Syracuse University may change this policy from time to time by updating this page. This policy is effective from November 17, 2020.
What We Collect
We may collect the following personal information:
- Contact information, including email address
- Demographic information, such as zip code, preferences, and interests
- Other information relevant to customer surveys and/or events
We use Google services such as Google Analytics and spam prevention to help manage our website. Please see the Privacy and Terms pages for more information on how Google uses/maintains user information.
Additionally, we may use web beacons, which are graphic image files embedded in a web page that are used to track how users interact with our websites. We use this information to improve our websites and online services, tailor or websites and online services to your likely interests, and conduct market research.
What We Do with the Information We Gather
We require this information to understand your needs and provide you with better service. In particular, for the following reasons:
- To answer a question you have asked
- Internal record keeping
- To improve our services
- We may periodically send promotional emails about University programs, events, or other information we think you may find interesting, using the email address you have provided
- From time to time, we may also use your information to contact you for market research purposes
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Links to Other Websites
Our web pages may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have control over other, third-party websites.
Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites, and this privacy statement does not govern such sites. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling Your Personal Information
If you have any questions or further concerns relating to how we use your personal data as described above, or you believe that personal data we have is incorrect or incomplete, please contact us at:
Information Technology Services
Center for Science and Technology
Syracuse, NY 13244
If You Are Located in the European Union (EU)/European Economic Area (EEA)
Where we offer or provide services to you and you are located in a member state of the European Union (EU) or European Economic Area (EEA), we will observe the EU General Data Protection Regulation (GDPR) and other applicable data protection laws when we process your personal information.
Personal information relating to you from which you can be identified (such as your name and contact details, as well as other information about you personally or your interests) is called “personal data” under the GDPR.
If you are located in the EU/EEA and we offer or provide services to you, the following additional provisions beyond the general privacy statements set forth above apply in relation to how we handle your personal data.
We may collect personal data about you for one or more of the following purposes:
- To respond to inquiries from you, process any application you submit relating to studying at Syracuse University, on a Syracuse Abroad program and/or you register for another service that we offer;
- To set up and administer our agreement with you, if you enroll as a student and/or wish to participate in one of our programs or receive other services;
- To be able to effectively manage the University and administer its programs and to be able to look after you as well as other students;
- To comply with any existing legal obligations or to manage legal issues or claims that may arise;
- To provide direct marketing to you, but in relation to electronic marketing only where we have your consent in accordance with applicable law or are sending you information about goods or services that are the same as those you have previously purchased (and subject to you being able to opt-out of further direct marketing at any time); or
- To respond to any issues, requests, or questions that you raise with us.
We may also process personal data of EU/EEA residents in the following situations:
- if you apply to work for Syracuse University at one of our locations in the EU or EEA, we may need to process your personal data in connection with your job application and, if successful, add you as a staff or faculty member;
- if you apply to be a host for students who participate in Syracuse University Abroad programs in the EU or EEA, we will need to process certain personal data about you and your family that is requested as part of your application.
The Lawful Basis on which We Collect Data
The lawful grounds under which we collect and use this personal data are where:
- You have freely provided your specific, informed and unambiguous consent;
- We’ve agreed to provide services to you, to set up and perform our contractual obligations and/or enforce our contractual rights;
- Where we need to use your personal data for our legitimate interests in being able to manage Syracuse University’s operations, its courses and its programs. We will always pursue these interests in a way that respects your legal rights or freedoms and, in particular, your privacy rights;
- Where we need to use your personal data to comply with a legal obligation or for the purpose of the University being able to establish, exercise or defend legal claims; and/or
- Where we need to use personal data to protect your vital interests or those of someone else (for example, in a medical emergency or if there is an urgent welfare issue).
If you provide us with any ”special category” personal data about you, which under the GDPR includes information in relation to your health, religious/political or philosophical beliefs, ethnic origin and/or sex life/sexual orientation, in addition to the above, we will only use this ‘special category’ data in the following circumstances:
- Where we have your explicit consent – for example, to send you details of University interest groups or support resources that you may be interested in, if you are, have been or you become a student;
- Where the data is needed by us to comply with applicable employment, social security or social protection laws;
- To protect your vital interests or those of someone else, as noted above;
- Where you have clearly publicized such information (e.g. your political views); and/or
- Where we need to use such special category data in connection with a legal claim.
