Our Commitment to Privacy

The University of California is committed to protecting the privacy and accuracy of your personally identifiable information to the extent possible, subject to provisions of applicable laws. We will use and disclose your personal information as stated in this UCRAYS Privacy Statement and Terms of Use.

For persons in the European countries governed by the European Union's General Data Protection Regulation (GDPR), refer to the privacy statement discussing the University of California's compliance with GDPR as well as your rights as a data subject.

Revisions to the Privacy Statement and Terms of Use

We may revise the Privacy Statement and Terms of Use from time to time as we add new features or modify the way in which we manage information, or as laws change that may impact our services or information practices. This Privacy Statement and Terms of Use applies to both the UCRAYS website and the mobile application. Any revised Privacy Statement and Terms of Use will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. When you use UCRAYS, you agree to the Privacy Statement and Terms of Use. Do not use UCRAYS if you do not agree to these terms. We encourage you to return periodically to review the current statement.

Information Collection, Use and Disclosure

In UCRAYS, we collect, use and disclose information in support of the University's benefits administration. This may include the collection, use and disclosure of personal information such as email address, mailing address, and phone number. Benefits administration may include:

• responding to your customer service requests and questions,
• determining eligibility and administering your retirement or retiree insurance benefits,
• sending you newsletters, letters, text messages, push notifications, or email communications,
• keeping you informed of activities such as benefits open enrollment, benefits symposia and/or special events,
• conducting internal quality reviews or business analysis to improve the member experience, etc.

When you provide us with personal information about dependents, family members, or beneficiaries, we will only use this information for the reason for which it is provided.

We may share your personal information with third parties who provide us with services related to benefits administration or in support of UCRAYS security. We may share personal information with individuals performing audit, legal, operational or other services for us. These companies are authorized to use your personal information only as necessary to provide these services for us. We will use information that does not identify the individual whenever reasonably possible.

We may also disclose your personal information as required by law, such as to comply with subpoenas or other legal instruments that authorize disclosure, or in response to laws that guarantee public access to certain types of information.

We may disclose your personal information to any third party with your prior consent to do so.

We will retain your information for as long as necessary to provide benefits administration services to you and your dependents, family members, and beneficiaries.

Updating Personal Information

Questions regarding your options to review, modify or delete previously provided personal information should be directed to the UC Retirement Administration Service Center (RASC).

UCRAYS Visitor Data and Web Logs

Web servers logs typically collect, at least temporarily, information such as: the internet domain from which you access UCRAYS, the Internet Protocol (IP) address of the device being used, the type of browser and operating system you use, the date and time you visited, and the pages you viewed. In addition to web server logs, UCRAYS gathers data on activity, such as how many people visit the site, pages visited, where they come from, etc. in order to improve our content and overall member experience. When you use the mobile application, UCRAYS also gathers information such as your device type and operating system version, machine or mobile device identification number, geo-location, and time zone.

All UCRAYS server logs are stored securely, and may only be accessed by University of California employees or designees. We use the logs to improve UCRAYS, to resolve user, hardware, and software problems, and for security purposes.

Internet Cookies

We may place Internet ”cookies” or similar technology on the computer hard drive of UCRAYS visitors. The cookie consists of a unique identifier that does not contain personally identifiable information. We use cookies to help customize your experience on our site, maintain logged in status as you navigate through UCRAYS, and in support of the authentication process. For instructions on how to remove cookies from your hard drive, go to your browser's website for detailed instructions.

Device-Native Functionality

UCRAYS may use device-native functionality (e.g., fingerprint authentication and push notifications) when you use the mobile application. This will include the device-native functionality that was available at the time you agreed to the Privacy Statement and Terms of Use and those that are subsequently introduced. You may decline the device-native functionality within the settings of your mobile device

SMS Text Messaging

UCRAYS uses a third-party vendor to manage text messaging communication with you. You may change the use of this service within UCRAYS or by contacting the Retirement Administration Service Center (RASC). You will receive one message per session login attempt. Message and data rates may apply. Message delivery may be limited to certain mobile phone carriers and countries; carriers are not liable for delayed or undelivered messages. While we do supply the vendor with cell phone numbers, the vendor is not authorized to use your cell phone number for any purpose other than to communicate with you on our behalf.

Security

The UCRAYS site is for legal and authorized use only. Unauthorized access, or attempted access, may be a violation of federal and/or state law and may be subject to prosecution. If we believe an attempt is being made to break into or otherwise abuse UCRAYS computing resources, we will use the information in our logs and other means available to investigate. As part of these legal efforts, we may share any information we gather with law enforcement agencies and other authorized entities.

UCRAYS has security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control both during transmission and once the information is received.

Caching and Public Computers

Internet browsers save, or cache, information to make subsequent web browsing faster. Clearing your browser cache after you complete your secure visit ensures that any individual using a browser session after you on the same machine (particularly on a public or shared machine) will not see your private information. Never allow a public or shared machine to ”save” your username or password. Never leave your computer or mobile device unattended during a UCRAYS session. Protect your information by signing off from UCRAYS when you are finished with each session. To ensure cached copies of your UCRAYS pages are cleared, always close your browser after logging off.

Passwords

You are responsible for activities that occur in connection with your password. Accordingly, you should take all reasonable steps to ensure that no unauthorized person shall have access to your UCRAYS password or account. It is your responsibility to (1) control the disclosure and use of your password and one-time codes, (2) promptly change your password if you believe it has been compromised, and (3) promptly inform the UC Retirement Administration Service Center (RASC) of any disclosure, theft or unauthorized activity or any need to block a UCRAYS account entirely.

You may choose to use biometric authentication (e.g., fingerprint authentication) to login instead of entering your Username and Password in the mobile application. Any person with a biometric authentication registered on your device can login to UCRAYS, view your information, and complete transactions. Do not use biometric authentication if you share your device.

If you receive an email, phone call or text asking for your password, do not give it out. We will never call, email or text asking for your password.

Means of Access

The UCRAYS website is intended to be viewed and accessed by more current versions of Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari browsers. Periodically we review browser versions to ensure they meet our security and functionality requirements, and we reserve the right to block certain browser versions from entry to UCRAYS. Although you may be able to use other browsers or older browser versions to access the website, you do so at your own risk.

The UCRAYS mobile application is intended for use only on a mobile device that is running an unmodified manufacturer-approved operating system. Using UCRAYS on a device with a modified operating system may undermine security features that are intended to protect your information from unauthorized or unintended disclosure. Although you may be able to access the UCRAYS mobile application on a device with a modified operating system, you do so at your own risk.

Links to Other Sites

You may encounter links to other websites of organizations not directly affiliated with the University of California while using UCRAYS. Please be aware that UC is not responsible for the information practices of external organizations. We encourage you to review the privacy statement of each external website that you visit.