This policy outlines how SUNY Buffalo State College collects, processes, discloses, and uses information that is shared with Buffalo State through its websites, other electronic systems, paper forms, and otherwise.
Buffalo State College (“Buffalo State”) is committed to safeguarding the privacy of personal information. This privacy notice, as required under the New York State Internet Security and Privacy Act, outlines the collection, use, processing and disclosure of personal information provided to Buffalo State by individuals including but not limited to: prospective students, applicants for admission, enrolled students and their parents or other family members; applicants for employment; employees and members of their immediate family; retirees, alumni, donors, event patrons, customers, contractors and vendors, research participants, and visitors to the college website.
Buffalo State collects personal information (PI)—information relating to a personally identifiable individual—in order to fulfill its mission as a public institution of higher education. Buffalo State collects personal information only when necessary.
Personal information collected by Buffalo State may include:
Additionally, Buffalo State may process some information about you that is classed as “sensitive” or “special category” personal data, which requires additional protections. This includes information concerning ethnicity, sexual orientation, religious beliefs, or health/disability that we use for planning and monitoring purposes, or in order to provide care, help, or suitable adjustments.
Access to and the sharing of “sensitive” personal data are carefully controlled. You will normally be given further details about the use of any such data when it is collected. When asked for this “sensitive” information, you will normally have the option to refuse your consent by not supplying it.
In certain situations, other sensitive information may be processed, such as information about past criminal convictions, work with children or vulnerable adults, and fitness to practice in certain regulated professions.
Buffalo State does not collect information for commercial marketing purposes. Buffalo does not sell, rent, or otherwise disclose the information collected from buffalostate.edu for commercial marketing purposes.
Buffalo State does not knowingly collect personal information from children under the age of 13 or create profiles of children under the age of 13.
Users are cautioned that the collection of personal information submitted via e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access.
Buffalo State’s processing activities of your personal information may rely on different lawful grounds depending on the circumstances. Generally speaking, we rely upon one or more of the following lawful bases to process your personal information:
We consider the processing of your personal information to be either necessary for the performance of our contractual obligations with you (e.g. to manage your education, student experience, and welfare while studying at Buffalo State), necessary for compliance with a legal obligation (e.g., visa monitoring), necessary for the performance of tasks we carry out in the public interest (e.g., teaching and research), or necessary for the pursuit of the legitimate interests of Buffalo State or an external organization (e.g., to enable your access to external services, special services, or community-based programs).
Buffalo State requires you to provide us with any information we reasonably ask for to enable us to administer our relationship with you. If we require your consent for any specific use of personal information, it will be collected at the appropriate time, and your permission can be withdrawn at any time.
The General Data Protection Regulation (GDPR) is a regulation in the European Union (EU) law on data protection and privacy for individual citizens in the European Economic Area (EEA). The EEA is comprised of the EU and the countries of Iceland, Norway, and Lichtenstein. This regulation also addresses the transfer of personal data outside the EU and EEA areas. Buffalo State is committed to respecting and protecting the privacy rights of persons pursuant to the GDPR.
This GDPR privacy notice applies to you if all of the following factors are met:
Please note that information pertaining to current, former, or prospective employment with Buffalo State within the United States is not considered Personal Information and is excluded from this GDPR Privacy Notice.
In addition to the rights provided by the GDPR, you may also have rights with respect to your Personal Information pursuant to U.S. federal law, state law, and/or Buffalo State policy. These include, without limitation, policies pertaining to student education records and policies pertaining to certain health records that Buffalo State maintains.
Buffalo State obtains your personal information:
Certain personal information collected by Buffalo State is required for Buffalo State to be able to provide educational services or employment. In the event an individual chooses not to provide such information, Buffalo State may be unable to provide the requested services.
How Buffalo State uses personal information depends upon the context in which it was provided:
Buffalo State may use personal information for other purposes and will provide you with specific information at the time such alternate use arises.
The collection of information through buffalostate.edu and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act.
