Last Updated on December 31, 2020
Welcome to the Supplier Diversity Office’s (SDO) web pages on the Commonwealth of Massachusetts’ (the Commonwealth) website, www.mass.gov. Your privacy is one of our top priorities. The following policy applies only to the use of SDO's web pages, which are accessed via Mass.gov. Information about additional Mass.gov website privacy policies that apply to SDO’s web pages is available on the Mass.gov site.
A Privacy Partnership
Your privacy with respect to the use of the SDO web pages results from a partnership between the Commonwealth as a whole, SDO, and you, the user. At this site, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to the Public Records Law, Massachusetts General Laws Chapter 66, Section 10, we cannot ensure absolute privacy. Information that you provide to us through this site may be made available to members of the public under that law. This policy informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you may access it. Based on this information, you may make an informed choice about your use of this site. You also may maximize the benefits of your privacy partnership with the Commonwealth by making informed choices about whether to share personally identifiable information with us through our web pages.
Personally Identifiable Information
We use the term "personally identifiable information" to mean any information that could reasonably be used to identify you, such as your first and last name in combination with any one or more of the following data elements that relate to you: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number, or password, that would permit access to an individual’s financial account. ''Personal information'' shall not include information that is lawfully obtained from publicly available information or from federal, state, or local government records lawfully made available to the general public.
Information Voluntarily Provided by You
This site collects voluntary information through the surveys, online forms, and email messages you send through this site. Such information may include your email address and any other information you provide to help us answer your inquiry or process your request.
In general: SDO openly and intentionally collects voluntary information that is submitted electronically by users on our web pages and other SDO affiliated web pages. This information supports core business requirements relative to SDO’s responsibilities, including, but not limited to, the following: Supplier Diversity Office (SDO) online certification application processes (including the Small Business Purchasing Program available through COMMBUYS), registration requirements for SDO events or training sessions, and preliminary certification information through online forms.
COMMBUYS: The COMMBUYS e-procurement platform managed by the Operational Services Division (OSD) collects information, including file uploads and provided by (a) public purchasers who join the COMMBUYS community to access web-based tools that enable automated email notifications, approval workflows, records creation, bid postings, and bid management; (b) bidders who choose to join the COMMBUYS community for access to web-based tools enabling automated email notification for posted procurement records, business directory listing, and online bidding activity; and (c) bidders seeking membership in the Small Business Purchasing Program (SBPP). Information collected for SBPP membership, including personally identifiable information, based on business structure, is shared with the Massachusetts Department of Revenue (DOR) for the purposes of validating eligibility and with other public entities for purposes of participating in their programs. Furthermore, OSD shares COMMBUYS information with SDO for the purposes of completing responsibilities related to the SBPP. COMMBUYS is an eProcurement system produced and maintained by Periscope Holdings Inc. (PHI). Users may read PHI’s privacy policies for its eProcurement system here.
SDO Training and other Events: We collect information from attendees who register to attend SDO-hosted training sessions, meetings, and other events. The click-through registration forms open when the events are accepting registrations. SDO may or may not use third-party websites to facilitate event registration. Please refer to the privacy policies of any external website for more detailed information.
CerTrak: The web-based SDO certification tracking system, CerTrak, collects information, including personally identifiable information, based on business structure, from vendors seeking to apply for or maintain SDO certification, including application and supporting document file uploads. Information collected through the system is used and protected in accordance with the policies and procedures for CerTrak.
Information Automatically Collected and Stored by this Site
Mass.gov websites employ the use of "Persistent Cookies." The purpose of these Persistent Cookies is to collect and aggregate data regarding Mass.gov’s visitor activity in order for the Mass.gov Office to continuously evaluate and improve its website services, including on Mass.gov or affiliated websites such as sites hosted at http://blog.mass.gov (collectively, the “Offerings”). You may elect to disable the Persistent Cookies. Please be advised that disabling the Persistent Cookies may affect your ability to view or interact with Mass.gov.
Links to social media sites - Certain links on SDO’s Mass.gov web pages may (whether integrated with Tools or otherwise) facilitate interaction with third-party social media sites. Accessing third-party social media functions (whether through a Tool or otherwise) may require you to log in to your social media provider, and that social media provider may plant a persistent cookie on your web browser to keep you logged in. Any interaction with any such social media provider (whether through a Tool or otherwise) is subject to such social media provider’s site policies, and such provider may plant one or more additional persistent cookies on your web browser as a result of your interaction with it.
Dissemination of Your Personally Identifiable Information
SDO does not sell or disclose any personally identifiable information collected through this website or submitted to the Commonwealth in conjunction with using the functions on the website, and there is no direct or online public access to this information. However, once you voluntarily submit information to us through an e-mail, eFiling, and/or click-through form, its dissemination is governed by the Public Records Law, the Massachusetts General Laws Chapter 66A (Fair Information Practices Act), Massachusetts General Laws Chapter 93H (Security Breaches) and other applicable laws and regulations. For this reason, part or all of the information you send us may be provided to a member of the public in response to a public records request. SDO is committed to protecting personally identifiable information from unlawful disclosure and to promptly responding to all requests in accordance with our policies and procedures.
In addition, the information that you voluntarily submit will be disclosed only to employees or officials within Commonwealth agencies, quasi-public, or independent agencies on a "need to know" basis for the purposes of fulfilling their job responsibilities. They will only use the information to answer your questions, respond to any requests for assistance, report program results, and fulfill the Commonwealth's legal obligations. Where appropriate, we may provide the information submitted by you to the person or company that is the subject of your inquiry, or to a government agency responsible for the matters referred to in your communication.
Your Access and Opportunity to Correct
The Public Records Law, Security Breaches Act, and the Fair Information Practices Act provide you certain rights to get information about you that is in our records. To learn more about the circumstances under which you can get and correct this information, please click on the above references to these laws.
Because information sent to the SDO via our web pages is not encrypted, you should not send information that you consider highly sensitive through this website. We use standard security measures to ensure that information provided by you, including your personally identifiable information, is not lost, misused, altered, or unintentionally destroyed. We also use software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no attempts are made to identify individual users or their usage habits.
Special Protections Against Misuse Of Personally Identifiable Information Within Commonwealth Offices
In 2008, Executive Order 504 was issued, which enhanced the privacy protection given to any information about you as a named individual held by the Executive Department of state government. Executive Order 504 limits the collection and dissemination of personally identifiable information within the Executive Department and requires Executive Department agencies to greatly enhance the security and integrity of such data. All of the personally identifiable information that you submit to all Mass.gov sites is given the privacy protections set forth in Executive Order 504.
The SDO website may contain hyperlinks to other Commonwealth agency websites and to external websites that are not created or maintained by SDO. When users link to another Commonwealth agency or external website, they are leaving the SDO website and become subject to the privacy policies provided by those sites.
For questions about your privacy while using this Website, please contact the SDO at email@example.com.
An "Internet Protocol Address" or "IP Address" is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet, or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not, in and of itself, personally identifiable information.
Social Media: A social media website is a website or a social media application that is usually maintained by an individual and has regular entries of commentary, descriptions of events, or other material such as graphics or video. A social media identity is a specific user identity that has been registered on a third party social media site and is associated with the Agency. Government social media sites or identities typically provide forums for commentary or news on topics related to the government agency that hosts the social media site or has secured the social media identity. A typical social media site (whether hosted by the Agency or a third party) combines text, images, and links to other websites including blogs, wikis, and other media related to the topic and enables readers to leave comments in an interactive format.
Last Updated on December 31, 2020.