offered by

OSD Privacy Policy

The following policy applies only to the use of OSD's web pages, which are accessed via Mass.gov. Information about Mass.gov website privacy policies is available on their site.

Last Updated: January 29, 2019

Welcome to the Operational Services Division's (OSD) web pages on the Commonwealth of Massachusetts’ (the Commonwealth) website, www.mass.gov. Your privacy is one of our top priorities. We are committed to maintaining the confidentiality, integrity, and security of private information entrusted to OSD by visitors to our site. The following policy applies only to the use of OSD's web pages, which are accessed via Mass.gov. Information about Mass.gov website privacy policies is available on their site. The privacy policies for web pages operated by other state agencies may differ. Furthermore, other sites affiliated with OSD’s web pages, including, but not limited to, COMMBUYS (OSD’s online market center), also may have differing policies. We strongly suggest that you read the site policies, including the privacy policies, for each Commonwealth website that you visit as well as the privacy policies which may be provided at any external site that you visit through a link appearing on the OSD web pages.

A Privacy Partnership

Your privacy with respect to the use of the OSD web pages results from a partnership between the Commonwealth as a whole, OSD, and you, the user. At this site, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to the Public Records Law, Massachusetts General Laws Chapter 66, Section 10, we cannot ensure absolute privacy. Information that you provide to us through this site may be made available to members of the public under that law. This policy informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you may access it. Based on this information, you may make an informed choice about your use of this site. You also may maximize the benefits of your privacy partnership with the Commonwealth by making informed choices about whether to share personally identifiable information with us through this site.

Personally Identifiable Information

We use the term "personally identifiable information" to mean any information that could reasonably be used to identify you, such as your first and last name in combination with any one or more of the following data elements that relate to you: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number, or password, that would permit access to an individual’s  financial account. ''Personal information'' shall not include information that is lawfully obtained from publicly available information or from federal, state, or local government records lawfully made available to the general public.

Information Voluntarily Provided by You

This site collects voluntary information through the email messages you send through this site.  Email messages sent by you to this site will contain information such as your email address and any other information you provide to help us answer your inquiry.

 In general: OSD also openly and intentionally collects voluntary information that is submitted electronically by users on our web pages. This information supports core business requirements relative to OSD's procurement and operational oversight responsibilities, including: the State’s online e-procurement marketplace, COMMBUYS; Uniform Financial Statements and Independent Auditor's Report (UFR); Supplier Diversity Office (SDO) online certification application processes; and registration requirements for OSD events or training sessions – both online and in person. In addition, we collect voluntary information submitted by users who wish to subscribe to OSD’s monthly newsletter, Buy the Way, and other periodic communications to receive up-to-date procurement, purchasing, and small and diverse business program news via email.

1. COMMBUYS: The COMMBUYS e-procurement platform managed by OSD collects information, including file uploads and provided by (a) public purchasers who join the COMMBUYS community to access web-based tools that enable automated email notifications, approval workflows, records creation, bid postings, and bid management; (b) bidders who choose to join the COMMBUYS community for access to web-based tools enabling automated email notification for posted procurement records, business directory listing, and online bidding activity; and (c) bidders seeking membership in the Small Business Purchasing Program (SBPP). Information collected for SBPP membership, including personally identifiable information, based on business structure, is shared with the Massachusetts Department of Revenue (DOR) for the purposes of validating eligibility and with other public entities for purposes of participating in their programs. COMMBUYS is an eProcurement system produced and maintained by Periscope Holdings Inc. (PHI). Users may read PHI’s privacy policies for its eProcurement system here.

 2. Uniform Financial Statements and Independent Auditor's Report (UFR): On the UFR eFile website, financial information and key management staff information is collected from Human and Social Service providers under contract with the Commonwealth. The information provided through this website is viewable immediately.

 3.  OSD Training and other EventsWe collect information from attendees who register to attend OSD-hosted training sessions, meetings, and other events. The click-through registration forms open when the events are accepting registrations. OSD may or may not use third-party websites to facilitate event registration. Please refer to the privacy policies of any external website for more detailed information.

 4.  CerTrak: The web-based Supplier Diversity Office (SDO) certification tracking system, CerTrak, collects information, including personally identifiable information, based on business structure, from vendors seeking to apply for or maintain SDO certification, including application and supporting document file uploads. Information collected through the system is used and protected in accordance with the policies and procedures for CerTrak.

5. Vendor Report Management:  Through our Vendor Report Management (VRM) portal, OSD Statewide Contract Vendors provide statewide contract sales reports, including spend with Supplier Diversity Office (SDO) certified diverse vendors. Information collected through the system is used and protected in accordance with our policies and procedures for the VRM website.

