Approved by the president
April 25, 2018
Latest Revision
June 30, 2023
Policy Contact
Senior Communication and Marketing Officer
607-436-3317
Category
Marketing and Communication Policies
Policy Statement
SUNY Oneonta and third parties that SUNY Oneonta authorizes to act on its behalf (hereafter, "service providers") collect information from users who access suny.oneonta.edu (hereafter, the “SUNY Oneonta website”). The university analyzes such information to better understand how users interact with SUNY Oneonta content, to determine what information is of most and least interest to users, and to improve the utility of the material available on the SUNY Oneonta website. The university does not sell or share such information or use it for commercial marketing. Users may limit the collection of such information.
Rationale
The collection of information through the SUNY Oneonta website and the disclosure of that information are subject to the Internet Security and Privacy Act. As such, SUNY Oneonta has adopted a policy to describe what information may be collected through the SUNY Oneonta website, the methods of and conditions of its collection, how the university may use such information, and the university's privacy practices pertaining to such information.
Applicability of the Policy
This policy applies to users of the SUNY Oneonta website.
Policy Elaboration
User information collected automatically
When a user accesses the SUNY Oneonta website, the university automatically collects and stores information such as the following:
- the Internet protocol address and domain name used;
- the type and version of browser and operating system used;
- the date and time that the SUNY Oneonta website was accessed;
- the web pages or services that accessed at the SUNY Oneonta website;
- the website the user accessed prior to accessing the SUNY Oneonta website;
- the website the user accesses after accessing the SUNY Oneonta website;
- any file that the user downloads; and
- demographics and interests data, such as the user’s age, gender, affinity categories (i.e. sports fans), and in-market segments (product-purchase interests).
None of the foregoing information is deemed to constitute personal information relating to the user.
Thresholds are applied to demographics and interests data to prevent anyone viewing a report from inferring the demographics or interests of individual users. In addition, the university will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any Google advertising product or feature unless the university has robust notice of, and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger, and is using a Google Analytics feature that expressly supports such identification or merger. Irrespective of users’ consent, the university will not attempt to disaggregate data that Google reports in aggregate.
Having accurate information about users allows the university to provide them with smooth, efficient, and customized experiences. Specifically, the university may use information collected from SUNY Oneonta website users internally or with service providers to:
- compile anonymous statistical data and analysis;
- deliver targeted advertising to users;
- implement email marketing campaigns;
- increase the efficiency and operation of this website; and/or
- monitor and analyze usage and trends to improve users’ experiences with this website.
Marketing Technologies
SUNY Oneonta and service providers may use marketing technologies such as cookies, identifiers and web beacons to automatically collect user information. Tools may include:
Google Analytics, Google AdWords, and Google Tag Manager
Google may use a combination of first-party cookies and identifiers (such as the Google Analytics cookies) and third-party cookies and identifiers (such as Google advertising cookies).
The following Google Analytics Advertising Features may be implemented at any point under this privacy policy:
- remarketing with Google Analytics;
- Google Display Network Impression Reporting;
- Google Analytics Demographics and Interest Reporting;
- Google Signals, to enhance marking and reporting, which updates existing Google Analytics features to also include aggregated data from Google users who have consented to Ads Personalization; and /or
- integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers.
SUNY Oneonta may use remarketing and/or similar audience technologies to reach people who previously visited this site, or people like previous visitors, to match the right people with the right message. Google may show our ads on sites across the Internet and may use cookies to serve ads based on a user’s past visit(s) to the SUNY Oneonta website.
SUNY Oneonta will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any advertising product or feature unless the university has robust notice of and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger. In addition, the university does not attempt to disaggregate data that Google reports in aggregate.
Google describes how it uses data when users use its partners’ sites or apps.
Visitors can opt out of the Google Analytics Advertising Features through Google Analytics’ opt-outs for the web, Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out).
Meta technologies
Meta may use cookies, web beacons, and other storage technologies to collect or receive information from your activity across Meta technologies, activity with other businesses, activity on other websites and apps, and your location, to provide measurement services and to target ads on Facebook or Instragram.
Data use
- SUNY Oneonta will only share ad data collected, received, or derived from our Facebook or Instagram ads (“Meta advertising data”) with a service provider, who will also protect any Meta advertising data or data otherwise obtained from Meta. We will limit their use of this information and keep it confidential and secure.
- SUNY Oneonta will not use Meta advertising data for any purpose (including retargeting, commingling data across multiple advertisers’ campaigns, or allowing piggybacking or redirecting with tags), except on an aggregate and anonymous basis (unless authorized by Meta) and only to assess the performance and effectiveness of our Meta advertising campaigns.
