Digital Privacy Statement
Responsible Office: Information Services and TechnologyEffective Date: September 2017
This Digital Privacy Statement explains information gathering and use practices for websites on the domain, www.bu.edu, and Boston University’s other digital properties, such as BU mobile applications (each a “Site” and, collectively, the “Sites”). The Sites are controlled by Trustees of Boston University (the “University”). The University is committed to the online privacy of its visitors to and users of the Sites.
Related BU Policies
The University maintains other policies which relate to this topic, including but not limited to:
- Conditions of Use and Policy on Computing Ethics, which applies to the acceptable use of the University’s computing facilities,
- Policy on Network Security Monitoring, which describes the technologies and practices used to detect and prevent network intrusion,
- Information Security Policy, which sets administrative, technical, and physical safeguards for faculty, staff, and students who collect, store and use Sensitive Information for the University’s business and research purposes, and
- Gramm-Leach-Bliley Act Procedures, which require the institution to maintain an information safeguarding program.
Information Collection & Use
Information Gathered Automatically
When you visit a Site, the University may collect and store digital information sent by your web browser, such as IP addresses (i.e., the internet address of your computer or device), geolocation, the web browser used for the connection, the device operating system, unique device identifiers, and other digital property, such as pages visited, length of visit, and terms searched. The University does not link IP addresses or cookies to any personally identifiable information.
In connection with protecting the University’s electronic assets, the University routinely monitors its network for signs of malicious activity. While the University may investigate malicious activity, the University does not store personally identifiable information related to normal use of its network other than as described in this Statement and the Policy on Network Security Monitoring.
Many Sites use Google Analytics, which is a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses persistent cookies to analyze how users use a site. The information generated by the cookie about your use of a Site (including your IP address) will be transmitted to and stored by Google. Google will use this information for the purpose of evaluating your use of the Site, compiling reports on Site activity for the University and providing other services related to website activity and internet usage.
Google may also transfer this information to third parties where required to do so by law, or where the third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
By using the Sites, you consent to Google processing of data about you in the manner and for the purposes set out above. Please visit the following pages for more information about Google Analytics Terms of Service and Google’s Privacy Practices.
Information you provide
The University does not collect personally identifiable information about you when you visit the Sites unless you voluntarily provide us with that information. The University may request personally identifiable information from you if, for example, you ask a question, request to be contacted, request information for a particular program or activity, sign up for a mailing list, request access to a protected portion of a Site or make a payment.
The University has implemented reasonable physical, technical, and administrative procedures to safeguard and secure information it collects online against unauthorized disclosure, loss, or misuse, in accordance with the Data Protection Standards Policy. Under that Policy, the University has classified data according to its sensitivity, and set requirements for protection accordingly.
The University cannot provide an absolute guarantee as to the security of any information transmitted through its website or digital properties.
The University will share information about you with third-parties only to the extent necessary to provide the University web services or in circumstances where the University reasonably believes that doing so is necessary or appropriate to: satisfy any applicable law, regulation, legal process or governmental request; investigate compliance with or enforce University policies; detect, prevent or otherwise address fraud, security, or technical issues; or protect the rights, property or safety of the University, its faculty, staff, and students or others. The information referred to in this section may include personally identifiable information. In addition, the University may share with third-parties information about the use of the Sites that is aggregated or anonymized so that it does not identify any individual user.
In addition, the University may allow prospective students and others to provide their personal contact information to the University through these digital ad platforms. The University treats such information in accordance with this Digital Privacy Statement.
Retention of Information
Third Party Websites
The Sites may link to websites that are not controlled by the University (“Third Party Sites”). The University is not responsible for the privacy practices or content of Third Party Sites.
The Sites’ content is not intended to attract children under 13 years of age and the University will not knowingly collect personal information from children under 13 years of age. If you are under 13 years of age, you should not use the Sites.
Changes to this Digital Privacy Statement
The University may modify this Digital Privacy Statement. All changes will be made directly to this webpage and will be effective on the date posted.
Questions about this Statement should be directed to Information Security, firstname.lastname@example.org.