SUNY New Paltz

Privacy Policy

Policy Statement

SUNY New Paltz and third parties that SUNY New Paltz authorizes to act on its behalf collect information from users who access newpaltz.edu and related sites (hereafter, the "SUNY New Paltz websites"). The University analyses such information to better understand how users interact with SUNY New Paltz content, to determine what information is of most and least interest to users, and to improve the utility of the material available on the SUNY New Paltz websites. The University does not sell or share such information or use it for commercial marketing. Users may limit the collection of such information. 

Rationale 

The collection of information through the SUNY New Paltz websites and the disclosure of that information are subject to the Internet Security and Privacy Act. As such, SUNY New Paltz has adopted a policy to describe what information may be collected through the SUNY New Paltz websites, the methods of and conditions of its collection, how the college may use such information, and the University's privacy practices pertaining to such information. 

Applicability of the Policy 

This policy applies to users of the SUNY New Paltz websites.

Policy Elaboration 

User information collected automatically 

When a user accesses the SUNY New Paltz websites, the college automatically collects and stores information such as the following: 

• the Internet protocol address and domain name used; 
• the type and version of browser and operating system used; 
• the date and time that the SUNY New Paltz websites was accessed; 
• the web pages or services that accessed at the SUNY New Paltz websites; 
• the website the user accessed prior to accessing the SUNY New Paltz websites; 
• the website the user accesses after accessing the SUNY New Paltz websites; 
• any file that the user downloads; and 
• demographics and interests' data, such as the user's age, gender, affinity categories (i.e. sports fans), and in-market segments (product-purchase interests).  

None of the foregoing information is deemed to constitute personal information relating to the user. 

Thresholds are applied to demographics and interests' data to prevent anyone viewing a report from inferring the demographics or interests of individual users. In addition, the University will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any Google advertising product or feature unless the college has robust notice of, and the user’s prior affirmative (i.e., opt-in) consent to that identification or merger, and is using a Google Analytics feature that expressly supports such identification or merger. Irrespective of users’ consent, the University will not attempt to disaggregate data that Google reports in aggregate. 

Having accurate information about users allows the University to provide them with smooth, efficient, and customized experiences. Specifically, the college may use information collected from SUNY New Paltz websites users to:  

• compile anonymous statistical data and analysis for use internally or with third parties; 
• deliver targeted advertising to users; 
• implement email marketing campaigns; 
• increase the efficiency and operation of this website; and/or 
• monitor and analyze usage and trends to improve users' experiences with this website. 

Tracking Technologies 

SUNY New Paltz and authorized third-party vendors may use tracking technologies such as cookies, identifiers and web beacons to automatically collect user information. Tools may include: 

Google Analytics, Google AdWords, and Google Tag Manager 

Google, an authorized third-party vendor, may use a combination of first-party cookies and identifiers (such as the Google Analytics cookies) and third-party cookies and identifiers (such as Google advertising cookies).  

The following Google Analytics Advertising Features may be implemented at any point under this privacy policy: 

• remarketing with Google Analytics 
• Google Display Network Impression Reporting 
• Google Analytics Demographics and Interest Reporting 
• integrated services that require Google Analytics to collect data for advertising purposes, including the collection of data via advertising cookies and identifiers 

SUNY New Paltz may use remarketing and/or similar audience technologies to reach people who previously visited this site, or people similar to previous visitors, in an effort to match the right people with the right message. Google may show our ads on sites across the Internet and may use cookies to serve ads based on a user’s past visit(s) to the SUNY New Paltz websites. 

SUNY New Paltz will not identify users or facilitate the merging of personally identifiable information with non-personally identifiable information collected through any advertising product or feature unless the college has robust notice of and the user's prior affirmative (i.e., opt-in) consent to that identification or merger. In addition, the college does not attempt to disaggregate data that Google reports in aggregate. 

Google describes how it uses data when users use its partners' sites or apps. 

