Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Use of the College Name, Seal, and Logos Policy

2.6.8 Website Privacy Policy 


Effective Date:

May 6, 2019

Policy Number:

 II- 2.6.8


 Not applicable.

Issuing Authority:


Responsible Officer:

AVP for Marketing and Communication



All members of the Canisius College community responsible for maintaining a college website.





The purpose of this policy is to ensure that all official college websites include a link to the college’s Privacy Policy statement about the information that is collected by the page (both automatically and voluntarily), how that information is used by the college, and how the college complies with multiple regulations, including the European Union General Data Protection Regulation ("EU GDPR").


It is the policy of Canisius College that all college websites comply with regulations addressing privacy practices and inform online users of how information at that site is managed through the posting of a Privacy Policy statement.  Accordingly, members of the college community responsible for maintaining a college website must ensure that each page of the website display a link to the college’s Privacy Policy (see

Note: The Institutional Review Board (IRB) is responsible for reviewing sites conducting web-based research.  The IRB develops its own guidelines for the use of websites in research and applies those guidelines to research projects requiring IRB review.


Member of the College Community—includes any person who is a student, faculty member, staff member, organization, club, group, team, alumni, volunteer, trustee, or any other person employed by the college.  This definition also includes all college departments, offices and programs.

College Website—any website operated on (a) the college network, (b) by a college department, organization or program, or (c) using college resources, whether or not it is accessed through a address.

See also the Definitions and Legal References section of the Privacy Policy statement below.




Thank you for visiting our site. This statement discloses the privacy practices for the Canisius College website and any related offline print and electronic publications. By using our site or one of our offline print or electronic publications, you agree to the collection, use and disclosure of your personal data as described in this statement. If you do not agree to the terms of this statement, then please do not use the site or such publications. BY USING THIS SITE, YOU AGREE TO OUR COLLECTION, USE AND MAINTENANCE OF YOUR DATA OR PERSONAL DATA IN THE UNITED STATES. If you are visiting the site from a location outside of the United States, your connection will be through and to servers located in the United States. All personal data you provide will be processed and securely maintained in our web servers and internal systems located within the United States.

If you have any questions regarding this Privacy Policy, please send us an e-mail ( Contact us by mail at 2001 Main Street, Buffalo NY 14208-1517.

Please read this Privacy Policy carefully.

Definitions and interpretation

In this Privacy Policy, the following definitions are used:

Data or Personal Data

collectively all information that you submit to Canisius College via the Website that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person. This definition incorporates, where applicable, the definitions provided in the Data Protection Act 1998;

Data Subject

The natural person to whom the Personal Data refers;


a small text file placed on your computer by this Website when you visit certain parts of the Website and/or when you use certain features of the Website. Details of the cookies used by this Website are set out in the clause below (Cookies);

UK and EU Cookie Law

the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011;

User or you

any third party that accesses the website (i.e., who, unless otherwise specified, coincides with the Data Subject and is not either (i) employed by Canisius College and acting in the course of their employment or (ii) engaged as a consultant or otherwise providing services to Canisius College and accessing the Website in connection with the provision of such services;


Usage Data

Information collected automatically through (or third-party services employed in, which can include: the IP addresses or domain names of the computers utilized by the Users who use, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.


the website that you are currently using,, and any sub-domains of this site unless expressly excluded by their own terms and conditions.

Data Processor (or Data Supervisor)

The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the college, as described in this privacy policy.

Data Controller (or Owner)

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of


The service provided by as described in the relative terms (if available) and on this site/application.

European Union (OR EU)

Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area. 


Small piece of data stored in the User's device.

 Privacy Policy


Collection of Data

Among the types of Personal Data that collects, by itself or through third parties, there are: cookies, usage data, first name, last name, gender, date of birth, phone number, company name, profession, address, fax number, country, state, province, email address, ZIP/Postal code, city, field of activity and user ID.  Complete details on each type of personal data collected are provided below, in other dedicated sections of this policy, or by specific explanation texts displayed prior to the data collection.  Personal data may be freely provided by the user, or, in case of usage data, collected automatically when using

Unless specified otherwise, all data requested by is mandatory and failure to provide this data may make it impossible for to provide its services. In cases where specifically states that some data is not mandatory, users are free not to communicate this data without consequences to the availability or the functioning of the service.  Users who are uncertain about which personal data is mandatory are welcome to contact the college or applicable owner.

Credit & Debit Card Data

We do not store credit card details nor do we share customer details with any 3rd parties;

Specific Examples of Data Collected:

Our online and offline registration forms require users to give us contact information including name, e-mail address and postal address. We may also collect your telephone number, and other data. We use this contact information to send you information about the specific solutions or services that match your interests.

We may also collect contact and other data from you if you: (1) participate in one of our contests or sweepstakes or apply for an offering from us; (2) order from us; (3) take part in one of our surveys; (4) contact us; or (5) otherwise voluntarily submit information to us, including in our online communities.  You always have the ability to opt out of receiving future mailings and special offers; see the “Opt Out” section below.

