PERSONAL EXPOSURE REPORTER (PER) PRIVACY STATEMENT

Last Updated: 10/17/2022

Thank you for visiting the University of Miami’s Personal Exposure Reporter (PER) website and/or application. The University of Miami is a private, independent, international university and an equal opportunity/affirmative action employer.

At the University of Miami, we respect and value your privacy. We believe in transparency and want you to understand what information we collect from you when you visit the University’s PER website and/or application and what control you have over that information. This Privacy Statement describes, in general terms, how we collect your information, why we collect your information, how we use or share your information, and what control you have over your information.

Who Will Process My Personal Information?

Our Privacy Statement applies to the use of your personal information by the University of Miami through the use of its Personal Exposure Reporter (PER) website (www.per.miami.edu) or application available through the Apple App and Google Play stores. The information published here is limited to the use of personal information by University of Miami’s PER website and application.

When this statement mentions “University,” “we,” “us,” or “our,” it refers to the University of Miami in its capacity as the Data Controller. That is, the responsible party for your information under this Privacy Statement. The University of Miami’s PER website and application, collectively, will hereinafter be referred to as the “University’s PER Website.”

Information Collected

When visiting the University’s PER Website, we collect your personal information directly from you when you register for an account, create a profile and make a report to us about any fire or emergency-related incidents you experience.

Information You Give Us Via Our Website and App

We collect information you share with us while using the University’s PER Website. To conduct our research about firefighters’ exposures to toxins and to identify safety measures to reduce any identified risks, we ask for and collect the following personal information about you:

For the creation of your PER account, we collect your first and last names, date of birth, personal email address, and password. When you create your profile in your PER account, we collect your first and last names, your gender, ethnicity, race, height, weight, information about your tobacco use (if any), your personal and family history of cancer and your current prescriptions. For your profile, we also collect your employment information including, your employee ID, years of service, your personal phone number, address, and preferred method of contact, along with the name and address of your fire agency, your station number, job title, shift cycle and shift, and the storage location of your bunker gear. When you voluntarily submit reports about fire incidents, fire training, fire investigations, hazmat exposures, water rescue, search and rescue, Covid-19 exposure, and/or accident and near-miss incidents to the University’s PER Website we collect the incident/investigation number and incident/training/investigation time, and other detailed report-related information that, by itself, cannot be used to identify or contact you (e.g., including, but not limited to, the location of soot on your body, type of Personal Protective Equipment (PPE) worn, physical/medical symptoms experienced because of the incident or training, Covid-19 exposure types and test results, etc.).

The University maintains proper security measures to ensure this information is kept confidential and only accessed by the appropriate University workforce members.

Other information: You may otherwise choose to provide us information when you fill out a form, ask a question, respond to surveys, update or add information to your PER account or profile, or use other features of the University’s PER Website.

How We Use the Information We Collect

We use, store, and process information, including personal information, about you to:

Conduct our research about firefighters’ exposures to toxins during, or related to, fire incidents, fire training, fire investigations, hazmat exposures, water rescue, search and rescue, Covid-19 exposure, and/or accident and near-miss incidents and to identify safety measures to reduce any identified risks;

Enable you to submit, record, and access information about each of your exposures to toxins; and

Enable you to communicate with us.

We process this information given our legitimate interest in:

Conducting research about firefighters’ exposures to toxins and to identify safety measures to reduce any identified risks;

Contributing to the bank of generalized knowledge about firefighters’ exposures to toxins and to create publications based on our research findings;

Creating and Maintaining a Trusted Website Environment;

Complying with our legal obligations;

Enforcing our agreements with third parties; and

Enforcing our policies.

How We Share the Information We Collect

We do not share your personal information. We may share de-identified and aggregated information for IRB-approved research studies or for industry collaborations with firefighter organizations.

Compliance with Law, Responding to Legal Requests, Preventing Harm, and Protection of Our Rights

We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary:

To comply with our legal obligations;

To comply with legal processes and to respond to claims asserted against the University of Miami;

To respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability;

To enforce and administer our agreements; and

To protect the rights, property, or personal safety of the University of Miami, its employees, its users, or members of the public.

Where appropriate, we may notify you about legal requests for your information unless:

Providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law; or

We believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon the University of Miami’s property, its users or the University Website.

Service Providers

The University of Miami uses third party service providers to help us provide services related to the University’s PER Website. Service providers may help us:

Perform product development, maintenance, and debugging;

Allow the provision of services through third party platforms and software tools (e.g., through the integration with our APIs);

These providers have limited access to your information to perform these tasks on our behalf and are contractually bound to protect it and to use it only for the purposes for which it was disclosed and consistent with this Privacy Statement.

Children's Guidelines

The University of Miami does not knowingly collect online contact information from children under 13 years of age without prior parental consent or parental notification, which will include an opportunity for the parent to prevent use of the information and/or participation in the activity.

