ÁùºÏ²Ê¿ª½±Êý¾Ý

Purpose

To ensure electronic commerce activities on campus represent the University appropriately, to comply with Payment Card Industry Data Security Standards and to protect against exposure and possible theft of cardholder data provided to ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University. For the purpose of this policy, e-commerce activity is defined as the processing of orders and payments over the internet.

Policy statement

ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University provides centralized e-commerce software solutions through both Arrow Payments/Card Connect and Touchnet Marketplace. University units and departments that transact online payments must use one of these secure systems for such transactions.

Units planning to offer online sales of goods and services must request merchant processing capabilities through the Cashiering Office.

Legal

Electronic publications are to follow the same University policies and standards as print publications in regards to copyright laws, fair use and intellectual property rights, and authorized use of the University's signature, seal and logos.

ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University Web and commerce sites must not use any other organization's trademarks or service marks anywhere (text on pages, metatags, etc.) unless both of the following conditions have been met:

· The usage reflects the actual attributes of ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University products or services.

· Advance permission has been obtained from ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University general counsel.

ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University e-commerce sites must only be used for university business and any goods or services offered for sale must be related to the department’s core mission.

All customers using the Internet to place orders must be presented with a summary of ÁùºÏ²Ê¿ª½±Êý¾Ý Michigan University's terms and conditions and must indicate that they agree to these terms and conditions.

Security

Servers used for e-commerce must be operated in a secure fashion and include a security statement describing what security standards are in place. Units engaging in e-commerce activity must comply with the Payment Card Identification Data Security Standards.

Privacy

Except as otherwise required by law, any personal data collected may not be sold or otherwise made available to other organizations, companies, or individuals without the explicit consent of the individual.

Any data collected must be explicitly described in a privacy statement accessible on the website. Any use of the data for purposes not specifically required by the order process must be described. Customers must be given the option to disable any reuse of their information.

Contact

Questions may be directed to Liana Fox at 387-2952, @email.

Related material

See the Cashiering Policy.