SUNY New Paltz and third parties that SUNY New Paltz authorizes to act on its behalf collect information from users who access newpaltz.edu and related sites (hereafter, the “SUNY New Paltz websites”). The College analyzes such information to better understand how users interact with SUNY New Paltz content, to determine what information is of most and least interest to users, and to improve the utility of the material available on the SUNY New Paltz websites. The College does not sell or share such information or use it for commercial marketing. Users may limit the collection of such information.
The collection of information through the SUNY New Paltz websites and the disclosure of that information are subject to the Internet Security and Privacy Act. As such, SUNY New Paltz has adopted a policy to describe what information may be collected through the SUNY New Paltz websites, the methods of and conditions of its collection, how the college may use such information, and the college’s privacy practices pertaining to such information.
Applicability of the Policy
This policy applies to users of the SUNY New Paltz websites.
User information collected automatically
When a user accesses the SUNY New Paltz websites, the college automatically collects and stores information such as the following:
- the Internet protocol address and domain name used;
- the type and version of browser and operating system used;
- the date and time that the SUNY New Paltz websites was accessed;
- the web pages or services that accessed at the SUNY New Paltz websites;
- the website the user accessed prior to accessing the SUNY New Paltz websites;
- the website the user accesses after accessing the SUNY New Paltz websites;
- any file that the user downloads; and
- demographics and interests data, such as the user’s age, gender, affinity categories (i.e. sports fans), and in-market segments (product-purchase interests).
None of the foregoing information is deemed to constitute personal information relating to the user.
Thresholds are applied to demographics and interests data to prevent anyone viewing a report from inferring the demographics or interests of individual users. In addition, the college will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any Google advertising product or feature unless the college has robust notice of, and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger, and is using a Google Analytics feature that expressly supports such identification or merger. Irrespective of users’ consent, the college will not attempt to disaggregate data that Google reports in aggregate.
Having accurate information about users allows the college to provide them with smooth, efficient, and customized experiences. Specifically, the college may use information collected from SUNY New Paltz websites users to:
- compile anonymous statistical data and analysis for use internally or with third parties;
- deliver targeted advertising to users;
- implement email marketing campaigns;
- increase the efficiency and operation of this website; and/or
- monitor and analyze usage and trends to improve users’ experiences with this website.
SUNY New Paltz and authorized third-party vendors may use tracking technologies such as cookies, identifiers and web beacons to automatically collect user information. Tools may include:
Google Analytics, Google AdWords, and Google Tag Manager
Google, an authorized third-party vendor, may use a combination of first-party cookies and identifiers (such as the Google Analytics cookies) and third-party cookies and identifiers (such as Google advertising cookies).
- remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
- integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers
SUNY New Paltz will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any advertising product or feature unless the college has robust notice of and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger. In addition, the college does not attempt to disaggregate data that Google reports in aggregate.
Visitors can opt out of the Google Analytics Advertising Features through Google Analytics’ opt-outs for the web, Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out).
SUNY New Paltz utilizes Ping Analytics as part of its Slate CRM (customer relationship management) platform.
User information collected through voluntary submission
SUNY New Paltz collects information, including personal information, that users voluntarily submit to the SUNY New Paltz websites while conducting online transactions such as taking a survey, creating a registration or filling out an order form. The college uses such information to operate its programs, which include the provision of goods, services, and information. SUNY New Paltz may disclose such information only for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted.
If a user sends an email to SUNY New Paltz while accessing the SUNY New Paltz websites, SUNY New Paltz will collect the user’s email address and the contents of the user’s message. The information SUNY New Paltz collects in this circumstance may include text characters, audio, video, and graphic information formats included in the message. SUNY New Paltz may use such information to respond to users, to address issues users identify, to improve the SUNY New Paltz websites, or to forward users messages to others for appropriate action. SUNY New Paltz does not collect, sell or otherwise disclose email addresses for commercial purposes.
SUNY New Paltz does not knowingly collect personal information from children or create profiles of children through the SUNY New Paltz websites. However, personal information submitted in an email or through an online transaction will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access.
Collection and disclosure of personal information
The State of New York regulates disclosure by SUNY New Paltz of information, including personal information, collected through the SUNY New Paltz websites. Such disclosure is subject to the Freedom of Information Law and the Personal Privacy Protection Law.
