SDO Privacy Policy

The following policy applies only to the use of SDO's web pages, which are accessed via Information about website privacy policies is available on their site.

Last Updated on December 31, 2020

Welcome to the Supplier Diversity Office’s (SDO) web pages on the Commonwealth of Massachusetts’ (the Commonwealth) website, Your privacy is one of our top priorities. The following policy applies only to the use of SDO's web pages, which are accessed via Information about additional website privacy policies that apply to SDO’s web pages is available on the site.

A Privacy Partnership

Your privacy with respect to the use of the SDO web pages results from a partnership between the Commonwealth as a whole, SDO, and you, the user. At this site, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to the Public Records Law, Massachusetts General Laws Chapter 66, Section 10, we cannot ensure absolute privacy. Information that you provide to us through this site may be made available to members of the public under that law. This policy informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you may access it. Based on this information, you may make an informed choice about your use of this site. You also may maximize the benefits of your privacy partnership with the Commonwealth by making informed choices about whether to share personally identifiable information with us through our web pages.

Personally Identifiable Information

We use the term "personally identifiable information" to mean any information that could reasonably be used to identify you, such as your first and last name in combination with any one or more of the following data elements that relate to you: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number, or password, that would permit access to an individual’s  financial account. ''Personal information'' shall not include information that is lawfully obtained from publicly available information or from federal, state, or local government records lawfully made available to the general public.

Information Voluntarily Provided by You

This site collects voluntary information through the surveys, online forms, and email messages you send through this site.  Such information may include your email address and any other information you provide to help us answer your inquiry or process your request.

 In general: SDO openly and intentionally collects voluntary information that is submitted electronically by users on our web pages and other SDO affiliated web pages. This information supports core business requirements relative to SDO’s responsibilities, including, but not limited to, the following: Supplier Diversity Office (SDO) online certification application processes (including the Small Business Purchasing Program available through COMMBUYS), registration requirements for SDO events or training sessions, and preliminary certification information through online forms.

COMMBUYS: The COMMBUYS e-procurement platform managed by the Operational Services Division (OSD) collects information, including file uploads and provided by (a) public purchasers who join the COMMBUYS community to access web-based tools that enable automated email notifications, approval workflows, records creation, bid postings, and bid management; (b) bidders who choose to join the COMMBUYS community for access to web-based tools enabling automated email notification for posted procurement records, business directory listing, and online bidding activity; and (c) bidders seeking membership in the Small Business Purchasing Program (SBPP). Information collected for SBPP membership, including personally identifiable information, based on business structure, is shared with the Massachusetts Department of Revenue (DOR) for the purposes of validating eligibility and with other public entities for purposes of participating in their programs. COMMBUYS is an eProcurement system produced and maintained by Periscope Holdings Inc. (PHI). Users may read PHI’s privacy policies for its eProcurement system here.

SDO Training and other Events:  We collect information from attendees who register to attend SDO-hosted training sessions, meetings, and other events. The click-through registration forms open when the events are accepting registrations. SDO may or may not use third-party websites to facilitate event registration. Please refer to the privacy policies of any external website for more detailed information.

CerTrak: The web-based SDO certification tracking system, CerTrak, collects information, including personally identifiable information, based on business structure, from vendors seeking to apply for or maintain SDO certification, including application and supporting document file uploads. Information collected through the system is used and protected in accordance with the policies and procedures for CerTrak.


Information Automatically Collected and Stored by this Site websites employ the use of "Persistent Cookies." The purpose of these Persistent Cookies is to collect and aggregate data regarding’s visitor activity in order for the Office to continuously evaluate and improve its website services, including on or affiliated websites such as sites hosted at (collectively, the “Offerings”). You may elect to disable the Persistent Cookies. Please be advised that disabling the Persistent Cookies may affect your ability to view or interact with does collect and store your “Internet Protocol (“IP”) address,” (which does not identify you as an individual) indefinitely, as well as information about the date and time of your visit, whether a file you have requested exists, and how many “bytes” of information were transmitted to you over the Web from uses your IP address to assess the frequency of visits to and the popularity of its various pages and functions. We will not attempt to match any personally identifiable information that you provide to us with your IP address, unless there are reasonable grounds to believe that doing so would provide information that is relevant and material to a criminal investigation. The one exception is that, when you fill out information in a form on, we do receive your IP address along with this submission. We do not use this form-related IP address information unless it may be relevant and material to a criminal investigation. The entire privacy policy is available here.

For sites, including COMMBUYS and CerTrak, please refer to the Persistent Cookies policies for those websites.

