This policy defines the official websites of the University of Arkansas, addresses collection and use of information in connection with such websites, and describes under what circumstances the university may disclose such information, consistent with Ark. Code § 25-1-114.
The university adheres to all applicable federal and state laws, as well as general university policies that are applicable to the use of computing resources. These include, but are not limited to, the laws and policies contained in Appendix A.
Official University Websites
Access Information Collected
The university, while reserving its right to monitor communications via university websites for legal, policy or business reasons, including security and functionality, will not monitor the content of communications as a matter of normal business practice. However, the fact that communication occurred (such as when a user visits a university website or utilizes university websites to search for information or submit a form), may be routinely logged as a normal business practice.
Common information logged includes, but is not limited to, the following:
- the IP address of the user’s computer
- the date and time a user’s computer accessed our site
- the IP address and URL of a referring website
- the page the user requested from the university’s site
- the information that a user’s Web browser software sends, which typically identifies the browser software and may also indicate the operating system and type of CPU used in the user’s computer
- in the case of email, the sender and recipient's email addresses
Some university websites use Google Analytics, a Web analytics service provided by Google, Inc., to collect information such as URLs, Internet domain and host names, browser software, date and time site visited, etc.
Services are provided through university websites via forms (e.g., admissions, financial aid requests, job applications), surveys, etc., whereby individuals are required to enter personal information in order to process the request, such as name, physical and email addresses, phone numbers, and financial data. If information requested is not entered, the services and/or requests cannot be accomplished online.
How Personal Data Is Used
As a general rule, the university does not track individual visitor profiles. This data is used to analyze aggregate traffic/access information for resource management, site planning, advertising and marketing.
When personally identifiable information is entered through university websites, typically the information requested and collected is only used to provide the information or services sought by the requester, just as a person might provide such information when visiting a university office in person or submitting the information via paper, for example, an application for admission.
However, the university may also use any information gathered through university websites or exchange such information with other entities in order to carry out normal university business operations, including marketing and subcontractor services. Legal requirements concerning use and disclosure of sensitive information will be applied to information maintained with these resources to the same extent that the requirements are applied to other records kept or maintained by the university. The university does not sell information collected through university websites to other entities.
The university has several sites that enable encrypted, online payments. The confidential information entered for these payment transactions is only to be used for purposes defined within/for the transaction. Some transactions are isolated from campus systems and managed by a third party.
Children’s Online Activities
Some university websites may present university-sponsored information or activities that are specifically designed for children. However, any such websites are intended to be used only by adults to voluntarily share information online, so that a child who is under the age of 13 can participate in these activities (e.g., camps and enrichment programs) or so that the child can receive information from the university. When a parent or legal guardian voluntarily signs up his or her child for one of these programs, the parent may be asked to provide:
- the child’s name
- mailing address
- phone number
- date of birth
- school and grade level
- email address
- parent or legal guardian’s name and email address
The university, through its websites, does not make participation conditional in any university online activities on the disclosure of more information than is reasonably necessary to participate. This information will not be disclosed to a third party unless disclosure is integral to the site or service and will not be used for other purposes. Parents or guardians have the right:
- to review such personal information that has been recorded by a university website about their child
- to refuse to allow further collection of the information
- to require the deletion of any information that has been recorded
Third Party Applications and Links
University of Arkansas websites contains links to third party applications and websites that may or may not be hosted on university servers. The university cannot warrant or be responsible for the privacy policies of such sites. Users are encouraged to become familiar with the privacy policies of third party or off-campus sites.
In addition to complying with all applicable laws and regulations, the university strives to implement and maintain systems and policies to protect the confidentiality and integrity of personal information provided by users. Despite these security measures, the university does not represent or warrant that personal information will be protected against loss, misuse or alteration by third parties.
Disclosure of Data Collected
The university is required to comply with the Arkansas Freedom of Information Act (FOIA) (Ark. Code Ann. § 25-19-101 et seq.) and may be required to disclose records maintained in the daily operations of the university unless such records are exempt from disclosure under federal or state law. Therefore, some data collected through university websites may be subject to disclosure upon receipt of a valid FOIA request.
Additionally, at times, the university may be legally required to disclose information collected through university websites in response to a valid subpoena or court order or to comply with a legally permitted inquiry by a governmental agency or regulatory body.
Subject to governing law and other applicable university policies, the university reserves the right to disclose information collected on its websites to governmental authorities in connection with suspected unlawful activity or to aid an investigation into suspected unlawful activity. In addition, the university reserves the right to release information collected on university websites to appropriate governmental authorities if university officials determine, in their sole judgment, that university policies have been violated, or that release of information is necessary to protect the rights, health, safety or property of persons or the university or to protect the integrity of university computer networks. Further, the university reserves the right to disclose information as university officials believe necessary to exercise the university’s legal rights, to defend against actual or potential legal claims, or as otherwise permitted or required by university policy, including but not limited to, the Code of Computing Practices, as it may be amended or modified from time to time.
The European Union General Data Protection Regulation (GDPR) places additional obligations on organizations that control or process personally identifiable information about people in the European Union. Some UA activities may be covered by the GDPR, and the University has updated its policies on how it collects, stores, and processes certain types of data. Further details, as well as a description of protective measures undertaken by the University, data retention, and breach notification are available in the campus GDPR Policy.
For more information regarding this policy, please contact the Office of University Relations at 479-575-5555 or email firstname.lastname@example.org.
This policy is subject to periodic review and update by university officials.
February 5, 2015
The university adheres to all applicable federal and state laws, as well as general university policies that are applicable to the use of computing resources.
State and Federal Laws
- Family Education Rights and Privacy Act (FERPA)
- Electronic Communications Privacy Act of 1986
- Gramm-Leach-Bliley Act
- Health Insurance Portability and Accountability Act (HIPAA)
- USA Patriot Act
- Children’s Online Privacy Protection Rule
- Arkansas Freedom of Information Act
- 18 U.S.C. § 1030
- Ark. Code. § 5-41-101 et seq.
- Ark. Code. § 13-2-701 et seq.
- Ark. Code. § 25-1-114
- University of Arkansas Policies and Procedures
- University of Arkansas Board of Trustee Policies
- IT Services Computing Policies
Web Scraping Policy
You agree that any information collected through robots, crawlers or scrapers will not be sold, transferred or redistributed for monetary gain, because this content is protect by our copyright. In gathering data, you agree to use your legitimate IP address. You also agree to not use these tools to attempt to uncover personal information including applications, student financial information or any information protected by law under FERPA or any information secured by a login. Finally, do not crawl or scrape rotbots.txt files.