Website Privacy Notice

Overview

NIU websites and online forms are supported by several University servers and applications. Some servers or sites hosted by Northern Illinois University may adopt different privacy notices that go beyond the parameters set forth in this document, as their specific needs require. However, those servers or sites cannot adopt privacy policies or practices that in any way supersede federal or state laws or regulations, NIU Board of Trustees Bylaws and Regulations, and/or this notice. Any discrepancy between the information presented here and the official Bylaws and Regulations of the Board of Trustees of Northern Illinois University and the policies and procedures of Northern Illinois University is not intended to and does not alter or amend the official Bylaws, Regulations, policies or procedures. NIU reserves the right to alter this notice at any time and will post future amended documents.

Definitions

NIU websites are defined as publicly accessible pages hosted under the domain www.niu.edu, any web address ending .niu.edu or any website within the NIU IP address range that is maintained by NIU employees or departments or units, acting within their respective scopes of employment.

Online forms are defined as pages presented to web browsers that allow for real-time and online submission of data. Online forms do not include copies of documents that must be printed for later submission.

Collection and Processing of Supplied Personal Data

Northern Illinois University uses websites and online forms for business purposes and is committed to fostering and protecting the privacy of personal data.

Voluntary Consent

NIU websites and online forms will not collect personally identifiable information (personal data) about persons, such as name, address, telephone number or email address unless the information was provided with explicit voluntary consent. Persons should not voluntarily provide personal data if they do not want it to be collected.

Without Voluntary Consent

Personal data may be processed without explicit consent when it is required for:

• The performance of a contract to which the data subject is a party;
• Compliance with a legal obligation to which NIU as the data controller is subject;
• To protect the vital interests of the data subject or another natural person;
• To perform a task in the public interest or is an exercise of official authority vested in NIU as the data controller; or
• Under the legitimate interests pursued by NIU as the data controller except when these interests are balanced against and overridden by the interests, fundamental rights or fundamental freedoms of the data subject.

Individual units of Northern Illinois University may also collect and process personal data in accordance with their unit's specific privacy notice and policy. As stated above, these units may adopt different privacy notices and policies that go beyond the parameters set forth in this document, but those policies or practices may not supersede federal or state laws or regulations, NIU Board of Trustees Bylaws and Regulations or this notice.

In some cases, information that is not personally identifiable may be automatically collected and/or logged. For example, information about the visitor's browser, operating system, IP address and the domain name of sites that are linked to the NIU website serves the legitimate interest of NIU and the needs of the majority of users by:

• Personalizing the user experience;
• Assisting with troubleshooting and diagnoses if there are problems with servers;
• Producing important statistics on how often pages are visited; or
• Detecting security breaches and safeguarding NIU's computing resources.

Permitted Uses and Purposes

Personal data will be collected only for legitimate business purposes. The data collected must be directly relevant and necessary to accomplish that specified purpose. When collected from NIU websites or online forms, personal data may be used:

• To fulfill an order or request;
• To assist with better understanding the needs of visitors, thereby allowing NIU to improve services; or
• To reply to or contact users.

NIU will not sell, rent or market personal data to third parties.

Use of NIU websites and online forms is subject to all applicable state and federal laws, as well as all relevant University and campus policies. It is the University's usual practice not to share any personal information with those outside of the University. However, when circumstances arise for the need to share information gathered from its computing resources within the NIU IP Address space, the University may share as:

• Authorized and/or mandated by law;
• Permitted under University policies;
• Authorized by an approved Northern Illinois University contract;
• Clearly stated at a University Web site that such information will be shared and the user explicitly granted informed consent; or
• When informed consent is otherwise given.

However, for certain types of data, the University's practice is to prohibit sharing the data beyond the unit's staff who need access to the information for business purposes, unless an exception applies under applicable law.

Rights of Data Access, Correction and Deletion

Some international and state laws provide rights to access, review, correction and deletion of data. Depending on where you are located and other factors, these laws may or may not apply to you.

For example, under the European Union's General Data Protection Regulation (GDPR), data subjects have the right to access and review their personal data at NIU, have the right to request corrections to their personal data and have the right to request data deletion. Data subjects who are natural and living persons and who want to exercise these rights may contact NIU's Privacy Officer by emailing PrivacyOfficer@niu.edu. Automated request emails will not be processed unless NIU can confirm that a natural or living person made the request, can verify the person's identity, can determine that the person has a nexus to NIU and can determine that the privacy law providing a right to access, review, correct or delete data applies to that person.