Additional Information

Links to social media sites - Certain links on SDO’s web pages may (whether integrated with Tools or otherwise) facilitate interaction with third-party social media sites. Accessing third-party social media functions (whether through a Tool or otherwise) may require you to log in to your social media provider, and that social media provider may plant a persistent cookie on your web browser to keep you logged in. Any interaction with any such social media provider (whether through a Tool or otherwise) is subject to such social media provider’s site policies, and such provider may plant one or more additional persistent cookies on your web browser as a result of your interaction with it.

Online forms on - Online forms may be provided by a third party service, Formstack. When you use this service, your form submission is securely made to Formstack and stored there. Form submissions are then transmitted to state government staff. State government staff will delete form submissions from Formstack when there is no longer any administrative need to retain them there. Formstack only uses your form submissions for internal purposes and the data is considered private. Formstack will not distribute or sell your information to a third party unless required by law or a valid government request. Formstack may also share information if it is acquired by or merged with another company. Please see the Formstack privacy policy at


Dissemination of Your Personally Identifiable Information

SDO does not sell or disclose any personally identifiable information collected through this website or submitted to the Commonwealth in conjunction with using the functions on the website, and there is no direct or online public access to this information. However, once you voluntarily submit information to us through an e-mail, eFiling, and/or click-through form, its dissemination is governed by the Public Records Law, the Massachusetts General Laws Chapter 66A (Fair Information Practices Act)Massachusetts General Laws Chapter 93H (Security Breaches) and other applicable laws and regulations. For this reason, part or all of the information you send us may be provided to a member of the public in response to a public records request. SDO is committed to protecting personally identifiable information from unlawful disclosure and to promptly responding to all requests in accordance with our policies and procedures.

In addition, the information that you voluntarily submit will be disclosed only to employees or officials within Commonwealth agencies, quasi-public, or independent agencies on a "need to know" basis for the purposes of fulfilling their job responsibilities. They will only use the information to answer your questions, respond to any requests for assistance, report program results, and fulfill the Commonwealth's legal obligations. Where appropriate, we may provide the information submitted by you to the person or company that is the subject of your inquiry, or to a government agency responsible for the matters referred to in your communication.

Your Access and Opportunity to Correct

The Public Records Law, Security Breaches Act, and the Fair Information Practices Act provide you certain rights to get information about you that is in our records. To learn more about the circumstances under which you can get and correct this information, please click on the above references to these laws.


Because information sent to the SDO via our web pages is not encrypted, you should not send information that you consider highly sensitive through this website. We use standard security measures to ensure that information provided by you, including your personally identifiable information, is not lost, misused, altered, or unintentionally destroyed. We also use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no attempts are made to identify individual users or their usage habits.

Special Protections Against Misuse Of Personally Identifiable Information Within Commonwealth Offices

In 2008, Executive Order 504 was issued, which enhanced the privacy protection given to any information about you as a named individual held by the Executive Department of state government. Executive Order 504 limits the collection and dissemination of personally identifiable information within the Executive Department and requires Executive Department agencies to greatly enhance the security and integrity of such data. All of the personally identifiable information that you submit to all sites is given the privacy protections set forth in Executive Order 504.

External Links

The SDO website may contain hyperlinks to other Commonwealth agency websites and to external websites that are not created or maintained by SDO. When users link to another Commonwealth agency or external website, they are leaving the SDO website and become subject to the privacy policies provided by those sites.

Policy Changes

We will post changes to this policy at least 30 days before they take effect. Any information collected under the current privacy policy will remain subject to the terms of this policy. After any changes take effect, all new information collected, if any, will be subject to the new policy.

Contact Information

For questions about your privacy while using this Website, please contact the SDO at


Cookies are files that a website can place on your computer. A cookie file contains unique information that a website can use to track such things as your password, lists of webpages you have visited, and the date when you last looked at a specific webpage, or to identify your session at a particular website. A cookie file allows the website to recognize you as you click through pages on the site and when you later revisit the site. A website can use cookies to "remember" your preferences, and to record your browsing behavior on the Web. Although you may prevent websites from placing cookies on your computer by using your browser's preference menu, disabling cookies may affect your ability to view or interact with some websites.

An "Internet Protocol Address" or "IP Address" is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet, or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not, in and of itself, personally identifiable information.

Social Media: A social media website is a website or a social media application that is usually maintained by an individual and has regular entries of commentary, descriptions of events, or other material such as graphics or video. A social media identity is a specific user identity that has been registered on a third party social media site and is associated with the Agency. Government social media sites or identities typically provide forums for commentary or news on topics related to the government agency that hosts the social media site or has secured the social media identity. A typical social media site (whether hosted by the Agency or a third party) combines text, images, and links to other websites including blogs, wikis, and other media related to the topic and enables readers to leave comments in an interactive format.

Last Updated on December 31, 2020.

Contact   for SDO Privacy Policy

Help Us Improve  with your feedback

Please do not include personal or contact information.