With few exceptions, SUNY New Paltz will only collect personal information through the SUNY New Paltz websites if the user has consented to such collection. With few exceptions, SUNY New Paltz will only disclose personal information it collects through the SUNY New Paltz websites if the user has consented to such disclosure. A user’s participation in an online transaction whereby the user discloses personal information through the SUNY New Paltz websites, whether solicited or unsolicited, constitutes that user’s consent to SUNY New Paltz’s collection and disclosure of such information for the purposes reasonably ascertainable from the nature and terms of the transaction.
However, SUNY New Paltz may collect or disclose personal information through the SUNY New Paltz websites without user consent if the collection or disclosure is:
- necessary to perform the statutory duties of SUNY New Paltz, or necessary for SUNY New Paltz to operate a program authorized by law, or authorized by state or federal statute or regulation;
- made pursuant to a court order or by law;
- for the purpose of validating the identity of the user; or
- of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person; or
- to federal or state law enforcement authorities for the purpose of enforcing SUNY New Paltz’s rights against unauthorized access or attempted unauthorized access to SUNY New Paltz’s information technology assets or against other inappropriate use of the SUNY New Paltz websites.
Retention of information
The State of New York regulates the retention by SUNY New Paltz of information collected through the SUNY New Paltz websites. Such information is subject to the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law.
In general, the Internet services logs of the SUNY New Paltz websites, comprising electronic files or automated logs created to monitor access and use of SUNY New Paltz services provided through the SUNY New Paltz websites are destroyed in a manner consistent with the General Retention and Disposition Schedule for New York State Government Records Item 90239. Information, including personal information, that users submit in emails or when users engage in a transaction such as completing a survey, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which information is submitted. Information concerning such records’ retention and disposition schedules may be obtained through the SUNY New Paltz records management officer at:
SUNY New Paltz
1 Hawk Drive
New Paltz, NY 12561
Confidentiality and integrity of collected information
SUNY New Paltz recognizes the need to protect personal information collected through the SUNY New Paltz websites against unauthorized access, use, or disclosure. SUNY New Paltz limits employee access to personal information collected through the SUNY New Paltz websites to those employees who need access to the information to perform their official duties. Employees with access to personal information are made aware of the need to follow appropriate procedures in connection with any disclosure of such information.
SUNY New Paltz has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authenticating, monitoring, auditing, and encrypting. Security procedures have been integrated into the design, implementation, and day-to-day operations of the SUNY New Paltz websites consistent with the college’s commitment to the security of electronic content as well as the electronic transmission of information.
For security purposes and to maintain the availability of the SUNY New Paltz websites for all users, SUNY New Paltz uses software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.
Access to and correction of collected personal information
Any user may submit a request to SUNY New Paltz to determine whether personal information pertaining to that user has been collected through the SUNY New Paltz websites. Such request must be made in writing and accompanied by reasonable proof of identity of the user, which shall include but not be limited to verification of a signature or inclusion of an identifier generally known only to the user. The address is:
SUNY New Paltz
1 Hawk Drive
New Paltz, NY 12561
SUNY New Paltz shall, within five business days of the date of the receipt of a proper request, make a such collected information available to the person requesting it, deny such request in writing or furnish a written acknowledgment of the receipt of such request and a statement of the approximate date, which shall be reasonable under the circumstances of the request, when such request will be granted or denied.
In the event that SUNY New Paltz determines that it has collected personal information pertaining to a user through the SUNY New Paltz websites and that information is to be provided to the user pursuant to the user’s request, SUNY New Paltz shall inform the user of their right to request that the personal information be amended or corrected under the procedures set forth in Section 95 of the Public Officers Law, Article 6-A.
The information in this policy should not be construed as giving business, legal, or other advice, or warranting as fail proof the security of information provided through the SUNY New Paltz websites.
“Cookie” means a unique text file stored on a user’s computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user’s preferences and interests. A cookie will not include personal information unless the user has volunteered that information.
“Personal information” means any information concerning a natural person, as opposed to a corporate entity, which, because of name, number, symbol, mark, or other identifiers, can be used to identify that natural person.
“Remarketing” means the presentation of a targeted ad to a user who previously visited a particular website.
“Web beacon” means a graphic with a unique identifier, similar to a cookie, used to track the online movements of users.
New York State Arts & Cultural Affairs Law, Section 57.05 (Archives and Records Management Law for the Records of New York State Government)
New York State Information Technology Guideline No. NYS-G02-001 (Internet Privacy Policies)
New York State Public Officers Law, Article 6 (Freedom of Information Law)
New York State Public Officers Law, Article 6-A (Personal Privacy Protection Law)
New York State Technology Law, Article II (Internet Security and Privacy Act)