E-Commerce Policy
Purpose
To ensure electronic commerce activities on campus represent the University appropriately, to comply with Payment Card Industry Data Security Standards and to protect against exposure and possible theft of cardholder data provided to Western Michigan University. For the purpose of this policy, e-commerce activity is defined as the processing of orders and payments over the internet.
Policy statement
Western Michigan University provides centralized e-commerce software solutions through both Arrow Payments/Card Connect and Touchnet Marketplace. University units and departments that transact online payments must use one of these secure systems for such transactions.
Units planning to offer online sales of goods and services must request merchant processing capabilities through the Cashiering Office.
Legal
Electronic publications are to follow the same University policies and standards as print publications in regards to copyright laws, fair use and intellectual property rights, and authorized use of the University's signature, seal and logos.
Western Michigan University Web and commerce sites must not use any other organization's trademarks or service marks anywhere (text on pages, metatags, etc.) unless both of the following conditions have been met:
· The usage reflects the actual attributes of Western Michigan University products or services.
· Advance permission has been obtained from Western Michigan University general counsel.
Western Michigan University e-commerce sites must only be used for university business and any goods or services offered for sale must be related to the department’s core mission.
All customers using the Internet to place orders must be presented with a summary of Western Michigan University's terms and conditions and must indicate that they agree to these terms and conditions.
Security
Servers used for e-commerce must be operated in a secure fashion and include a security statement describing what security standards are in place. Units engaging in e-commerce activity must comply with the Payment Card Identification Data Security Standards.
Privacy
Except as otherwise required by law, any personal data collected may not be sold or otherwise made available to other organizations, companies, or individuals without the explicit consent of the individual.
Any data collected must be explicitly described in a privacy statement accessible on the website. Any use of the data for purposes not specifically required by the order process must be described. Customers must be given the option to disable any reuse of their information.
Contact
Questions may be directed to Liana Fox at 387-2952, @email.
Related material
See the Cashiering Policy.