If you use any of our tell-a-friend features, we ask for your friend’s name and e-mail address. We use this information only to send the communication you requested and to monitor the effectiveness of our tell-a-friend features.  You are responsible for any third-party personal data obtained, published or shared through and confirm that you have the third party's consent to provide the data to the college.

As part of the standard operation of the site, we may collect certain non-personal data from you, including but not limited to your browser type, operating system, IP address and the domain name from which you accessed the site. In addition, we may collect data about your browsing behavior, such as the date and time you visit the site, the areas or pages of the site that you visit, the amount of time you spend viewing the site, the number of times you return to the site and other click-stream data. We do not combine this non-personal data with your personal data. We use this data to: (1) provide you with customized content and advertising; (2) administer the site, monitor its usage and diagnose problems with it; (3) remember you when you return to the site, so that you don’t have to re-submit information and preferences; and (4) conduct research to improve our content and services. In addition, we use software that uses your IP address to determine roughly where you are located, so that we can deliver advertisements to you, while you are on the site, based on your location and therefore as relevant to you as possible. We use web beacons, which are tiny graphic images, in our e-mails. These help us measure the effectiveness of our e-mail campaigns, by telling us whether the messages have been received, opened or otherwise acted upon. We also work with a company that serves advertisements on our behalf. The company uses cookies, web beacons or similar technologies to collect anonymous information about your visits to the site and other websites, so that we may serve you advertisements that are relevant to your interests. Our ad serving company does not collect personal data about you, and we do not share any personal data with it. We will never share your IP address with a third party (except for our service providers) without first securing your express permission to do so.

Any use of cookies – or of other tracking tools – by or by the owners of third-party services used by the college serves the purpose of providing a service required by the user, in addition to any other purposes described in the cookie policy (see below).

All personal data is stored securely in accordance with the principles of the Data Protection Act 1998 and EU GDPR. For more details on security see the clause below (Security).

Methods of Processing Personal Data

The college takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of your data.

Data processing is carried out using computers and/or information technology enabled tools, following college procedures and modes strictly related to the purposes indicated. In addition to the college, in some cases, your data may be accessible to certain types of persons in charge, involved with the operation of (administrators, admissions, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, information technology companies, communications agencies) appointed, if necessary, as data processors by the college. You may request an updated list of these parties from the college at any time.

Legal Basis of Processing Personal Data

The college may process your data if one of the following applies:

  1. You have given consent for one or more specific purposes. Note: Under some legislations the college may be allowed to process your data until you object to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
  2. Provision of your data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
  3. Processing is necessary for compliance with a legal obligation to which the college is subject;
  4. Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the college;
  5. Processing is necessary for the purposes of the legitimate interests pursued by college or by a third party.

There will be some instances where the collection and processing of your personal data will be pursuant to other lawful bases.  In any case, the college will help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of your data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

We do not collect your personal data through our website and other platforms, unless it is voluntarily provided by you. In such instances, we will never sell or trade the personal data you provide to us, unless we have your consent in doing so, or if the data is needed for legal processes.

Note: As GDPR is a new law, the conditions identified above may be subject to change as more guidance is given or precedents are set.

Place of Processing

Your data is processed at the college's operating offices and in any other places where the parties involved in the processing are located.

Depending on your location, data transfers may involve transferring your data to a country other than your own.

You are also entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the college to safeguard its data.

If any such transfer takes place, you may find out more by checking the relevant sections of this policy or inquire with the college using the information provided in the contact section.

Retention Time

The college keeps the personal data it collects in accordance with the retention periods of applicable federal law and the college’s Record Retention Schedule.  Your data will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your data given the level of sensitivity, value and criticality to the college.


  1. This Website may place and access certain Cookies on your computer. Canisius College uses Cookies to improve your experience of using the Website and to improve our range of products and services. Canisius College has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.
  2. All Cookies used by this Website are used in accordance with current US, UK, and EU Cookie Law.
  3. Before the Website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Canisius College to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.
  4. This website may place the following Cookies:
    1. Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  5. Disabling and Deleting Cookies
    1. You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies, but this can be changed. For further details, please consult the help menu in your internet browser.
    2. You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalization settings.
    3. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

Information Use

For purposes of the Data Protection Act 1998, Canisius College is the “data controller”. We will retain any data you submit for 12 months.

We may use the data we collect from and about you for any of the following purposes:

  1. To fulfill your requests for products and services;
  2. To provide you with targeted offers, site content and advertising on the site;
  3. To contact you with information and promotional materials and offers from the college, as well as from our affiliates, other related companies, educational institutions, marketing partners and other third parties, if you have agreed to receive such communications;
  4. To contact you when necessary;
  5. To review site and product usage and operations;
  6. To address problems with the site, our business or our products and services; and
  7. To protect the security or integrity of the site and our business.

You may find further detailed information about such purposes of processing and about the specific personal data used for each purpose in the respective sections of this policy.

