Updated December 4, 2009 (Adapted from the UA Privacy Statement)

The University of Arizona Office of Enrollment Management (EM) provides online information and services to students, employees and the public to supplement services provided on campus. This privacy statement provides information required by Arizona law about privacy, confidentiality and related policies for individuals who use our official Web sites and other electronic services. This statement applies to all information collected by or submitted to EM. It is not to be construed as a contractual promise. This policy is in accordance with The University of Arizona’s (UA) encouragement for its colleges, schools, departments, divisions and other units contributing to its official Web pages to provide specific notices about the collection and use of any personal information associated with those pages. The following information is therefore specific to sites maintained by EM. Additional UA Policies provides information about the use of computing and communications systems at UA can be found at http://w3.arizona.edu/~security/pandp.htm.

EM and UA Web sites may contain links to external Web sites and through the existence of these links do not endorse or take any responsibility for their privacy practices or policies.

Information collected by the UA

E-mail and form information

UA does not obtain personal information about you when you visit our Web sites or through other online services unless you provide us that information voluntarily. If an individual sends an e-mail message with a question or comment or fills out a Web-based form, and either form or communication contains personally identifying information, that information will only be used to directly respond to the requestor, unless otherwise stated specifically. The request for information may be redirected to another part of the University that may be in a better position to respond to the request. Any personal information you provide will not be released to outside parties unless we are legally required to do so in connection with legal proceedings, law enforcement investigations, or state law.

System-generated information

In addition to information actively provided by individuals using UA Web sites and other online services, EM may record information such as but not limited to the following types of information each time these access points are used:

• Browser used
• Date, time and duration of activity
• Internet address of the computer being used
• Network software access
• Passwords and accounts accessed
• Referring Web page
• Return Receipt related to e-mail communications
• Volume of data storage and transfers
• Web pages requested

EM uses this information to monitor, preserve and enhance the functioning and integrity of the system. Information is collected for analysis and statistical purposes, and is used to help diagnose problems with the server and to carry out other administrative tasks, such as assessing what information may be of specific interest to a user, determining technical design specifications and identifying system performance and/or problem areas. This information is not used in any way that would reveal personal information to external constituencies except as described above.

Monitoring

In cases of suspected violations of EM and UA policies, especially unauthorized access to computing systems, the system administrator concerned may take such measures as are necessary including authorizing detailed session logging. This may involve capturing and retaining a complete keystroke log of an entire session. In addition, a system administrator for the equipment involved may authorize limited searching of user files on individual or networked computers to gather evidence on a suspected violation.

Cookies

Cookies are short pieces of information used by Web browsers to remember information provided by the user, such as passwords and preferences from past visits. Additional information on cookies is available at the Cookie Central Web site http://www.cookiecentral.com and in the publication from the Department of Energy Computer Incident Advisory Center: http://ciac.llnl.gov/ciac/bulletins/i-034.shtml. EM Web sites use cookies to store service information and require cookies to access selected user-specific information. Any information that EM/UA may store in cookies is used exclusively for internal purposes only.

Session IDs

Visits to an EM site may result in a dynamically generated page. The URL of these pages contains a session ID, a unique string of characters identifying your visit. This is generated by the server and passed in the browsers query string. Session IDs enable EM servers to customize Web content, counter browser caching and direct the flow of visitors through the site.

Alternatives to electronic transactions

EM provides online access to information and services for students, employees and members of the public. If you prefer not to provide any information to the university online, you may cancel the transaction and contact the administrative unit responsible for the service to learn about available options for conducting business in person, by mail or by telephone.

Disclosure of information

EM does not sell or distribute confidential information it collects online to individuals or entities not affiliated with the university, except in the very limited circumstances described below. Non-confidential information may be sold or distributed pursuant to Arizona Public Records law.

University and Arizona Board of Regents policies protect the confidentiality of student educational records and employee personnel information. These policies explain what information may be shared with the public or anyone who requests it. They also explain what information is protected as confidential; confidential information will not be disclosed without the consent of the student or employee, except under subpoena or court order or in case of an emergency.

Student records

Student records are protected by the federal Family Education Rights and Privacy Act (FERPA), Arizona law, and university policy. Information about student access to education records and protection of education records is available at: http://w3.arizona.edu/~policy/ferpa.shtml. That policy also provides information on a student's right to limit access to otherwise public directory information.

Secure online chats

EM may retain logs or copies of one-to-one secure private chats with university staff members to create a record of student contact. Student-specific information is considered a student record protected by the federal Family Education Rights and Privacy Act (FERPA), Arizona law, and university policy.

Public online chats & online bulletin boards

EM retains logs or copies of online chats to create a record of frequently asked questions. Information disclosed in these areas is considered public.

Public records law

Under the Arizona Public Records Law, UA may be required to provide information in university records to a third party. Commercial users may purchase public record information, such as non-confidential lists of students and employees. Information protected by FERPA or by other laws or Board policy will not be disclosed in response to a public records request.

Contractors

From time to time, individuals or companies under contract with the university may have access to information in the course of the service they provide to the university, but those entities are not permitted to use or re-disclose that information for unauthorized purposes. No other entities are authorized to collect information through UA's sites.

Security

Although every effort is made to secure network communications, UA cannot ensure the privacy of online communications. Individuals using online services should also take steps to protect personal information, such as closing the Web browser when finished using the site. Failure to do so may result in personal information being viewed by someone else using the same computer.

UA accepts credit card payments online for a variety of goods and services. Unless otherwise noted on the site, all university credit card transactions are encrypted. Information entered to complete a transaction will not be used by UA for any other purpose unless the purpose is described on the site.

University-owned or controlled computers and equipment are public property and may be examined by authorized individuals to detect improper, illegal, or non-governmental use, to evaluate the security of the network, or for other governmental purposes.

Please be aware that any information placed or stored in a university owned or provided computer is subject to review by the university at any time.

General inquiries regarding the EM privacy policy may be directed to The Office of Enrollment Management via e-mail to sitehelp@arizona.edu or by phone 520-621-3705 or you may send an inquiry by mail to UA, Office of Enrollment Management, PO Box 210073, Tucson, AZ 85721.

Additional information regarding the general UA privacy policy is available on the Information Security and Privacy Web site located at: http://w3.arizona.edu/~security. If you have additional questions about online privacy or security, you can contact the Business Continuity and Information Security (BCIS) office, via e-mail to bcis@u.arizona.edu, by phone 520.621-4482, or you can send an inquiry by mail to Business Continuity and Information Security, 1077 N. Highland Ave., Tucson, AZ 85721.