Privacy Statement
Illinois State University protects the privacy of students, faculty, staff, affiliates, and University business by protecting electronic records. This statement details what information Illinois State University (ISU) collects and how ISU uses information about individuals who access ISU web pages (i.e. xgcr.net & illinoisstate.edu).
All colleges, divisions, faculties, departments, schools, centers, academic services, libraries, and collections of the University run and maintain their own web pages on the Illinois State (illinoisstate.edu & xgcr.net) domain. Each of these web pages may provide additional information relating to their activities to supplement this Privacy Statement.
Users are advised to check all web pages for any additional information prior to submitting personal information.
Personal Information Collected
Illinois State University collects various information about individuals from multiple sources. This information may be collected directly from individuals or may be generated automatically in the process of providing services.
Directly Collected Information
On some parts of ISU web pages, you may be asked to provide limited personal information in order to enable the provisioning of services (e.g. applying to the University) or for authentication to services (e.g. logging into a website).
If you use ISU services for financial transactions, we may collect information about the purchase or transaction. The information collected may include payment information, account or authentication information, address details, and contact details. ISU does not store full credit or debit card numbers.
The University may store collected specific information manually or electronically. By supplying this information, you consent to the University handling it for the purpose for which it was provided. Information will be kept for as long as is necessary to fulfill that purpose. This information may identify you as an individual. If you do not agree with this policy, do not access or use ISU web pages or interact with any other aspect of the University domain.
Automatically-Generated Information Collected
ISU may collect information about your use of services, including but not limited to: the web pages you visit, the referring web page, and the duration of your visit.
ISU may also collect information about your computer, including but not limited to: network protocol, operating system version, and web browser information and web history.
The University may store this information manually or automatically. By supplying this information, you are consenting to the University handling it for the purpose for which it was provided. Information will be kept for as long as is necessary to fulfil that purpose. This information may be reported in aggregate to our web administrators. Aggregate information does not identify individuals but rather is used to make statistical analysis of web page use to ensure that ISU web pages are presenting information effectively.
How Collected Information Is Used
Personal information provided to the University by you will only be used for the purposes stated when the information is requested. ISU may process your information:
To provide services consistent with the University’s mission
ISU will retain your personal data to provide University students, faculty, staff, and members of the University community with effective services consistent with the University’s mission including but not limited to information used for: admission purposes, academic purposes, accommodations, alumni purposes, for co-curricular and student activities, for community engagement activities, for employment purposes, for facilities support, health services, housing and dining information, information technology purposes, legal purposes, for marketing and communications purposes, for teaching and instructional purposes, and other administrative purposes.
ISU will keep and process data collected for as long as required to fulfill our obligation to you or where required by law. If a third-party organization is involved in providing the service ISU may make your data available to them. ISU requires all third-party organizations to ensure personal data is as secure as it would be with ISU. Processing of the data will take place on the University campus in Normal, Illinois, unless it is required to be transferred for another University purpose. In such cases, your personal data you have provided may be transferred overseas pursuant to the terms, conditions and limits specified by law.
To identify problems or ways to improve services
ISU will retain your personal data to ensure the safety and security of ISU information technology services. ISU uses this data to identify accounts and associated activity, monitor services for malicious or fraudulent activity, and to comply with University policies.
Demographical and statistical information about user behavior may be collected and used to analyze the popularity and effectiveness of the University's web pages. ISU will keep this personal data for as long as the retention of the information is in the legitimate interest of the University or where required by law.
Because you asked us to
ISU will retain your personal data where you have given us consent to do so for a specific purpose or where required by law, unless you request the information to be changed or deleted.
To provide Services via University contractual relationships
ISU may retain your personal data for processing purposes, and share data with third parties for the specific purposes outlined above or where required by law.
Legal Bases For Processing (for EEA users)
If you are an individual in the European Union, the University will collect and process personal information where we have legal bases for doing so under applicable EU laws. The legal bases depend on your interaction with the University.
How ISU Stores Collected Information
Information you provide to the University will be stored on our secure servers or with third party contractors, some of whom host and operate certain features of ISU web pages. Accordingly, information that the University collects from you may be collected by or transferred to these third parties. By submitting personal information, you agree to this transfer, storing and processing. The University will ensure reasonable measures are taken to ensure that your data is appropriately handled in accordance with this Privacy Statement.
How ISU uses "cookies"
Some University web pages may use cookies, which are small files that store information about your visit to a web page. Cookies are used for the following purposes:
- to carry data about your current session at the site from one Web page to the next; and
- to identify your previous session; and
- to collect data about your current session to evaluate and enhance the usefulness of the website.
For more detailed information on the cookies we use on the University's main web pages (illinoisstate.edu & xgcr.net) and the purposes for which we use them, please see our Cookie Statement.
Additional information about third-party cookies can be found by visiting the hosting site’s privacy policy.
Third-Party websites
University websites may integrate with third-party websites or contain links to other third-party websites. Generally, the University is not responsible for the practices third parties, except where required by University contract. Users are advised to review the Privacy Policy or Statement of third-party websites.
Disclosure of information
The University may provide your information to third parties in the case that it is necessary or appropriate to satisfy applicable laws, regulations, or government requests; identify, prevent or mitigate fraud, security, or technical issues; or to protect the safety of our users or others. Except as detailed in the above sections, the University does not attempt to use technical information to identify individual visitors.
Changes to our Privacy Statement
Any changes we may make to our Privacy Statement will be posted on this page and, where appropriate, notified to you by email. Users are encouraged to periodically review this Privacy Statement for changes.
Contact
The University Data Protection Officer has responsibility for overseeing the University’s compliance with EU GDPR responsibilities. If you have a question regarding obtaining access to, the processing of personal data, requesting that personal data be erased, or correcting information, please contact the Data Protection Officer.
Any questions or concerns about privacy should be directed to the University Data Protection Officer, Dan Taube.
Contact Dan
Dan Taube
Illinois State University
Information Security Office
Campus Box 3380
Normal, IL 61790-3380
Phone: (309) 438-8985 or (309) 438-9001
Email:
informationsecurityoffice@illinoisstate.edu