Privacy Notice

The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation.  This privacy Notice sets out how we process personal data about visitors to our website (referred to in this Privacy Notice as “you” or “your”).

We collect information about you:

• when you provide us with your personal details (such as your name, contact details, email address, etc.) by registering with us or submitting an enquiry via the website
• when you respond to surveys which we ask you to complete for research purposes
• from your usage of the website and any other information you post on the site or send to us via email or other means

The personal data which we hold about you is will be the information provided directly by you when you make an enquiry through the website. 

We will use the information we hold about you to respond to any queries you have raised with us or to provide you with information that you have requested that we send you.

If you make a general enquiry we will only send you the information you have requested and will not use your details for any further direct marketing purposes unless you have given your consent for us to do this.

We may use data to analyse demographic and other statistical information about the popularity and effectiveness of our website, but we'll only disclose that information in aggregate form, so individual users cannot be identified.

We may process your personal data for a number of reasons.  Primarily this is because you have consented to this so that we can respond to your enquiry or provide you with the information you have requested. 

There may be times that we process your information because it is necessary for the purposes of our legitimate interests.  For example, to better understand how people interact with our websites.  We will not process your data for the legitimate interests of any third parties.

We will retain your data for as long as it is needed to respond to your enquiry.  If you also consent to receiving marketing information from us we will keep your data for longer but will ask for your consent again periodically so that we can ensure the information we send to you is still relevant.

Authorised personnel within the University will be able to access the information you provide to us.  Your personal data will only be shared with those third parties with whom the University works in order to provide you with relevant, personalised communications. These types of organisations can include but are not limited to:

• Suppliers of digital content for emails
• Service providers who send out emails, SMS, direct mail or other communications on behalf of the University
• Providers who will use your profile information to identify others who may be interested in the University.

No information will be passed to third party organisations for them to contact you directly themselves.

Under the legislation you have certain rights in relation to the information we hold about you:

• To obtain access to, and copies of personal data we hold about you;
• To require us to stop processing your personal data if the processing is causing you damage or distress;
• To require us to stop sending you marketing communications;
• To require us to correct any personal data we hold about you that is incorrect;
• To require us to erase your personal data;
• To require us to restrict our data processing activities;
• To withdraw your consent to our data processing activities (without affecting the lawfulness of our processing before you withdrew your consent);
• To receive the personal data that we hold about you, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another controller, but only if you provided this information to us by automated means;
• To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Many of the rights above are not absolute so there may be times when you make a request to us and we are unable to meet it in full but if this is the case we will explain to you fully why we have not been able to do what you have asked.  You should also be aware that where our processing of your information relies on your consent and you then decide to withdraw that consent then we may not be able to provide all or some aspects of our services to you. 

More detailed information about the rights you have any how you can make a Personal Data Request is noted below.

We employ industry-standard security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage. All personal information we hold about you is held on our secure servers.  If we hold paper records about you then we make sure that staff are trained about how they should handle this information and make sure it is stored securely.

Information transmission over the internet can never be guaranteed to be completely secure and although the University will endeavour to protect your personal data we cannot guarantee the security of your personal data transmitted to our website. Any such transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to prevent unauthorised/unlawful access and disclosure.

• Firewall

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Rules are designed to provide a balance between strong security and allowing staff and students appropriate access to teach and study.

• Patch Management

Patch management is a strategy for managing security fixes or upgrades for software applications and technologies.  A patch management plan helps the organisation handle these changes efficiently and in a controlled and fully tested manner.  We patch our devices and systems as part of a 30 day rolling process.  Critical security patches are installed as required.

• Access Control

Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.

Access to files and folders and connections to computer networks is based on user credentials, login and password.

• Event/Network Monitoring

The UWS network is constantly monitored for anomalous behaviour which would be associated with cyber-attacks.  Event monitoring tools help us to monitor details of activity on the network and allow us to highlight areas of concern for further investigation.  Identifying anomalies quickly is vital to securing the confidentially, integrity and availability of data on our network.

• Anti-Virus

Anti-Virus protection is installed on all endpoint devices and updated at least daily with the latest vendor updates. 

Antivirus software is designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

Our antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.

The information we store and process stays within the UK

The University Solicitor is the UWS Data Protection Officer.  If you have any concerns about how we handle your personal data or want to more about how to make a Personal Data Request, then you can contact the Data Protection Officer directly by e-mail dataprotection@uws.ac.uk or by post at Data Protection Officer, University of the West of Scotland, Legal Services, High Street, Paisley, PA1 2BE

If you remain unhappy then you have a right to complain to the Information Commissioners Office:

ADDRESS

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

CONTACT DETAILS

• e-mail: casework@ico.org.uk
• telephone: 0303 123 1113