Stanford is committed to respecting and protecting the privacy of its students, alumni, faculty and staff. Payment card data security is a critical aspect of this policy and all merchants are required to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS) to manage high risk data and protect businesses and client information. Refer to the Merchant Services Program page for more details on PCI DSS.
Treatment of Information
This policy applies to electronic transactions involving business units under the vice president for business affairs and chief financial officer. Where practices diverge from these guidelines, the relevant department or other unit should inform customers of the nature and extent of the differences. Stanford websites covered by this policy may request personal information from you in order to complete a transaction; for example, your name, phone number(s), physical address, shipping address (if different), email address, credit card number and expiration date. Other information may be collected at individual points of sale.
Typically, your information will be used only to execute the immediate transaction, and will be provided to other parties only as necessary to complete your transaction. In circumstances where this information will be used for a different purpose, we will provide you with the ability to prevent this additional use of your data. Stanford will not provide any of your personal information to third parties without your permission and we will not sell any personal information to third parties for purposes of marketing, advertising or promotion. Furthermore, electronic storage of cardholder data at Stanford is prohibited.
Cookies can be used in a variety of ways, including ways that have privacy implications (such as tracking your previous activities at a particular site), but they do not represent any inherent threat to your computer system. For example, cookies are used by WebAuth to help authenticate your transaction and websites covered by this policy can use them to carry your personal preferences and address information (if you have previously provided it).
Most browsers allow you to choose not to accept cookies. Choosing not to accept all cookies may prevent some online services from working or may make the use of some services inconvenient. For example, not accepting Stanford WebAuth cookies may result in having to re-authenticate more frequently. When you are finished browsing and exit the browser program, cookies without an expiration date will be thrown away. Cookies with future expiration dates are stored on disk and will be available the next time the browser is opened for use.
Caution on External Links
Websites covered by this policy occasionally link to external websites. Stanford does not monitor or control these third-party websites and Stanford's Privacy Guidelines and Security Procedures do not extend to these sites. We advise you to review the individual privacy policies of the respective sites.
Implication of Consent
By conducting electronic commerce transactions on our website, you consent to Stanford University's use and collection of the information you provide for the purposes of the transaction and other specified uses. If we decide to change our privacy guidelines, we will post the changes on this page or other privacy statement pages so that you are aware of what information we collect, how it will be used and with whom the information will be shared. By continuing to use our sites after a change is posted, you agree to the applicable version of these guidelines. Please refer to this policy before making a transaction or sharing personal information. To correct any inaccuracies in information provided to Stanford, please send an email message to the department address referenced on the applicable website.