Internet Privacy Policy

Commitment to Privacy:

The University at Albany is committed to protecting your privacy and making it easier and more efficient for individuals and businesses to interact with the University. We recognize that it is critical for individuals and businesses to be confident that their privacy is protected when they visit (a.k.a. You can travel through most of without giving us any information about yourself. Sometimes we do need information to provide services that you request, and this commitment of privacy explains our online information practices.

The University at Albany does not collect any personal information about you unless you provide that information voluntarily by sending an e-mail or completing an online form.

This policy is consistent with the provisions of the Internet Security and Privacy Act, the Freedom of Information Law, and the Personal Privacy Protection Law.

Information Collected Automatically When You Visit

When visiting, the University web server automatically collects and stores the following information about your visit:

  • The Internet Protocol address or host name of the computer that accessed the website

  • The type of browser, its version and the operating system on which that browser is running

  • The web page from which the user accessed the current web page

  • The date and time of the user's request

  • The exact request for information made by the user

  • The status code returned to the user

  • The content length of any document sent to the user

  • The request method used

  • The Universal Resource Identifier (URI) and any associated query string which defines the location of a resource on the server

  • The transport protocol and the version used

None of the above-mentioned information is deemed to constitute personal information by the Internet Privacy and Security Act. The information that is collected automatically is used to improve's content and to help the University at Albany understand how users are interacting with its website. This information is collected for statistical analysis and to determine what information is of most and least interest to our users. The information is not collected for commercial marketing purposes and the University is not authorized to sell or otherwise disclose the information collected from for commercial marketing purposes.

Information Collected When You Volunteer (deliberately send) Information:

During your visit to you may elect to send an e-mail to a University office or representative. When you do so, your e-mail address and the contents of your message will be collected. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, to improve this website, or to forward your message to another campus office for appropriate action. Your e-mail address is not collected for commercial purposes and the University is not authorized to sell or otherwise disclose your e-mail address for commercial purposes.

During your visit to you may also opt to complete a transaction such as an online application or an information request form. If the transaction requires authentication, a userid may be collected. The information collected by the University at Albany, including personal information volunteered by you in completing the transaction, is used by University to provide services or information tailored specifically to your needs, to forward your message to another entity that is better equipped to assist you, or to plan website improvements.

The University at Albany does not knowingly collect personal information from children under the age of 13 or create profiles of children under the age of 13. Users are cautioned, however, that the collection of personal information submitted in an e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access.

Disclosure of Information Collected Through This Website:

The collection of information through and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. The University at Albany will only collect personal information through or disclose personal information collected through if the user has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to the University at Albany by the user, constitutes consent to the collection and disclosure of the information by the University for the purposes for which the user disclosed the information to the University as was reasonably ascertainable from the nature and terms of the disclosure.

However, the University at Albany may collect or disclose personal information without consent if the collection or disclosure is: (1) necessary to perform the statutory duties of the University, or necessary for the University to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.

Further, the disclosure of information, including personal information, collected through is subject to the provisions of the Freedom of Information Law and the Personal Privacy Protection Law.

The University at Albany may disclose personal information to federal or state law enforcement authorities to enforce its rights against unauthorized access or attempted unauthorized access to the University's information technology assets.

Backup and Retention of Contents of the University at Albany Web Server:

The University at Albany web server is backed up on a daily basis. Backups are retained for a period of three weeks to insure that the University is able to restore services in the event of a disaster. Some files such as system, security and Internet services logs (automated logs created to monitor access and use of University services provided through are retained for a period of time greater than 21 days. Information concerning these records retention and disposition schedules may be obtained through the Internet Privacy Policy contact listed in this policy.

Access to and Correction of Personal Information Collected Through

Any user may submit a request to the University's privacy compliance officer to determine whether personal information pertaining to that user has been collected through Any such request shall be made in writing and must be accompanied by reasonable proof of identity of the user. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the user, or similar appropriate identification. The address of the privacy compliance officer is:

Privacy Compliance Officer
University at Albany
State University of New York
1400 Washington Avenue
Albany, New York 12222

The privacy compliance officer shall, within five (5) business days of the receipt of a proper request, provide access to the personal information; deny access in writing, explaining the reasons therefore; or acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) days from the date of the acknowledgment.

In the event that the University at Albany has collected personal information pertaining to a user through and that information is to be provided to the user pursuant to the user's request, the privacy compliance officer shall inform the user of his or her right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.

Confidentiality and Integrity of Personal Information Collected Through

The University at Albany is strongly committed to protecting personal information collected through against unauthorized access, use or disclosure. Consequently, the University limits employee access to personal information collected through to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information follow appropriate procedures in connection with any disclosures of personal information.

In addition, the University at Albany has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, authorization, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.

For website security purposes and to maintain the availability of for all users, the University at Albany employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage


A cookie is a simple text file that is sent to a web browser from a website and is stored on the computer of a site visitor. Cookies provide a website the means of distinguishing among visitors. The use of cookies is a standard practice among Internet websites.

Cookies, when permitted by the web browsers of our site visitors, may be used on the University website to collect non-personal information as defined by the New York State Internet Security and Privacy Act such as:

  • date and time of visit

  • pages visited

  • referring web page, if present

  • type of browser used

Aggregate information collected will be utilized to determine the broad viewing interests of our audience. Site developers will then enhance and customize the site based on this data.

Session Cookies:

Session cookies are created automatically on the computer or other device used to access a website. They do not contain personal information. A session cookie is erased when the browser is closed.

Persistent Cookies:

A persistent cookie is a small text file stored on a site visitor’s hard drive for an extended period of time. For example, where the University allows you to complete a registration to personalize the website, a "persistent cookie" will be stored on your computer's hard drive. This persistent cookie will allow the website to recognize you when you visit again and tailor the information presented to you based on your needs and interests. Persistent cookies may also be used on pages that do not require user registration.

Refusing Cookies:

By default most web browsers are set to accept cookies, however they can be configured to refuse cookies. Browsers can also be used to delete existing cookies. Refusing or deleting cookies may limit your ability to take advantage of some features of the website.

e-Commerce Transactions:

The University at Albany occasionally works with third parties who provide e-commerce solutions in order to make a wider array of services available on our website. This may include, but is not limited to, options to purchase goods and/or services online. Such transactions may require you to share personal data about yourself, including credit card numbers or other financial information.

The University only enters into contracts with third parties who comply with all Payment Card Industry Data Security Standards, as well as all University policies and procedures pertaining to information security. This includes physical, electronic and managerial processes to safeguard the data that is entrusted to us.


The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided through

Contact Information:

For questions regarding this policy, please contact our privacy officer via e-mail at or by regular mail at:

Privacy Compliance Officer
University at Albany
State University of New York
1400 Washington Avenue
Albany, New York 12222


The following definitions apply to, and appear in italics, in this policy:

Personal information: For purposes of this policy, "personal information" means any information concerning a natural person which, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person.

User: shall have the meaning set forth in subdivision 8 of section 202 of the State Technology Law.

Last Revised: February 2015