General Data Protection Regulation
Sidebar
The General Data Protection Regulation, or GDPR, is a European Union law which governs how organizations and companies use personal data. Personal data means any information which, directly or indirectly, could identify a living person.
The GDPR is one of the world’s strictest consumer privacy and data security laws, requiring organizations – regardless of their location – that process the personal data of anyone in the EU to comply with its' data protection standards and privacy rights.
What does this mean for you? If you access our websites or use our services from outside the United States or are a citizen of another country, be advised that you are sending information, which may include personally identifiable data, to our servers in the United States. The information you provide may then be transferred within the United States or back out of the United States to other countries or jurisdictions outside of your country of residence (or the country in which you are accessing our websites and/or services.)
For residents of European Economic Area (EEA), Switzerland and the United Kingdom, the GDPR requires us to provide you with additional information about the processing of personal data. The legal grounds for UofL to process your personal data typically include at least one of the following: 1) you provided your consent; 2) it is necessary for our contractual relationship; 3) it is necessary for us to comply with our legal or regulatory obligations; or 4) it is in our legitimate interest (e.g., to provide you with customer service, to fulfill your request).
