MEFA Website Privacy Policy

Thank you for visiting the Massachusetts Educational Financing Authority's (MEFA) website. Your privacy is one of our top priorities. The following policies apply only to the use of MEFA's website and interacting with MEFA via Social Media. Information regarding our Privacy Policy for MEFA products and services can be found here.

Other websites operated by other state agencies or other entities have different policies. We strongly suggest that you read the privacy policies for any external website that you visit through a link appearing at this site. In particular, please note that although some of the social media pages used by MEFA might appear to be part of this website or at a webpage under MEFA's control, some of these sites are actually hosted by third party providers. Thus, when visiting third party social media sites, you are subject to different privacy policies and terms of service. Please refer to MEFA's Social Media Policy to review more detailed information on our use of specific social media sites and for links to the relevant terms of service and privacy policies for those sites.

Your privacy

Your privacy with respect to the use of this website results from a partnership between MEFA and you, the user. At this website, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to Public Records Law, Massachusetts General Laws Chapter 66, Section 10, we cannot ensure absolute privacy. Information that you provide to us through this website may be made available to members of the public under that law. This policy informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you can access it. Based on this information, you can make an informed choice about your use of this site. MEFA will never ask for "personally identifiable information" outside of a secure environment. Each of our online applications is within a secure environment.

Personally identifiable information

We use the term "personally identifiable information" to mean any information that could reasonably be used, alone or in combination, to identify you, including your Social Security number, birth date and MEFA account information. MEFA will never ask for "personally identifiable information" outside of a secure environment. Each of our online applications is within a secure environment.

Information voluntarily provided by you

This website may collect voluntary information from you through the emails that you send through this site, forms completed at this site and any comments posted on social media pages hosted by this website (such as blogs or wikis hosted by MEFA). All such comments and emails sent by you to this website may contain personally identifiable information. MEFA ensures the safety of your information by providing secure environments for applications to and forms to be completed when personally identifiable information is required.

Information automatically collected and stored by this website

In order for MEFA to track and analyze usage, navigational and other statistical information of MEFA's website, we collect and store various information, such as:

  • The Internet domain from which you access this site.
  • Your IP address.
  • The type of browser and operating system you use.
  • The date and time you visited this site.
  • The pages you viewed on this site.
  • The address of the Web site from which you linked.
  • How many "bytes" of information were transmitted to you
  • Your device screen size
  • Your geographic location (country only)

This site also currently uses Google Analytics and may use other providers like Hotjar.com, third parties, to track and analyze non-personally identifiable usage and volume statistical information through the use of cookies, anonymous identifiers or other technologies. We use this information to track the traffic, usability, performance, and effectiveness of our website and marketing campaigns. Please note that this is not personal information, only general summaries of the activities of our visitors and customers in aggregate. We may also offer opt-in surveys by either MEFA or a 3rd party to learn how you specifically might use the information found on www.mefa.org. These surveys will ask for additional information and insights directly from you. You have the ability to not participate in these surveys by not opting in. At this time, we will not attempt to match any personally identifiable information that you provide to us with your IP address, unless there are reasonable grounds to believe that doing so would provide information that is relevant and material to a criminal investigation.

We may also use third parties to display advertisements on other websites based on your visits to our site as well as other websites. These third parties may use cookies, pixel tags, and other technologies to measure the effectiveness of their ads and to serve tailored advertising content to you for products and services in which you might be interested. These third party cookies and other technologies are governed by each third party's specific privacy policy, not this one. We may provide these third-party advertisers with information about your usage of our site, as well as aggregate or non-personal information about users of our site.

You can generally accept or decline the use of cookies through a functionality built into your web browser. If you want to learn more about cookies, or how to control or delete them, please visit http://www.aboutcookies.org for detailed guidance. In addition, certain third party advertising networks, including Google, permit users to opt out of or customize preferences associated with your internet browsing. To learn more about this feature from Google, click here.

Dissemination of your personally identifiable information

We do not sell any personally identifiable information collected through this website.

However, once you voluntarily submit personally identifiable information to us, its dissemination is governed by the Public Records Law, the Fair Informational Practices Act (Massachusetts General Laws Chapter 66A), the Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00) and other applicable laws and regulations.

