Use of Third Parties in Processing Data

From time to time the University may use third parties to process data, for instance, in employing security firms, in editing CCTV footage, or in debt collection.

In these circumstances, the following safeguards shall always apply:

• There shall be a contractual relationship between the University and the third party
• Appropriate guarantees shall be obtained by the University from the contracted company regarding the security measures it takes to safeguard any data, and to ensure that its use remains within the provisions of the Data Protection Act
• The written contract shall make the security guarantees of the third party explicit
• Steps shall be taken to check that the guarantees are met
• The contract shall make it clear that the third party may only use the data in accordance with the instructions of the University, and for the purposes identified by the University.