My Iona

Privacy Policy

INFORMATION SECURITY AND DATA PRIVACY POLICY

Iona University and its approved third-party affiliates collect and use information about individuals with whom it works in order to operate and carry out its functions. It is a priority of Iona University to preserve the integrity of personally identifiable information that may be collected. Iona University regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between the University and those with whom it carries out business. The Iona.edu web site is provided to support Iona University's mission and to be of service to students, parents, faculty, staff, alumni, friends, supporters, prospective students and the public.

SCOPE

This policy describes the processing and maintaining of personal data Iona University collects, its use and storage and the steps the University takes to ensure proper maintenance of the information. This policy applies to all students, parents, faculty, administrators, staff, alumni, friends, supporters, prospective students, visitors and all users of the Iona.edu site including the public.

INFORMATION COLLECTED

Iona University collects the following information including but not limited to:

Employees: Name, address and contact details, employment records and health data, including for purposes of payroll and benefits administration.

Students: Name, address, contact details, health data, educational records, including for purposes of financial aid and payment.

Prospective students: Third party companies may provide the University with contact and demographic information, including publicly available information such as prospective students who may be interested in attending Iona University.

Web Site Visitors (including members of public, prospective employees and prospective students): Personally identifiable information (e.g., email address, name, or phone number, basic personal information, background, educational or work history) which is voluntarily provided to the University to apply for employment or enrollment or seek enrollment materials, register for events and conferences or to join a mailing list.

Any personally identifiable information, voluntarily or otherwise collected, will be used for the purpose of facilitating communication and conducting business between the University and users of the site. This includes providing information about Iona University events, programs, and services of potential interest, unless the individual has opted out of such communications.

  • Cookies: Iona University also makes use of cookies to improve the web experience. A cookie is a piece of data stored by a web site on a user's hard drive, which contains information about the user. Iona University employs cookies to keep track of user names and passwords, as well as to personalize the experience at www.iona.edu. An individual can set their browser to decline or accept cookies, though if an individual chooses not to accept cookies, some parts of the www.iona.edu site may function less efficiently.

    The University and third-party vendors use first-party cookies (such as the Google Analytics) and third-party cookies together to monitor and analyze web traffic that can be used to keep track of user behavior and demographics. Users may opt-out of Google Analytics by changing their Ads Settings or by downloading and installing the Opt-out Browser Add-on.
  • Network traffic logs: In the course of ensuring network security and consistent service for all users, the University employs software programs to monitor network traffic, identify unauthorized access or access to nonpublic information, detect computer viruses and other software that might damage University computers or the network, and monitor and tune the performance of the University network.

    In the course of such monitoring, these programs may detect such information as email headers, addresses from network packets, and other information. Information from these activities is used for the purpose of maintaining the security and performance of the University's networks and computer systems.
  • Web Visit Logs: The University web sites collect and store information from online visitors to help manage those sites and improve service. This information includes the pages visited on the site, the date and time of the visit, the internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on our search engines.

Data Protection Controller

The University has appointed the Vice Provost for Information Technology/CIO to assume the responsibilities of a Data Protection Controller (DPC). The DPC

  • coordinates the data security program and helps ensure compliance with privacy policies;
  • assesses internal and external risks and implements controls;
  • vets third-party service providers for appropriate data protection plans;
  • advises employees in security protocols;
  • maintains records retention policy and destruction of records;
  • works in collaboration with the Information Technology team to review and approve the dissemination of personal information to outside parties;
  • conducts investigations and works effectively with respective management to resolve instances of data breaches.

DATA SAFEGUARD PROTOCOLS

The University has implemented safeguard protocols for personally identifiable information which employees are responsible to implement. These include:

  • Collecting and processing only the data and information that is needed;
  • Using and disclosing data only in ways compatible with the needs of the University;
  • Implementing physical security controls such as securely locking files and paper records containing personal information;
  • Ensuring computers and applicable programs are password protected and passwords are changed frequently;
  • Retaining data for no longer than is necessary for the purpose or purposes;
  • Shredding and carefully disposing of records containing personally identifiable information;
  • Limiting access to personal information to only those who have a work related need for its use;
  • Immediately reporting the loss or theft of computer equipment to Campus Safety;
  • Immediately reporting a breach in data security to the DPC

Surveys and E-mail

Iona University may request information through surveys, which users may choose to participate in on a voluntary basis. Information gathered may be used for marketing and promotional purposes or to notify of new content, among other uses. If an individual E-mails the University with questions or comments, the University may use their personal information in order to respond. The University may also share the information with a third party to assist in its response.

Links to third-party sites

This web site may contain links to sites owned or operated by parties other than Iona University. Iona University does not control outside sites and is not responsible for their content. Inclusion of links to an outside site does not imply any endorsement of the material on the site or, unless expressly stated otherwise, any sponsorship, affiliation, or association with its owner, operator, or sponsor.

Exceptions

Iona University occasionally hires other companies to provide services on its behalf; for example, to process event registrations, to send alumni announcements, and to provide marketing or information on upcoming events, etc. Iona University will provide these companies only with the information needed to deliver the services, and, where applicable, such companies will be contractually obligated to maintain the confidentiality of the information and prohibited from using that information for any other purpose.

In certain circumstances the University will release specific information to comply with any valid legal process such as a search warrant, subpoena, statute, or court order, or in other special cases, such as an attempted breach of the Iona.edu security, without notice to the individual.

Minors

The information and services described on www.iona.edu are not intended for individuals under the age of 13. Iona University does not knowingly collect any information from individuals under the age of 13. If the University learns that it inadvertently collected or received personally identifiable information from an individual under the age of 13 without verification of parental consent, the University will delete that information.

Security

Iona University provides a secure server to protect information from being viewed by an outside user. The technology transmits and receives scrambled data, which is decoded on the server side.

Copyright

This site and all information and images within it are copyright Iona University, unless otherwise noted. U.S. copyright law protects all materials on this site. All rights reserved. Anyone wishing to obtain permission to reproduce any materials appearing on this site should contact webmaster@iona.edu

Disclaimer

The information on this site is provided "as is," and no representations or warranties of any kind are made regarding it. This policy is not to be applied in any manner contrary to applicable law or governmental regulation.

Access to and control over personal information

An individual has the right to access the personally identifiable information that Iona University has collected and may do the following at any time by contacting webmaster@iona.edu to

  • Opt out of any future contacts from the University;
  • See what personally identifiable information the University has about the individual, if any and with whom it may have been shared;
  • Change, correct, or have deleted any personally identifiable information except where prohibited by law; and/or
  • Express any concerns about the University's use of personally identifiable information.

How to Contact Us

Contact webmaster@iona.edu with any questions or concerns about this policy.

Commitment

Iona University is fully committed to complying and keeping in accordance with the requirements of the Family Educational Rights and Privacy Act of 1974 (FERPA) for student data, Health Insurance Portability and Accountability Act of 1996 (HIPAA) for health data in a clinical setting, Gramm-Leach-Bliley Act (GLBA), General Data Protection Regulation (GDPR) for data of European residents and any other federal, state or local law related to the security of personally identifiable information.

Updates

Iona University reserves the right to make changes to this policy at any time. All updates will be posted on this page. Continued use of www.iona.edu following the posting of changes to these terms will mean acceptance of these changes.

Updated: November 2023