The Records Retention Law requires MEFA to preserve records created or received by a state employee. Pursuant to this retention requirement, emails or messages sent to a MEFA email account, information submitted via MEFA's website, and comments posted or messages received via an official MEFA page on a third-party web-site (such as an official agency profile on a social network) could be treated as state governmental records and may be permanently archived. Information that you submit voluntarily through third party social media sites where such sites are associated with MEFA and when such information is publically available, including your name, city or town, and the substance of anything that you post, may be disseminated further by being posted online at this website or be publicly discussed by a member of the administration. In addition to social media postings, any emails or other communications you send us may be provided to a member of the public in response to a public records request. The information that you voluntarily submit through emails will be disclosed only to MEFA's employees or officials with a "need to know" for purposes of fulfilling their job responsibilities. They will only use information to answer your questions, respond to any requests for assistance, and fulfill any legal obligations. Where appropriate, we may provide the information submitted by you via social media sites or email to the person that is responsible for or is the subject of your inquiry.

Your access and opportunity to correct

The Public Records Law and the Fair Information Practices Act provide you certain rights to get information about you that is in our records. To learn more about the circumstances under which you can get and correct this information, please reference the Massachusetts Law About Freedom of Information and Public Records.

Security

Because this website does not encrypt incoming email or comments, you should not send information that you consider highly sensitive through this website. We use standard security measures to ensure that personally identifiable information sent via the social media pages or email is not lost, misused, altered, or unintentionally destroyed. We also use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, MEFA makes no attempts at this time to identify individual users of our website email submission features or our social media pages.

Special protections against misuses of personal identifying information

The Commonwealth of Massachusetts has established regulations that enhance the privacy protection for Massachusetts residents. These regulations were defined by the Massachusetts Office of Consumer Affairs and Business Regulations, and are enforced by the Massachusetts Attorney General. The regulations ("201 CMR 17.00" – Standards for the Protection of Personal Information of Residents of the Commonwealth) limit the collection and dissemination of personally identifiable information, and greatly enhance the security and integrity of such data. MEFA (and this website) complies with 201CMR17, so all of the personally identifiable information that you submit to this website is given the privacy protections set forth in 201CMR17.

Policy changes

We may change this policy at any time by posting the amended terms on this site. We will post material changes to this policy that take effect one day from our posting of changes. Unless stated otherwise, any information we collect under the current privacy policy will remain subject to the terms of this policy. After any changes take effect, all new information we collect, if any, will be subject to the new policy, however, we will not materially change our policies and practices to make them less protective of your information that we collected in the past without your opt-in.

Contact information

For questions about your privacy while using this website, please contact info@mefa.org.

Definitions:

"Cookies" are files that a website can place on your computer. A cookie file contains unique information that a website can use to track such things as your password, lists of web pages you have visited, and the date when you last looked at a specific web page, or to identify your session at a particular website. A file allows the website to recognize you as you click through pages on the website and when you later revisit the site. A website can use cookies to "remember" your preferences, and to record your browsing behavior on the web. Although you can prevent websites from placing cookies on your computer by using your browser's preference menu, disabling cookies may affect your ability to view or interact with some websites

There are two types of cookies you should be aware of- "Session cookies," also called temporary cookies, are stored temporarily in the browser's memory and are deleted as soon as the session is ended by closing the browser, or if a user hasn't visited the server for certain period of time, the server would expire or invalidate the user session. "Persistent cookies," also called permanent cookies, are stored permanently on the computer's hard drive until they expire or are deleted. If they are deleted, they will be recreated the next time the user visits the site. Each website programs the length of time its persistent cookies will last.

"Internet Protocol Address" or "IP Address" is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet, or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not generally considered, personally identifiable information.

"Social media site" refers to websites that facilitate user participation, networking, and collaboration through the submission of user-generated content. A "social media identity" is a specific user identity or account that has been registered on a third party social media site (such as the MEFAtweets account on TwitterTM or an employee's personal account on FacebookTM). Social media in general includes tools such as: blogs, wikis and microblogging sites, such as TwitterTM; social networking sites, such as Facebook and LinkedInTM; video sharing sites, such as YouTubeTM; and bookmarking sites such as Del.icio.usTM. A typical social media site (whether hosted by MEFA or a third party) combines text, images, and links to other websites including blogs, wikis, video, MP3 downloads and other media related to the topic and enables readers to leave comments in an interactive format.

Posted on February 27, 2017; effective for current users on March 2, 2017