University of Oregon e-Commerce Privacy Statement
The University of Oregon is committed to safeguarding the privacy of those who utilize our e-commerce websites. University of Oregon e-commerce websites are developed in accordance with this privacy statement and adhere to the following set of privacy principles.
Your Personal Information
University of Oregon websites may request personal information from you in order to complete an e-commerce transaction. For example, name, phone number, physical address, shipping address (if different), e-mail address.
Your information will be used only to execute the immediate transaction, and for business needs of the University related to the transaction.
Your information will be provided to other parties only as necessary to complete your transaction and provide services to you.
The University of Oregon will not provide any of your personal information to third parties without your permission, and we will not sell any personal information to third parties for purposes of marketing, advertising or promotion. The University may release personal information when required to comply with law or to protect the rights, property or safety of the University, our users, and others.
Network Security
The information you provide is protected in transit using a network protocol called Secure Sockets Layer (SSL). Through the use of SSL, information being transmitted is encrypted or scrambled to make it extremely difficult for anyone who intercepts the information to read it.
The University of Oregon employs software programs to monitor network traffic, identify unauthorized access, detect computer viruses and other software that might damage University computers or the network, and monitor and tune the performance of the University network. In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets, and other information contained in the network traffic. Information from these activities is used only for the purpose of maintaining the security and performance of the University's networks and computer systems. Personally identifiable information from these activities is not released to external parties without your consent unless required by law. For site management, information is collected for statistical purposes.
The University of Oregon uses software programs to create summary statistics, which are used for such purposes as assessing what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.
University websites routinely collect and store information from online visitors to help manage those sites and improve service. This information includes things like:
- Pages visited on the site,
- Date and time of the visit,
- Internet address (URL or IP address) of the referring site,
- Domain name and IP address from which the access occurred,
- Bowser version and capabilities,
- Search terms used.
Our sites make no attempt to identify individual visitors from this information: any personally identifiable information is not released to external parties without your consent unless required by law.
Your Credit Card Data
The University of Oregon contracts with a trusted service provider for the collection and processing of customer credit card information. During your transaction you will be redirected to a QuikPAY payment page that is hosted Nelnet Business Solutions, NBS is responsible for the privacy and security of your credit card data. They are listed on Visa's Global registry of validated service providers. Each year, independent security assessors validate their compliance with the Payment Card Industry Data Security Standards (PCI DSS).
Use of Cookies
Some University websites follow the progress of your transaction by passing pieces of information to your web browser for storage and subsequent retrieval ("cookies"). A cookie is a file written to your computer's hard drive that is often used to remember information about preferences and pages you have visited. Also, if you submit personal information to our Web site (such as your name, interests or preferences), we may use cookies to keep track of such information so that you will not need to re-enter it during subsequent visits. You may set your Internet browser preferences to notify you when you receive a cookie, or you may decline acceptance of cookies. If you decline acceptance of cookies, however, you may experience less than optimal performance from our website.
Caution on Links to Other Web sites
Our site may contain links to other websites. Please be aware that the University is not responsible for the privacy practices of such other sites. The user is encouraged to be aware when they leave our site (domain uoregon.edu) and to read the privacy statements of each and every website that collects information about you. This privacy statement applies solely to information collected by our site.
Consent
By conducting electronic commerce transactions on our website, you consent to University of Oregon's use and collection of the information you provide for the purposes of the transaction. If the University's privacy guidelines change, such changes will be reflected on this page. Please refer to this policy before making a transaction or sharing personal information.
Oregon Public Records
In the State of Oregon laws exist to ensure that the government is open and that the public has a right to access appropriate records and information possessed by state government. All information collected by our webistes becomes a public record unless an exemption in law exists. ORS Chapter 192 contains Oregon Public Record Law.
Personal information such as name, address and telephone number may be exempt from disclosure if disclosure would constitute an unreasonable invasion of privacy.
Oregon Identity Theft Protection
Oregon's Consumer Information Protection Act (CIPA), ORS 646A.600, defines personal information as:
A consumer’s first name or first initial and last name in combination with any one or more of the following data elements, if encryption, redaction or other methods have not rendered the data elements unusable or if the data elements are encrypted and the encryption key has been acquired: (i) A consumer’s Social Security number; (ii) A consumer’s driver license number or state identification card number issued by the Department of Transportation; (iii) A consumer’s passport number or other identification number issued by the United States; (iv) A consumer’s financial account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to a consumer’s financial account, or any other information or combination of information that a person reasonably knows or should know would permit access to the consumer’s financial account; (v) Data from automatic measurements of a consumer’s physical characteristics, such as an image of a fingerprint, retina or iris, that are used to authenticate the consumer’s identity in the course of a financial transaction or other transaction; (vi) A consumer’s health insurance policy number or health insurance subscriber identification number in combination with any other unique identifier that a health insurer uses to identify the consumer; [and] or (vii) Any information about a consumer’s medical history or mental or physical condition or about a health care professional’s medical diagnosis or treatment of the consumer.
Anyone who maintains personal information of Oregon consumers must notify their customers if computer files containing that personal information have been subject to a security breach. The notification must be done as soon as possible, in one of the following manners:
- Written notification
- Electronic, if this is the customary means of communication between you and your customer
- Telephone notice provided that you can directly contact your customer
University policy prohibits the storage of customer credit card data on the university network. If for some reason the university determines that your personal information has been subject to a security breach you will be notified in accordance with state law.