|Policy Approval Authority||President|
|Responsible Division||Division of Information Technology|
|Responsible Officer(s)||Chief Information Officer, Chief Privacy Officer|
|Contact Person||Marisa Benson|
|Effective Adoption Date||07-24-2016|
|Last Review Date||07-05-2018|
Ethics & Conduct
Marketing & Communication
NIU Website Privacy Notice
Updated: 7/5/18 (approved language to incorporate explicit voluntary consent where consent is required
The Board of Trustees of Northern Illinois University ("NIU," or "University") respects the privacy of every individual who visits NIU websites. This privacy notice outlines the information that NIU websites and online forms may collect and how that information may be processed.
NIU websites and online forms are supported by several University servers and applications. Some servers or sites hosted by Northern Illinois University may adopt different privacy notices that go beyond the parameters set forth in this document, as their specific needs require. However, those servers or sites cannot adopt privacy policies or practices that in any way supersede federal or state laws or regulations, NIU Board of Trustees Bylaws and Regulations, and/or this policy. Any discrepancy between the information presented here and the official Bylaws and Regulations of the Board of Trustees of Northern Illinois University and the policies and procedures of Northern Illinois University is not intended to and does not alter or amend the official Bylaws, Regulations, policies or procedures. NIU reserves the right to alter this policy at any time and will post future amended documents at this location
- NIU websites are defined as publicly accessible pages hosted under the domain "www.niu.edu," any web address ending ".niu.edu," or any website within the NIU IP address range that is maintained by NIU employees or departments or units, acting within their respective scopes of employment.
- Online forms are defined as pages presented to web browsers that allow for real-time and online submission of data. Online forms do not include copies of documents that must be printed for later submission
Questions or Concerns
Collection and Processing of Supplied Personal Data
Northern Illinois University uses websites and online forms for business purposes and is committed to fostering and protecting the privacy of personal data.
NIU websites and online forms will not collect personally identifiable information (personal data) about persons, such as name, address, telephone number, or email address unless the information was provided with explicit voluntary consent. Persons should not voluntarily provide personal data if they do not want it to be collected.
Without Voluntary Consent
Personal data may be processed without explicit consent when it is required for:
- the performance of a contract to which the data subject is a party;
- compliance with a legal obligation to which NIU as the data controller is subject;
- to protect the vital interests of the data subject or another natural person;
- to perform a task in the public interest or is an exercise of official authority vested in NIU as the data controller; or
- under the legitimate interests pursued by NIU as the data controller except when these interests are balanced against and overridden by the interests, fundamental rights, or fundamental freedoms of the data subject.
Individual units of Northern Illinois University may also collect and process personal data in accordance with their unit’s specific privacy notice and policy. As stated above, these units may adopt different privacy notices and policies that go beyond the parameters set forth in this document, but those policies or practices may not supersede Federal or State laws or regulations, NIU Board of Trustees Bylaws and Regulations, or this policy notice.
In some cases, information that is not personally identifiable may be automatically collected and/or logged. For example, information about the visitor's browser, operating system, IP address, and the domain name of sites that are linked to the NIU website serves the legitimate interest of NIU and the needs of the majority of users by:
- personalizing the user experience; or
- assisting with troubleshooting and diagnoses if there are problems with servers; or
- producing important statistics on how often pages are visited; or
- detecting security breaches and safeguarding NIU's computing resources.
Permitted Uses and Purposes
Personal data will be collected only for legitimate business purposes. The data collected must be directly relevant and necessary to accomplish that specified purpose. When collected from NIU websites or online forms, personal data may be used:
- to fulfill an order or request; or
- to assist with better understanding the needs of visitors, thereby allowing NIU to improve services; or
- to reply to or contact users.
NIU will not sell, rent, or market personal data to third parties.
Use of NIU websites and online forms is subject to all applicable state and federal law, as well as all relevant University and campus policies. It is the University's usual practice not to share any personal information with those outside of the University. However, when circumstances arise for the need to share information gathered from its computing resources within the NIU IP Address space, the University may share as:
- Authorized and/or mandated by law; or
- Permitted under University policies; or
- Authorized by an approved Northern Illinois University contract; or
- Clearly stated at a University Web site that such information will be shared and the user explicitly granted informed consent; or
- When informed consent is otherwise given.
Data Access, Correction, and Retention
All data subjects have the right to access and review their personal data at NIU. Furthermore, data subjects have the right to request corrections to their personal data by contacting the unit who collected the information or by emailing PrivacyOfficer@niu.edu. Natural and living persons who wish their personal data to be deleted may contact NIU’s Privacy Officer by emailing PrivacyOfficer@niu.edu.
NIU data is retained or disposed of according to published Record Schedules (https://hrs.niu.edu/forms/rr/) that comply with Federal and State laws or regulations.
Safeguarding Personal Data
The Division of Information Technology (DoIT) has taken several steps to safeguard the integrity of its communications and computing infrastructure, including but not limited to authentication, monitoring, auditing, and encryption. Security measures have been integrated into the design, implementation and day-to-day practices of the entire University operating environment as part of its continuing commitment to risk management. However, such activities should not be construed as any warranty against the unauthorized breach/failure of these security measures.
