ÁñÁ«ÊÓƵ’s University (“ÁñÁ«ÊÓƵ’s,” “we,” “us,” “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information obtained through our websites (including subdomains), services, applications, and related communications. By using our sites or services, you agree to this Policy. <\/p>\n\n\n\n
This Policy applies to personal information collected from visitors to our public websites (e.g., stmarytx.edu and related subdomains), applicants, students, faculty, staff, alumni, donors, and other third parties who interact with us online or through our services. It does not replace specialized notices (for example, employee privacy notices or HIPAA notices) when applicable. <\/p>\n\n\n\n
We use a range of tracking technologies for analytics, accessibility, security, marketing, and student services.<\/strong> These may include, but are not limited to: <\/p>\n\n\n\n Purpose: <\/strong>Improve site usability, security monitoring, fraud detection, analytics, and legitimate institutional operations (admissions outreach, alumni engagement, etc.). <\/p>\n\n\n\n Data collected:<\/strong> Page interactions, clicks, scrolls, timestamps, form fields (including partially entered content), and limited device\/browser metadata. <\/p>\n\n\n\n Legal basis\/consent:<\/strong> Where required by law we will obtain user consent prior to placing or reading non-essential cookies or deploying tracking that collects personal data. For visitors in jurisdictions with opt-in requirements (e.g., GDPR for EU\/EEA residents), we will require affirmative consent prior to setting those trackers. <\/p>\n\n\n\n Tracker Inventory: <\/strong>A complete list of all pixels, tags, and session-replay scripts by subdomain is maintained Appendix A and updated regularly.<\/p>\n\n\n\n We use cookies and similar technologies to personalize content, provide social media features, and analyze traffic. Cookies are classified as necessary (required for site functionality), performance, functional, or advertising\/marketing. <\/p>\n\n\n\n How to manage cookies:<\/strong> Our cookie\/consent management tool allows you to accept or decline our cookies. You may also set browser-level preferences (note: blocking certain cookies may affect functionality). <\/p>\n\n\n\n Some of our sites may use session recording and keystroke preservation to help troubleshoot forms or to improve user experience. We do not<\/strong> use these mechanisms to capture sensitive fields (e.g., full payment card numbers, complete social security numbers, or protected health information), and we will endeavor to mask fields that may contain such data. <\/p>\n\n\n\n When session recording or keystroke capture is active on a page that could collect PHI or other highly sensitive data, that functionality will be disabled or opt-in will be required.<\/strong><\/p>\n\n\n\n We may share personal data with vendors and service providers (e.g., analytics, cloud hosting, payment processors), academic partners, government\/regulatory bodies when required, and other parties consistent with the purposes described here. <\/p>\n\n\n\n We avoid collecting sensitive personal information (e.g., biometric data, genetic data, precise geolocation, health\/medical information) via public websites. If we must collect such data for a legitimate business purpose, we will: <\/p>\n\n\n\n HIPAA \/ Health Data:<\/strong> If you provide health or medical information in contexts where HIPAA applies (covered entity or business associate), separate Notices of Privacy Practices and BAA agreements will apply. <\/p>\n\n\n\n Our services are not targeted at children under 13. If we discover that a child under 13 has provided personal information without parental consent, we will take reasonable steps to delete such data. If any of our programs or offerings are aimed at children, we will provide specific notices and obtain parental consent consistent with COPPA or applicable local law. <\/p>\n\n\n\n Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal information. Examples include rights under the GDPR, CPRA, and other state laws. <\/p>\n\n\n\n How to exercise rights:\u00a0<\/strong>See\u00a0Contact and Exercising Rights\u00a0below for contact details and instructions. We will verify requests consistent with applicable\u00a0aws.\u00a0<\/p>\n\n\n\n We retain personal information only as long as necessary for the purposes described and to satisfy legal, accounting, or reporting requirements. We maintain retention categories (e.g., admissions records, alumni data, web analytics) and approximate retention periods as outlined in Appendix B. <\/p>\n\n\n\n Personal information may be processed in the United States and other countries. Where international transfers occur, we will adopt appropriate safeguards (e.g., Standard Contractual Clauses, contractual protections). If you are an EU\/EEA resident, we will provide mechanisms to exercise GDPR rights and information about data transfers. <\/p>\n\n\n\n We maintain administrative, technical, and physical safeguards designed to protect personal information. While we use industry-standard controls (encryption in transit and at rest where appropriate, access controls), no system is completely secure. We will notify affected parties and regulators as required by law in the event of a breach. <\/p>\n\n\n\n If we use artificial intelligence, machine learning, or automated decision tools that process personal information, we will disclose the purposes and the categories of data used. We commit to fairness, regular audits, and safeguards (anonymization and pseudonymization) where feasible. <\/p>\n\n\n\n We may periodically update this Policy. If changes are substantial, we will provide notice on the website and adjust the effective date at the top of this document accordingly. <\/p>\n\n\n\n For privacy inquiries or to exercise your rights with respect to our privacy practices or this Policy, or to update your information, contact us: The following is a current inventory of tracking technologies, pixels, tags, and third-party scripts deployed across ÁñÁ«ÊÓƵ’s University web properties. This list is updated regularly and reconciled with our tag management system. <\/p>\n\n\n\n\n
Cookies, Ad Trackers, and Remarketing<\/h2>\n\n\n\n
\n
Session Recording, Keystroke Capture, and Chat \u2014 Special Notice <\/h2>\n\n\n\n
Third-Party Sharing and Disclosures<\/h2>\n\n\n\n
\n
Sensitive Data and Special Categories<\/h2>\n\n\n\n
\n
Children\u2019s Privacy<\/h2>\n\n\n\n
User Rights and Choices <\/h2>\n\n\n\n
\n
Data Retention <\/h2>\n\n\n\n
Data Transfers and Residency\u00a0<\/h2>\n\n\n\n
Security <\/h2>\n\n\n\n
AI, ML, and Automated Decision-Making <\/h2>\n\n\n\n
Changes to This Policy<\/h2>\n\n\n\n
Contact and Exercising Rights <\/h2>\n\n\n\n
Email:<\/strong> privacy@stmarytx.edu<\/a>
Mail:<\/strong>
ÁñÁ«ÊÓƵ’s University
Office of University Marketing and Communications, Box 75
One Camino Santa Maria
San Antonio, TX 78228
California Residents: <\/strong>To submit requests related to the CPRA, use our Do Not Sell or Share link<\/a> or email privacy@stmarytx.edu<\/a> with subject line: CA PRIVACY REQUEST<\/strong>. <\/p>\n\n\n\nAppendix A \u2014 Known tracking and third-party technologies <\/h2>\n\n\n\n
View List<\/summary>\n