Web Privacy Statement
ÃÛÌÒÊÓƵ State University is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because ÃÛÌÒÊÓƵ State is a public institution, some information collected from the university website, including information from our server logs, e-mails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.
ÃÛÌÒÊÓƵ State University also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances (i.e., with the student's permission, to parents of dependent students, and in response to a valid court order). For more information on FERPA at ÃÛÌÒÊÓƵ State University, go to csuohio.edu/registrar/family-educational-rights-and-privacy-act. Although FERPA regulations apply only to students, ÃÛÌÒÊÓƵ State University is equally committed to protecting the privacy of all visitors to our website. ÃÛÌÒÊÓƵ State also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).
Sharing of Information
Unless required by the Ohio Public Records Act, it is against university policy to release information gathered through the Web, such as pages visited or personalized preferences.
ÃÛÌÒÊÓƵ State University does, however, share information with other parties at the request of users (persons to whom the information applies). For example, the university receives test scores from testing agencies and will send transcripts to other schools at the student’s request.
Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we have legal authorization to do so. Student directory information may be released without the student's written consent. Directory information includes: name, home city and state home address*, participation in officially recognized activities and sports, dates of attendance, degrees and awards (honors) earned, university e-mail address.
* Disclosure of the home address is restricted to state, local or national elected officials for the purpose of sending congratulatory letters, or to potential scholarship sponsors for the purpose of marketing scholarship opportunities. For more information go to csuohio.edu/registrar/family-educational-rights-and-privacy-act.
** Disclosure of the university email address is limited to users of the university email system only, and only for purposes of locating email addresses in the email directory.
Privacy and Public Records Requests
ÃÛÌÒÊÓƵ State complies with all laws that prohibit the release of information. This includes student education records protected by FERPA, financial information, including credit card information protected by GLBA, and personal health information protected by HIPAA.
ÃÛÌÒÊÓƵ State University Web Privacy Statement September 26, 2018
However other information collected from the ÃÛÌÒÊÓƵ State website, including server log information, emails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act.
If You Send Us Personal Information
ÃÛÌÒÊÓƵ State's website will only collect personal information that you knowingly and voluntarily provide by, for example, sending emails, completing membership forms, registering for classes or other programs, responding to surveys, or ordering merchandise. If you provide us with personal information, we will normally respond to your inquiry, request, or order; we may also contact you to provide information about college activities, programs, membership and development opportunities, and special events that may interest you. It is university policy that confidential information you enter is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.
ÃÛÌÒÊÓƵ State University will only share information about you to other parties when one or more of the following conditions apply:
- We have your consent to share the information.
- We need to share your information to provide the service or product you requested.
- We need to send your information to companies who work on behalf of ÃÛÌÒÊÓƵ State University to provide a service or product to you.
- The information in question is considered directory information consistent with FERPA regulations.
- We need to respond to subpoenas, court orders, or any other legal process.
- We find it necessary to protect and defend the legal rights and/or property of ÃÛÌÒÊÓƵ State University.
Encryption
ÃÛÌÒÊÓƵ State uses encryption to prevent third parties from accessing sensitive data, such as passwords, e-commerce information, etc. You are normally required to enter a ÃÛÌÒÊÓƵ State ÃÛÌÒÊÓƵID and password when you request data about yourself or to ensure that you are a member of the university community. For example, students who want to check their grades or staff members who complete time sheets must enter their ÃÛÌÒÊÓƵ State ÃÛÌÒÊÓƵID and password so the system knows who is requesting the data. This login process uses Hypertext Transfer Protocol Secure (HTTPS) so the user name and password are encrypted between the Web browser and our Web server.
Several sites within ÃÛÌÒÊÓƵ State University enable you to pay for products or services online with a credit card. These transactions are encrypted. Questions about security concerns involving credit card transactions may be directed to security@csuohio.edu.
Information Collected and Stored Automatically
If you visit our website, we automatically gather and store the following information about your visit so that we can track the use of our website to make improvements. This automatically collected information is stored and used in the aggregate only, and is not under normal circumstances used to contact you personally.
- The IP address from which you access our website
- The name of the domain from which you access the Internet
- The type of browser and operating system used to access our website
- The date and time you access our site
- The pages, files, documents, and links that you visit
- The Internet address of the website from which you linked to this website
Cookies
Cookies are small pieces of data stored by the Web browser, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.
Some ÃÛÌÒÊÓƵ State University Web servers use cookies. For example, cookies are used so you will not have to repeatedly enter user names and passwords when you go to different parts of the website.
Linking
Within our website there are links to non-ÃÛÌÒÊÓƵ State websites. When you link to third-party websites, you leave ÃÛÌÒÊÓƵ State's website and no longer will be subject to our privacy statement. ÃÛÌÒÊÓƵ State University is not responsible for the privacy practices or the content of non-ÃÛÌÒÊÓƵ State websites, and such links are not intended to be an endorsement of those sites nor their content.
Types of Personal Data Processed
In order for the university to achieve its core mission, it is essential and necessary for ÃÛÌÒÊÓƵ State University to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in the university's educational, research, and community programs. ÃÛÌÒÊÓƵ State University processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment; student registration; residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty, and staff; employment; applied research; program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community at-large; compliance with its internal policies, procedures, and guidelines, as well as all applicable federal, state, and local laws; and records retention.
Personal data processed by the university typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact us via security@csuohio.edu.
If a data subject refuses to provide personal data that is required by ÃÛÌÒÊÓƵ State University in connection with one of ÃÛÌÒÊÓƵ State University's lawful bases to collect such personal data, such refusal may make it impossible for ÃÛÌÒÊÓƵ State University to provide education, employment, research, or other requested services.Ìý
Where ÃÛÌÒÊÓƵ State University gets Personal Data
ÃÛÌÒÊÓƵ State University receives personal data from multiple sources, most often directly from the data subject or under the direction of the data subject who has provided it to a third party (e.g., application for admission to ÃÛÌÒÊÓƵ State University through use of the Common App or the ÃÛÌÒÊÓƵ App).
Data Retention
ÃÛÌÒÊÓƵ State University keeps the data it collects for the time periods specified in the ÃÛÌÒÊÓƵ State University Record Retention Schedule csuohio.edu/policy-register/records-management-and-retention.
Disclaimer of Liability
The information contained in this statement explains the Internet privacy statement and practices that ÃÛÌÒÊÓƵ State University has adopted for its official Web pages. In legal terms, it shall not be construed as a contractual promise, and the university reserves the right to amend it at any time without notice. Neither ÃÛÌÒÊÓƵ State University nor any of its units, programs, employees, agents, or individual trustees shall be held liable for any improper or incorrect use of the information described and/or contained in the university website and assumes no responsibility for anyone's use of the information.
Comments/Questions
ÃÛÌÒÊÓƵ State University is a large organization with many people sharing responsibility for the content of our website. Please help us respond to your comments and inquiries by sending them to the appropriate ÃÛÌÒÊÓƵ State department.
If you have questions about this Privacy Statement, or if you find ÃÛÌÒÊÓƵ State Web pages that do not adhere to this statement, please emailÌýcsuweb@csuohio.edu.