Records Retention

NIU records are retained or disposed of according to published Records Retention Schedules that comply with federal and state laws or regulations.

Maintenance of Analytics and Advertising Data

Specific retention windows for analytics and advertising data are configured as follows:

• Google Analytics 4: user-level and event-level data is retained for 14 months
• Google Ads, Meta and LinkedIn audiences: typically retained per platform default windows, ranging from 30 to 540 days
• Server logs: retained per NIU's Information Security and Records Retention policies

Safeguarding Personal Data

The Division of Information Technology (DoIT) has taken several steps to safeguard the integrity of its communications and computing infrastructure, including but not limited to authentication, monitoring, auditing and encryption. Security measures have been integrated into the design, implementation and day-to-day practices of the entire University operating environment as part of its continuing commitment to risk management. However, such activities should not be construed as any warranty against the unauthorized breach or failure of these security measures.

Cookies and Similar Technologies

NIU webpages use cookies, pixels, tags and similar technologies to make the site work, to understand how visitors use it and to support our recruitment and outreach efforts. Cookies are small text files placed on your device when you visit a website. Pixels and tags are small pieces of code that allow us to measure activity on our pages. NIU's analytics and advertising tools are managed by University Marketing in coordination with the University Privacy Officer. Privacy questions, including questions about cookies and tracking technologies, should be directed to PrivacyOfficer@niu.edu. We group these technologies into four categories.

• Strictly necessary. Required for the site to function, including authentication, form submission and security.
• Functional. Remember your preferences, such as language or region.
• Analytics. Help us understand how visitors use our site. Includes Google Analytics 4 with Google Signals and Microsoft Clarity.
• Advertising. Allow us to deliver relevant ads to people who have expressed interest in NIU and to measure the effectiveness of our campaigns. Includes Google Ads remarketing, the Meta pixel, the LinkedIn Insight Tag and partner pixels from Motimatic and Niche.

Most browsers allow you to manage cookies through your browser settings, including options to delete or block them. Disabling cookies may limit your ability to use some features of NIU's web sites.

Google Analytics 4 and Google Signals

NIU uses Google Analytics 4 (GA4) to understand how visitors use our website. NIU has enabled Google Signals, which associates visit information from our site with information from signed-in Google users who have turned on Ads Personalization. This allows us to see aggregated demographic and interest information about visitors and to measure cross-device activity. NIU does not receive personally identifiable information about individual users through Google Signals; we see aggregated data only.

Microsoft Clarity

NIU uses Microsoft Clarity to understand how visitors use our website through aggregated heatmaps and session recordings. Session recordings capture visitor interactions such as clicks, scrolls and mouse movements on NIU pages. Clarity masks sensitive form fields, such as passwords and names, by default. NIU does not receive personally identifiable information about individual users through Clarity. Microsoft processes the data as described in its privacy documentation.

Advertising Tools

NIU uses Google Ads, the Meta pixel and the LinkedIn Insight Tag to reach prospective students, applicants and other audiences who have visited niu.edu and to measure the performance of our advertising. NIU also works with marketing partners, including Motimatic and Niche, who place pixels on our site to support recruitment campaigns.

Your Choices and How to Opt Out

You have several options for managing how your information is collected and used through NIU webpages.

Browser Controls

Most browsers let you delete cookies, block cookies or be notified when a cookie is stored. Browsers also support the Global Privacy Control (GPC) signal. NIU recognizes GPC signals where required by applicable state privacy laws.

Google Analytics and Google Ads

You can opt out of Google Analytics by installing the Google Analytics opt-out browser add-on. You can manage advertising preferences and opt out of personalized Google ads at Google Ads Settings.

Meta and LinkedIn

You can manage how Meta uses information about your visits in your Meta Ad Preferences. You can manage LinkedIn's use of information in your LinkedIn advertising preferences.

Industry Opt-Out Tools

You can opt out of interest-based advertising from many participating companies through the Network Advertising Initiative opt-out tool and the Digital Advertising Alliance opt-out tool.

State Privacy Rights

Residents of certain states have specific rights regarding their personal information under state privacy laws, including the right to access, correct or delete their information and the right to opt out of certain advertising-related uses. To exercise these rights if they apply to you, contact the University Privacy Officer at PrivacyOfficer@niu.edu. Automated request emails will not be processed unless NIU can confirm that a natural or living person made the request, can verify the person's identity, can determine that the person has a nexus to NIU and can determine that the privacy law providing a right to access, correct or delete data applies to that person.

