| |
|
XID Privacy Statement
|
| |
| |
 |
| |
|
The following discloses our information gathering and dissemination practices for this web site
and web application at xid.harvard.edu.
|
| |
|
Information gathering
|
| |
|
Our web server software generates log files of the IP addresses of computers that access this web
site and of what files they access.
|
| |
|
These web server logs are retained on a temporary basis. |
| |
|
We may use cookies to maintain a user's identity between web sessions.
|
| |
|
Use of information
|
| |
|
We do not provide any personally identifiable information we gather or develop about our visitors
to any third parties for any purpose.
|
| |
|
We use your IP address and files you access to help diagnose problems with our server and to
administer our Web site by identifying (1) which parts of our site are most heavily used, and (2)
which portion of our audience comes from within the Harvard network. We also use this
information to tailor site content to user needs, and to generate aggregate statistical reports. At no
time do we disclose site usage by individual visitors.
|
| |
|
The XID application collects data from individuals who are requesting an XID account. This
information is accessible through the XID application to XID users who have the role of XID
Application Administrator, and by XID managers. XID managers can see the detail of the XID
accounts that they have created. Additionally, any XID manager can look up any other XID and
view that the account exists. No one can view any XID account's password.The XID application
page allows anyone with knowledge of an XID login ID to view that XID account's challenge
question.
|
| |
|
The information that is collected when an individual signs up for an account including the data that
an XID Manager may attach to an account (such as a group ID or an expiration data) are available
via the University Information System's directory data services. The systems that register to
request access to this data must have a valid business reason such as requiring the data to
automate local application authorization.
|
| |
|
The only systems eligible for access to the data about XID ID holders are Harvard University
systems that use XID as a method of authentication via Harvard's web authentication system and require
access to XID account data to determine if the XID account is still valid. This may include third-
party vendors who have been retained by the University to implement systems for official
University business.
|
| |
|
Security
|
| |
|
This site has security measures in place aimed at protecting from the loss, misuse and alteration
of the information under our control.
|
| |
|
Contacting this web site
|
| |
|
If you have any questions about this privacy statement, the practices of this site, or your dealings
with this site, you can contact: directory_services@harvard.edu.
|
| |
|
This web site may contain links to other web sites. We are not responsible for the privacy practices
or the content of such web sites.
|
| |
|
Changes to this policy
|
| |
|
Changes to this policy will be made in place, and will be highlighted prominently on the privacy
statement page.Changes could be made without notice.
|
| |
|
Effective Date
|
| |
|
The effective date of this policy was May 1, 2008.
|
| |
| University Information Services, Directory Services Product Team |