Information Placed Automatically on Visitor Computers (Cookies)
When visitors view the NIU website, some information may be stored on their computer in the form of a "cookie" or similar file. Cookie help web authors tailor websites to better match user interests and preferences. With most Internet browsers, users can alter user preferences to erase cookies from their hard drive, block cookies, or have it prompt the user to either accept or refuse to store the cookie. Most browser help files have detailed instructions on how to set user preferences for cookies.
In compliance with the Illinois State Agency Web Site Act, NIU websites will not use permanent cookies or any other invasive tracking programs that monitor and track website viewing habits, unless they meet the following criteria:
- The use of permanent cookies adds value to the user otherwise not available;
- The permanent cookies are not used to monitor and track website viewing habits unless all types of information collected and the University's use of that information add user value and are disclosed through a comprehensive online privacy statement.
NIU websites may, however, use transactional cookies that facilitate business transactions
Public Forums, Online Surveys and Other Information Provided by the User
Many units of the University provide chat rooms, forums, message boards, and other online groups for their users. Any information that is disclosed in these areas may become public information and a user should
In addition, at any time there are numerous online surveys being conducted on NIU websites. Persons responsible for conducting online surveys that collect personally identifiable information (PII) must clearly state at the survey site the extent to which any information provided will be shared or protected. Aggregated and anonymized data from surveys may be shared with external third parties in ways that do not compromise privacy
Compliance with Relevant Privacy Laws
Northern Illinois University is committed to complying fully with the Children's Online Privacy Protection Act. Accordingly, if a user of the NIU website is under the age of thirteen, such user is not authorized to provide NIU with personally identifying information and the University will not use any such information in its database or other data collection activities. Users under the age of thirteen and their parents or guardians are otherwise cautioned that the collection of personal information volunteered by unauthorized children online or by email will be treated in the same way as information given by an adult until the University becomes aware that the user is under the age of thirteen and such information may be subject to public access.
In addition, Northern Illinois University is committed to complying fully with:
- Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission;
- Health Insurance Portability and Accountability Act (HIPAA), which generally safeguards the integrity and confidentiality of health information that is transmitted electronically;
- Gramm-Leach-Bliley Act (GLBA), which generally safeguards nonpublic, personal information, in electronic or paper form, associated with customers of NIU's financial services and products; and
- Illinois Freedom of Information Act (FOIA). As a state institution, NIU may be legally required under the Illinois Freedom of Information Act or other laws to provide specific information, such as some electronic correspondence sent via the NIU web site.
- Applicable international privacy laws.
This information should not be construed in any way as giving business, legal, or other advice, or as a warranty against unauthorized breaches/failures of NIU computing resources, the security of information provided via the NIU website. Access to the NIU website is provided subject to the following terms and conditions. Please read these terms carefully as use of the NIU web site constitutes acceptance of all of the following terms and conditions.
Disclaimer of Liability
In no event shall the NIU Board of Trustees and/or Northern Illinois University, its departments/units and employees, be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with, use of, or reliance on, any information, products, or services available on or through the NIU web site. The NIU Board of Trustees and/or Northern Illinois University, its departments/units and employees, shall not be held liable, and do not assume responsibility, for any improper or incorrect use of the NIU web site. This disclaimer of liability applies to any damages or loss, including but not limited to those caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, alteration of, or use of record(s), whether for breach of contract, tortuous behavior, negligence, or under any other cause of action.
Users of the NIU web site should be aware that periodic changes may be made to the information provided on the NIU web site. Also, users should be cautious about information from the NIU web site that is obtained through sources other than NIU web pages, as electronic data/information can be altered or become out-of-date subsequent to original distribution.
Disclaimer of Warranties and Accuracy Information/Data
Although the information/data found using the NIU web site have been produced and processed from sources believed to be reliable, no warranty, express or implied, is made regarding accuracy, adequacy, completeness, legality, reliability or usefulness of any information. This disclaimer applies to both isolated and aggregate uses of the information. Northern Illinois University provides this information on an "as is" basis. All warranties of any kind, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, freedom from contamination by computer viruses and non-infringement of proprietary rights are specifically and generally disclaimed.
Disclaimer for External Links
Disclaimer on Linking to NIU Websites
NIU encourages and permits links to content published on the NIU web site. However, any linking should not (1) implicitly or explicitly suggest that the NIU Board of Trustees or NIU promotes or endorses any third party's causes, ideas, website content, products or services, or (2) use NIU content for inappropriate commercial purposes. The NIU Board of Trustees reserves the right to withdraw permission for any link.
Choice of Law
Construction of the disclaimers above and resolution of disputes thereof are governed by the laws of the State of Illinois. The laws of the State of Illinois, U.S.A. shall apply to all
- Policy Categories
- Board of Trustees
- Campus Safety / Security
- Ethics & Conduct
- Facilities / Real Estate
- Faculty & Academics
- Finance / Risk Management
- Governance / Administration
- Human Resources / Employment
- Information Technology
- Marketing & Communication
- Research Ethics / Intellectual Property
- Student Affairs