Disclosing Your Personal Data
Third party suppliers (called “processors”) may process your personal data on Syracuse University’s behalf, in accordance with our contractual agreements. For example, this may be to provide business support such as IT infrastructure, data or website hosting, payment services, professional advice (e.g. legal advice) and/or to protect the University (and our students or staff) from fraud or other criminal behavior.
We may also disclose your personal data to third parties external to the University who make their own determination as to how they use your personal data and for what purpose(s) (called “controllers”). This may include EU/EEA based partner universities and educational institutions for our Syracuse Abroad programs.
Our study abroad locations based in Europe are listed on the Syracuse University Abroad website.
We may also provide your personal data to third parties (who we tell you about from time to time) that offer additional products or services in which you elect to participate, such as gym memberships, travel, tours, field trips, cultural or sporting activities or if you want us to arrange any medical services for you.
We will only provide your personal data for the specific purpose of providing these services to you. However, if you then make further arrangements with those third party controllers with whom you deal, they may handle your data in accordance with their own chosen procedures. You should check the relevant privacy policies of these organizations to understand how they may use your personal data.
Other than as set out above, we will treat your personal data as private and will not disclose it to third parties without your knowledge. The exceptions are in relation to legal proceedings or where we are legally required to provide your data to a court, regulator or someone else and are legally prevented from telling you.
In all cases, we always aim to ensure that third parties only use your personal data for lawful purposes and in compliance with applicable data protection law.
Transferring Your Data
You acknowledge that your personal data may be transferred to Syracuse University and stored on computers, servers and/or in files in the United States.
Please note US federal and state law is not at present considered to meet the same legal standards of protection for personal data as European Union law.
However, in order to safeguard your personal data, we only transfer data from the EU/EEA to the US under a contract or another appropriate mechanism that is approved under applicable law and that protects that data to the same standards that you would expect in Europe.
Keeping Your Personal Data
Syracuse University retains your personal data for no longer than is necessary for the purposes for which it was processed; is necessary to perform our obligations to you (or to enforce or defend legal claims); or, as is required by applicable law.
We have a data retention and erasure policy that sets out the different periods for which we retain data for the relevant purpose it was collected and used. Please see the data retention schedule.
The criteria we use for determining data retention periods is based on various legislative requirements; the purpose for which we hold data and whether retaining the data is needed in connection with that purpose; and further specific guidance issued by relevant regulatory authorities on data retention/erasure including, but not limited to, EU regulatory authorities.
Personal data that we no longer need is either erased and/or anonymized so that you can no longer be identified from it.
We employ appropriate technical and organizational security measures to protect against access to your personal data by unauthorized persons and against unlawful processing, accidental loss, destruction and damage. We also endeavor to take all reasonable steps to protect personal data from external threats such as malicious software or hacking. However, there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data sent to us.
Your Personal Data Rights
Under the GDPR, those EU/EEA residents with whom we deal have various data protection rights, which are as follows:
- you can request information about your personal data that we have, the purpose for which we use that personal data, or with who it may be shared, as well as certain other information (this is called a “subject access right”). Usually we will have 30 days to respond to a subject access right request. For a complex request, we may require an additional 60 days to respond. We may deny or charge for administrative time in dealing with any manifestly unreasonable or excessive requests. We may also require further information to locate specific information you seek and you should note that certain legal exemptions may also apply to what we can disclose in response;
- you can ask that we correct personal data that we have that is inaccurate or incomplete;
- you can object to automated processing in relation to your personal data (if applicable);
- you can object to us continuing to use your personal data for direct marketing;
- you can request that we erase your personal data if we no longer need to hold it;
- you can object or ask us to restrict the use of your personal data for any purpose unless we have a compelling legitimate reason for doing so (e.g. a legal obligation); or
- you can ask us to transfer your electronically held personal data to another party if we collected it with your consent or if it is being used to fulfill a contact.
If you would like to exercise any of the rights set out above, please contact us at the address below. We may need to ask for evidence to verify your identity before we can fully respond.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to a data protection supervisory authority in your EU country of residence.
