Privacy Notice for COVID-19 Vaccination, Booster, and Exemption Self-Reporting

Last update: 1/3/2022


The University of Michigan (U-M) privacy statement recognizes the value of privacy for the university community and its guests.

This privacy notice provides more specific information on how the U-M COVID-19 Vaccination, Booster, and Exemption Self-Report forms collect and process your personal information.


The notice applies to our practices for gathering and disseminating information related to COVID-19 Vaccination, Booster, and Exemption Self-Reporting and is meant to provide you an overview of our practices when collecting and processing personal information.

How We Collect Information

We collect personal information automatically when you authenticate using your U-M credentials and when you complete the COVID-19 Vaccination, Booster, and Exemption Self-Report forms.

What Type of Information We Collect

When you use the COVID-19 Vaccination, Booster, and Exemption Self-Report forms, we collect the following personal information from you:

  • User Information: name, uniqname, UMID, U-M role, date of birth, city of residence, presence on campus in last 14 days
  • Contact information: phone number
  • Vaccine and booster information: location where the vaccine was received, month, date and year of vaccine doses, type of COVID-19 vaccine, vaccine lot number, images of your vaccination card
  • Vaccine exemption information: medical exemption supporting documentation, religious exemption supporting documentation (if applicable)
  • Logging information: date and time of completing the form.

This information is retained in compliance with applicable state or federal laws or university policy.

How This Information Is Used

We use identifiable information to:

  • Produce reporting for university administration
  • Implement, waive or reduce COVID-19 testing requirements, quarantine periods, face covering requirements, or other public health protocols
  • Update Occupational Health Services (OHS) and University Health Services (UHS) health records with vaccine information
  • Direct public-health-informed decisions related to living, learning, and working at U-M
  • Inform social distancing requirements
  • Advise administrative planning.

We use de-identified and/or aggregated information to:

  • Monitor and analyze trends.

The use of this data is governed by university policy and the U-M Data Governance framework, among other methods. Data requests and use cases will only be considered if they are related to public health.

With Whom This Data Is Shared

We do not sell or rent your personal information. Individually identifiable information may be shared as required by law, and as appropriate with university officials, government public health agencies, and external service providers to aid vaccine verification and support COVID-19 response efforts. In cases where the information is shared with service providers, we have contractual agreements to require such service providers to keep your personal information secure and confidential, and do not allow them to use or share personal information for any purpose other than providing services on the university’s behalf.

How Information Is Secured

The University of Michigan recognizes the importance of maintaining the security of the information it collects and maintains, and we endeavor to protect information from unauthorized access and damage. The University of Michigan strives to ensure reasonable security measures are in place, including physical, administrative, and technical safeguards to protect your personal information.

Privacy Notice Changes

This privacy notice may be updated from time to time. We will post the date our notice was last updated at the top of this privacy notice.

Who to Contact with Questions or Concerns

If you have any concerns or questions about how your personal data is used, please contact the U-M Privacy Office at or 500 S. State Street, Ann Arbor, MI 48109.