1) Introduction
The Nevada System of Higher Education (NSHE) is committed to protecting the privacy and security of personal information for students, faculty, staff, and all other individuals interacting with our Institutions. This privacy statement outlines how we collect, use, share, and protect personal data in compliance with applicable data protection laws and regulations.
This privacy statement discloses the privacy practices of NSHE System Administration (SA) and NSHE System Computing Services (SCS). Please note that NSHE Institutions have separate privacy policies specific to their scope of operations. By accessing and interacting with this website, you are consenting to our collection and use of information in accordance with this privacy statement.
Additional information pertaining to personal information practices may be provided in supplemental terms and conditions, supplemental privacy statements, or notices provided prior to or at the time of data collection.
2) How We Collect Data
We collect information from you when you interact with us through our online platforms. This may include, but is not limited to the following methods:
- Websites: Visitors to our website may leave traffic data including cookies. Cookies are small text files stored on your device that help websites personalize and track user interaction. Cookie aggregation is dependent on the user’s individual browser settings.
- Online Forms: Data submitted by you through online forms.
- Mobile Applications: Data derived from apps and services.
- WiFi and IT Systems: When users connect to our guest WiFi or other IT systems, device information, network/traffic activity, session and location data may be collected.
- Subscriptions, Surveys and Feedback: Users may provide information when subscribing to newsletters or completing surveys.
- SMS/MMS: to facilitate this service, contact and data timestamp information may be logged.
3) Personal Data We Collect
Personal data we collect is typically limited to what information the user voluntarily provides upon interaction with our online platforms. We do not collect sensitive PII (SSNs, financial account data, medical records, etc.).
Direct identifiers of PII which might be shared with us are typically limited to the following:
- Email address, Phone number, Student/Employee ID.
- Indirect identifiers of PII which we collect are limited to the following:
- Usage Information: Website browsing data, IP addresses, device and browser information, session and location data, cookies. Communication data/time stamps. This data is typically anonymous, i.e. it cannot directly identify an individual.
- Communication Preferences: Opt-in or opt-out preferences for receiving communications, including Email and SMS
4) How We Use Your Personal Data
We do not share or disclose direct identifiers of PII with any third party or external affiliate unless legally required to do so to comply with law enforcement agencies, or regulatory/government bodies. We may use some of the data we collect for the following purposes:
- Communicate with you: Respond to inquiries and/or requests.
- Manage and improve the user experience: Share invites, news, events, etc. (upon request) that may be of interest to you. Foster communication and optimize online and general communication.
- Provision of Educational Services: Manage academic services, faculty/staff employment, and other operational functions.
- SMS Communications: To communicate with you following your explicit consent and opt-in. We do not share SMS consent or phone numbers with third parties.
- Administrative and Legal Purposes: To comply with legal obligations, manage accounts, and support administrative functions.
- Monitor Information Security: To ensure that personal data and systems are secure. We may analyze indirect personal data identifiers to assist with threat management and system optimization.
5) Sharing of Personal Data
We do not sell or share personal data for marketing purposes. We may share indirect identifiers of personal data under the following circumstances:
- Third-Party Service Providers: To ensure we can operate, deliver and support our technical services. And to detect fraud and protect our systems and network infrastructure we may use service providers (cloud services, cybersecurity monitoring, platform providers) to assist us. They are used solely for the purpose of delivering services on our behalf and are contractually obligated to safeguard personal data and not use it for any other purpose.
- Legal and Regulatory Authorities: We may disclose personal information to comply with applicable laws or legal requests.
6) SMS Data Collection and Communication
For SMS communications, we comply with The Campaign Registry (TCR) requirements. Our SMS messaging is P2P (Person-to-Person) only. We ensure that the following safeguards are in place:
- Opt-In Consent: We will only send SMS messages if you have explicitly opted-in to receive them. The phone numbers collected for SMS communications will not be shared with any third party. Message frequency varies. Message and data rates may apply.
- Opt-out Mechanisms: Every SMS communication will include clear instructions on how to opt-out. You may also contact us at any time to revoke your consent for receiving SMS messages.
- Data Usage for SMS: We will only use the phone number you provide to send SMS messages for the purposes specified in your opt-in consent. Your phone number and associated data will not be shared or sold to third parties, nor will it be used for any purpose outside of the agreed communications.
7) Data Protection and Security
In accordance with the NSHE Board of Regents Bylaws (Title 4, Chapter 1, Section 24) sensitive data maintained or transmitted by a Nevada System of Higher Education (NSHE) Institution, the Chancellor’s Office (SA) or NSHE Computing Services (SCS) must be secure. Further, as data collectors, we are required to comply with Nevada Revised Statutes (NRS) 603A.010-603A.910 (Security of Personal Information). We have adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as the standard for information security controls.