Skip To Nav

Site-specific menu

Policy

Purpose

To ensure electronic commerce activities on campus represent the university appropriately, to comply with Payment Card Industry (PCI) Data Security Standards and to protect against exposure and possible theft of cardholder information that has been provided to Western Michigan University. For the purpose of this policy, E-Commerce activity is defined as the processing of orders and payments over the web.

Policy Statement

Western Michigan University provides a centralized E-Commerce software solution through a product called Marketplace. Marketplace consists of two components: Ustores and Upay. University units and departments that transact on-line payments must use the secure web payment system Marketplace for such transactions. This system has been configured to meet the PCI Data Security Standards.

Units planning to offer online sales of goods and services can request the establishment of an online store within Ustores or a Upay account through the Cashiering Office.

Legal: Electronic publications are to follow the same university policies and standards as print publications in regards to copyright laws, "fair use" and intellectual property rights and authorized use of the University's signature, seal and logos.

Western Michigan University web and commerce sites must not use any other organization's trademarks or service marks anywhere (text on pages, metatags, etc.) unless:

  1. the usage reflects the actual attributes of WMU products or services, and
  2. advance permission has been obtained from WMU general counsel.

Western Michigan University e-commerce sites must only be used for university business and any goods or services offered for sale must be related to the department’s core mission.

All customers using the Internet to place orders must be presented with a summary of Western Michigan University's terms and conditions and must indicate that they agree to these terms and conditions.

Security: Servers used for e-commerce must be operated in a secure fashion and include a security statement describing what security standards are in place. Units engaging in e-commerce activity must comply with the PCI Data Security Standards.

Privacy: Except as otherwise required by law, any personal data collected may not be sold, or otherwise made available, to other organizations, companies, or individuals without the explicit consent of the individual.

Any data collected must be explicitly described in a privacy statement accessible on the web site. Any use of the data for purposes not specifically required by the order process must be described. Customers must be given the option to disable any reuse of their information.

Contacts: Questions may be directed to the E-Commerce Committee.