Buffalo State does not sell or rent Personal Information and only shares Personal Information with third parties if there is a legitimate institutional need to do so.
Buffalo State may collect or disclose personal information without consent if the collection or disclosure is: (1) necessary to perform the statutory duties of Buffalo State, or necessary for Buffalo State to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.
Subject to applicable laws, Buffalo State may share your personal information with the following recipients:
Buffalo State may disclose personal information if the user has consented to the collection or disclosure of such personal information.
The voluntary disclosure of personal information to Buffalo State by the user constitutes consent to the collection and disclosure of the information by Buffalo State for the purposes for which the user disclosed the information to Buffalo State.
Please note that the college may provide anonymized data developed from personal information to third parties, such as government entities and research collaborators, and that such anonymized data is outside the scope of this policy and the included GDPR Privacy Notice.
In addition to the GDPR, the disclosure of information, including personal information, collected by Buffalo State is subject to the provisions of the Freedom of Information Law, the Family Educational Rights and Privacy Act (FERPA), and the Personal Privacy Protection Law.
Buffalo State implements appropriate physical, technical, and organizational security measures to protect your personal information consistent with the requirements of law and the policies of the SUNY Board of Trustees.
Buffalo State will retain an individual’s personal information for as long as there is a legitimate need to do so and in accordance with the SUNY Records Retention and Disposition Policy and applicable federal and state law. Retention periods vary and are established considering our legitimate interests and all applicable legal requirements.
Buffalo State is committed to facilitating the exercise of the rights granted to you, including those granted by the GDPR, in a timely manner. In the context of our processing activities, you have the following rights regarding your personal information:
In order to exercise any of these rights, except the right to file a complaint under the GDPR with an EU supervisory authority, you should submit your request to the Buffalo State privacy compliance officer. Contact information is listed at the bottom of this policy.
Please note that when you make requests based on these rights, if we are not certain of your identity, we may need to ask you for further personal information to verify your identity and to be used only for the purposes of replying to your request.
Buffalo State is based in the United States and is subject to U.S. and New York State law. Personal Information that you provide to Buffalo State will generally be hosted on U.S.-based servers.
If you are covered under the GDPR, then to the extent that Buffalo State needs to transfer your information, either (a) from the EEA to the U.S. or another country or (b) from the U.S. to another country, Buffalo State will do so on the basis of either (i) an “adequacy decision” by the European Commission; (ii) EU-sanctioned “appropriate safeguards” for transfer such as model clauses, a copy of which you may request, if applicable, by contacting Buffalo State as set forth below; (iii) your explicit and informed consent; or (iv) it being necessary for the performance of a contract or the implementation of pre-contractual measures with Buffalo State measures generally taken at your request (e.g., for the transfer of personal data necessary for your application for admission). Please note that the U.S. is not currently considered a safe harbor country under the GDPR.
While using the Buffalo State website you may encounter hypertext links to organizations not affiliated with Buffalo State. Buffalo State does not control the content or information practices of external organizations or third parties. We provide the links for your convenience, but we do not review, control, or monitor the privacy practices of websites operated by others. Therefore, whenever you leave the Buffalo State website, we recommend that you review each website’s privacy practices and policies before proceeding.
If you have any concerns or questions about this notice or how your personal information is used, please contact us at email@example.com. Buffalo State will attempt to promptly address any concerns you may have about our data collection and use policies. However, if you believe we have not been able to deal with your concern appropriately and you are subject to GDPR, you have a right to complain to your local data protection authority, as granted by Article 77 of the GDPR. You also have the right to submit a complaint in the member state of your residence, place of work, or of an alleged infringement of the GDPR.
The following definitions apply to this policy:
Nondiscrimination Notice, Buffalo State College
Jacquelyn L. Malcolm, EDD
CIO and Vice President for Enrollment, Marketing, and Communications
Buffalo State College
1300 Elmwood Ave. Buffalo, New York 14222
Phone: (716) 878-3694