Date Established: 3/19/2003
Date Last Revised: 9/1/2011
Category: Information Technology
Responsible Office: Office of the CIO
Responsible Executive: Chief Information Officer
The University at Buffalo recognizes that it is critical for individuals and businesses to be confident that their privacy is protected when they visit UB websites. This policy describes the University at Buffalo's privacy practices regarding information collected from users of specific University at Buffalo websites.
For purposes of this policy, personal information means any information concerning a natural person which, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person.
The University at Buffalo does not collect any personal information about you unless you provide that information voluntarily by sending an e-mail, responding to a survey, enabling your computer to reveal your user name on that system, or completing an on line transaction.
Information Collected Automatically When You Visit this Website
When visiting this website, the University at Buffalo automatically collects and stores the following information about your visit:
(i) User client hostname. The hostname or Internet Protocol address of the user requesting access to the University at Buffalo website.
(ii) HTTP header, "user agent." The user agent information includes the type of browser, its version, and the operating system on which that the browser is running.
(iii) HTTP header, "referrer." The referrer specifies the web page from which the user accessed the current web page.
(iv) System date. The date and time of the user’s request.
(v) Full request. The exact request the user made.
(vi) Status. The status code the server returned to the user.
(vii) Content length. The content length, in bytes, of any document sent to the user.
(viii) Method. The request method used.
(ix) Universal Resource Identifier (URI). The location of a resource on the server. (x) Query string of the URI. Anything after the question mark in a URI.
(xi) Protocol. The transport protocol and the version used.
(xii) The user identifier from the computer accessing this website if that computer voluntarily responds to a UNIX IDENT query issued on UDP port 113.
None of the foregoing information is deemed to constitute personal information.
The information that is collected automatically is used to improve this website's content and to help UB understand how users are interacting with the website. This information is collected for statistical analysis, to determine what information is of most and least interest to our users, and to improve the utility of the material available on the website. The information is not collected for commercial marketing purposes and the University at Buffalo is not authorized to sell or otherwise disclose the information collected from the website for non-university commercial marketing purposes.
If you wish, you may complete a registration to personalize this website and permit a "persistent cookie" to be stored on your computer's hard drive. This persistent cookie will allow the website to recognize you when you visit again and tailor the information presented to you based on your needs and interests. UB uses persistent cookies only with your permission.
The software and hardware you use to access this website allows you to refuse new cookies or delete existing cookies. Refusing or deleting these cookies may limit your ability to take advantage of some features of this website.
Information Collected When You E-mail this Website or Complete a Transaction
During your visit to this website you may send an e-mail to the University at Buffalo. Your e- mail address and the contents of your message will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats included in the message. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, to improve this website, or to forward your message to another SUNY or State agency for appropriate action. Your e-mail address is not collected for non-university commercial purposes and UB is not authorized to sell or otherwise disclose your e-mail address for non-university commercial purposes.
During your visit to this website you may complete a transaction such as a survey, registration, application, financial transaction, authenticated file access, order form or other business transaction. The information, including personal information, volunteered by you in completing the transaction is used by the University at Buffalo to operate UB programs, which include the provision of goods, services, and information. The information collected by UB may be disclosed by UB for those purposes that may be reasonably ascertained from the nature and terms of the transaction in which the information was submitted. UB does not knowingly collect personal information from children or create profiles of children through this website. Users are cautioned, however, that the collection of personal information submitted in an e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or State law, be subject to public access. UB strongly encourages parents and teachers to be involved in children's Internet activities and to provide guidance whenever children are asked to provide personal information on-line.
Information and Choice
As noted above, the University at Buffalo does not collect any personal information about you unless you provide that information voluntarily by filing an application, completing a financial transaction, sending an e-mail, responding to a survey, responding to an authentication request, or completing an on-line form. You may choose not to send us an e-mail, respond to a survey, respond to the authentication request, or complete an on-line form. While your choice not to participate in these activities may limit your ability to receive specific services or products through this website, it may not normally have an impact on your ability to take advantage of other features of this website, including some browsing or downloading information.
Disclosure of Information Collected Through This Website
The collection of information through this website and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. UB will only collect personal information through this website or disclose personal information collected through this website if the user has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to UB by the user, whether solicited or unsolicited, constitutes consent to the collection and disclosure of the information by UB for the purposes for which the user disclosed the information to the UB, as was reasonably ascertainable from the nature and terms of the disclosure.
However, UB may collect or disclose personal information without consent if the collection or disclosure is: (1) necessary to perform the statutory duties of the university, or necessary for UB to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.
Further, the disclosure of information, including personal information, collected through this website is subject to the provisions of the Freedom of Information Law, the Family Educational Rights & Privacy Act (FERPA), and the Personal Privacy Protection Law.
UB may also disclose personal information to federal, state, or local law enforcement authorities to comply with court orders, the provisions of The Patriot Act of 2001, or enforce its rights against unauthorized access or attempted unauthorized access to the University at Buffalo's information technology assets.
Retention of Information Collected Through this Website
The information collected through this website is retained by the University at Buffalo in accordance with the records retention and disposition requirements of the New York State Arts and Cultural Affairs Law. In general, the Internet services logs of UB, comprising electronic files or automated logs created to monitor access and use of Agency services provided through this website, are retained for 180 days and then destroyed, or for a period specified in a website Ð specific addendum to this policy. Information, including personal information, that you submit in an e-mail or when you complete a survey, application, financial transaction, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which you submitted the information. Information concerning these records retention and disposition schedules may be obtained through the privacy compliance office.
Access to and Correction of Personal Information Collected Through this Website
Any user may submit a request to the University at Buffalo privacy compliance office to determine whether personal information pertaining to that user has been collected through this website. Any such request shall be made in writing and must be accompanied by reasonable proof of identity of the user. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification.
The privacy compliance office shall, within five (5) business days of the receipt of a proper request, provide access to the personal information; deny access in writing, explaining the reasons therefore; or acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) days from the date of the acknowledgment.
In the event that UB has collected personal information pertaining to a user through the UB website and that information is to be provided to the user pursuant to the user’s request, the privacy compliance office shall inform the user of his or her right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.
Confidentiality and Integrity of Personal Information Collected Through this Website
UB is strongly committed to protecting personal information collected through this website against unauthorized access, use or disclosure. Consequently, UB limits employee access to personal information collected through this website to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information follow appropriate procedures in connection with any disclosures of personal information.
In addition, UB has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, scanning, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of this website as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.
For website security purposes and to maintain the availability of the website for all users, UB employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.
The information provided in this policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided through this website.
Note: this policy is intended to be referenced from official University at Buffalo websites through an active hyperlink. References to “this website” throughout this policy document allude to the referring web page.
Shall have the meaning set forth in subdivision 5 of section 202 of the State Technology Law.
Shall have the meaning set forth in subdivision 8 of section 202 of the State Technology Law.
|Information Security Officefirstname.lastname@example.org|