Public Forums, Online Surveys and Other Information Provided by the User

Many units of the University provide chat rooms, forums, message boards and other online groups for their users. Any information that is disclosed in these areas may become public information and a user should therefore exercise caution when deciding to disclose one's personal information in such places. Chat sessions and discussion forums may be logged.

In addition, at any time there are numerous online surveys being conducted on NIU websites. Persons responsible for conducting online surveys that collect personally identifiable information (PII) must clearly state at the survey site the extent to which any information provided will be shared or protected.

Compliance with Relevant Privacy Laws

Northern Illinois University is committed to complying with the Children's Online Privacy Protection Act. Accordingly, if a user of the NIU website is under the age of 13, such user is not authorized to provide NIU with personally identifying information and the University will not use any such information in its database or other data collection activities. Users under the age of 13 and their parents or guardians are otherwise cautioned that the collection of personal information volunteered by unauthorized children online or by email will be treated in the same way as information given by an adult until the University becomes aware that the user is under the age of 13 and such information may be subject to public access.

In addition, Northern Illinois University is committed to complying with:

• Family Educational Rights and Privacy Act (FERPA), which generally prohibits the release of student education records without student permission;
• Health Insurance Portability and Accountability Act (HIPAA), which generally safeguards the confidentiality of health information;
• Gramm-Leach-Bliley Act (GLBA), which generally safeguards nonpublic, personal information associated with customers of NIU's financial services and products; and
• Illinois Freedom of Information Act (FOIA). As a state institution, NIU may be legally required under the Illinois Freedom of Information Act or other laws to provide specific information, such as some electronic correspondence sent via NIU websites;
• Other applicable privacy laws.

Legal Disclaimers

This information should not be construed in any way as giving business, legal or other advice, or as a warranty against unauthorized breaches or failures of NIU computing resources or the security of information provided via NIU websites. Access to NIU websites is provided subject to the following terms and conditions. Please read these terms carefully as use of NIU websites constitutes acceptance of all of the following terms and conditions.

Disclaimer of Liability

In no event shall the NIU Board of Trustees and/or Northern Illinois University, its departments, units and employees, be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with use of or reliance on any information, products or services available on or through NIU websites. The NIU Board of Trustees and/or Northern Illinois University, its departments, units and employees, shall not be held liable, and do not assume responsibility, for any improper or incorrect use of NIU websites. This disclaimer of liability applies to any damages or loss, including but not limited to those caused by any failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, computer virus, communication line failure, theft or destruction or unauthorized access to, alteration of or use of records, whether for breach of contract, tortious behavior, negligence or under any other cause of action.

Users of NIU websites should be aware that periodic changes may be made to the information provided on NIU websites. Also, users should be cautious about information from NIU websites that is obtained through sources other than NIU webpages, as electronic data or information can be altered or become out-of-date subsequent to original distribution.

Disclaimer of Warranties and Accuracy of Information

Although the information and data found using NIU websites have been produced and processed from sources believed to be reliable, no warranty, express or implied, is made regarding accuracy, adequacy, completeness, legality, reliability or usefulness of any information. This disclaimer applies to both isolated and aggregate uses of the information. Northern Illinois University provides this information on an as is basis. All warranties of any kind, express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, freedom from contamination by computer viruses and non-infringement of proprietary rights are specifically and generally disclaimed.

Disclaimer for External Links

NIU websites may provide links to internet websites that are maintained by third parties, over which NIU has no control. NIU does not represent that any particular link will be online and functional at any given time. When a user leaves NIU websites and visits another site, the user is subject to the privacy policy of that new site. It is the responsibility of the user to evaluate the content and usefulness of information obtained from other sites. NIU does not endorse the content, operators, products or services of such sites, and the NIU Board of Trustees and Northern Illinois University shall not be responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with use of or reliance on any such external content, products or services available on or through such external sites. This notice applies solely to information collected by NIU websites.

Disclaimer on Linking to NIU Websites

NIU encourages and permits links to content published on NIU websites. However, any linking should not:

• Implicitly or explicitly suggest that the NIU Board of Trustees or NIU promotes or endorses any third party's causes, ideas, website content, products or services; or
• Use NIU content for inappropriate commercial purposes. The NIU Board of Trustees reserves the right to withdraw permission for any link.

Choice of Law

Construction of the disclaimers above and resolution of disputes thereof are governed by the laws of the State of Illinois. The laws of the State of Illinois, U.S.A. shall apply to all uses of this data or information and NIU websites. By use of NIU websites and any data or information contained therein, the user agrees that use shall conform to all applicable laws and regulations as well as relevant University policy, and user shall not violate the rights of any third parties.