In the absence of prior parental consent, online information will only be used to respond directly to the child’s request. Such information will not be used for other purposes without prior parental consent. We do not distribute to third parties any personally identifiable information of children without prior parental consent. We do not give the ability to publicly post or otherwise distribute personally identifiable contact information without prior parental consent. We do not offer special games, prizes, or other activities, to entice users to divulge more information than is needed to participate in the activity. We will, however, provide personal information collected about children if required by law, for example, to comply with a court order or a subpoena, protect the rights, property, or personal safety of the University of Miami, its employees, its users, or members of the public or to protect the integrity, safety, and security of our websites.

Your Rights

You may exercise any of the rights applicable to you, which are described in this section, by sending an email to per@miami.edu. Please note that we may ask you to verify your identity before taking further action on your request.

If we process your information based on our legitimate interests or in the public interest, you can object to this processing in certain circumstances. In such cases, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons.

Data subjects located in the EU may have certain additional rights in connection with the processing of personal data under the GDPR. For more information about how data subjects may exercise their rights under the GDPR, please visit the University's GDPR webpage.

Managing Your Information

You may access and update some of your information through your PER account settings. You are responsible for keeping your personal information up- to-date.

Rectification of Inaccurate or Incomplete Information

You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your PER account).

Data Access and Portability

In some jurisdictions, applicable law may entitle you to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format.

Some of the information we collect or that you provide may be saved for a designated or indefinite period of time, but we will not disclose the information to third parties or government agencies, unless required to do so by state or federal law, in support of University-sponsored programs or activities, or to protect the integrity, safety, and security of our websites and applications. If you no longer want us to use your information to contribute to our research, you can request that we erase your personal information and close your PER account. Please note that if you request the erasure of your personal information:

We may retain some of your personal information as necessary for our legitimate business interests;

We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for compliance with record retention laws, tax, legal reporting, and auditing obligations;

Some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers;

Because we maintain the University’s PER Website to protect from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time; and

As mentioned, the efficient management of the University’s records and information is necessary to support its core functions, to comply with its legal and regulatory obligations, and to contribute to the effective management of its activities. However, the University tries to adhere to minimum retention periods for various classes of records and data. For more information about the University’s records management, please see our Records Management Schedule.

Withdrawing Consent and Restriction of Processing

Where you have provided your consent to the processing of your personal information by the University of Miami you may withdraw your consent at any time by sending a communication to the University of Miami at per@miami.edu specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.

Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your personal information, in particular where:

You contest the accuracy of your personal information;

The processing is unlawful and you oppose the erasure of your personal information;

We no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise, or defense of legal claims; and

You have objected to the processing and pending the verification whether the legitimate grounds of the University of Miami override your own.

Objection to Processing

In some jurisdictions, applicable law may entitle you to require the University of Miami not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing, the University of Miami will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise, or defense of legal claims.

Right to Lodge Complaints

You have the right to lodge complaints about the data processing activities carried out by the University of Miami before a supervisory authority at the University or before the corresponding data protection authorities.

Security

The security of your personal information is important to us. We continuously implement and update administrative, technical, and physical security measures to protect your information against unauthorized access, loss, destruction, or alteration.

If you know or have reason to believe that your PER account credentials have been lost, stolen, misappropriated, or otherwise compromised, or in case of any actual or suspected unauthorized use of your PER account, please contact us at per@miami.edu.

Unfortunately, no method of transmission over the internet or method of electronic storage is 100 percent secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security.

Special Notice For Individuals Located In Europe*

The University of Miami strives to take all reasonable steps to protect the confidentiality of your personal information including through contractual commitments by our trusted business partners. By voluntarily providing us with your personal information through our website(s), you consent to and acknowledge that your personal information will be transferred outside of Europe, including to the United States, where data protection laws may provide less protection from those in Europe—and specifically, do not provide for an adequate level of data protection based on a European Commission decision.

(*Please note that by Europe, we mean all 27 EU member states, together with the United Kingdom and Switzerland, as well as those from the European Economic Area (EEA)—Iceland, Norway, and Liechtenstein.)

Contact Us

If you have questions or complaints about this Privacy Statement, the University of Miami’s information handling practices, or the processing of personal data under the GDPR, contact the University’s data privacy officer:

Hilary Cox, JD, CIPP/US
Executive Director, University & Research Privacy
1320 South Dixie Highway, Suite 1160
Gables One Tower
Coral Gables, FL 33146
Phone305-243-7376
Emailhxc823@miami.edu

Office of University Compliance Services

Nelson E. Perez, JD, CCEP
Executive Director
1320 South Dixie Highway
Gables One Tower, Suite 700
Coral Gables, FL 33146
Phone305-284-2924
Fax305-284-4804
Emailnelsonperez@miami.edu