Visitors can opt out of the Google Analytics Advertising Features through Google Analytics' opt-outs for the web, Ads Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI's consumer opt-out). 

Thinkific

SUNY New Paltz utilizes Thinkific as part of its external non-credit bearing LMS(learning management system) platform.  

Please see Thinkific's Privacy Policy for information about how this data is collected, used, and disclosed. 

User information is collected through voluntary submission 

If users make a purchase on the Thinkific website, we use a third-party payment processor, Stripe. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Purchase transaction data is stored only as long as is necessary to complete the purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

SUNY New Paltz has reviewed the security documentation provided by the online service provider we are using to host the Learning Management System (LMS), Thinkific.  The attestations made in their SOC 2 Type 2 audit (as conducted by BDO Canada) show their security controls to be sufficient.

To protect users' personal information, SUNY New Paltz and Thinkific take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.

If users provide credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

For MARYLAND EDUCATORS and participants in the Science of Reading Fundamentals for Maryland Educators microcredential.  

SUNY New Paltz and its academic research partners wish to use your data for research purposes. Participation in the research is voluntary. Your agreement to the Privacy Policy serves to provide consent and opt you in to this and any further aggregated research. However, if as a participant you agree to join now, at any time you can change your preference by emailing [email protected] and requesting your data be excluded from the research data. The purpose of the research is to evaluate the Microcredential online course. (For example, by looking at how participants engage with the course, show evidence of learning from the course, and overall satisfaction with the course. This information will be used to improve the course for future participants. All data collected will be confidential and only reported in the aggregate.)

Slate 

SUNY New Paltz utilizes Ping Analytics as part of its Slate CRM (customer relationship management) platform.  

Please see Slate's Privacy Policy for information about how this data is collected, used, and disclosed. 

User information collected through voluntary submission 

SUNY New Paltz collects information, including personal information, that users voluntarily submit to the SUNY New Paltz websites while conducting online transactions such as taking a survey, creating a registration or filling out an order form. The University uses such information to operate its programs, which include the provision of goods, services, and information. SUNY New Paltz may disclose such information only for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted. 

If a user sends an email to SUNY New Paltz while accessing the SUNY New Paltz websites, SUNY New Paltz will collect the user’s email address and the contents of the user's message. The information SUNY New Paltz collects in this circumstance may include text characters, audio, video, and graphic information formats included in the message. SUNY New Paltz may use such information to respond to users, to address issues users identify, to improve the SUNY New Paltz websites, or to forward users messages to others for appropriate action. SUNY New Paltz does not collect, sell or otherwise disclose email addresses for commercial purposes. 

SUNY New Paltz does not knowingly collect personal information from children or create profiles of children through the SUNY New Paltz websites. However, personal information submitted in an email or through an online transaction will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access. 

Collection and disclosure of personal information 

The State of New York regulates disclosure by SUNY New Paltz of information, including personal information, collected through the SUNY New Paltz websites. Such disclosure is subject to the Freedom of Information Law and the Personal Privacy Protection Law. 

With few exceptions, SUNY New Paltz will only collect personal information through the SUNY New Paltz websites if the user has consented to such collection. A user's participation in an online transaction whereby the user discloses personal information through the SUNY New Paltz websites, whether solicited or unsolicited, constitutes that user's consent to SUNY New Paltz's collection and disclosure of such information for the purposes reasonably ascertainable from the nature and terms of the transaction. 

However, SUNY New Paltz may collect or disclose personal information through the SUNY New Paltz websites without user consent if the collection or disclosure is: 

• necessary to perform the statutory duties of SUNY New Paltz, or necessary for SUNY New Paltz to operate a program authorized by law, or authorized by state or federal statute or regulation; 
• made pursuant to a court order or by law; 
• for the purpose of validating the identity of the user; or 
• of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person; or 
• to federal or state law enforcement authorities for the purpose of enforcing SUNY New Paltz's rights against unauthorized access or attempted unauthorized access to SUNY New Paltz's information technology assets or against other inappropriate use of the SUNY New Paltz websites. 

