Page: 1 2 3
9. The Internet, Online Services & Web 2.0 Services
Download this section as a print-friendly PDF document.
9.1 University Web Pages
The University has an internet website which is accessible worldwide and a web based intranet which is accessible only to members of the University. Within the set of web pages that make up both types of websites, there are web pages which contain personal data e.g. staff names, images and contact details.
The University has to consider the justification for the display of data and ensure that its use is both necessary and proportionate.
Key Elements:
- The University may use personal data on its web pages without consent where its display facilitates the University's normal organisational functioning and management. This may include publicly available hard copy publications
- Staff are informed in the Staff Processing Statement that certain personal data will be displayed and of their right to object to the use of their data where it would cause them significant damage or distress. Staff should speak to their line manager in the first instance who will consult as necessary in determining whether the damage or distress alleged is a suitable ground for removal
- Special Category personal data of either staff or students must not be used on University web pages without explicit written consent
9.2 Web Pages Used to Collect Personal Data
9.2.1 Where personal data is collected from web pages e.g. names and addresses of individuals who have requested a University prospectus, it is important that the rationale for the data collection is clear at the point it is requested and that no personal data other than that required for the particular transaction is collected.
9.2.2 Previously, cookies were used on University sites to help users remember their preferences. However in compliance with the Privacy and Electronic Communications (Amendment) Regulations 2011, this approach is no longer used and cookies have either been removed or a logged in service with appropriate explanatory wording will be adopted and consent to the use of cookies sought where required.
9.2.3 University staff who are involved in developing web pages for a purpose that requires collection of personal data must ensure that the following information is provided to the data subject:
- The purpose for which the data is collected
- The recipients (or classes of recipients) to whom the data may be disclosed
- An indication of the period for which the data will be kept (e.g. "while we process your application" or "for the duration of your studies", rather than a specific time period.)
- And any other information that may be required to ensure that the processing is "fair"
In addition, staff must ensure that:
- The data subjects are given the ability to opt out of any parts of the collection or use of data that is not directly relevant to the intended transaction e.g. where an individual gives their name and address in order to be sent a prospectus and there is follow up research to establish why individuals did not come to the University, the individual should be told about this and be able to opt out of it.
- Subsequent use of the data conforms to the information provided to the data subject and that before any subsequent use that was not disclosed at the time of collection, further consent must be obtained from the individual.
9.3 Internet and Intranet Monitoring
The University requires the ability to inspect all data held on its computer equipment and to inspect all email and other electronic data entering, leaving or within the University network to ensure conformity with:
Further guidance is in the University's Monitoring and Logging Policy.
Page: 1 2 3
Page last updated 04 September 2018