My Iona

Privacy Policy

INFORMATION SECURITY AND DATA PRIVACY POLICY

Iona College and its approved third party affiliates collect and use information about individuals with whom it works in order to operate and carry out its functions. It is a priority of Iona College to preserve the integrity of personally identifying information that may be collected. Iona College regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between the College and those with whom it carries out business. The Iona.edu web site is provided to support Iona College’s mission and to be of service to students, parents, faculty, staff, alumni, friends, supporters, prospective students and the public.

Scope

This policy describes the processing and maintaining of personal data Iona College collects, its use and storage and the steps the College takes to ensure proper maintenance of the information. This policy applies to all students, parents, faculty, administrators, staff, alumni, friends, supporters, prospective students, visitors and all users of the Iona.edu site including the public.

Information Collected

Iona College collects the following information including but not limited to:

Employees: Name, address and contact details, employment records and health data, including for purposes of payroll and benefits administration.

Students: Name, address, contact details, health data, educational records, including for purposes of financial aid and payment.

Prospective students: Third party companies may provide the College with contact and demographic information, including publically available information such as prospective students who may be interested in attending Iona College.

Web Site Visitors (including members of public, prospective employees and prospective students): personally identifiable information (e.g., email address, name, or phone number, basic personal information, background, educational or work history) which is voluntarily provided to the College to apply for employment or enrollment or seek enrollment materials, register for events and conferences or to join a mailing list.

Any personally-identifiable information voluntarily or otherwise collected, will be used for the purpose of facilitating communication and conducting business between the College and users of the site. We also use it to inform you about Iona College events, programs, and services of potential interest, unless you have opted out of such communications.

  • Cookies: Iona College also makes use of cookies to improve our visitor’s web experience. A cookie is a piece of data stored by a web site on a user’s hard drive, which contains information about the user. Iona College employs cookies to keep track of user names and passwords, as well as to personalize your experience at Iona.edu. An individual can set your browser to decline or accept cookies, though if you choose not to accept cookies, some parts of the Iona.edu site may function less efficiently.

    The College and third-party vendors use first-party cookies (such as the Google Analytics) and third-party cookies together to monitor and analyze web traffic that can be used to keep track of user behavior and demographics. Users may opt-out of Google Analytics by changing their Ads Settings or by downloading and installing the Opt-out Browser Add-on.

  • Network traffic logs: In the course of ensuring network security and consistent service for all users, the College employs software programs to do such things as monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage College computers or the network, and monitor and tune the performance of the College network.

    In the course of such monitoring, these programs may detect such information as email headers, addresses from network packets, and other information. Information from these activities is used for the purpose of maintaining the security and performance of the College's networks and computer systems.

  • Web Visit Logs: The College web sites collect and store information from online visitors to help manage those sites and improve service. This information includes the pages visited on the site, the date and time of the visit, the internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on our search engines.

Data Safeguard Protocols

The College has implemented safeguard protocols for personally identifying information which employees are responsible to implement. These include:

  • Collecting and processing only the data and information that is needed;
  • Using and disclosing data only in ways compatible with the needs of the College;
  • Implementing physical security controls such as securely locking files and paper records containing personal information;
  • Ensuring computers and applicable programs are password protected and passwords are changed frequently;
  • Retaining data for no longer than is necessary for the purpose or purposes;
  • Shredding and carefully disposing of records containing personally identifying information;
  • Limiting access to personal information to only those who have an work related need for its use;
  • Immediately reporting a breach in data security to the Director, Internal Audit.

Data Protection Controller

The College has appointed the Director, Internal Audit to assume the responsibilities of a Data Protection Controller (DPC)/Information Security Officer. The DPC

  • coordinates the data security program and ensures compliance with privacy policies;
  • assesses internal and external risks and implements controls;
  • vets third party service providers for appropriate data protection plans;
  • advises employees in security protocols;
  • maintains records retention policy and destruction of records;
  • works in collaboration with the Vice Provost for Information Technology, reviewing and approving the dissemination of personal information to outside parties;
  • conducts investigations and works effectively with respective management to resolve instances of data breaches.

Surveys and Email

Iona College may request information through surveys, which users may choose to participate in on a voluntary basis. Information gathered may be used for marketing and promotional purposes or to notify of new content, among other uses. If an individual emails the College with questions or comments, the College may use their personal information in order to respond. The College may also share the information with a third party to assist in its response.

Links to Third-Party Sites

This web site may contain links to sites owned or operated by parties other than Iona College. Iona College does not control outside sites and is not responsible for their content. Inclusion of links to an outside site does not imply any endorsement of the material on the site or, unless expressly stated otherwise, any sponsorship, affiliation, or association with its owner, operator, or sponsor.

Exceptions

Iona College occasionally hires other companies to provide services on its behalf; for example, to process event registrations, to send alumni announcements, and to provide marketing or information on upcoming events, etc. Iona College will provide these companies only with the information needed to deliver the services, and, where applicable, such companies will be contractually obligated to maintain the confidentiality of the information and prohibited from using that information for any other purpose.

In certain circumstances the College will release specific information to comply with any valid legal process such as a search warrant, subpoena, statute, or court order, or in other special cases, such as an attempted breach of the Iona.edu security, without notice to the individual.

Minors

The information and services described on Iona.edu are not intended for children under the age of 13. Iona College does not knowingly collect any information from children. If we learn that we have collected or received personally identifiable information from a child under 13 without verification of parental consent, we will delete that information.

Security

Iona College provides a secure server to protect information from being viewed by an outside user. The technology transmits and receives scrambled data, which is decoded on the server side.

Copyright

This site and all information and images within it are copyright Iona College, unless otherwise noted. U.S. copyright law protects all materials on this site. All rights reserved. Anyone wishing to obtain permission to reproduce any materials appearing on this site should contact webmaster@iona.edu.

Disclaimer

The information on this site is provided “as is,” and no representations or warranties of any kind are made regarding it. This policy is not to be applied in any manner contrary to applicable law or governmental regulation.

Access to and Control Over Personal Information

An individual has the right to access the personally identifiable information that Iona College has collected and may do the following at any time by contacting us at webmaster@iona.edu:

  • Opt out of any future contacts from the College;
  • See what personally identifiable information the College has about the individual, if any and with whom it may have been shared;
  • Change, correct, or have deleted any personally identifiable information except where prohibited by law; and/or
  • Express any concerns about our use of the personally identifiable information.

How to Contact Us

Should you have any questions or concerns about this policy, please contact us at webmaster@iona.edu.

Commitment

Iona College is fully committed to complying and keeping in accordance with the requirements of the Family Educational Rights and Privacy Act of 1974 (FERPA) for student data, Health Insurance Portability and Accountability Act of 1996 (HIPPA) for health data in a clinical setting, and the General Data Protection Regulation (GDPR) for data of European residents and any other federal, state or local law related to the security of personally identifiable information.

Updates

Iona College reserves the right to make changes to this policy at any time. All updates will be posted on this page. Your continued use of Iona.edu following the posting of changes to these terms will mean you accept these changes.

Updated: December 2019