University of Northwestern and Northwestern Media are committed to your privacy and keeping any information collected about on myktis.com or any of its related sub-domains safe and secure. This policy statement provides information about how your personal information may be collected and the circumstances or occasions for which it is used. We may update this statement as changes are made to the website, the kinds of information we collect or how we use it.
Information We Collect
NON-PERSONALLY IDENTIFIABLE INFORMATION
As users access the website, Northwestern collects non-personally identifiable information such as IP address, browser type, and site usage. This information is not linked to any personal information and remains anonymous. To collect this information, the university uses session “cookies” — that is, small text files that are placed on your computer’s hard drive. The session cookies used by the university do not give us access to your computer and do not provide us with personally identifiable information. Session cookies are deleted when you close your browser. You may modify your browser settings to disallow cookies, but this may prevent you from taking full advantage of our website.
PERSONALLY IDENTIFIABLE INFORMATION
Certain areas of our website collect voluntary information that is personally identifiable, such as name, zip code, and e-mail address. This is typically done through request and registration forms provided in order to learn of your interest in Northwestern and provide you with information and services. Personally identifiable information may be collected as part of an online purchase, payment, or donation. In this case, Northwestern uses one of the following PCI-compliant third-party services to process your transaction. Prior to using these services, we encourage you to read the privacy policies listed below.
- TouchNet Information Systems, Inc. (student account payments and non-student online payments and purchases)
- Authorize.net with GivingFuel (payment processing for Media and Advancement)
- PCAmerica (Mail Center data system)
- Transfirst with SafeSave (payment processing for Child Development Center)
- Shift4 (payment processing for UNW bookstore)
- Recruit (Customer Relationship Management database)
- Handshake with Stripe (HR, Career Development services)
- Activenet (payment processing for Academy of Music)
- MerchantLink (payment processing for Bon Appetit – Caterer)
Use of Information We Collect
USE OF NON-PERSONALLY IDENTIFIABLE INFORMATION
We use non-personally identifiable information while you are browsing the site to improve your individual experience and provide you with more individualized responses. We also aggregate non-personally identifiable information from many users into statistical reports in order to better administer our website, diagnose server problems that may occur from time to time, and improve our website.
USE OF PERSONALLY IDENTIFIABLE INFORMATION
By providing personally identifiable information, you imply consent to the collection and use of the information for the purposes for which it was provided. Your information is used to provide relevant materials, products and services you request, and to facilitate relationships with the University, such as the admissions process and fund raising programs. You may opt out of receiving information from University of Northwestern by contacting the department from which the information came. Only those University of Northwestern employees who need personally identifiable information to perform a specific job are given access to the information. Unless required by law, personally identifiable information is only shared with third parties as necessary to provide the materials, products, and services you request. When third parties are given access to personally identifiable information, they are, by contract, not permitted to use or re-disclose any of the information for unauthorized purposes. Personally identifiable information is never sold to third parties.
In order to protect the loss, misuse, or alteration of information gathered on our site, all information is stored within a controlled database environment accessible only to authorized University staff. However, as effective as any security measures implemented by the University may be, no security system is impenetrable. University of Northwestern cannot guarantee the security of its database environment, nor can it guarantee that the information you provide will not be intercepted while being transmitted over the Internet.
University of Northwestern does not control the actions of its site visitors nor the use site visitors may make of publicly disclosed information. Please be aware that disclosing personally identifiable information on the site’s bulletin boards, guest books, chat rooms or other such public forums may allow visitors to gather information and send unsolicited email. We encourage you to report any unsolicited/unwanted email or misuse of information to UNW.
Links to Other Websites
Our website may include links to other websites outside the myktis.com domain, including co-branded or other affiliated sites that may or may not be owned or operated by University of Northwestern. Such sites are not governed by this privacy statement. Users should become familiar with the privacy practices of those other sites.
University of Northwestern – St. Paul
3003 Snelling Avenue North
St. Paul, MN 55113
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
* We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
* Send information, respond to inquiries, and/or other requests or questions
* Process orders and to send information and updates pertaining to orders.
* Send you additional information related to your product and/or service
* Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
* Not use false or misleading subjects or email addresses.
* Identify the message as an advertisement in some reasonable way.
* Include the physical address of our business or site headquarters.
* Monitor third-party email marketing services for compliance, if one is used.
* Honor opt-out/unsubscribe requests quickly.
* Allow users to unsubscribe by using the link at the bottom of each email.
GDPR (General Data Protection Regulation)
The General Data Protection Regulation (GDPR) is a European Union (EU) legislation that will be enforceable from May 25, 2018, replacing the aging Data Protection Act (DPA). It is designed to both strengthen and harmonize data protection across EU member states, and ensure organizations treat the personal data of individuals—supporters, customers, donors and constituents—with more respect and ultimately strengthen trust between organizations and individuals.
To be in accordance with GDPR, we agree to the following:
* Right of Access: the right to obtain confirmation from the organization whether it is processing personal data and information about that processing.
* Right to Rectification: the right to request the organization to rectify inaccurate personal data.
* Right to Object: the right to object to processing based on either public interests or legitimate interests. The organization must cease processing unless the organization demonstrates compelling grounds for continuing the processing or that the processing is necessary relating to the organization’s legal rights.
* Right to Object to Direct Marketing
* Right Not to be Subject to Automated Processing: the right not to be subject to a decision that significantly affects him, which is based solely on automated processing, unless (a) it is necessary for performance of a contract (with appropriate safeguards); (b) it is authorized by law; or (c) explicit consent (with appropriate safeguards).
* Right to be Forgotten: the right to have the controller erase personal data without undue delay. Such right is contingent on the occurrence of one of the following: (a) the data is no longer necessary; (b) the data subject withdraws consent (and consent is the legal basis for processing); (c) organization has no overriding grounds for continuing the processing against the objection; (d) processing was unlawful; (e) erasure is necessary for compliance with EU law; or (f) the data was collected for the offer of information society services to a child.
* Right to Restrict Processing: the right to have the organization limit processing if: (a) accuracy of the data is contested; (b) processing is unlawful (an alternative to erasure); (c) the organization no longer needs the data for its original purpose, but needs it for legal purposes; or (d) erasure is pending.
* Right of Data Portability: the right to receive from the organization a copy of your data in a commonly used machine-readable format for transfer to another organization.
* Right to Object to Processing for Scientific, Historical or Statistical Purposes: this right can only be countered if the processing is necessary for the performance of a task carried out for public interests.
If at any time you would like to unsubscribe from receiving future emails, you can email Cheryl Gardner and we will promptly remove you from ALL correspondence.