Web Privacy Notice

Scope

The Board of Trustees of the University of Illinois (“University of Illinois”), by and through its academic, research and administrative units and programs, owns, controls, operates and/or maintains Web sites under a number of domains (collectively, “University Web”). This Web Privacy Notice applies to all domains within University Web.

Purpose

As part of its commitment to maintain the privacy of users of University Web sites, the University of Illinois has developed this privacy notice. The notice has two purposes:

1. To inform users and University Web practitioners about specific privacy guidelines employed at the University of Illinois.
2. To notify users about the terms and conditions governing use of the University Web.

Rule on Sharing of Information

The University of Illinois uses the University Web for business purposes and is committed to ensuring the privacy of personal information. Use of the University Web is subject to all applicable state and federal laws, as well as general University and campus policies. It is the University’s usual practice not to share any personal information with those outside the University. However, when circumstances arise for the need to share information gathered from its University Web servers, the University may share as:

• authorized by law,
• permitted under University and campus policies,
• authorized by an approved University of Illinois contract,
• clearly stated at a University Web site that such information will be shared and the user indicates consent by providing the information,
• consent is otherwise given,
• available, certain student and employee demographic information with the University of Illinois Alumni Association, the University of Illinois Foundation, applicant students’ high schools and other educational institutions with questions about students who have been admitted or earned a degree from the University, or
• authorized for good cause by the Chancellor for each campus or the Vice President for Academic Affairs of the University of Illinois.

Exceptions to Rule

The University Web consists of hundreds of University Web servers. Some servers hosted by the University of Illinois may adopt different privacy notices as their specific needs require. If another University Web server has a privacy notice that is different from this notice, then that notice must be approved by the campus Chief Information Officer or equivalent administrator responsible for that domain, and it must be posted on the site that has adopted the different notice. However, those sites cannot adopt a privacy notice that in any way supersedes federal or state laws or regulations or University or campus policies.

Approved Departmental Privacy Notices at the University of Illinois are located at the following sites:

• Policy Resources Applicable to All Employees
• http://www.uis.edu/disclaimers.html

Online Surveys and Other Information Provided by the User

In the course of using University Web sites, a user may choose to provide information to help the University of Illinois serve that user’s needs or conduct research. At any time there are numerous online surveys being conducted on University Web sites. Person(s) responsible for conducting online surveys that collect personally-identifiable information should clearly state at the survey site the extent to which any information provided will be shared. Aggregate data from surveys may be shared with external third parties in ways that do not compromise privacy.

Public Forums

Many units of the University of Illinois provide chat rooms, forums, message boards, and news groups for their users. Any information that is disclosed in these areas may become public information and a user should therefore exercise caution when deciding to disclose one’s personal information in such places. Chat sessions and discussion forums may be logged.

E-Commerce

Several sites within the University of Illinois enable one to pay for products or services online with a credit card. These transactions are commercially secure and utilize a centralized process. For additional details, see Section 21 of the University’s Business and Financial Policies and Procedures Manual (“Credit Card Sales Through Unit Web Sites”) at:

https://www.obfs.uillinois.edu/bfpp/section-21-merchant-card

Rules for Individuals under Thirteen Years of Age

The University of Illinois is committed to complying fully with the Children’s Online Privacy Protection Act. Accordingly, if a user of the University Web is under the age of thirteen, such user is not authorized to provide the University of Illinois with personally identifying information, and the University will not use any such information in its database or other data collection activities. The University appreciates cooperation with this federally mandated requirement. Users under the age of thirteen and their parents or guardians are cautioned that the collection of personal information volunteered by unauthorized children online or by e-mail will be treated the same as information given by an adult until the University becomes aware that the user is under the age of thirteen and such information may be subject to public access.

Illinois Freedom of Information Act

As a state institution, the University may be legally required under the Illinois Freedom of Information Act or other laws to provide specific information, such as some electronic correspondence sent via the University Web. More information about the University of Illinois’ compliance with the Illinois Freedom of Information Act, which provides for public access to certain documents and records of public bodies, can be found at:

University: https://www.uillinois.edu/foia

Server Log Information the University Gathers

University Web servers generate logs that may contain information about computers or devices used to access the University Web, or about general activity on the University Web, such as the following:

• Internet address of computer or device
• Type of browser or other client application used
• The operating system of the computer or device
• Web pages requested
• Referring Web pages
• Time spent on the site

Many University Web server administrators produce summary reports from these logs and share that information with University Web content managers. University Web content managers typically use this information in aggregate to understand what pages are popular, how users are navigating to and within their site, and when their sites are used most frequently. The University strongly discourages the inclusion in server logs of information that could identify individuals. The above Rule on Sharing of Information and the Exceptions to Rule detail when such associations occur.

