These guidelines are intended for MIT departments and organizations selling goods and services with payments by cash, check, and/or credit card. These guidelines are not intended for internal MIT sales using requisitions and journal vouchers.

Goods and services sold using MIT's name and/or using MIT facilities must be related to the Institute's core business. All transactions must be conducted on behalf of MIT and not for personal gain.

Departments, labs, centers, and other recognized faculty, staff, and student organizations that wish to engage in commercial activity must:

1. Collect and Report on Revenues Received
   All revenues received must be collected and reported according to standard MIT financial procedures. Revenues must be deposited in an MIT bank account. For more information, contact merchantservices@mit.edu or call 253-5413. Student groups must first register with the Student Activities Finance Office (SAFO).
   
   
2. Obtain a Merchant ID
   A merchant ID is an account with MIT's bank to accept credit card payments. Use the registration form to apply for a merchant ID. After your request is reviewed, you will receive a confirmation document by mail. This document must be signed by Administrative Officer and returned to the address listed on the document. You will be contacted by telephone or email once the merchant ID number is assigned by the bank. The lead time for new merchant IDs is approximately two weeks.

   Once you receive your merchant ID and begin processing orders, you will receive monthly statements from MIT's bank processor, First Data Merchant Services. The statements will be mailed to the "Doing Business As" name and address as submitted on the registration form.

   Examples of "Doing Business As" names include:

   The MIT Museum Shop
   MIT Medical Department
   MIT Sloan Alumni Reunions

   For more information about merchant IDs, contact merchantservices@mit.edu or call 253-5413.
   

3. Not Store Customer Credit Card Information
   It is MIT's policy that customer credit card information must not be stored in any form (electronically or on paper) any longer than is necessary to process the transaction. Credit card numbers are deleted from MIT's centrally -maintained servers once transactions are settled to the bank. Merchants are responsible for safe-guarding any sensitive customer information that they receive and securely deleting/disposing of it immediately after it is needed to process the transaction.
   
   
4. Use MIT Letterforms
   If the product or service is to use the MIT name or logo, we recommend you use the official MIT letterforms. Electronic files of the letterforms are distributed by the MIT Publishing Services Bureau (PSB). Contact the PSB at 617-253-9380 or psb@mit.edu.
   
   

In addition to the above, the following guidelines apply to web-based e-commerce:

1. Follow Web Publishing Guidelines
   Abide by MIT Web Communications Services guidelines for effective publishing on the World Wide Web.
   
   
2. Collect Applicable Sales Tax
   Abide by all applicable tax laws. For orders delivered in Massachusetts, you are responsible for collecting and reporting to CAO all sales and related taxes on goods and services that are subject to Massachusetts sales tax. You can find these requirements on the CAO web page.
   
   
3. Follow Information Technology Architecture Requirements
   Abide by the Information Technology Architecture Group infrastructure requirements for applications and systems.
   
   
4. Post Privacy Statement
   Create and post a privacy statement about what information you collect from your customers and how that information will be used. You may use the sample statement below as a template; however, you are encouraged to enhance and customize your statement to include data relevant to your business.
   
   All privacy statements must:
   • Be easy to find, read, and understand.
   • Inform the customer what information is collected, how it is used, and whether it is shared with others. If information is
     to be shared with others, the customer's consent must be obtained.
   • Provide a contact for customers to change, update, or inquire about their information.
   • Tell customers how they will be notified of changes to the privacy policy.
   • Include a statement about data security.
   
   
   MIT Privacy Statement Template

We are committed to preserving your privacy. We use the information that you provide (name, address, telephone number, credit card number, etc.) to process your order and maintain our transaction records. The information will not be used for any commercial or philanthropic purpose not directly connected with or supported by MIT without your consent.

Our shopping cart software may use cookies to create and maintain your shopping cart during a session and to maintain your name and address for future visits to the site. Cookies are never used to store credit card information.

We are committed to providing you with a safe online experience. The software we use for processing credit card payments employs secure encryption technology (SSL) to reduce the possibility of theft, manipulation, and other alteration of any information that you provide to us.

Any changes to our policy will be posted on this page. Any information collected prior to the changes will not be subject to the new policy without your consent. The information will remain subject to the policy at the time it was provided to us. Once the change in policy is posted, any new information that you provide and/or information associated with new orders will be subject to the new policy.

If you have questions or concerns about this policy or need to update your customer information, please send email to __________.