Privacy Notices

Main Content

Applicant and Pre-Affiliation Privacy Notice

Last updated October 23, 2025

Introduction

The University of Mississippi Medical Center (UMMC) is committed to protecting the privacy and security of personal information collected from individuals during pre-employment, pre-selection, or pre-affiliation processes. This includes applicants, contractors, and other individuals who have not yet entered a formal employment or academic relationship with UMMC. 

This notice supplements the UMMC Website Privacy Notice, which does not apply to pre-affiliation or application information. It explains the types of information we collect, how we use it, how long we retain it, and how we protect it.

Information We Collect

The categories of personal information collected may include:

  • Identifiers: Name, alias, address, phone number, email address, Social Security number, driver’s license number, passport number, and other unique identifiers.
  • Biometric Information: Fingerprints, facial geometry, voiceprints, iris or retina scans, or other unique biological characteristics. UMMC collects biometric data for identification, authentication, and security purposes, and also collects fingerprints to conduct fingerprint-based background checks for employment, academic program admission, and clinical or other placement determinations, as required by Mississippi law.
    • Biometric information is defined as data generated by automated measurements of an individual’s unique biological traits for identification purposes. This does not include ordinary photographs, video, or audio recordings unless they are processed to create a unique identification template that cannot be reconstructed into the original image.
  • Internet or Network Activity: Log-in records, access logs, and interactions with UMMC systems or applications.
  • Geolocation Data: When necessary for security or system access.
  • Audio, Visual, or Similar Information: Recorded interviews, security video, or meeting recordings.
  • Educational, Professional or Employment-Related Information: Work history, degrees earned, certifications, evaluations, and memberships.
  • Sensitive Personal Information: Background check results, drug screening results, vaccination or infectious disease testing records.

How We Use Your Information

We use personal and biometric information for purposes such as:

  • Verifying identity and credentials.
  • Providing secure access to facilities and systems.
  • Processing applications, background checks, and credential verifications.
  • Meeting legal or regulatory requirements.
  • Ensuring safety and security.
  • Preventing fraud or unauthorized access.
  • Conducting timekeeping for onboarding or orientation activities, where applicable.
  • Reviewing programs and processes for continuous improvement purposes.

We do not sell your personal information, and we will not sell, lease, trade, or otherwise profit from biometric identifiers or biometric information.

Notice and Consent

When required by law, UMMC will provide written notice describing the categories of personal or biometric information collected, the purpose for collection, and the retention period. For biometric data, we obtain consent through a clear, affirmative action before collection. Consent for biometric uses necessary to secure facilities, systems, or comply with law may be a condition of potential affiliation.

Retention and Destruction

UMMC retains personal information for as long as necessary for the purpose for which it was collected or as required by applicable state or federal law.

  • Biometric Data: Deleted when the original purpose has been fulfilled or within three years of the last interaction with UMMC, whichever is sooner. If the purpose is fulfilled before the maximum retention period (e.g., application withdrawal, conclusion of selection process), the data will be destroyed promptly at that time.
  • Background Check Records (including fingerprints): Maintained only for the period required under applicable laws and regulations for employment or academic determinations, after which they are securely destroyed.
  • Other Personal Information: Retention periods vary by record type and UMMC policy. 
  • Secure Destruction: Once the retention period has expired and there is no administrative need for the information, records are securely destroyed or anonymized, whether in paper or electronic form, to prevent unauthorized access or use.

Sharing Your Information

We may share information with:

  • Service Providers: Such as background check vendors, secure access providers, or talent management platforms that perform services on our behalf under contractual obligations. Contracts require these providers to comply with applicable law, use the information only for authorized purposes, implement appropriate safeguards, and submit to monitoring to verify compliance.
  • Legal and Safety Authorities: When required by law, court order, or to protect UMMC rights, safety, and property.
  • In Business Transactions: Such as a merger or reorganization, consistent with applicable law.

Security Measures

UMMC uses administrative, technical, and physical safeguards to protect personal information, including:

  • Encryption of sensitive data in transit and at rest.
  • Access controls based on job role and need-to-know.
  • Physical security for facilities and equipment.
  • Monitoring of IT assets for security and compliance.
  • Regular security awareness training for workforce members.

Children’s Privacy

UMMC’s applicant and pre-affiliation processes are generally designed for adults and older adolescents. However, certain educational or enrichment programs may allow children between the ages of 11 and 13 to apply or participate.

When UMMC collects information directly from children under 13 in connection with such programs, it does so only with the verified consent of a parent or legal guardian and solely for the purpose of administering the program. The information is limited to what is reasonably necessary for participation and is handled in accordance with UMMC’s privacy and security policies.

UMMC does not otherwise knowingly collect, use, or disclose personal information from children under 13 through its general applicant or pre-affiliation processes. If we learn that personal information from a child under 13 has been collected without the required consent, we will delete it as soon as practicable.

Changes to This Notice

We may update this notice from time to time. Changes will be posted at umc.edu/privacy with a new effective date. Your continued participation in UMMC’s applicant or pre-affiliation processes after changes are posted constitutes your acknowledgment of the updated notice.

Contact Us

If you have questions about this notice or how your information is handled, please contact:

Office of Information Security and Privacy
University of Mississippi Medical Center
2500 N State St Ste U215
Jackson, MS 39216-4500
Email: privacy@umc.edu
Phone: (601) 815-3944