This statement explains what information we in IT Services collect, why we collect it, how we use it, and your options to access and update that information.
The use of Bath Spa University’s IT facilities is bound by the Regulations for the use of Computer Facilities. In using our services, you share some information with us, which we use to comply with legislation and to provide and improve the services that we offer.
Information you give us
When you join Bath Spa University as a member of staff or as a student, you give us some personal information such as your name and date of birth, and agree to be bound by the University’s regulations. This information is used to create your login account, granting you access to our services, which are subject to the Regulations for the Use of Computer Facilities.
Information we collect
We collect device-specific information about Bath Spa University-owned devices (such as the hardware model, operating system, and unique identifiers such as MAC address and IP address, the software installed, and the software you use). We collect information about the last login to the device, your department, and location. We also monitor devices for signs of malicious activity that may pose a security threat to the integrity of the University network, or University or personal data.
How we use the information we collect
We use the information we collect to provide our services and to protect the University by ensuring that it complies with all of its legal and regulatory obligations. We also use the information to:
- Manage and monitor the security of University devices and data
- Provide software updates to University devices
- Maintain up-to-date records of the University’s hardware and software assets
- Ensure compliance with the terms of our software licence agreements
- Help us manage and improve our services
- Help solve any issues you may be facing when you contact us for technical support or to request services.
We may share the information we collect with certain third party companies that have been contracted to provide specific services to the University. Information is shared only for the purpose of fulfilling the above activities and is not shared or used for any other purpose.
You have the rights to:
- Obtain access to and copies of the personal data that we hold about you
- Require that we cease processing your personal data if the processing is causing you damage or distress
- Require us not to send you marketing communications
Under the General Data Protection Regulations, you also have these additional rights:
- To require us to correct the personal data we hold about you if it is incorrect.
- To require us to erase your personal data.
- To require us to restrict our data processing activities.
- To receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller.
- To object, on grounds relating to your particular situation, to any of our processing activities where you feel this has a disproportionate impact on your rights.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply. Our processing of your personal data is necessary to discharge the legal and regulatory obligations of the University and to provide some or all aspects of our services to you and to the University.
If you have any queries, please contact firstname.lastname@example.org.