December 18, 2015: Northeastern University is committed to delivering information services that recognize and respect users’ privacy concerns. This Privacy Statement describes how we recognize these concerns and uphold our commitments to address them. This Privacy Statement is intended to inform you of our general policies and practices regarding our collection, use, and disclosure of the information that you submit to us and that we collect from you during your use of Northeastern.edu, neu.edu, the myNeu portal, and our mobile applications (“Services”).
The types of information we collect may vary depending on the specific site you visit or application you use. Accordingly, this Privacy Statement is intended to be a general statement and may be supplemented by more specific privacy policies that pertain to personal information exclusively associated with a specific department, unit or function.
Additional and/or different practices may apply with respect to data collected from participants in university-based or sponsored research studies that are governed by a protocol approved by the Institutional Review Board, and in those cases the provisions of the Informed Consent form will govern and may supersede those set out in this Privacy Statement.
Personal Information We Collect
We collect a variety of Personal Information from you when you use our Services. For purposes of this Privacy Statement, Personal Information is information about you that is linked to you as an individual, including, but not limited to:
- Name and Date of birth
- Social Security Number (SSN) (limited uses only, as outlined in the following section)
- NUID Number
- Address, city, state, postal code and country of residence
- Campus address and telephone number
- Home, cellular and other contact telephone number(s)
- Emergency contact information (names, phone numbers and email addresses)
- Academic credentials
- Academic, leisure or other interests
- Other information pertinent to your specific interests at Northeastern
Other Information We Collect
Personal Information does not include technical information such as unique device identifiers, randomly assigned unique identifiers in cookies, mobile device name, timestamp, IP addresses, and other similar information that we may collect.
For example, your web browser automatically sends us the type of computing device and operating system you are using. We may also collect and maintain the IP (internet protocol) address used by your computing device. In addition, we may collect the dates and times you access Services, URLs requested, file names sent or received, search strings, and errors generated. We may also collect other information to assist us in maintaining or managing our systems, diagnosing problems, assisting you with a help request, or informing investigations.
We collect Personal Information as follows:
- When you use our Services
- When you voluntarily provide it to us
- When you register and set up an account
- When you communicate with us
- When you contact us offline or submit information to us offline
- When you provide it through our website
- From publicly available sources
- From third-parties
We use data collection technologies to collect information about your use of our Services. Third parties, widgets, and hosted solutions that we use on our website may use the following technologies for features, services, advertising, or analytics:
Browser cookies are small pieces data placed on your computer as you navigate websites with your browser. Browser cookies allow websites and various third-parties to distinguish your device from others by having the cookie consist of a unique identifier or other data. Cookies can have many uses, such as to target advertising as well as to enable website functionality and for security. We use both session cookies (which expire after you close your web browser) and persistent cookies (which stay on your computer until you delete them). Persistent cookies can be removed by following your Internet browser help file directions. If you choose to disable cookies, some areas of our website may not work properly.
Local shared objects (such as "Flash" cookies) are associated with non-Browser software like Flash Player. Local shared objects can be used like cookies to distinguish your device from others, but will not be deleted or blocked using browser cookie controls. You can visit adobe.com for guidance on how to delete and block Flash cookies.
HTML5 local storage is another way that browsers can distinguish your device from others as well as remember data that may be important for the functioning of the website. Typically HTML5 local storage is only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software for how to delete HTML5 local storage in your particular case.
Web beacons are image files that are used by third-party advertisers, analytics companies, and others. Web beacons are embedded in web pages you visit and cause your browser to share its IP address with the third-party source of the beacon, together with any cookies associated with that third-party. Web beacons can be used with or without cookies. Blocking cookies will not stop your IP address from being shared through the use of beacons.
E-tags are used to prevent duplicative downloading of content to your browser, which can enhance browser performance. E-tags use unique identifiers for content that can also be used to distinguish your browser in certain instances from others. Typically e-tags are only deleted if all Internet history, cache, and cookies are deleted. You should check your browser software for how to delete e-tags in your particular case.
Our mobile applications may use the following technologies for features, services, advertising, or analytics:
- Collection of device identifiers, such as Android ID, MAC address, or UDID
- Collection of geolocation, including precise geolocation
- Device name
- Collection of platform specific identifiers such as Apple's Identifier for Advertising and Identifier for Vendor, and Android ID or Android's advertising identifier
- Collection of carrier-related information including the name of your wireless carrier, and IDs related to the cell phone hardware in your phone as well as the network to which the device is connected
- IP address
- Mobile phone number
- App-specific cookies
Other technologies. Our website and mobile apps may occasionally use other technologies both for purposes of advertising as well as for features and services.
