The University is committed to looking after any information that you make available to us when you visit our website. We aim to be clear about what we will do with your data. This website privacy notice explains when and why we collect personal information about you and how we will use this information. It also explains how we keep your information secure as well as the rights you have in relation to the information we hold about you.
The headings below set out the main information we need to give to you.
The website privacy notice will be regularly reviewed to make sure it contains the most up-to-date information. You should check our website to review a copy of our most recent website privacy notice.
This website privacy notice relates to how we use the information you provide when you visit our website. There are times when we have separate privacy notices which deal with other circumstances, for example, how we handle your data if you enrol as a student of the University. You will be made aware of these tailored privacy notices separately.
If you have any questions about any of the information contained in this privacy notice then you can contact us on firstname.lastname@example.org.
The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation. This privacy Notice sets out how we process personal data about visitors to our website (referred to in this Privacy Notice as “you” or “your”).
We collect information about you:
The personal data which we hold about you is will be the information provided directly by you when you make an enquiry through the website.
We will use the information we hold about you to respond to any queries you have raised with us or to provide you with information that you have requested that we send you.
If you make a general enquiry we will only send you the information you have requested and will not use your details for any further direct marketing purposes unless you have given your consent for us to do this.
We may use data to analyse demographic and other statistical information about the popularity and effectiveness of our website, but we'll only disclose that information in aggregate form, so individual users cannot be identified.
We may process your personal data for a number of reasons. Primarily this is because you have consented to this so that we can respond to your enquiry or provide you with the information you have requested.
There may be times that we process your information because it is necessary for the purposes of our legitimate interests. For example, to better understand how people interact with our websites. We will not process your data for the legitimate interests of any third parties.
We will retain your data for as long as it is needed to respond to your enquiry. If you also consent to receiving marketing information from us we will keep your data for longer but will ask for your consent again periodically so that we can ensure the information we send to you is still relevant.
Authorised personnel within the University will be able to access the information you provide to us. Your personal data will only be shared with those third parties with whom the University works in order to provide you with relevant, personalised communications. These types of organisations can include but are not limited to:
No information will be passed to third party organisations for them to contact you directly themselves.
Under the legislation you have certain rights in relation to the information we hold about you:
Many of the rights above are not absolute so there may be times when you make a request to us and we are unable to meet it in full but if this is the case we will explain to you fully why we have not been able to do what you have asked. You should also be aware that where our processing of your information relies on your consent and you then decide to withdraw that consent then we may not be able to provide all or some aspects of our services to you.
More detailed information about the rights you have any how you can make a request can be found here.
We employ industry-standard security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage. All personal information we hold about you is held on our secure servers. If we hold paper records about you then we make sure that staff are trained about how they should handle this information and make sure it is stored securely.
Information transmission over the internet can never be guaranteed to be completely secure and although the University will endeavour to protect your personal data we cannot guarantee the security of your personal data transmitted to our website. Any such transmission is at your own risk.
Once we have received your information, we will use strict procedures and security features to prevent unauthorised/unlawful access and disclosure.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Rules are designed to provide a balance between strong security and allowing staff and students appropriate access to teach and study.
Patch management is a strategy for managing security fixes or upgrades for software applications and technologies. A patch management plan helps the organisation handle these changes efficiently and in a controlled and fully tested manner. We patch our devices and systems as part of a 30 day rolling process. Critical security patches are installed as required.
Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.
Access to files and folders and connections to computer networks is based on user credentials, login and password.
The UWS network is constantly monitored for anomalous behaviour which would be associated with cyber-attacks. Event monitoring tools help us to monitor details of activity on the network and allow us to highlight areas of concern for further investigation. Identifying anomalies quickly is vital to securing the confidentially, integrity and availability of data on our network.
Anti-Virus protection is installed on all endpoint devices and updated at least daily with the latest vendor updates.
Antivirus software is designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.
Our antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.
The information we store and process stays within the UK
The University Solicitor is the UWS Data Protection Officer. If you have any concerns about how we handle your personal data then you can contact the Data Protection Officer directly by e-mail email@example.com or by post at Data Protection Officer, University of the West of Scotland, Legal Services, High Street, Paisley, PA1 2BE
If you remain unhappy then you have a right to complain to the Information Commissioners Office:
Information Commissioner’s Office