Web Privacy Statement

Cleveland State University is committed to ensuring the privacy and accuracy of your confidential information. We do not actively share personal information gathered from our Web servers. However, because Cleveland State is a public institution, some information collected from the university website, including information from our server logs, e-mails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act. This means that while we do not actively share information, in some cases we may be compelled by law to release information gathered from our Web servers.

Cleveland State University also complies with the Family Educational Rights and Privacy Act (FERPA), which prohibits the release of education records except in limited circumstances (i.e., with the student’s permission, to parents of dependent students, and in response to a valid court order). For more information on FERPA at Cleveland State University, go to https://www.csuohio.edu/registrar/family-educational-rights-and-privacy-act. Although FERPA regulations apply only to students, Cleveland State University is equally committed to protecting the privacy of all visitors to our website. Cleveland State also complies with the applicable provisions of the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA).

Sharing of Information

Unless required by the Ohio Public Records Act, it is against university policy to release information gathered through the Web, such as pages visited or personalized preferences.

Cleveland State University does, however, share information with other parties at the request of users (persons to whom the information applies). For example, the university receives test scores from testing agencies and will send transcripts to other schools at the student’s request.

Consistent with FERPA, we do not release personal student information, other than public directory information, to other parties unless we have legal authorization to do so. Student directory information may be released without the student’s written consent. Directory information includes: name, home city and state home address*, participation in officially recognized activities and sports, dates of attendance, degrees and awards (honors) earned, university e-mail address.

*Disclosure of the home address is restricted to state, local or national elected officials for the purpose of sending congratulatory letters, or to potential scholarship sponsors for the purpose of marketing scholarship opportunities. For more information go to https://www.csuohio.edu/registrar/family-educational-rights-and-privacy-act.

** Disclosure of the university email address is limited to users of the university email system only, and only for purposes of locating email addresses in the email directory.

Privacy and Public Records Requests

Cleveland State complies with all laws that prohibit the release of information. This includes student education records protected by FERPA, financial information, including credit card information protected by GLBA, and personal health information protected by HIPAA.

However other information collected from the Cleveland State website, including server log information, emails delivered to the university, and information collected from Web-based forms, may be subject to the Ohio Public Records Act.

If You Send Us Personal Information

Cleveland State’s website will only collect personal information that you knowingly and voluntarily provide by, for example, sending emails, completing membership forms, registering for classes or other programs, responding to surveys, or ordering merchandise. If you provide us with personal information, we will normally respond to your inquiry, request, or order; we may also contact you to provide information about college activities, programs, membership and development opportunities, and special events that may interest you. It is university policy that confidential information you enter is used only for the purposes described in that transaction, unless an additional use is specifically stated on that site.

Cleveland State University will only share information about you to other parties when one or more of the following conditions apply:

Encryption

Cleveland State uses encryption to prevent third parties from accessing sensitive data, such as passwords, e-commerce information, etc. You are normally required to enter a Cleveland State CSUID and password when you request data about yourself or to ensure that you are a member of the university community. For example, students who want to check their grades or staff members who complete time sheets must enter their Cleveland State CSUID and password so the system knows who is requesting the data. This login process uses Hypertext Transfer Protocol Secure (HTTPS) so the user name and password are encrypted between the Web browser and our Web server.

Several sites within Cleveland State University enable you to pay for products or services online with a credit card. These transactions are encrypted. Questions about security concerns involving credit card
transactions may be directed to security@csuohio.edu.

Information Collected and Stored Automatically

If you visit our website, we automatically gather and store the following information about your visit so that we can track the use of our website to make improvements. This automatically collected information is stored and used in the aggregate only, and is not under normal circumstances used to contact you personally.

Cookies

Cookies are small pieces of data stored by the Web browser, often used to remember information about preferences and pages you have visited. By setting preferences in your browser, you can refuse to accept cookies, disable cookies, and remove cookies from your hard drive.

Some Cleveland State University Web servers use cookies. For example, cookies are used so you will not have to repeatedly enter user names and passwords when you go to different parts of the website.

Linking

Within our website there are links to non-Cleveland State websites. When you link to third-party websites, you leave Cleveland State’s website and no longer will be subject to our privacy statement. Cleveland State University is not responsible for the privacy practices or the content of non-Cleveland State websites, and such links are not intended to be an endorsement of those sites nor their content.

Types of Personal Data Processed

In order for the university to achieve its core mission, it is essential and necessary for Cleveland State University to process personal data of its students, employees, applicants, research subjects, alumni, and others involved in the university’s educational, research, and community programs. Cleveland State University processes personal information for various lawful reasons, including, without limitation, academic admissions and enrollment; student registration; residence life; delivery of classroom, on-line, and study abroad education programs; administration and oversight of recreation programs, student organizations, and other various student affairs activities; distribution of grades, materials, and other communications by and among students, faculty, and staff; employment; applied research; program development and analysis; job hiring and employment; provision of medical services or health insurance; engagement with the community-at-large; compliance with its internal policies, procedures, and guidelines, as well as all applicable federal, state, and local laws; and records retention.

Personal data processed by the university typically includes name, address, email, phone number, transcripts, work history, financial information, information for payroll, research subject information, medical and health information (for admissions, student health services, travel, etc.), and donations. If you have specific questions regarding the collection and use of your personal data, please contact us via security@csuohio.edu.

If a data subject refuses to provide personal data that is required by Cleveland State University in connection with one of Cleveland State University’s lawful bases to collect such personal data, such refusal may make it impossible for Cleveland State University to provide education, employment, research, or other requested services.

Where Cleveland State University gets Personal Data

Cleveland State University receives personal data from multiple sources, most often directly from the data subject or under the direction of the data subject who has provided it to a third party (e.g., application for admission to Cleveland State University through use of the Common App or the CSU App).

Data Retention

Cleveland State University keeps the data it collects for the time periods specified in the Cleveland State University Record Retention Schedule https://www.csuohio.edu/records-retention/records-retention.

Disclaimer of Liability

The information contained in this statement explains the Internet privacy statement and practices that Cleveland State University has adopted for its official Web pages. In legal terms, it shall not be construed as a contractual promise, and the university reserves the right to amend it at any time without notice. Neither Cleveland State University nor any of its units, programs, employees, agents, or individual trustees shall be held liable for any improper or incorrect use of the information described and/or contained in the university website and assumes no responsibility for anyone’s use of the information.

Comments/Questions

Cleveland State University is a large organization with many people sharing responsibility for the content of our website. Please help us respond to your comments and inquiries by sending them to the appropriate Cleveland State department.

If you have questions about this Privacy Statement, or if you find Cleveland State Web pages that do not adhere to this statement, please email to Director of Web and e-Initiatives.