Information Automatically Collected and Stored by this Site

Mass.gov websites employ the use of "Persistent Cookies." The purpose of these Persistent Cookies is to collect and aggregate data regarding Mass.gov’s visitor activity in order for the Mass.gov Office to continuously evaluate and improve its website services, including on Mass.gov or affiliated websites such as sites hosted at http://blog.mass.gov (collectively, the “Offerings”). You may elect to disable the Persistent Cookies. Please be advised that disabling the Persistent Cookies may affect your ability to view or interact with Mass.gov.

Mass.gov does collect and store your “Internet Protocol (“IP”) address,” (which does not identify you as an individual) indefinitely, as well as information about the date and time of your visit, whether a file you have requested exists, and how many “bytes” of information were transmitted to you over the Web from Mass.gov. Mass.gov uses your IP address to assess the frequency of visits to Mass.gov and the popularity of its various pages and functions. We will not attempt to match any personally identifiable information that you provide to us with your IP address, unless there are reasonable grounds to believe that doing so would provide information that is relevant and material to a criminal investigation. The one exception is that, when you fill out information in a form on Mass.gov, we do receive your IP address along with this submission. We do not use this form-related IP address information unless it may be relevant and material to a criminal investigation. The entire Mass.gov privacy policy is available here.

For non-Mass.gov sites, including COMMBUYS, CerTrak, and VRM, please refer to the Persistent Cookies policies for those websites.

Dissemination of Your Personally Identifiable Information

OSD does not sell or disclose any personally identifiable information collected through this website or submitted to the Commonwealth in conjunction with using the functions on the website, and there is no direct or online public access to this information. However, once you voluntarily submit information to us through an e-mail, eFiling, and/or click-through form, its dissemination is governed by the Public Records Law, the Massachusetts General Laws Chapter 66A (Fair Information Practices Act)Massachusetts General Laws Chapter 93H (Security Breaches), Executive Order 504, and other applicable laws and regulations. For this reason, part or all of the information you send us may be provided to a member of the public in response to a public records request. OSD is committed to protecting personally identifiable information from unlawful disclosure and to promptly responding to all requests in accordance with our policies and procedures.

In addition, the information that you voluntarily submit will be disclosed only to employees or officials within Commonwealth agencies, quasi-public, or independent agencies on a "need to know" basis for the purposes of fulfilling their job responsibilities. They will only use the information to answer your questions, respond to any requests for assistance, report program results, and fulfill the Commonwealth's legal obligations. Where appropriate, we may provide the information submitted by you to the person or company that is the subject of your inquiry, or to a government agency responsible for the matters referred to in your communication.

Your Access and Opportunity to Correct

The Public Records Law, Security Breaches Act, and the Fair Information Practices Act provide you certain rights to get information about you that is in our records. To learn more about the circumstances under which you can get and correct this information, please click on the above references to these laws.

Security

Because Mass.gov does not encrypt incoming e-mails, you should not send information that you consider highly sensitive through this website. We use standard security measures to ensure that information provided by you, including your personally identifiable information, is not lost, misused, altered, or unintentionally destroyed. We also use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no attempts are made to identify individual users or their usage habits.

Special Protections Against Misuse Of Personally Identifiable Information Within Commonwealth Offices

In 2008, Executive Order 504 was issued, which enhanced the privacy protection given to any information about you as a named individual held by the Executive Department of state government. Executive Order 504 limits the collection and dissemination of personally identifiable information within the Executive Department and requires Executive Department agencies to greatly enhance the security and integrity of such data. All of the personally identifiable information that you submit to all Mass.gov sites is given the privacy protections set forth in Executive Order 504.

The OSD website may contain hyperlinks to other Commonwealth agency websites and to external websites that are not created or maintained by OSD. When users link to another Commonwealth agency or external website, they are leaving the OSD website and become subject to the privacy policies provided by those sites.

Policy Changes

We will post changes to this policy at least 30 days before they take effect. Any information collected under the current privacy policy will remain subject to the terms of this policy. After any changes take effect, all new information collected, if any, will be subject to the new policy.

Contact Information

For questions about your privacy while using this Website, please contact OSD at osdlegal@mass.gov.

Definitions

Cookies are files that a website can place on your computer. A cookie file contains unique information that a website can use to track such things as your password, lists of webpages you have visited, and the date when you last looked at a specific webpage, or to identify your session at a particular website. A cookie file allows the website to recognize you as you click through pages on the site and when you later revisit the site. A website can use cookies to "remember" your preferences, and to record your browsing behavior on the Web. Although you may prevent websites from placing cookies on your computer by using your browser's preference menu, disabling cookies may affect your ability to view or interact with some websites.

An "Internet Protocol Address" or "IP Address" is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet, or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not, in and of itself, personally identifiable information.

Last Updated on January 29, 2019

Feedback