For: IU Login (“APPLICATION” / “SITE”)

Located at: https://idp.iu.edu; https://login.iu.edu; and/or https://cas.iu.edu (“URL”)

Provided by: University Information Technology Services (“We” / “UITS”)

Effective: 2019-08-31

Contents

• Applicability and Scope
• Basis for processing your information
• What information we collect
• Why we collect your information
• How long we keep your information
• How we share your information
• How we secure your information
• Privacy notice changes
• How to contact us

Applicability and Scope

UITS attaches great importance to the protection of your personal data. We collect, retain, process, use, disclose and dispose of your personal data exclusively in compliance with the principles described below, applicable data protection legislation and Indiana University (IU) policies. This privacy notice only applies to the privacy practices of UITS relative to data collected via APPLICATION located at URL.

Personal data

Within the context of this privacy notice, “personal data” means any information which relates to a specific person, including your name, your telephone number and your postal, email and IP address or other information that can be used to directly or indirectly identify you.

Links to other IU sites

Other IU units may collect and use visitor information in different ways. Visitors to other IU sites, including sites linked to in APPLICATION, should review the privacy notices for the particular sites they visit. UITS is not responsible for the content of other sites or for the privacy practices of sites outside the scope of this notice.

Links to non-university sites

IU and UITS are not responsible for the availability, content, or privacy practices of non-university sites. Non-university sites are not bound by this privacy notice and may or may not have their own privacy policies.

Basis for processing your information

Continued use of APPLICATION indicates consent to the collection, use, processing, retention, disclosure and disposal of your information as described in this notice.

What information we collect

Information we collect via APPLICATION depends in-part on:

• what information is required by the service, website or app which you are attempting to access;
• whether you are logging in with IU or guest account credentials;
• whether authentication is conducted via IU Login, Cirrus, Facebook, Google, and/or Microsoft; and
• whether service/platform hosting APPLICATION requires information to be collected.

Technical information collected by the hosting service/platform

The information we collect is in-part dependent upon the service/platform we use to host APPLICATION. APPLICATION is hosted on UITS Enterprise Linux Administration (ELA) hosting services.

Information from your device and network

APPLICATION collects the following information from your device and about your connection:

• Device Attributes: IP address and other device identifiers, device screen resolution, browser type, browser version, operating system, any loaded plugins, hardware and software versions;
• Device Activity: the url/domain name from which you visit our site, user-specific information on which pages and resources are visited, aggregate information on pages visited, the referring website, date and time of visit, duration of visit;
• Data from device settings: information you allow us to receive through device settings you turn on, such as access to your camera;
• Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network.

Cookies

APPLICATION uses “cookies” as specified in the table below. A cookie is a small data file written to your hard drive that contains information about your visit to a web page.

If you prefer not to receive cookies, you may configure your browser not to accept them, or to notify and require your approval before accepting new cookies. This APPLICATION may not function properly if the cookies are turned off, or you may not be able to use all of the functions of this site.

Cookies

Name	Use	Expiration
CASTGC	Maintains login state for single sign-on.	12 hours
JSESSIONID	Ties session to load balancer (record your past activity at another site in order to provide better service when visitors return to APPLICATION).	12 hours
tab	Displays tab of last login attempt to user.	425 days
type	Displays type of last login attempt to user	425 days

Information you actively provide

We may ask you to provide information through forms, other manual inputs, or by requesting another person or entity to provide it to us. This information is provided as a result of you taking some conscious action. Providing this information is voluntary; however, not providing the requested information may affect our ability to grant access via APPLICATION to the website, app or service which you attempt to access.

Information we may actively collect could include:

• Username and passphrase are collected, in addition to what Duo collects, if logging in with IU credentials.
• Email address, full name, and password, if logging in with a guest account.

Collection of Information from Children

Children under age 13 must obtain permission from a parent or guardian before interacting with APPLICATION.

We do not knowingly contact children under age 13.

Why we collect your information

Purposes for which your personal data is collected/processed include:

• Authenticating; and
• Ensuring the security of accounts.

Additionally, your personal data may be used:

• to conduct internal troubleshooting and auditing;
• to effectively communicate with your web browser/device, and provide you with content; and
• to customize the content of APPLICATION.

How long we keep your information

We retain detailed sever logs for up to 60 days.

We retain authentication records for up to 60 days.

We retain statistics indefinitely, so long as it is useful for resource allocation planning.

How we share your information

Internal Sharing at IU

We share your information with appropriate IU personnel, units, and schools to:

• ensure the quality, functionality, and security of APPLICATION; or
• as required by the services / websites / apps into which you use APPLICATION to authenticate; for more information, see their privacy notices.

Sharing with Third Parties

We may share your personal data with third parties.

Third Party Services We Share with Include

• Duo: This site uses Duo, a multi-factor authentication service provided by Duo Security, Inc.
• • Purpose: Authenticating and to ensure the security of IU. We use Duo for Two-Factor Authentication. For more information about what data is collected by this service, read the Duo privacy notice provided at: https://duo.com/.

Social Media

Third-party social media sites may collect information from APPLICATION. IU is not responsible for their privacy practices. APPLICATION allows authentication from third party social media sites, including:

• Cirrus (visit Cirrus's privacy policy at: http://www.cirrusidentity.com)
• Facebook (visit Facebook's privacy policy at: http://www.facebook.com)
• Google (visit Google's privacy policy at: http://www.google.com)
• Microsoft (visit Microsoft's privacy policy at: http://www.microsoft.com)

How we secure your information

Due to the rapidly evolving nature of information technologies, no transmission of information over the Internet can be guaranteed to be completely secure. While we are committed to protecting your privacy, we cannot guarantee the security of any information you transmit to university sites, and you do so at your own risk.

When we transfer and receive certain types of sensitive information such as financial or health information, we will redirect you to a secure server and will notify you conspicuously on our site. Do not transfer sensitive data to us via a non-secured method.

We have reasonable security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you at our site.

Once we receive your information, we will use reasonable safeguards consistent with prevailing industry standards and commensurate with the sensitivity of the data being stored to maintain the security of that information on our systems.

Privacy notice changes

Because internet technologies continue to evolve rapidly, UITS may make appropriate changes to this notice in the future. Any such changes will be consistent with our commitment to respecting your privacy, and will be clearly posted in a revised privacy notice.

From time to time, we may use your information for new, unanticipated uses not previously disclosed in our privacy notice. Only data collected from the time of the policy change forward will be used for these new purposes. If you are concerned about how your information is used, you should check back at our website periodically.

How to contact us

We are happy to answer any questions or concerns you may have about this privacy notice, our privacy practices or our processing of your personal data. If you have questions or concerns about this policy, please contact us.

If you feel that this site is not following its stated policy and communicating with the owner of this site does not resolve the matter, or if you have general questions or concerns about privacy or information technology policy at Indiana University, please contact the chief privacy officer through the University Information Policy Office, 812-855-UIPO, privacy@iu.edu.