MSU Privacy Statement
Michigan State University is committed to safeguarding the privacy of personal data. This privacy statement outlines the collection, use and disclosure of information provided to the University resulting from use of MSU’s websites (“MSU Sites”), such as visiting websites and providing information to MSU through a website by prospective students, students, alumni and the general public.
MSU Website Information Collected and how that information is used
MSU Sites collect two general types of information: (a) information a website visitor voluntarily provides to the University, which may include personal information (such as name, address, e-mail address, etc.) and (b) information collected automatically through cookies, pixels and server logs when someone visits MSU Sites.
Types of Data Commonly Collected on Websites
Zero, First- and Third-Party Data
Zero-party data is data a website visitor provides through some voluntary and deliberate action, such as filling out a form. It is data the website visitor has directly given to MSU. First-party data is data collected by a website when a visitor loads a page in their browser. By loading the page, the visitor is granting permission for the website to collect that data. Third-party data is data collected by compaies that do not have a direct relationship with a consumer (a website visitor, in this case).
Personal Information and Non-Personal Information
Personal information refers to data and information related to an identified or identifiable individual, including unique identifiers such as IP (Internet Protocol) addresses. Non-personal information refers to data that cannot be connected to a specific, identified or identifiable individual.
Standard Data Collection Technology
Cookies are small, often encrypted text files, located in web browser directories. The files contain information about a visitor’s computer/browser that helps a website identify a computer as having visited a website to improve the return visit experience. Cookies don't identify you personally and they can't determine who you are, but they can remember the device you are using and thus make it simpler for you to use a website.
Cookies are what allow a website visitor to stay logged into a website when they leave and later return to the website.
More information about cookies is available at www.allaboutcookies.org.
Pixels are tiny squares – often transparent – that load when a browser downloads a webpage. These pixels enable sharing data between a web server and an advertising server. Pixels send a cookie to the ad server when a website visitor has taken a particular action, such as filling out a form or reading a particular page. In this case, the cookies loaded by the pixel are an example of a third-party cookie: the cookie is generated by the third-party advertiser (such as a social media network), not the website that was visited.
Information Voluntarily Provided by Website Visitors Through MSU Sites
MSU Sites will only collect personal information that website visitors knowingly and voluntarily provide by, for example, responding to surveys or communications, completing membership or subscription forms, registering for events or volunteer opportunities, submitting applications, making a gift or purchase, etc.
Policies, Procedures and Security
The information collected by MSU Sites is subject to MSU’s Institutional Data Policy. Generally, it is MSU’s practice to use personal information only for the purposes for which it was requested and any additional uses specifically stated on the MSU website where the information is being entered. However, information collected through MSU Sites may be subject to the University’s obligation to respond to subpoenas, court orders, discovery requests and requests for public records under the Michigan Freedom of Information Act.
The University may also access or permit access to information collected through MSU Sites in accordance with and subject to the limitations of the University’s Acceptable Use Policy for MSU Technology Resources.
Although MSU Sites have security measures in place to protect personal information provided to us by website visitors, visitors should also take proactive steps to protect personal information such as closing all web browsers after using MSU Sites. Information disclosed in chat rooms, news groups, forums, message boards and similar contexts may become public. Visitors should therefore exercise caution before disclosing personal information in such contexts.
MSU complies with the Payment Card Industry (PCI) Data Security Standards. When website visitors engage in financial transactions, MSU websites redirect the payment process to a secure payment site where a visitor may be asked for a credit card number. All credit card transactions are processed in compliance with PCI standards. No credit card data is saved after authorization. No credit card data is stored electronically at MSU. If a visitor saves a credit card for future use, this data is stored by a third party and not directly with MSU.
Website Visitor Surveys
Occasionally, MSU Sites may request information from visitors via website visitor surveys to improve websites or other university communications or experiences or for contests.
Participation in these surveys or contests is completely voluntary and the visitor therefore has a choice whether to disclose their information. Information requested may include demographic data, such as race, ethnicity, gender and age.
Information MSU Sites Collect Automatically
MSU Sites may collect the types of data (zero, first and third party) described above using the data collection technology (cookies, pixels) listed above.
MSU uses this information primarily to improve the visitor experience on MSU Sites and to be able to serve content and advertising on third-party advertising platforms (e.g., Google Display Network, Facebook, TikTok, LinkedIn).
Cookies and Pixels
MSU uses technology platforms that collect cookie and pixel data and use it to improve the website experience for visitors. In some cases, the visit experience can be improved without a visitor being personally identifiable (e.g., a type of content can be presented based on previously visited content without knowing who a visitor is) while in other cases MSU is able to improve the website experience based on personal information previously provided to MSU (e.g., a specific prospective student who has not yet applied may be presented content about application requirements while another who has applied will not see that content).
Pixel data may also be shared with advertising platforms to serve relevant ads on non-MSU websites and in social media platforms to people who have visited MSU’s websites. An example of this is data collected using a pixel for Meta, the parent company of Facebook. While MSU and its agency partners are not able to associate this data with a specific individual, advertising platforms can. This is what makes it possible, for example, for ads for specific programs to be served in TikTok to a person who has visited an MSU site and viewed those programs. This is a very common advertising practice used by thousands of organizations.
