Approved by the president
April 25, 2018
chief communication and marketing officer
Information Technology Policies
SUNY Oneonta and third parties that SUNY Oneonta authorizes to act on its behalf collect information from users who access suny.oneonta.edu (hereafter, the “SUNY Oneonta website”). The university analyzes such information to better understand how users interact with SUNY Oneonta content, to determine what information is of most and least interest to users, and to improve the utility of the material available on the SUNY Oneonta website. The university does not sell or share such information or use it for commercial marketing. Users may limit the collection of such information.
The collection of information through the SUNY Oneonta website and the disclosure of that information are subject to the Internet Security and Privacy Act. As such, SUNY Oneonta has adopted a policy to describe what information may be collected through the SUNY Oneonta website, the methods of and conditions of its collection, how the university may use such information, and the university's privacy practices pertaining to such information.
Applicability of the Policy
This policy applies to users of the SUNY Oneonta website.
User information collected automatically
When a user accesses the SUNY Oneonta website, the university automatically collects and stores information such as the following:
- the Internet protocol address and domain name used;
- the type and version of browser and operating system used;
- the date and time that the SUNY Oneonta website was accessed;
- the web pages or services that accessed at the SUNY Oneonta website;
- the website the user accessed prior to accessing the SUNY Oneonta website;
- the website the user accesses after accessing the SUNY Oneonta website;
- any file that the user downloads; and
- demographics and interests data, such as the user’s age, gender, affinity categories (i.e. sports fans), and in-market segments (product-purchase interests).
None of the foregoing information is deemed to constitute personal information relating to the user.
Thresholds are applied to demographics and interests data to prevent anyone viewing a report from inferring the demographics or interests of individual users. In addition, the university will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any Google advertising product or feature unless the university has robust notice of, and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger, and is using a Google Analytics feature that expressly supports such identification or merger. Irrespective of users’ consent, the university will not attempt to disaggregate data that Google reports in aggregate.
Having accurate information about users allows the university to provide them with smooth, efficient, and customized experiences. Specifically, the university may use information collected from SUNY Oneonta website users to:
- compile anonymous statistical data and analysis for use internally or with third parties;
- deliver targeted advertising to users;
- implement email marketing campaigns;
- increase the efficiency and operation of this website; and/or
- monitor and analyze usage and trends to improve users’ experiences with this website.
SUNY Oneonta and authorized third-party vendors may use tracking technologies such as cookies, identifiers and web beacons to automatically collect user information. Tools may include:
Google Analytics, Google AdWords, and Google Tag Manager
Google, an authorized third-party vendor, may use a combination of first-party cookies and identifiers (such as the Google Analytics cookies) and third-party cookies and identifiers (such as Google advertising cookies).
- remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
SUNY Oneonta will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any advertising product or feature unless the university has robust notice of and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger. In addition, the university does not attempt to disaggregate data that Google reports in aggregate.
Google describes how it uses data when users use its partners’ sites or apps.
Visitors can opt out of the Google Analytics Advertising Features through Google Analytics’ opt-outs for the web, Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out).
Users may opt-out of the collection and use of information for ad targeting, at YourAdChoices and/or Your Online Choices.
Siteimprove, an authorized third-party, uses web crawlers to scan the SUNY Oneonta website. Siteimprove stores information in its databases and presents it in reports that the university generates through the Siteimprove SaaS platform.
Siteimprove provides a list of cookies it uses on its clients’ website at https://siteimprove.com/legal/privacy-policy/.
User information collected through voluntary submission
SUNY Oneonta collects information, including personal information, that users voluntarily submit to the SUNY Oneonta website while conducting online transactions such as taking a survey, creating a registration or filling out an order form. The university uses such information to operate its programs, which include the provision of goods, services, and information. SUNY Oneonta may disclose such information only for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted.
If a user sends an email to SUNY Oneonta while accessing the SUNY Oneonta website, SUNY Oneonta will collect the user’s email address and the contents of the user’s message. The information SUNY Oneonta collects in this circumstance may include text characters, audio, video, and graphic information formats included in the message. SUNY Oneonta may use such information to respond to users, to address issues users identify, to improve the SUNY Oneonta website, or to forward users messages to others for appropriate action. SUNY Oneonta does not collect, sell or otherwise disclose email addresses for commercial purposes.
SUNY Oneonta does not knowingly collect personal information from children or create profiles of children through the SUNY Oneonta website. However, personal information submitted in an email or through an online transaction will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access.
Collection and disclosure of personal information
The State of New York regulates disclosure by SUNY Oneonta of information, including personal information, collected through the SUNY Oneonta website. Such disclosure is subject to the Freedom of Information Law and the Personal Privacy Protection Law.