Cookies and Login Security

Cookies are small pieces of data stored by a Web browser on a user’s computer. Cookies are often used to retain information about preferences and pages a user has visited. For example, when a user visits some sites on the Web, one might see a “Welcome Back” message. The first time one visited the site a cookie was probably stored on the user’s computer; when the user returns, the cookie is read again. One can refuse to accept cookies, one can disable cookies, and one can remove cookies from one’s hard drive.

Some sites require the use of cookies in order to access the site, such as University Web sites requiring University credentialed authentication. University Web servers sometimes use cookies with Web sites that require University of Illinois community members, such as students, staff and faculty, to log in with their University provided NetID and password. University community members are normally required to enter their respective NetID and password when a member requests data about himself/herself or to ensure that the person is a member of the University community. These cookies are used so one will not have to repeatedly enter user names and passwords when one goes to different parts of the University Web site. The University of Illinois strongly encourages University Web administrators to handle the login process through a secure connection, so the user name and password are encrypted between the University Web browser and the University Web server.

Personalized University Advertising and Promotional Materials at the Urbana-Champaign Campus Via Permanent Cookies and Web Beacons/Pixel Tags

The University of Illinois at Urbana-Champaign may use technologies such as permanent cookies and web beacons/pixel tags prepared by us or our third party contractors to provide you with personalized University display advertising and promotional material containing information about the University and its people and programs tailored to your interests. To opt out immediately from receiving this advertising and promotional material, click here. We may also use the services of third parties to collect and use anonymous information about your visits to, and interactions with, our website through the use of technologies such as cookies to personalize advertisements and promotional materials for University goods and services. To learn more visit the Network Advertising Initiative at www.networkadvertising.org/choices.

Transactional Versus Permanent Cookies

The University of Illinois is committed to fully complying with the State Agency Web Site Act (Public Act 093-117) which becomes effective January 1, 2004. Consequently, University Web sites may use transactional cookies that facilitate business transactions and may not use permanent cookies or any other invasive tracking programs that monitor and track University Web site viewing habits unless:

1. the use of permanent cookies adds value to the user otherwise not available;
2. there is a comprehensive online statement at the particular University Web site where such permanent cookies or other invasive monitoring and tracking programs are utilized that discloses:
   
   1. all types of information collected at that site;
   2. the University’s use of that information; and
   3. how the collection and use of this information adds value to the user; and
3. there is a link to this comprehensive Web Privacy Notice from that particular University Web site where such permanent cookies or other invasive monitoring and tracking programs are utilized.

The University Policy on Permanent Cookies can be found at https://www.vpaa.uillinois.edu/resources/cookies.

Some examples of approved notices regarding usage of cookies can be found at https://www.vpaa.uillinois.edu/resources/cookie_examples

Social Security Numbers

University policy for the proper procedures in collecting, maintaining and disseminating social security numbers of students, employees and individuals associated with the University can be found online at the following locations:

http://www.ssn.uillinois.edu
http://www.obfs.uillinois.edu/bfpp/section-19

FERPA

The University of Illinois also complies with the Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission. For more details on FERPA, see the explanation at:

Chicago: http://www.uic.edu/depts/oar/campus_policies/records_policy.html
Springfield: http://www.uis.edu/registration/records/studentRecordPolicy.html
Urbana: http://www.registrar.illinois.edu/staff/ferpa/index.html

However, FERPA does permit the release of public or “directory” information about students. Information about suppressing the release of “directory” information can be obtained at:

Chicago:http://www.uic.edu/depts/oar/student_records/record_confidentiality.html
Springfield: http://www.uis.edu/registration/records/studentRecordPolicy.html
Urbana: https://registrar.illinois.edu/academic-records/ferpa/

LEGAL NOTICES OF TERMS AND CONDITIONS

Access to the University Web is provided subject to the following terms and conditions. Please read these terms carefully as use of the University Web constitutes acceptance of all of the following terms and conditions:

Disclaimer of Liability

Neither the University of Illinois, nor any of its units, programs, employees, agents or individual trustees, shall be held liable for any improper or incorrect use of the information described and/or contained in the University Web and assumes no responsibility for anyone’s use of the information. In no event shall the University Web, the University of Illinois or its units, programs, employees, agents or individual trustees be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement or substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this system, even if advised of the possibility of such damage. This disclaimer of liability applies to any damages or injury, including but not limited to those caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, alteration of, or use of record, whether for breach of contract, tortious behavior, negligence or under any other cause of action.

