Website Privacy Notice

The University is committed to looking after any information that you make available to us when you visit our website.  We aim to be clear about what we will do with your data.  This website privacy notice explains when and why we collect personal information about you and how we will use this information.  It also explains how we keep your information secure as well as the rights you have in relation to the information we hold about you.

The headings below set out the main information we need to give to you.

The website privacy notice will be regularly reviewed to make sure it contains the most up-to-date information. You should check our website to review a copy of our most recent website privacy notice.

This website privacy notice relates to how we use the information you provide when you visit our website.  There are times when we have separate privacy notices which deal with other circumstances, for example, how we handle your data if you enrol as a student of the University.  You will be made aware of these tailored privacy notices separately.

We have a separate document that explains how we use Cookies on our website and this can be found here.

If you have any questions about any of the information contained in this privacy notice then you can contact us on

Who are we?

The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation.  This privacy Notice sets out how we process personal data about visitors to our website (referred to in this Privacy Notice as “you” or “your”).

What type of information do we collect about you from our website?

We collect information about you:

  • when you provide us with your personal details (such as your name, contact details, email address, etc.) by registering with us or submitting an enquiry via the website
  • when you respond to surveys which we ask you to complete for research purposes
  • from your usage of the website and any other information you post on the site or send to us via email or other means

What are the sources of the information we hold about you?

The personal data which we hold about you is will be the information provided directly by you when you make an enquiry through the website. 

How will we use your information?

We will use the information we hold about you to respond to any queries you have raised with us or to provide you with information that you have requested that we send you.

If you make a general enquiry we will only send you the information you have requested and will not use your details for any further direct marketing purposes unless you have given your consent for us to do this.

We may use data to analyse demographic and other statistical information about the popularity and effectiveness of our website, but we'll only disclose that information in aggregate form, so individual users cannot be identified.

Why do we need to process your personal data?

We may process your personal data for a number of reasons.  Primarily this is because you have consented to this so that we can respond to your enquiry or provide you with the information you have requested. 

There may be times that we process your information because it is necessary for the purposes of our legitimate interests.  For example, to better understand how people interact with our websites.  We will not process your data for the legitimate interests of any third parties.

How long will we keep your information for?

We will retain your data for as long as it is needed to respond to your enquiry.  If you also consent to receiving marketing information from us we will keep your data for longer but will ask for your consent again periodically so that we can ensure the information we send to you is still relevant.

Who has access to your information and who will we share your information with?

Authorised personnel within the University will be able to access the information you provide to us.  Your personal data will only be shared with those third parties with whom the University works in order to provide you with relevant, personalised communications. These types of organisations can include but are not limited to:

  • Suppliers of digital content for emails
  • Service providers who send out emails, SMS, direct mail or other communications on behalf of the University
  • Providers who will use your profile information to identify others who may be interested in the University.

No information will be passed to third party organisations for them to contact you directly themselves.

What choices do you have in relation to your information?

Under the legislation you have certain rights in relation to the information we hold about you:

  • To obtain access to, and copies of personal data we hold about you;
  • To require us to stop processing your personal data if the processing is causing you damage or distress;
  • To require us to stop sending you marketing communications;
  • To require us to correct any personal data we hold about you that is incorrect;
  • To require us to erase your personal data;
  • To require us to restrict our data processing activities;
  • To withdraw your consent to our data processing activities (without affecting the lawfulness of our processing before you withdrew your consent);
  • To receive the personal data that we hold about you, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another controller, but only if you provided this information to us by automated means;
  • To object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Many of the rights above are not absolute so there may be times when you make a request to us and we are unable to meet it in full but if this is the case we will explain to you fully why we have not been able to do what you have asked.  You should also be aware that where our processing of your information relies on your consent and you then decide to withdraw that consent then we may not be able to provide all or some aspects of our services to you. 

More detailed information about the rights you have any how you can make a request can be found here.

How will we keep your information safe?

We employ industry-standard security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction or damage. All personal information we hold about you is held on our secure servers.  If we hold paper records about you then we make sure that staff are trained about how they should handle this information and make sure it is stored securely.

Information transmission over the internet can never be guaranteed to be completely secure and although the University will endeavour to protect your personal data we cannot guarantee the security of your personal data transmitted to our website. Any such transmission is at your own risk.

Once we have received your information, we will use strict procedures and security features to prevent unauthorised/unlawful access and disclosure.

  • Firewall

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Rules are designed to provide a balance between strong security and allowing staff and students appropriate access to teach and study.

  • Patch Management

Patch management is a strategy for managing security fixes or upgrades for software applications and technologies.  A patch management plan helps the organisation handle these changes efficiently and in a controlled and fully tested manner.  We patch our devices and systems as part of a 30 day rolling process.  Critical security patches are installed as required.

  • Access Control

Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.

Access to files and folders and connections to computer networks is based on user credentials, login and password.

  • Event/Network Monitoring

The UWS network is constantly monitored for anomalous behaviour which would be associated with cyber-attacks.  Event monitoring tools help us to monitor details of activity on the network and allow us to highlight areas of concern for further investigation.  Identifying anomalies quickly is vital to securing the confidentially, integrity and availability of data on our network.

  • Anti-Virus

Anti-Virus protection is installed on all endpoint devices and updated at least daily with the latest vendor updates. 

Antivirus software is designed to prevent, detect and remove malware infections on individual computing devices, networks and IT systems.

Our antivirus software programs include real-time threat detection and protection to guard against potential vulnerabilities as they happen, as well as system scans that monitor device and system files looking for possible risks.

Will we transfer your information outside of the EEA?

The information we store and process stays within the UK

Who is the University’s Data Protection Officer?

The University Solicitor is the UWS Data Protection Officer.  If you have any concerns about how we handle your personal data then you can contact the Data Protection Officer directly by e-mail or by post at Data Protection Officer, University of the West of Scotland, Legal Services, High Street, Paisley, PA1 2BE

How can I complain about your use of my information?

If you remain unhappy then you have a right to complain to the Information Commissioners Office:


Information Commissioner’s Office
Wycliffe House
Water Lane


Last updated: 23/05/2018