Social Network Widgets
Our Services may include social network sharing widgets that may provide information to their associated social networks or third-parties about your interactions with our web pages that you visit, even if you do not click on or otherwise interact with the plug-in or widget. Information is transmitted from your browser and may include an identifier assigned by the social network or third party, information about your browser type, operating system, device type, IP address, and the URL of the web page where widget appears. If you use social network tools or visit social networking sites, you should read their privacy disclosures, to learn what information they collect, use, and share.
We limit the collection of Personal Information to that which is required in order to provide services to you. We collect personal information in order to deliver and better tailor the features, performance and support of our services and Website, and to offer you additional information about our services, personalized to you, your role, and interests at Northeastern. Uses of some common categories of information are described below.
Use of the NUID Number
The NUID Number is used as the student identification number and, for faculty and staff, as an administrative system identifies.
Use of the SSN
We are required by law to collect SSNs from:
- those who are employed by and/or paid by the University;
- individuals applying for or receiving financial aid; and
- Sponsored Account applicants (last 4 digits only)
Use of Contact Information for Emergency/Crisis Notification
Any and all contact information you provide, such as home telephone numbers, cellular numbers, and email addresses may be used to notify you of an emergency or crisis that may affect you and/or the University community.
Your emergency contact information may be used to notify your designated emergency contact(s) of an emergency or crisis that may affect you and/or the University community.
Except as otherwise stated in this Privacy Statement, we do not sell, rent, or share your Personal Information with third parties. We may disclose your Personal Information to:
- departments within the University;
- third parties involved in assisting the University in providing services, including but not limited to employee background checks, administrative services, and technical services;
- local, state and/or Federal agencies, pursuant to valid legal process; and
- other parties as we deem reasonably necessary in order to protect and defend our rights, or the rights or safety of third parties
How Personal Information is Shared Within Northeastern
We use your Personal Information primarily to enable delivery, personalization, and improvement of services at Northeastern. Personal Information may be shared with other departments and business units at the University to the extent necessary to deliver and improve services offered or to satisfy local, state and federal laws and regulations.
How Personal Information is Shared Outside Northeastern
We may share your Personal Information with others outside of the University, such as third-party providers, vendors, and others acting on behalf of the University, for a variety of purposes, for example, to the extent necessary to deliver, improve and tailor services to you. Third parties who receive Personal Information are generally contractually prohibited from using or sharing Personal Information for any purpose other than providing services to users. Northeastern does not sell Personal Information to third-party data brokers. The University may share Personal Information pursuant to valid legal process, to detect, prevent or investigate fraud or system or network security issues, or to protect the safety or rights of the university and other third parties.
Sharing Cookies and Technical Information with Third Parties
The University has relationships with authorized third-party providers whose services are accessed through the myNeu portal or other webservices. In order to facilitate your access to these services, the University may automatically send one or more of your cookies to the third-party site or service so that you may access third-party services without re-entering your myNeu user ID and password, or other required information, each time.
Digital Marketing and Ad Networks
Third Parties May Collect Personal Information from Other Sources.
Some third parties involved in advertising operations may maintain their own proprietary consumer databases that allow them to personally identify or track website visitors. Other third parties have proprietary technologies to determine what additional devices you may use, on which it can display relevant advertisements.
Do Not Track
Do-Not-Track is a public-private initiative that has developed a “flag” or signal that an Internet user may activate in the user’s browser software to notify websites that the user does not wish to be “tracked” by third-parties as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the “do not track” signal, and therefore Do-Not-Track is not yet standardized. Our website does not alter its behavior or change its services when it receives a “do-not-track” flag or signal from your browser.
Your Privacy and Ad Choices
You can make decisions about your privacy and the ads you receive. You can control whether companies serve you on-line behavioral advertising by visiting the Digital Advertising Alliance website and using its opt-out: http://www.aboutads.info/choices/. The DAA opt-out requires that cookies not be blocked in your browser.
As an alternative to the DAA opt–out, you can also elect to block browser cookies from first parties (such as those from our website) and browser cookies from third parties (such as advertisers) by using the cookie blocking options built into your browser software. If you block browser cookies, some parts of our website may not function correctly. Also, blocking cookies will not stop third-parties from collecting IP address, data stored in "Flash" cookies, and certain other types of technical information that may uniquely identify your browser.
If you send us email, we may share your email address and message content with others inside the University, and with persons and organizations outside the University, to the extent it is necessary to process and/or address your inquiry, or serve your needs.
Forwarding Email: Students’ Private Email Address
If you forward email from your University-assigned email address to a private (non-Northeastern University) email address, we may send email to either or both addresses. We may also share your private email address with service providers inside and outside the University.