SUNY New Paltz may collect, use, publish, and share Aggregate Data from the Science of Reading Fundamentals' Microcredential online course; provided, however, that such usage shall not, directly or indirectly, identify Authorized Users or contain Confidential Information. We will, if requested by appropriate and qualified academic researchers, link Enrollment and Course Completion Data with School, District, and State Education Administrative Data, in order to evaluate the effectiveness of the professional learning program, provided, however, that such usage shall not, directly or indirectly, identify any Authorized Users or contain Confidential Information. We may disclose your personal information if we are required by law, such as in response to a court order or an investigation. 

Retention of information 

The State of New York regulates the retention by SUNY New Paltz of information collected through the SUNY New Paltz websites. Such information is subject to the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law.  

In general, the Internet services logs of the SUNY New Paltz websites, comprising electronic files or automated logs created to monitor access and use of SUNY New Paltz services provided through the SUNY New Paltz websites are destroyed in a manner consistent with the General Retention and Disposition Schedule for New York State Government Records Item 90239. Information, including personal information, that users submit in emails or when users engage in a transaction such as completing a survey, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which information is submitted. Information concerning such records' retention and disposition schedules may be obtained through the SUNY New Paltz records management officer at: 

SUNY New Paltz 
1 Hawk Drive 
New Paltz, NY 12561 

Confidentiality and integrity of collected information 

SUNY New Paltz recognizes the need to protect personal information collected through the SUNY New Paltz websites against unauthorized access, use, or disclosure. SUNY New Paltz limits employee access to personal information collected through the SUNY New Paltz websites to those employees who need access to the information to perform their official duties. Employees with access to personal information are made aware of the need to follow appropriate procedures in connection with any disclosure of such information. 

SUNY New Paltz has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authenticating, monitoring, auditing, and encrypting. Security procedures have been integrated into the design, implementation, and day-to-day operations of the SUNY New Paltz websites consistent with the college's commitment to the security of electronic content as well as the electronic transmission of information. 

For security purposes and to maintain the availability of the SUNY New Paltz websites for all users, SUNY New Paltz uses software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website. 

Access to and correction of collected personal information 

Any user may submit a request to SUNY New Paltz to determine whether personal information pertaining to that user has been collected through the SUNY New Paltz websites. Such request must be made in writing and accompanied by reasonable proof of identity of the user, which shall include but not be limited to verification of a signature or inclusion of an identifier generally known only to the user. The address is: 

SUNY New Paltz 
1 Hawk Drive 
New Paltz, NY 12561 

SUNY New Paltz shall, within five business days of the date of the receipt of a proper request, make a such collected information available to the person requesting it, deny such request in writing or furnish a written acknowledgment of the receipt of such request and a statement of the approximate date, which shall be reasonable under the circumstances of the request, when such request will be granted or denied. 

In the event that SUNY New Paltz determines that it has collected personal information pertaining to a user through the SUNY New Paltz websites and that information is to be provided to the user pursuant to the user's request, SUNY New Paltz shall inform the user of their right to request that the personal information be amended or corrected under the procedures set forth in Section 95 of the Public Officers Law, Article 6-A. 

Disclaimer 

The information in this policy should not be construed as giving business, legal, or other advice, or warranting as fail proof the security of information provided through the SUNY New Paltz websites. 

Definitions

"Cookie" means a unique text file stored on a user's computer by an Internet browser. These text files are used as a means of distinguishing among users of a website and as a means of customizing the website according to the user's preferences and interests. A cookie will not include personal information unless the user has volunteered that information.  

"Personal information" means any information concerning a natural person, as opposed to a corporate entity, which, because of name, number, symbol, mark, or other identifiers, can be used to identify that natural person. 

"Remarketing" means the presentation of a targeted ad to a user who previously visited a particular website. 

"Web beacon" means a graphic with a unique identifier, similar to a cookie, used to track the online movements of users.