First- and Third-party Tracking Technology
MSU Sites may use additional tracking technologies (such as Google Analytics and Matomo Analytics) to obtain website usage information, such as visitors’ IP (Internet Protocol) addresses, internet domain and host names, browser software and the date and time that website is visited, which may be considered personal data in some jurisdictions. Data from tracking technologies allows MSU to improve the performance of MSU Sites, understand how visitors find MSU Sites, improve the content of MSU Sites and improve website visitors’ experience.
MSU’s use of Google Analytics complies with Google’s Terms of Service and the MSU Access to Student Information Guidelines. Google provides more information about Google’s privacy practices and information on how to opt out of Google Analytics tracking of web browsing.
Individuals also may wish to review the MSU Access to Student Information Guidelines.
MSU Sites may use enterprise search technology, such as Google custom search. The technology captures search queries that can be used to help improve web experience, such as by providing answers to common searches or presenting content to website visitors that may be helpful based on their search query and based on similar queries from other visitors.
MSU web servers routinely generate logs that contain the following types of information each time MSU Sites are used:
- The date, time and length of a visit.
- The path taken through MSU Sites and the browser being used.
- The list of files downloaded and the amount of time spent viewing video or accessing audio files.
- The IP address of the computer accessing MSU Sites.
- Any errors encountered.
- Approximate location information, obtained from IP address.
This information is used to monitor the functioning and integrity of MSU Sites.
Links to Other Websites
MSU Sites may contain links to other websites. Please be aware the University does not control or claim any responsibility for the privacy practices or content of other sites linked through MSU Sites. Individuals should read the privacy statements of each website they visit.
How MSU Uses Collected Information
Reasons for Collecting Information
MSU may use the data collected from visitors to MSU Sites:
- To tailor content on MSU Sites to better meet visitor’s needs and interests
- To tailor advertising to individuals, in conjunction with third-party ad technology service providers
- To improve performance of MSU Sites to better serve website visitors
- To gather feedback from website visitors
- To facilitate processes such as applications, enrollment, donations, etc.
University Use of Personal Information
MSU collects and processes personal information (which may include certain sensitive information) that is submitted to MSU from individuals who are, for example, applying for admission to the University, enrolled in the University, employed with the University, are alumni of the University or are subscribing to communications from the University.
MSU processes such personal information as necessary in the exercise of the University’s legitimate interests, functions and responsibilities as a public higher education research institution. Personal information submitted to MSU is subject to MSU’s Institutional Data Policy.
MSU may use information (including certain sensitive information) collected from students, alumni, faculty, staff, prospective students, prospective employees and website visitors:
- to register and enroll persons in the University,
- provide and administer housing to students,
- manage student and employee accounts,
- provide academic advising,
- deliver education programs,
- analyze and improve education programs,
- conduct outreach,
- provide tailored website visit experiences,
- make regulatory reports,
- comply with accreditation requirements and other related University processes and operations; and
- conduct general demographic and statistical research to improve University programs.
MSU may share information (including certain sensitive information) with third parties who have entered into contracts with the University to perform functions on behalf of the University, subject to the obligation of confidentiality and safeguarding from unauthorized disclosure.
Retention of Information
A website visitor’s information will be retained by MSU in accordance with applicable federal laws, state laws and the retention periods in the University’s record retention schedules.
Updating Personal Information
Individuals affiliated with the university may correct, update or remove the personal information available in the MSU directory listing, which is accessible to individuals with an MSU NetID login. In particular:
- Students: See Steps for Students on MSU IT’s article “How to Change or Restrict Your Directory Information at MSU” to update or restrict your contact information listed in the people directory.
- Faculty, staff and retirees: See Steps for Faculty / Staff / Retirees on MSU IT’s article “How to Change or Restrict Your Directory Information at MSU” to update or restrict your contact information listed in the people directory.
Rights for Data Subjects from Locations outside the United States
If an individual provides information directly to MSU from a location outside the United States via a website, the individual consents to the transfer of their personal information to the United States.
To the extent applicable, data subjects outside the United States have the right, in certain circumstances, to request access to, a copy of, rectification, restriction in the use of or erasure of their information. These requests will be subject to the retention periods of applicable federal and state law. Visitors also have the right to lodge complaints with their national or regional data protection authority. If a visitor is inclined to exercise their rights, they should contact MSU at email@example.com and include “privacy statement” in the subject.
MSU uses appropriate technical and organizational security measures to protect website visitor information when visitors transmit it to the University and when the University stores it on its information technology systems.
When individuals submit information to MSU or use MSU Sites and other services, the individual consents to the collection, use and disclosure of that information as described in this Privacy Statement.
Changes to Privacy Statement
MSU may update or change this policy at any time. The continued use of MSU Sites and any third-party applications after any such changes indicates acceptance of these changes by the visitor.
Questions and feedback
Questions, comments and concerns are always welcome. Please contact us at firstname.lastname@example.org and include “privacy statement” in the subject.
This policy was last updated February 2024.