Skip to main content

Privacy Statement

Purpose of Privacy Statement

Your privacy is important to Northwestern University (“Northwestern”, or “we”, or “us”), and we are committed to respecting it. This Privacy Statement applies to the information we collect, process, and share from our potential students, current students, faculty, staff, and others, including members of the public, through:

This Privacy Statement describes how we collect, use, process, protect, and disclose your information. Please read this Privacy Statement carefully.

Personal data we collect and use

The ways in which we collect, process, and secure information vary depending on the nature of the Services we offer, the type of data, and legal and regulatory requirements.

We and our third party service providers collect personal information about you from a variety of sources, including from you directly (e.g., when you fill out forms available on our websites to provide contact information or other personal information as part of a request for information to be sent by Northwestern, when you sign up for a Northwestern newsletter, or when you register an account with us to access our Services), data we generate about you in the course of our relationship with you (e.g., data collected from cookies and other similar technologies as described below), and data we collect about you from other sources, including commercially available sources, such as public databases (where permitted by law).

Personal data we collect directly from you

The categories of personal data that we may collect directly from you include the following:

Personal data generated by us

In addition, we may generate the following categories of personal data about you in the context of your use of the Services:

Personal data we automatically collect about your use of the Services

The following are examples of other categories of data that we automatically collect from you over time and across different websites when you use the Services, including through the use of “cookies” and other online tracking technologies, which are small text files that the Services save on your computer using your web browser and access when you return:

For more information about cookies and how we use them on our websites, please refer to our Cookie Information page:

You can opt out of use of cookies by turning off cookies in your browser or installing a technology blocking service like Google Analytics Opt-out Browser Add-On. If you would like more information on how to opt out of cookies, please visit: or

Personal data we obtain from other sources

The following are examples of the categories of personal data we collect from other sources, including, but not limited to, publicly available databases, joint marketing partners, educational testing agencies, other academic institutions, and the federal government.

Sensitive data we collect and use

The categories of sensitive personal data that we may collect directly from you include the following:

When collecting sensitive personal data, the University will ask for your consent unless there is another legal basis for collecting the information.

How we use your information and the basis on which we use it

We use your personal data for the following purposes:

In addition, we may use your sensitive personal data for these and other purposes, including:

We may also anonymize your personal data in such a way that you may not reasonably be re-identified by us or any other party, and we may use this anonymized information for any purpose.

Who has access to your data

We share your personal data under the following circumstances:

How we store, secure, and may transfer your personal information

The University is based in the US, and data are generally stored on servers within the US. We implement technical and organizational measures designed to ensure a level of security appropriate to the risk to the personal data we process. These measures are aimed at ensuring the ongoing integrity and confidentiality of personal data. However, no method of protection or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security.

To the extent that the University needs to transfer your information, the University will do so consistent with applicable law governing such transfers. In general, these transfers occur when the University has entered into a contract containing contractual terms (e.g., standard contractual clauses) that govern the rights and responsibilities of the University and any other parties involved in the transfer.

Third-party websites

Our websites contain links to and from various third-party websites. If you follow a link to any of these websites, please note that these websites may have their own privacy statements. We do not accept any responsibility or liability for policies of third-party websites; please check these policies before you submit any personal information to third party websites.

Children's Information

Our websites are intended for general audiences. We do not intend to collect or solicit personal information online through our websites from children under the age of 13 without parental consent.


We keep your personal information for as long as needed to fulfill the particular purpose for which it was collected. We may also retain your records if legally required or to fulfill a legitimate interest.

More information about retention may be found in the University’s policy on Retention of University Records.

Your Rights

Where applicable under local law, under certain circumstances you may have the right to:

To the extent applicable under local law, if you want to exercise any of the rights described above or are dissatisfied with the way we have used your information, you should contact us as set forth in the Contact Us section below. Also, if you are not satisfied with our response, where applicable you may have the right to complain to or seek advice from your national data protection authority (i.e., a supervisory authority).

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, such as where there is a statutory or contractual requirement for us to process your personal information and it would not be possible to fulfill our legal obligations if we were to stop. Additionally, to protect the personal information we hold, we may also request further information from you to verify your identify when exercising these rights, to help locate your personal data, or to clarify your request. Where you have consented to the processing, and where applicable under local law, you can withdraw your consent at any time by emailing us at

Updates to Privacy Statement

We may update this Privacy Statement at any time by posting any changes to this page. Please check back frequently to see any updates or changes to this Privacy Statement. We may also notify you in other ways from time to time about the processing of your personal information. Your continued use of our Services after any change in this Privacy Statement will constitute your acceptance of such change.

Contact Us

If you have questions or concerns about this privacy statement, please contact us by email at or in writing to:

Northwestern University
Attn: Assistant Vice President, Risk & Compliance
2020 Ridge Ave, 4th Floor
Evanston, Illinois 60208 

Last Updated: February 14, 2023

Back to top