University of Oregon e-Commerce Privacy Statement

The University of Oregon is committed to safeguarding the privacy of those who utilize our e-commerce websites. University of Oregon e-commerce websites are developed in accordance with this privacy statement and adhere to the following set of privacy principles.

Your Personal Information

University of Oregon websites may request personal information from you in order to complete an e-commerce transaction.  For example, name, phone number, physical address, shipping address (if different), e-mail address.  

Your information will be used only to execute the immediate transaction, and for business needs of the University related to the transaction.

Your information will be provided to other parties only as necessary to complete your transaction and provide services to you.

The University of Oregon will not provide any of your personal information to third parties without your permission, and we will not sell any personal information to third parties for purposes of marketing, advertising or promotion. The University may release personal information when required to comply with law or to protect the rights, property or safety of the University, our users, and others.

Network Security

The information you provide is protected in transit using a network protocol called Secure Sockets Layer (SSL). Through the use of SSL, information being transmitted is encrypted or scrambled to make it extremely difficult for anyone who intercepts the information to read it.

The University of Oregon employs software programs to monitor network traffic, identify unauthorized access, detect computer viruses and other software that might damage University computers or the network, and monitor and tune the performance of the University network. In the course of such monitoring, these programs may detect such information as e-mail headers, addresses from network packets, and other information contained in the network traffic. Information from these activities is used only for the purpose of maintaining the security and performance of the University's networks and computer systems. Personally identifiable information from these activities is not released to external parties without your consent unless required by law. For site management, information is collected for statistical purposes.

The University of Oregon uses software programs to create summary statistics, which are used for such purposes as assessing what information is of most and least interest, determining technical design specifications, and identifying system performance or problem areas.

University websites routinely collect and store information from online visitors to help manage those sites and improve service. This information includes the pages visited on the site, the date and time of the visit, the internet address (URL or IP address) of the referring site, the domain name and IP address from which the access occurred, the version of browser used, the capabilities of the browser, and search terms used on our search engines. Our sites make no attempt to identify individual visitors from this information: any personally identifiable information is not released to external parties without your consent unless required by law.

Your Credit Card Data

The University of Oregon contracts with service providers for the collection and processing of credit card information.  During your transaction you will be redirected to a payment page that is hosted by one of our trusted service providers; NBS QuikPAY, Cybersource Authorize.NET, Elavon Virtual Merchant, or Paciolan eVenue etc.  Our service providers are responsible for the privacy and security of your credit card data.  They are listed on Visa’s Global registry of validated service providers.  Each year, independent security assessors validate their compliance with the Payment Card Industry Data Security Standards (PCI DSS).

Use of Cookies

Some University websites follow the progress of your transaction by passing pieces of information to your web browser for storage and subsequent retrieval ("cookies"). A cookie is a file written to your computer's hard drive that is often used to remember information about preferences and pages you have visited. Also, if you submit personal information to our Web site (such as your name, interests or preferences), we may use cookies to keep track of such information so that you will not need to re-enter it during subsequent visits. You may set your Internet browser preferences to notify you when you receive a cookie, or you may decline acceptance of cookies. If you decline acceptance of cookies, however, you may experience less than optimal performance from our website.

Caution on Links to Other Web sites

Our website may contain links to other websites. Please be aware that the University is not responsible for the privacy practices of such other sites. The user is encouraged to be aware when they leave our website and to read the privacy statements of each and every website that collects information about you. This privacy statement applies solely to information collected by our website.

Consent

By conducting electronic commerce transactions on our website, you consent to University of Oregon’s use and collection of the information you provide for the purposes of the transaction. If the University's privacy guidelines change, such changes will be reflected on this page. Please refer to this policy before making a transaction or sharing personal information.

Oregon Public Records

In the State of Oregon laws exist to ensure that the government is open and that the public has a right to access appropriate records and information possessed by state government.  All information collected by our webistes becomes a public record unless an exemption in law exists.  ORS Chapter 192 contains Oregon Public Record Law.

Personal information such as name, address and telephone number may be exempt from disclosure if disclosure would constitute an unreasonable invasion of privacy.

Oregon Identity Theft Protection

Oregon’s Identity Theft Protection Act (ITPA), ORS 646A.600, defines ‘personal information’ as a consumer's name in combination with a Social Security number, or Oregon driver license number or Oregon identification card, or financial account or credit or debit card number along with a security or access code or password that would allow someone access to a consumer's financial account.

Anyone who maintains personal information of Oregon consumers must notify their customers if computer files containing that personal information have been subject to a security breach. The notification must be done as soon as possible, in one of the following manners:

  • Written notification
  • Electronic, if this is the customary means of communication between you and your customer
  • Telephone notice provided that you can directly contact your customer

 University policy prohibits the storage of customer credit card data on the university network.  If for some reason the university determines that your ‘personal information’ has been subject to a security breach you will be notified in accordance with state law.