We may disclose your personal data as follows:

  1. Consent: We may disclose your personal data if we have your consent to do so.
  2. Emergency Circumstances: We may share your personal data when necessary to protect your interests and you are physically or legally incapable of providing consent.
  3. Employment Necessity: We may share your personal data when necessary for administering employment or social security benefits in accordance with applicable law, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
  4. Charitable Organizations: We may share your personal data with applicable college foundations and other not-for-profit organizations in connection with charitable giving subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
  5. Public Information: We may share your personal data if you have manifestly made it public.
  6. Archiving: We may share your personal data for archiving purposes in the public interest, and for historical research, and statistical purposes.
  7. Performance of a Contract: We may share your personal data when necessary to administer a contract you have with the college.
  8. Legal Obligation: We may share your personal data when the disclosure is required or permitted by international, federal, and state laws and regulations.
  9. Service Providers: We use third parties who have entered into a contract with the college to support the administration of college operations and policies. In such cases, we share your personal data with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.
  10. College Affiliated Programs: We may share your personal data with parties that are affiliated with the college for the purpose of contacting you about goods, services, charitable giving, or experiences that may be of interest to you.
  11. De-Identified and Aggregate Information: We may use and disclose your personal data in de-identified or aggregate form without limitation.

If your personal data is transferred to third party service providers, we will take steps to ensure that your personal data receives the same level of protection as if it remained within the EU, including by entering into data transfer agreements or by relying on certification schemes. You have a right to obtain details of the mechanism under which your personal data is transferred outside of the EU by contacting Moreover, we contractually require agents, service providers, and affiliates who may process your personal data to provide the same level of protections for personal data as required by the college.

Your Rights

Pursuant to the GDPR, you have the following rights:

  1. To be notified if we intend to transfer your personal data to another country or international organization and the identity of the recipients of your personal data;
  2. To be notified of the period your personal data will be stored;
  3. To access and require us to correct the personal data we hold about you if it is incorrect;
  4. To require us to erase your personal data subject to the retention periods of applicable federal law and the college’s Record Retention Schedule;
  5. To require us to restrict our data processing activities and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal;
  6. To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  7. To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights;
  8. To be notified of the existence of any automated decision-making regarding the use of your personal data, including meaningful information about the logic involved and its significance and consequences of such processing;
  9. To be notified if the collected personal data will be further processed for a purpose other than that for which it was collected;
  10. To file a complaint with the appropriate supervisory authority in the European Union if you feel we have not complied with applicable foreign laws regulating information created in the European Union that is transferred out of the European Union to the college.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

Opt Out

Users who have opted in through our online and offline registration forms can opt out of receiving future communications from us. Users may also request removal directly from our partners at any time in the future. We make every effort to honor their request; however, we expressly disclaim responsibility for the actions of partners or other third parties beyond our control. To remove information from our database, users can send us an e-mail ( or contact us by mail at 2001 Main Street, Buffalo NY 14208-1517. You may also use the opt-out mechanism that is contained in each email.


You have the right to ask for a copy of any of your personal data held by Canisius College.

To access, correct or request that we make no further use of your personal data, please send us an e-mail or contact us by mail at 2001 Main Street, Buffalo NY 14208-1517.

Controlling use of your Personal Data

Wherever you are required to submit personal data, you will be given options to restrict our use of that data. This may include the following:

  1. Use of personal data for direct marketing purposes; and
  2. Sharing personal data with third parties.

Functionality of the Website

  1. To use all features and functions available on the website, you may be required to submit certain Data.
  2. You may restrict your internet browser’s use of Cookies. For more information see the Cookies clause.

Third party websites and services

Canisius College may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the Website. The providers of such services have access to certain personal data provided by Users of this Website.

Any data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties will be processed within the terms of this privacy policy and in accordance with the Data Protection Act 1998 and GPDR.

Links to other websites

This Website may, from time to time, provide links to other websites. We have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.

Changes of Business Ownership and Control

Canisius College may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Canisius College. Data provided by you will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the data for the purposes for which it was originally supplied to us.

We may also disclose data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.


Canisius College has taken certain physical, electronic, contractual and managerial steps to safeguard and secure your personal data. It is your responsibility to maintain the confidentiality of your site account information, including your password, and you are responsible for all use of the site accessed through it. You agree to notify us immediately of any unauthorized use of your account or any other actual or suspected breach of site security. You may report suspected violations to the Webmaster at the address listed below.


We do not direct the site to, nor do we knowingly collect any personal information from, children under thirteen.


  1. You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.
  2. If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.
  3. Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
  4. This privacy policy is governed by and interpreted according to the laws of the United States of America. All disputes arising under this privacy policy are subject to the jurisdiction of the courts of the United States of America.

Changes to this Privacy Policy Statement

Please note that we review our privacy policy from time to time, and that our practices are subject to change. We ask that you bookmark and periodically review this page to ensure continuing familiarity with the most current version of our privacy policy. All amended terms shall be automatically effective after they are posted on the site and applied retroactively if you use the site after this policy is amended.

Your Acceptance of These Terms

By using this website, you signify your acceptance of this privacy policy. If you do not agree to this statement, please do not use our website. Your continued use of the website following the posting of changes to this statement will be deemed your acceptance of those changes.

Contact Us

If you have any questions about this privacy policy statement, the practices of the website, or dealings with the website or with us, contact:

Canisius College

2001 Main Street, Buffalo NY 14208-1517

Phone: (716) 883-7000 



Not Applicable.