With few exceptions, SUNY Oneonta will only collect personal information through the SUNY Oneonta website if the user has consented to such collection. With few exceptions, SUNY Oneonta will only disclose personal information it collects through the SUNY Oneonta website if the user has consented to such disclosure. A user’s participation in an online transaction whereby the user discloses personal information through the SUNY Oneonta website, whether solicited or unsolicited, constitutes that user’s consent to SUNY Oneonta’s collection and disclosure of such information for the purposes reasonably ascertainable from the nature and terms of the transaction.
However, SUNY Oneonta may collect or disclose personal information through the SUNY Oneonta website without user consent if the collection or disclosure is:
- necessary to perform the statutory duties of SUNY Oneonta, or necessary for SUNY Oneonta to operate a program authorized by law, or authorized by state or federal statute or regulation;
- made pursuant to a court order or by law;
- for the purpose of validating the identity of the user; or
- of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person; or
- to federal or state law enforcement authorities for the purpose of enforcing SUNY Oneonta’s rights against unauthorized access or attempted unauthorized access to SUNY Oneonta’s information technology assets or against other inappropriate use of the SUNY Oneonta website.
Retention of information
The State of New York regulates the retention by SUNY Oneonta of information collected through the SUNY Oneonta website. Such information is subject to the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law.
In general, the Internet services logs of the SUNY Oneonta website, comprising electronic files or automated logs created to monitor access and use of SUNY Oneonta services provided through the SUNY Oneonta website are destroyed in a manner consistent with the General Retention and Disposition Schedule for New York State Government Records Item 90239. Information, including personal information, that users submit in emails or when users engage in a transaction such as completing a survey, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which information is submitted. Information concerning such records’ retention and disposition schedules may be obtained through the SUNY Oneonta records management officer at:
108 Ravine Pkwy.
Oneonta, NY 13820.
Confidentiality and integrity of collected information
SUNY Oneonta recognizes the need to protect personal information collected through the SUNY Oneonta website against unauthorized access, use, or disclosure. SUNY Oneonta limits employee access to personal information collected through the SUNY Oneonta website to those employees who need access to the information to perform their official duties. Employees with access to personal information are made aware of the need to follow appropriate procedures in connection with any disclosure of such information.
SUNY Oneonta has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authenticating, monitoring, auditing, and encrypting. Security procedures have been integrated into the design, implementation, and day-to-day operations of the SUNY Oneonta website consistent with the university's commitment to the security of electronic content as well as the electronic transmission of information.
For security purposes and to maintain the availability of the SUNY Oneonta website for all users, SUNY Oneonta uses software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.
Access to and correction of collected personal information
Any user may submit a request to the SUNY Oneonta privacy compliance officer to determine whether personal information pertaining to that user has been collected through the SUNY Oneonta website. Such request must be made in writing and accompanied by reasonable proof of identity of the user, which shall include but not be limited to verification of a signature or inclusion of an identifier generally known only to the user. The address of the privacy compliance officer is:
108 Ravine Pkwy.
Oneonta, NY 13820.
The privacy compliance officer shall, within five business days of the date of the receipt of a proper request, make a such collected information available to the person requesting it, deny such request in writing or furnish a written acknowledgment of the receipt of such request and a statement of the approximate date, which shall be reasonable under the circumstances of the request, when such request will be granted or denied.
In the event that SUNY Oneonta determines that it has collected personal information pertaining to a user through the SUNY Oneonta website and that information is to be provided to the user pursuant to the user’s request, the privacy compliance officer shall inform the user of their right to request that the personal information be amended or corrected under the procedures set forth in Section 95 of the Public Officers Law, Article 6-A.
The information in this policy should not be construed as giving business, legal, or other advice, or warranting as fail proof the security of information provided through the SUNY Oneonta website.
“Cookie” means a unique text file stored on a user’s computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user’s preferences and interests. A cookie will not include personal information unless the user has volunteered that information.
“Personal information” means any information concerning a natural person, as opposed to a corporate entity, which, because of name, number, symbol, mark, or other identifiers, can be used to identify that natural person.
“Remarketing” means the presentation of a targeted ad to a user who previously visited a particular website.
“Web beacon” means a graphic with a unique identifier, similar to a cookie, used to track the online movements of users.
General Retention and Disposition Schedule for New York State Government Records
Information Technology Acceptable Use Policy
New York State Arts & Cultural Affairs Law, Section 57.05 (Archives and Records Management Law for the Records of New York State Government)
New York State Information Technology Guideline No. NYS-G02-001 (Internet Privacy Policies)
New York State Public Officers Law, Article 6 (Freedom of Information Law)
New York State Public Officers Law, Article 6-A (Personal Privacy Protection Law)
New York State Technology Law, Article II (Internet Security and Privacy Act)