Privacy policy
Privacy notice
The University is committed to looking after any information that you make available to us. We aim to be clear about what we will do with your data. This privacy notice explains when and why we collect personal information about you and how we will use this information including the ways we might share this with others. It also explains how we keep your information secure as well as the rights you have in relation to the information we hold about you.
The privacy notice will be regularly reviewed to make sure it contains the most up-to-date information. You should check our website to review a copy of our most recent privacy notice. If we make any significant changes to our privacy notice we will contact you to let you know. If you have any questions about any of the information contained in this privacy notice then you can contact us on dataprotection@uws.ac.uk
Who are we?
The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation. This privacy Notice sets out how we process the personal data we collect about you (referred to in this Privacy Notice as “you” or “your”).
What type of information do we collect about you?
We will collect a variety of information about you. For example:-
- Your first and last name
- Your postal address
- Your email address and phone number
- The name of your employer and your role
- Your date of birth
- Your gender
- Your nationality
- Your country of residence
- Your previous highest qualification and most recent education provider
- Any additional needs you have for which you may require support to undertake the course
What are the sources of the information we hold about you?
We may collect information about you in a number of ways. For example:-
- Details provided directly when you apply to or enrol on courses with us
- Details provided to your course leader to facilitate your study
- Details provided by your employer
How will we use your information?
We will use the information we hold about you for the following purposes:-
- To deliver the course you have signed up to undertake
- Reporting to the Scottish Government or other funding bodies on students attending courses which are subsidised
- Ensuring equality and diversity amongst our courses
- Completing needs analyses for course participants (e.g. understanding the variety of experiences in a cohort of students to tailor the course appropriately)
- Dealing with complaints
- Other administrative purposes
Why do we need to process your personal data?
We may process your personal data for a number of reasons. In many cases this is because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering in to a contract. For example, when you have enrolled with us we will use your information to ensure we can deliver the course to you.
We may also process your data because it is necessary for the performance of tasks we carry out in the public interest or because it is necessary for our or a third party’s legitimate interests. For example, to monitor and evaluate our performance and effectiveness as an institution. We may process your personal data because we need to do so to comply with our legal obligations, for example, when we provide information to HESA.
In some cases we will collect your consent in order to process your data. Specifically, if we want to send you marketing information about future programmes that may be of interest to you we will ask for your consent before we do this.
How long will we keep your information for?
If you are completing one of our non-credit bearing courses, then we will keep the information we hold about you for two years after you complete the course and after that time, we will delete this. If you are undertaking a credit bearing module, then you will be asked to enrol online via our Banner system and the information we hold will be retained in line with the privacy policy shown to you as part of the enrolment process.
Where you make a general enquiry about a course, we will keep a record of this for twelve months and then delete it from our systems.
If you also consent to receiving marketing information from us, we will keep your contact details for longer, but you will be able to tell as at any time that you want to stop receiving these communications by e-mailing us at cpd@uws.ac.uk
Who has access to your information and who will we share your information with?
There will be times where we may share the information you provide to us with third parties. In some cases this data sharing is optional and you will be given a choice about whether you want us to share your data at the time you provide us with the information. However, in some cases we will not offer you a choice because we have to share your information to ensure we can provide services to you or to make sure we can meet our legal or statutory obligations. We will always make sure that when we share information about you that we do this in line with the legislation and that we only share the minimum amount of information that is needed. The most common data sharing we will carry out is as follows:-
- Sharing basic information with course facilitators or course partners
- Sharing anonymised data with funders of courses
What choices do you have in relation to your information?
Under the legislation you have certain rights in relation to the information we hold about you:
- To obtain access to, and copies of personal data we hold about you;
- To require us to stop processing your personal data if the processing is causing you damage or distress;
- To require us to stop sending you marketing communications;
- To require us to correct any personal data we hold about you that is incorrect;
- To require us to erase your personal data;
- To require us to restrict our data processing activities;
- To withdraw your consent to our data processing activities (without affecting the lawfulness of our processing before you withdrew your consent);
- To receive the personal data that we hold about you, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another controller;
- To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.
Many of the rights above are not absolute so there may be times when you make a request to us and we are unable to meet it in full but if this is the case we will explain to you fully why we have not been able to do what you have asked. You should also be aware that where our processing of your information relies on your consent and you then decide to withdraw that consent then we may not be able to provide all or some aspects of our services to you.
More detailed information about the rights you have any how you can make a request can be found at https://www.uws.ac.uk/about-uws/compliance/information-records-management/data-protection/
How can you access and update your information?
We want to make sure that the information we hold about you is always accurate and up-to-date. We can only do this if you let us know about any changes to the information we hold about you. You can do this by contacting us at cpd@uws.ac.uk with information about the updated details.
How will we keep your information safe?
All personal information we hold about you is held on secure servers. If we hold paper records about you then we make sure that staff are trained about how they should handle this information and make sure it is stored securely.
You can find out further information below:
Firewall A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Rules are designed to provide a balance between strong security and allowing staff and students appropriate access to teach and study.
Patch Management Patch management is a strategy for managing security fixes or upgrades for software applications and technologies. A patch management plan helps the organisation handle these changes efficiently and in a controlled and fully tested manner. We patch our devices and systems as part of a 30 day rolling process. Critical security patches are installed as required.**
Access Control Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment. Access to files and folders and connections to computer networks is based on user credentials, login and password.
Event/Network Monitoring The UWS network is constantly monitored for anomalous behaviour which would be associated with cyber-attacks. Event monitoring tools help us to monitor details of activity on the network and allow us to highlight areas of concern for further investigation. Identifying anomalies quickly is vital to securing the confidentially, integrity and availability of data on our network.
Anti-Virus Anti-Virus protection is installed on all endpoint devices and updated at least daily with the latest vendor updates. Antivirus software is designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems. Our antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.
Does the University carry out any automated decision making using my information?
Automated decision making is when an organisation makes a decision about you without human intervention. For example, for the assessment of eligibility for financial assistance. The University does not carry out any automated decision making based on the information you provide to us. Will we transfer your information outside of the EEA?
Some of the personal data we hold about you may be transferred to, and stored at, a destination outside the European Economic Area. Specifically, our platform provider is based in New Zealand so some of your data may be stored on servers there. New Zealand has an adequacy decision under data protection law which means the transfer of personal data is permitted on the same basis as it is to countries in the EEA.
Who is the University’s Data Protection Officer?
The Head of Legal Services is the UWS Data Protection Officer. If you have any concerns about how we handle your personal data then you can contact the Data Protection Officer directly by e-mail dataprotection@uws.ac.uk or by post at Data Protection Officer, University of the West of Scotland, Legal Services, High Street, Paisley, PA1 2BE
How can I complain about your use of my information?
If you remain unhappy then you have a right to complain to the Information Commissioners Office: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF e-mail:casework@ico.org.uk and telephone 0303 123 1113