- SUNY Oneonta will not use Meta advertising data, including the targeting criteria for our ads, to build, append to, edit, influence, or augment user profiles, including profiles associated with any mobile device identifier or other unique identifier that identifies any particular user, browser, computer or device.
- Information submitted through Facebook Lead Ads will be uploaded into SUNY Oneonta’s customer relationship management (CRM) platform, Slate. SUNY Oneonta will not transfer any Meta advertising data (including anonymous, aggregate, or derived data) to any ad network, ad exchange, data broker or other advertising or monetization related service.
Users may opt-out of the collection and use of information for ad targeting, at YourAdChoices and/or Your Online Choices.
LinkedIn targets (and measures the performance of) ads to Members, Visitors and others both on and off LinkedIn Services directly or through a variety of partners, using the following data, whether separately or combined:
Data from advertising technologies on and off LinkedIn Services, pixels, ad tags, cookies, and device identifiers;
Member-provided information (e.g., profile, contact information, title and industry);
Data from your use of LinkedIn Services (e.g., search history, feed, content you read, who you follow or is following you, connections, groups participation, page visits, videos you watch, clicking on an ad, etc.), including as described in Section 1.3 of LinkedIn’s Privacy Policy;
Information from advertising partners, vendors and publishers ; and
Information inferred from data described above (e.g., using job titles from a profile to infer industry, seniority, and compensation bracket; using graduation dates to infer age or using first names or pronoun usage to infer gender; using your feed activity to infer your interests; or using device data to recognize you as a member).
LinkedIn does not share your personal data with any third-party advertisers or ad networks except for: (i) hashed IDs or device identifiers (to the extent they are personal data in some countries); (ii) with your separate permission (e.g., in a lead generation form) or (iii) data already visible to any users of LinkedIn Services (e.g., profile). However, if you view or click on our ad on or off LinkedIn Services, SUNY Oneonta will get a signal that someone visited the page that displayed the ad, and we may, using mechanisms such as cookies, determine it is you. SUNY Oneonta must obtain your explicit opt-in consent before associating personal data collected by the advertiser directly from you with hashed IDs or device identifiers received from LinkedIn.
LinkedIn adheres to self-regulatory principles for interest-based advertising and participates in industry opt-outs from such ads. This does not opt you out of receiving advertising; you will continue to get other ads by advertisers not listed with these self-regulatory tools. You can also opt-out specifically from LinkedIn’s uses of certain categories of data to show you more relevant ads. For Visitors, the setting is here.
HotJar
Hotjar is a technology service that helps SUNY Oneonta better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our website informed by user feedback.
Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.
Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
User information collected through voluntary submission
SUNY Oneonta collects information, including personal information, that users voluntarily submit to the SUNY Oneonta website while conducting online transactions such as filling out an inquiry form. The university uses such information to operate its programs, which include the provision of goods, services, and information. SUNY Oneonta may disclose such information only for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted.
If a user sends an email to SUNY Oneonta while accessing the SUNY Oneonta website, SUNY Oneonta will collect the user’s email address and the contents of the user’s message. The information SUNY Oneonta collects in this circumstance may include text characters, audio, video, and graphic information formats included in the message. SUNY Oneonta may use such information to respond to users, to address issues users identify, to improve the SUNY Oneonta website, or to forward users messages to others for appropriate action. SUNY Oneonta does not collect, sell or otherwise disclose email addresses for commercial purposes.
SUNY Oneonta does not knowingly collect personal information from children or create profiles of children through the SUNY Oneonta website. However, personal information submitted in an email or through an online transaction will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access.
Collection and disclosure of personal information
The State of New York regulates disclosure by SUNY Oneonta of information, including personal information, collected through the SUNY Oneonta website. Such disclosure is subject to the Freedom of Information Law and the Personal Privacy Protection Law.
With few exceptions, SUNY Oneonta will only collect personal information through the SUNY Oneonta website if the user has consented to such collection. With few exceptions, SUNY Oneonta will only disclose personal information it collects through the SUNY Oneonta website if the user has consented to such disclosure. A user’s participation in an online transaction whereby the user discloses personal information through the SUNY Oneonta website, whether solicited or unsolicited, constitutes that user’s consent to SUNY Oneonta’s collection and disclosure of such information for the purposes reasonably ascertainable from the nature and terms of the transaction.
