    9. The release of information regarding MMR immunization status to the Registrar or other University officials is allowed without patient consent.
    10. Exceptions to the above policy/procedures may apply if a true medical or psychiatric emergency exists. These rare exceptions must be handled on a case-by-case basis and, whenever possible, be approved by the Student Health and Counseling Center Director or the Director's designated representative.
    11. Whenever a request for release of medical or mental health information, written or verbal, generates questions about the appropriateness of that release and/or the situation is not addressed by the above policy/procedures, the Student Health and Counseling Center Director, or the Director's representative, should be consulted before release of information occurs.
    12. Any release of medical or mental health information about a Student Health and Counseling Center patient or discussion of that information in any forum outside the Student Health and Counseling Center without proper authorization as described above constitutes a breach of confidentiality.
    13. Such breach of confidentiality by an employee is subject to serious disciplinary action by the University, up to and including immediate termination of employment. The University may also be subject to monetary fines under the law.
    14. The Student Health and Counseling Center follows all State of Colorado laws and federal HIPAA regulations governing the handling and release of medical and mental health information.

    For more information on State of Colorado health record laws, HIPAA regulations and your rights please contact the Student Health and Counseling Center:

    Physical Address: Ritchie Center, 3rd Floor, north side (on Buchtel Boulevard facing I-25), 2240 East Buchtel Denver , CO 80210

    Website: du.edu/health-and-counseling-center

  • Appendix B

    University of Denver Bookstore Website Privacy Policy

    I. GENERAL

    The University of Denver Bookstore has established this policy and is providing it to you so that you can understand the manner in which we use your information and the efforts we use to protect it. This policy works in conjunction with the overall University of Denver Privacy Policy.

    II. SERVICE PROVIDER

    The University of Denver Bookstore's service provider is CampusHub. The University is not responsible for the content or privacy policies of CampusHub or any website to which it may link.

    III. PERSONAL INFORMATION

    The University of Denver Bookstore is aware of and concerned about your interest in keeping your private information confidential. The University of Denver Bookstore will endeavor to take reasonable precautions to maintain privacy and security within the sphere of operations. We cannot guarantee that these efforts will always be successful and, therefore, users must assume the risk of a breach of University Bookstore privacy and security systems. Individuals are advised to be discreet and cautious in their use of our systems.

    A. Your email Address
    The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes your email address with third parties, unless required for system functionality or other fundamental usage requirements. The Bookstore does not intend to send you "junk" email or messages that do not relate to the purpose of your original communication with us.

    B. Your Credit Card Information
    The University of Denver Bookstore has undertaken procedures to provide security for our credit card transactions. While we endeavor to protect the security and validity of your transaction, we cannot guarantee that these efforts will always be successful and, therefore, user must assume the risk of a breach of our systems.

    C. Other Personal Information
    Personal information pertaining to your account can be accessed and changed whenever you sign into the University of Denver Bookstore site and go to your account. Categories of information kept in your account profile may include, but are not limited to, the following: name, daytime phone number and complete address.

    D. Automatic Information and Supplemental Technologies
    Please refer to the CampusHub independent privacy policy in regards to these specific topics.

    IV. SECURITY AND CONFIDENTIALITY

    When you place an order with us using one of our security enhanced forms, the data you provide is typically encrypted by our server using SSL (Secure Socket Layer) technology. This encryption makes it difficult for a third party who would intercept the transaction to decipher it. If the web site address begins with https:// rather than http:// it has this security mechanism engaged. Security enhanced connections only protect the information as it is coming and going, not when it sits on the server.

    V. THIRD PARTIES

    The University does not intend to sell, swap, rent, or otherwise disclose for commercial purposes, information regarding the behavior, habits, or demographics of those who visit University controlled websites. Certain parts of the University website(s) may require tracking techniques to follow the user's progress through courses, materials or programs or to verify information acquired from other sources. The University provides links to websites outside the du.edu network and is not responsible for the content or privacy policies of any website to which it may link.

    VI. MISCELLANEOUS PROVISIONS

    A. Notifications
    The University of Denver Bookstore does not intend to send you any notifications that do not pertain to the purpose of your communication with us. You are responsible for providing a valid email address and for updating it as your address changes. You may go into the site and change or update your personal information whenever you choose. Neither the University nor the Bookstore are responsible for notifications that are not received as a result of incorrect information provided by you.

    B. Modifications
    The University of Denver Bookstore Privacy Guidelines are reviewed periodically and may be modified in the discretion of the University. These changes will be posted on this site.

    VII. CONTACT

    For questions or more information on this policy please contact the University of Denver Bookstore:

    Physical Address: University of Denver Bookstore 2050 E. Evans Ave. Denver, CO 80208

    Website: du.bkstr.com