Syracuse University operates in more than one EU/EEA state. Therefore, its lead supervisory authority in the EU is the UK Information Commissioner’s Office (ICO).
Controlling Your Personal Information
If you have any questions or further concerns relating to how we use your personal data as described above, or you believe that personal data we have is incorrect or incomplete, please contact us with “EU data request” as the subject line:
Information Technology Services
Center for Science and Technology
Syracuse, NY 13244
Syracuse University London
48-51 Old Gloucester Street London
WC1N 3AE United Kingdom
We will do our best to promptly deal with your request.
Personal Information Our Company Collects and How It Is Used
a. Introduction. We collect information in different ways from Visitors and Members who access the various parts of our Services and the network of websites accessible through our Services. This includes personally identifying information such as names, usernames, postal and email addresses, phone numbers, billing information (such as a credit card number), the type of device being used to access the Services, the content you watch, and other personal information. We use this information primarily to provide a customized experience as you use our Services. We also use this information to customize the content and layout of our Services, to improve our content, for editorial and feedback purposes, and for recordkeeping. We generally do not share this information with third parties. However, we may disclose personal information collected if we have received your permission beforehand or in very special circumstances, such as when we believe that such disclosure is required by law or other special cases described below. In order to access certain content, features, services, products, or benefits on our Services, you may be required to provide us with certain information, including some types of personally identifying information such as your name, postal and email addresses, interests, and phone number. If you do not wish to provide such information through our Services, you may not be able to obtain certain content, features, services, products, or benefits of our Services. From time to time, we may need to contact you regarding information you submitted to us, updates to our Services, and new products or services. You agree that we may use your personal information for such contact with you. We may also desire to contact you for market research purposes or to provide you with marketing information that we believe would be of particular interest. If you wish to opt-out of receiving promotional emails at any time, please click the “unsubscribe” link at the bottom of the email.
b. Registration. Members may be asked to provide certain personal information when they sign up for our Services. This may include your name, username, physical and email addresses, phone number, billing information (such as a credit card number), the type of device being used to access the Services, and other personal information. The personal information collected from Members during the registration process is used to manage each Member’s account (such as for billing purposes) and as set forth above. This information is not shared with third parties, unless specifically stated otherwise or in special circumstances as described below.
c. Partners and Sponsors. We may offer you products and services in conjunction with a third party, such as an affiliate, an independent contractor, a non-affiliated partner of our company, or a sponsor of our Services. To provide you with these products and services, the third-party partners and sponsors may collect and maintain personal information. In these instances, you will be notified before any such data is collected or transferred, and you may decide not to use that particular service or feature. Additionally, we may share non-identifying and aggregate information, but not personal information, with such third parties in order to administer the products or services offered. In instances where we jointly promote our Services with a third party, we may provide the third party with certain personal information (such as the names, usernames, postal and email addresses, and other personal information of persons who become Members as a result of the joint promotion) in order to provide and assess the results of the promotion. In this instance, personal information may not be used by the third party for any other purpose.
d. Online Shopping. If you order services or products directly from Green Flower, we will use the personal information you provide only to process that order. We do not share this information with outside parties except to the extent necessary to complete that order. At some websites linked to our Services, you can purchase third-party products and services or register to receive materials, such as a newsletter, catalog, or new product and service updates. In many cases, you may be asked to provide contact information, such as your name, username, physical and email addresses, phone number, and credit/debit card information. If you complete an order for someone else, such as an online gift order sent directly to a recipient, you may be asked to provide information about the recipient, such as the recipient’s name, address, and phone number. Our company has no control over the third parties’ use of any personal information you provide when you purchase products or services from a third-party website or register to receive materials from a third party. Please exercise care when doing so.
e. Online Advertisements. We may display online advertisements. We do not share personal information about our Visitors and Members with these advertisers. However, we do share aggregated and non-identifying information with these advertisers about our Visitors and Members, including information collected through the registration process as well as through online surveys and promotions. Additionally, in some instances, we use this aggregated and non-identifying information to deliver tailored advertisements. For instance, an advertiser tells us the audience they want to reach and provides us an advertisement tailored to the audience. Based upon the aggregated and non-identifying information we have collected, we may then display or send the advertisement to the intended audience.