Faculty and Staff University-Assigned Email Addresses
Faculty and staff University-assigned email addresses appear in the Northeastern email directory, and are visible to all students, faculty, staff, administrators and others who have authorized access to the directory. They are also publically-available through the directory at northeastern.edu. We may share faculty and staff University-assigned email address with service providers inside and outside the University and do so according to university policies. Faculty and staff must comply with university policies and ensure that all business transactions are conducted solely through university approved systems.
If you provide your telephone number(s), we may share these numbers with service providers inside and outside the University.
What Are My Choices Regarding Collection of Information?
In some cases, users of our Services may choose whether or not to voluntarily provide their Personal Information. However, if you choose not to provide us with certain Personal Information, your access to those Services may be limited or prevented.
Your Right to "Opt Out" of Services
You may have the right not to use ("opt-out") of certain services of the myNeu portal. When this choice is available, it is displayed. Opting-out may limit access to myNeu services.
How to Request Access to or Deletion of Information and Files Pertaining to You
You have the right to request access to information and files pertaining to you. You also have the right to request that information pertaining to you be removed from Northeastern University systems and files. You may exercise these rights by contacting the office below that is most appropriate to your role at the University. We require that such requests be made in writing and include the following information:
- your name and role (applicant, student, or employee);
- contact information, including your email and postal addresses;
- the item(s) of information you wish to access or want removed; and
- the reason for requesting access to, or removal of, the information.
Applicants may Contact the Office of Undergraduate Admissions:
150 Richards Hall, 360 Huntington Avenue, Boston, MA 02115
Voice: 617-373-2200 617-373-2200 FREE
Students may Contact the Office of the Registrar:
120 Hayden Hall, 360 Huntington Avenue, Boston, MA 02115
Voice: 617-373-2300 617-373-2300 FREE
Employees may Contact the Office of Human Resources Management:
250 Columbus Place, Boston, MA 02115
Voice: 617-373-2230 617-373-2230 FREE
There are some instances where the University may deny a request to remove information. For example, the University may decline to remove the following types of information, including, but not limited to:
- information required to be maintained by the University as part of student or employment records, or pursuant to local, state or Federal law, statute or other regulation, or in performance of contractual obligations
- information compiled in reasonable anticipation of, or for use in a civil, criminal or administrative action or proceeding.
The University will generally respond to requests no later than sixty (60) days after receipt. If a request is denied, we will send a written explanation explaining the reason for the denial and a notification of your right to file a written statement of disagreement. The University may also provide a right to have the denial reviewed. If the University is unable to act within sixty (60) days, we may extend that time by no more than an additional thirty (30) days. If we need to extend this time, we will notify you of the delay and the date by which we will complete action on your request.
If you are not satisfied with the outcome of a privacy inquiry, you have the right to seek redress. To exercise this right, please contact, in writing, the Office of Information Security, Northeastern University, 177 Huntington Floor 22, Boston, MA 02115. The following information is required:
- your name and role (applicant, student, or employee);
- a description of the problem or concern;
- your contact information, including email and postal addresses;
- the names of person(s) you have contacted about the problem; and
- copies of responses received from them.
The University will respond to requests for redress no later than sixty (60) days after receipt. If a request is denied, we will send a written explanation explaining the reason for the denial, and a notification of your right to file a written statement of disagreement. The University may also provide a right to have the denial reviewed. If the University is unable to act within sixty (60) days, we may extend that time by no more than an additional thirty (30) days. If we need to extend this time, we will notify you of the delay and the date by which we will complete action on your request.
Northeastern University maintains a multi-disciplinary approach to privacy, aimed to address all aspects of information protection, including both security and privacy programs. We strive to protect your information from any unauthorized access and/or disclosure. Systems that solicit or display personally-identifiable information are protected by authentication and authorization controls and Web-based experiences involving personal information are secured by SSL (Secure Sockets Layer protocol) with 128-bit encryption. The University reminds users, however, that no method of transmission over the Internet can be 100% secure.
How to Contact the Organization
If you have questions or concerns about the Northeastern Privacy Statement, please contact the office appropriate to your role at the University as identified in the above section entitled "Requesting access to, or deletion of, information and files pertaining to you." You may also email firstname.lastname@example.org for any questions about our privacy practices.
Solicitation of Information from Children
Northeastern University does not knowingly solicit or collect Personal Information from users under the age of 13, nor do we knowingly send users under the age of 13 requests for Personal Information. If you believe we have inadvertently collected information about your child, please contact us at email@example.com and we will attempt to delete the information.
Changes to the Privacy Statement
The Privacy Statement is subject to change at any time, and the revision date will be noted here. We encourage users to regularly review the Privacy Statement for any changes. The most recent changes to the privacy statement occurred on August 16, 2016.