The University is committed to looking after any information that you make available to us. We aim to be clear about what we will do with your data. This privacy notice explains when and why we collect personal information about you and how we will use this information including the ways we might share this with others. It also explains how we keep your information secure as well as the rights you have in relation to the information we hold about you.
The privacy notice will be regularly reviewed to make sure it contains the most up-to-date information. You should check our website to review a copy of our most recent privacy notice. If we make any significant changes to our privacy notice we will contact you to let you know. If you have any questions about any of the information contained in this privacy notice then you can contact us on firstname.lastname@example.org
Who are we?
The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation. This privacy Notice sets out how we process the personal data we collect about you (referred to in this Privacy Notice as “you” or “your”).
What type of information do we collect about you?
We will collect a variety of information about you. For example:-
What are the sources of the information we hold about you?
We may collect information about you in a number of ways. For example:-
How will we use your information?
We will use the information we hold about you for the following purposes:-
Why do we need to process your personal data?
We may process your personal data for a number of reasons. In many cases this is because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering in to a contract. For example, when you have enrolled with us we will use your information to ensure we can deliver the course to you.
We may also process your data because it is necessary for the performance of tasks we carry out in the public interest or because it is necessary for our or a third party’s legitimate interests. For example, to monitor and evaluate our performance and effectiveness as an institution. We may process your personal data because we need to do so to comply with our legal obligations, for example, when we provide information to HESA.
In some cases we will collect your consent in order to process your data. Specifically, if we want to send you marketing information about future programmes that may be of interest to you we will ask for your consent before we do this.
How long will we keep your information for?
Where you make a general enquiry about a course, we will keep a record of this for twelve months and then delete it from our systems.
If you also consent to receiving marketing information from us, we will keep your contact details for longer, but you will be able to tell as at any time that you want to stop receiving these communications by e-mailing us at email@example.com
Who has access to your information and who will we share your information with?
There will be times where we may share the information you provide to us with third parties. In some cases this data sharing is optional and you will be given a choice about whether you want us to share your data at the time you provide us with the information. However, in some cases we will not offer you a choice because we have to share your information to ensure we can provide services to you or to make sure we can meet our legal or statutory obligations. We will always make sure that when we share information about you that we do this in line with the legislation and that we only share the minimum amount of information that is needed. The most common data sharing we will carry out is as follows:-
What choices do you have in relation to your information?
Under the legislation you have certain rights in relation to the information we hold about you:
Many of the rights above are not absolute so there may be times when you make a request to us and we are unable to meet it in full but if this is the case we will explain to you fully why we have not been able to do what you have asked. You should also be aware that where our processing of your information relies on your consent and you then decide to withdraw that consent then we may not be able to provide all or some aspects of our services to you.
More detailed information about the rights you have any how you can make a request can be found at https://www.uws.ac.uk/about-uws/compliance/information-records-management/data-protection/
How can you access and update your information?
We want to make sure that the information we hold about you is always accurate and up-to-date. We can only do this if you let us know about any changes to the information we hold about you. You can do this by contacting us at firstname.lastname@example.org with information about the updated details.
How will we keep your information safe?
All personal information we hold about you is held on our secure servers. If we hold paper records about you then we make sure that staff are trained about how they should handle this information and make sure it is stored securely.
You can find out further information below:
Firewall A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Rules are designed to provide a balance between strong security and allowing staff and students appropriate access to teach and study.
Patch Management Patch management is a strategy for managing security fixes or upgrades for software applications and technologies. A patch management plan helps the organisation handle these changes efficiently and in a controlled and fully tested manner. We patch our devices and systems as part of a 30 day rolling process. Critical security patches are installed as required.**
Access Control Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment. Access to files and folders and connections to computer networks is based on user credentials, login and password.
Event/Network Monitoring The UWS network is constantly monitored for anomalous behaviour which would be associated with cyber-attacks. Event monitoring tools help us to monitor details of activity on the network and allow us to highlight areas of concern for further investigation. Identifying anomalies quickly is vital to securing the confidentially, integrity and availability of data on our network.
Anti-Virus Anti-Virus protection is installed on all endpoint devices and updated at least daily with the latest vendor updates. Antivirus software is designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems. Our antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.
Does the University carry out any automated decision making using my information?
Automated decision making is when an organisation makes a decision about you without human intervention. For example, for the assessment of eligibility for financial assistance. The University does not carry out any automated decision making based on the information you provide to us. Will we transfer your information outside of the EEA?
Some of the personal data we hold about you may be transferred to, and stored at, a destination outside the European Economic Area. Specifically, our platform provider is based in New Zealand so some of your data may be stored on servers there. New Zealand has an adequacy decision under data protection law which means the transfer of personal data is permitted on the same basis as it is to countries in the EEA.
Who is the University’s Data Protection Officer?
The Head of Legal Services is the UWS Data Protection Officer. If you have any concerns about how we handle your personal data then you can contact the Data Protection Officer directly by e-mail email@example.com or by post at Data Protection Officer, University of the West of Scotland, Legal Services, High Street, Paisley, PA1 2BE
How can I complain about your use of my information?
If you remain unhappy then you have a right to complain to the Information Commissioners Office: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF e-mail:firstname.lastname@example.org and telephone 0303 123 1113