However, SUNY Oneonta may collect or disclose personal information through the SUNY Oneonta website without user consent if the collection or disclosure is:
- necessary to perform the statutory duties of SUNY Oneonta, or necessary for SUNY Oneonta to operate a program authorized by law, or authorized by state or federal statute or regulation;
- made pursuant to a court order or by law;
- for the purpose of validating the identity of the user; or
- of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person; or
- to federal or state law enforcement authorities for the purpose of enforcing SUNY Oneonta’s rights against unauthorized access or attempted unauthorized access to SUNY Oneonta’s information technology assets or against other inappropriate use of the SUNY Oneonta website.
Retention of information
The State of New York regulates the retention by SUNY Oneonta of information collected through the SUNY Oneonta website. Such information is subject to the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law.
In general, the Internet services logs of the SUNY Oneonta website, comprising electronic files or automated logs created to monitor access and use of SUNY Oneonta services provided through the SUNY Oneonta website are destroyed in a manner consistent with the General Retention and Disposition Schedule for New York State Government Records Item 90239. Information, including personal information, that users submit while conducting online transactions such as filling out an inquiry form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which information is submitted. Information concerning such records’ retention and disposition schedules may be obtained through the SUNY Oneonta records management officer at:
SUNY Oneonta
108 Ravine Pkwy.
Netzer 200
Oneonta, NY 13820.
Confidentiality and integrity of collected information
SUNY Oneonta recognizes the need to protect personal information collected through the SUNY Oneonta website against unauthorized access, use, or disclosure. SUNY Oneonta limits employee access to personal information collected through the SUNY Oneonta website to those employees who need access to the information to perform their official duties. Employees with access to personal information are made aware of the need to follow appropriate procedures in connection with any disclosure of such information.
SUNY Oneonta has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authenticating, monitoring, auditing, and encrypting. Security procedures have been integrated into the design, implementation, and day-to-day operations of the SUNY Oneonta website consistent with the university's commitment to the security of electronic content as well as the electronic transmission of information.
For security purposes and to maintain the availability of the SUNY Oneonta website for all users, SUNY Oneonta uses software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.
Access to and correction of collected personal information
Any user may submit a request to the SUNY Oneonta privacy compliance officer to determine whether personal information pertaining to that user has been collected through the SUNY Oneonta website. Such request must be made in writing and accompanied by reasonable proof of identity of the user, which shall include but not be limited to verification of a signature or inclusion of an identifier generally known only to the user. The address of the privacy compliance officer is:
SUNY Oneonta
108 Ravine Pkwy.
Netzer 208
Oneonta, NY 13820.
The privacy compliance officer shall, within five business days of the date of the receipt of a proper request, make a such collected information available to the person requesting it, deny such request in writing or furnish a written acknowledgment of the receipt of such request and a statement of the approximate date, which shall be reasonable under the circumstances of the request, when such request will be granted or denied.
In the event that SUNY Oneonta determines that it has collected personal information pertaining to a user through the SUNY Oneonta website and that information is to be provided to the user pursuant to the user’s request, the privacy compliance officer shall inform the user of their right to request that the personal information be amended or corrected under the procedures set forth in Section 95 of the Public Officers Law, Article 6-A.
Disclaimer
The information in this policy should not be construed as giving business, legal, or other advice, or warranting as fail proof the security of information provided through the SUNY Oneonta website.
Definitions
“Cookie” means a unique text file stored on a user’s computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user’s preferences and interests. A cookie will not include personal information unless the user has volunteered that information.
“Personal information” means any information concerning a natural person, as opposed to a corporate entity, which, because of name, number, symbol, mark, or other identifiers, can be used to identify that natural person.
“Remarketing” means the presentation of a targeted ad to a user who previously visited a particular website.
“Web beacon” means a graphic with a unique identifier, similar to a cookie, used to track the online movements of users.
“Service provider” means a third party that SUNY Oneonta authorizes to act on its behalf.
The “SUNY Oneonta website” consists of webpages with the URL beginning with https://suny.oneonta.edu.
“Web beacon” means a graphic with a unique identifier, like a cookie, used to track the online movements of users.
Related Policies
General Retention and Disposition Schedule for New York State Government Records
Information Technology Acceptable Use Policy
Information Technology Security Program
New York State Arts & Cultural Affairs Law, Section 57.05 (Archives and Records Management Law for the Records of New York State Government)
New York State Information Technology Guideline No. NYS-G02-001 (Internet Privacy Policies)
New York State Public Officers Law, Article 6 (Freedom of Information Law)
New York State Public Officers Law, Article 6-A (Personal Privacy Protection Law)
New York State Technology Law, Article II (Internet Security and Privacy Act)
Effective Dates
Approved by the President April 25, 2018
Latest Revision approved by the President June 30, 2023