f. Responses to Email Inquiries. When Visitors or Members send email inquiries to us, we reply using the return email address provided. We do not use the return email address for any other purpose, and we do not share the return email address with any third party.
g. Voluntary Customer Surveys. We may periodically conduct surveys. We encourage our Visitors and Members to participate in these surveys because they provide us with important information that helps us to improve the types of products and services we offer and how we provide them to you. We keep your personal information and survey responses confidential. If a third party conducts the survey for us, we require that third party to keep your personal information and survey responses confidential. Participation in our surveys is voluntary. We may aggregate survey responses to create broader, generic responses to the survey questions (such as gender, age, residence, hobbies, education, employment, industry sector, or other demographic information). We then use the aggregated information to improve the quality of our Services and to develop new services and products. This aggregated, non-personally identifying information may be shared with third parties.
h. Special Cases. We do not to use or share your personal information in ways unrelated to the ones described above without also providing you an opportunity to opt out or otherwise prohibit such unrelated uses. However, we may disclose personal information about Visitors or Members, or information regarding your use of the Services or websites accessible through our Services, for any reason if, in our sole discretion, we believe that it is reasonable to do so, including for collections-related and credit-related purposes to credit agencies, collection agencies, and merchant database agencies; as required by law enforcement or to satisfy laws such as the Electronic Communications Privacy Act, the Child Online Privacy Act, applicable regulations, or governmental or legal requests for such information; to disclose information that is necessary to identify, contact, or bring legal action against someone who may be violating our Terms of Service or Acceptable Use Policy or other user policies; to operate the Services properly; and to protect our company, our Members, and our Visitors.
2. “Cookies” and How Our Company Uses Them
3. Public Forums
Please remember that any information you may disclose in any Member directory, or any other public areas of our websites or the Internet, becomes public information. You should exercise caution when deciding to disclose personal information in these public areas. We assume no liability for the accuracy of such information, no duty to update or correct such information, and no liability for such communications arising under the laws of copyright, libel, privacy, obscenity, or otherwise.
4. Our Company’s Commitment to Children’s Privacy
Protecting children’s privacy is especially important to us. It is our policy to comply with the Children’s Online Privacy Protection Act of 1998 and all other applicable laws. Therefore, we restrict our Services to persons eighteen (18) years old or older. YOU MUST BE EIGHTEEN (18) YEARS OLD OR OLDER TO ACCESS THIS WEBSITE. IF YOU ARE UNDER EIGHTEEN YEARS OF AGE, YOU ARE NOT PERMITTED TO ACCESS THIS WEBSITE FOR ANY REASON. DUE TO THE AGE RESTRICTIONS FOR USE OF THIS WEBSITE, NO INFORMATION OBTAINED BY THIS WEBSITE FALLS WITHIN THE CHILD ONLINE PRIVACY ACT (COPA) AND IS NOT MONITORED AS DOING SO.
5. Our Company’s Commitment to Data Security
Services and websites we sponsor have security measures in place to protect the loss, misuse, and alteration of the information under our control. While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information. Moreover, the security and confidentiality of any communication or material transmitted through the Internet or any wireless network, including via our Services, email messages, or text messages, cannot be and is not guaranteed. You acknowledge that the technical processing and transmission of content via our Services may be transferred unencrypted and may involve (i) transmissions over various networks; and (ii) changes to conform and adapt to technical requirements of connecting networks or devices. Accordingly, we are not responsible for the security of information transmitted via the Internet or any wireless network.
6. California Residents
Under California Civil Code Section 1798.83 (the “Shine the Light” law), California residents who provide personal information in obtaining products or services from Green Flower are entitled to request and obtain from us once per calendar year information about the customer information about them that we have shared, if any, with other businesses for their own direct marketing uses. If applicable, this information would include the categories of customer information and the names and addresses of those businesses with which we shared customer information for the immediately prior calendar year (e.g., requests made in 2018 will receive information regarding 2017 sharing activities). If you are a California resident and would like a copy of this information, please submit a written request to: Green Flower Media, Inc. Attn: California/Shine the Light 4744 Telephone Road, Suite 3-289 Ventura, California 93003
8. Revisions to this Policy