Disclaimer of Warranties and Accuracy of Data

Although the data found using the University of Illinois’ access systems have been produced and processed from sources believed to be reliable, no warranty, express or implied, is made regarding accuracy, adequacy, completeness, legality, reliability or usefulness of any information. This disclaimer applies to both isolated and aggregate uses of the information. The University of Illinois provides this information on an “as is” basis. All warranties of any kind, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, freedom from contamination by computer viruses and non-infringement of proprietary rights are disclaimed. Changes may be periodically made to the information herein; these changes may or may not be incorporated in any new version of the publication. If a user has obtained information from any of the University Web pages via a source other than the University of Illinois pages, be aware that electronic data can be altered subsequent to original distribution. Data can also quickly become out of date. It is recommended that careful attention be paid to the contents of any data associated with a file, and that the originator of the data or information be contacted with any questions regarding appropriate use. If a user finds any errors or omissions, please report them to:

Chicago campus (uic.edu): http://www.uic.edu/depts/oar/contact/index.html
Springfield campus (uis.edu): http://www.uis.edu/contact.html
Urbana campus (uiuc.edu): http://www.illinois.edu/info/contactus.html
University Administration (uillinois.edu): contactus@uillinois.ed

Disclaimer of Endorsement

The University of Illinois is a distributor of content sometimes supplied by third parties and users. Any opinions, advice, statements, services, offers, or other information or content expressed or made available by third parties, including information providers, users, or others, are those of the respective author(s) or distributor(s) and do not necessarily state or reflect those of the University of Illinois and shall not be used for advertising or product endorsement purposes. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favoring by the University of Illinois.

Disclaimer for External Links

The University Web has links to other Web sites. These include links to Web sites operated by Illinois agencies and officials, other government agencies, nonprofit organizations and private businesses. When a user leaves the University Web and visits another site, the user is subject to the privacy policy of that new site. The University of Illinois is not responsible for the contents of any off-site pages referenced. The user specifically acknowledges that the University of Illinois is not liable for the defamatory, negligent, inaccurate, offensive, or illegal conduct of other users, links, or third parties and that the risk of injury from the foregoing rests entirely with the user. Links from University Web pages on the World Wide Web to other sites do not constitute an endorsement from the University of Illinois. These links are provided as an information service only. It is the responsibility of the user to evaluate the content and usefulness of information obtained from other sites. The University Web contains links to other related World Wide Web sites and resources. Since the University of Illinois and its Web site is not responsible for the availability of these outside resources or their contents, the user should direct any concerns regarding any external link to its site administrator or webmaster.

Disclaimer of Duty to Continue Provision of Data

Due to the dynamic nature of the Internet, resources that are free and publicly available one day may require a fee or restricted access the next, and the location of items may change as menus, pages, and files are reorganized. The user expressly agrees that use of the University Web is at the user’s sole risk. The University of Illinois does not warrant that the service will be uninterrupted or error free. The documents and related graphics published on this Web or server could contain technical inaccuracies or typographical errors. Changes are periodically added to the information herein. The University of Illinois and/or its respective units and programs may make improvements and/or changes in the information and/or programs described herein at any time.

Security

The technology management teams of the University and its campuses have taken several steps to safeguard the integrity of its communications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption. Security measures have been integrated into the design, implementation and day-to-day practices of the entire University operating environment as part of its continuing commitment to risk management.

This information should not be construed in any way as giving business, legal, or other advice, or warranting as fail proof, the security of information provided via University supported Web sites.

Choice of Law

Construction of the disclaimers above and resolution of disputes thereof are governed by the laws of the State of Illinois. The laws of the State of Illinois, U.S.A., shall apply to all uses of this data and this system. By use of this system and any data contained therein, the user agrees that use shall conform to all applicable laws and regulations and user shall not violate the rights of any third parties.

Questions

If a user has questions about this privacy notice or believes that the user’s personal information has been released without consent, then send e-mail to:

Chicago: security@uic.edu
Springfield: websecurity@uis.edu
Urbana: security@illinois.edu
University Administration: security@uillinois.edu

June 15, 2017