List of active policies
|Acceptable Use Policy 23||Site policy||All users|
OpenUWS Site Privacy Notice
The University is committed to looking after any information that you make available to us when you visit this OpenUWS site. We aim to be clear about what we will do with your data. This privacy notice explains when and why we collect personal information about you and how we will use this information. It also explains how we keep your information secure as well as the rights you have in relation to the information we hold about you.
The headings below set out the main information we need to give to you.
The privacy notice will be regularly reviewed to make sure it contains the most up-to-date information. You should check this website to review a copy of our most recent privacy notice. If we make any significant changes to our privacy notice we will update this on the site and ask you to accept these new changes.
If you have any questions about any of the information contained in this privacy notice, then you can contact us on firstname.lastname@example.org.
Who are we?
The University of the West of Scotland (referred to in this Privacy Notice as the “University”, “we”, “our” or “us”) is the Data Controller under the data protection legislation. This privacy Notice sets out how we process the personal data we collect about you (referred to in this Privacy Notice as “you” or “your”).
What type of information do we collect about you from our website?
We collect your full name and email address. Your name will be visible to other participants on the same course. Within your course you may be asked to contribute to forums or other activities which may have your name listed.
What are the sources of the information we hold about you?
The information we collect is information that you have provided directly to us.
How will we use your information?
We will use the information you have provided to us so we can issue you a username and password for the OpenUWS site. This will also be used to enrol you on any courses you choose to participate on in the OpenUWS site.
We may use data to analyse demographic and other statistical information about the popularity and effectiveness of courses on OpenUWS, but we'll only disclose that information in aggregate form, so individual users cannot be identified.
Why do we need to process your personal data?
We process your personal data so that we can issue a username and password for the OpenUWS site and enrol you on the course(s) of your choice. We ask for your consent to do this. Once you have created an account on this site and enrolled on a course, we will use your information to ensure we can deliver your modules of study to you.
There may be times that we process your information because it is necessary for the purposes of our legitimate interests. For example, to better understand how people interact with our virtual learning environments. We will not process your data for the legitimate interests of any third parties.
How long will we keep your information for?
Your account on the OpenUWS will stay active for 3 years after you have created an account. You will be unenrolled from a course after 6 months of inactivity. You must download any course completion information at the time of completion as information will not be retained for long periods of time. If your course is credit bearing, assessment information will be kept on secure University systems for up to 5 years in line with our Procedures for the Retention of Assessed work. This period may be longer if a professional or statutory body requires this.
Who has access to your information and who will we share your information with?
Authorised personnel within the University will be able to access the information you provide to us. Your personal data will only be shared with those third parties with whom the University works in order to provide you with relevant services related to your course. For example, external funding bodies or external/professional awarding bodies.
Will we transfer your information outside of the UK?
The information we store and process stays within the UK.
You can find information about:-
The details of our data protection officer
How we will keep your information safe
What choices you have in relation to your information
How you can complain about the use of your information.
in our website privacy notice which you can read here - https://www.uws.ac.uk/about-our-website/privacy/
This is the IT Acceptable Use Statement which you must agree to before using the site.
IT ACCEPTABLE USE STATEMENT INTRODUCTION
Information Technology plays a vital role in helping deliver efficient services and contributing towards the student experience. Staff will recognise the importance of maintaining good practice for IT to be effective. The purpose of this Statement is to support all users of University systems in understanding good practice, avoiding misuse of University facilities and behaving lawfully.
Everyone using UWS IT equipment or systems is responsible for the security of data on them. As such, all users must adhere to the requirements of this statement at all times. Should anyone be unclear on the statement or how it impacts them, they should contact the Information Services Helpdesk.
This Statement should be read in conjunction with the following UWS procedures and other documents that also apply to this context:
Data Protection Code of Practice
Dignity and Respect at Work Guidelines
Equality, Diversity & Human Rights Code
IT Information Security Procedure
IT Software Licensing & Control Statement
IT Password Management Procedure
Records Management Protocol
Guidelines for the use of Social Media at UWS
University Regulation – Code of Discipline for Students
Guidelines on USB devices
The impact of this Statement will be monitored regularly to reflect the changing online environment and technologies. The Statement may also be amended where particular concerns are raised or where an incident has been recorded.
This Statement supersedes any written or oral policy previously issued concerning IT acceptable use in the University.
1. SCOPE OF STATEMENT
This Statement applies to all individuals issued with a UWS user ID and password (hereafter referred to as ‘user’).
This Statement covers the use of all UWS IT systems, equipment and networks whether accessed on or off campus. It applies to access gained through the wired or the wireless network and via a VPN and to personal equipment being used on the University networks.
2. OUR STATEMENT
Use of any UWS IT systems, equipment and network on or off campus implies acceptance of all terms and conditions within this and associated protocols and guidelines and of the consequences of inappropriate use.
2.1 Computer Access Control
Access to UWS IT systems is controlled by the use of a user ID and password using Multi-Factor Authentication. All user IDs are uniquely assigned to named individuals and consequently, individuals are accountable for all actions on UWS IT systems and equipment by anyone who uses that ID. All those with a user ID must comply with the Password Management Procedure.
Individuals must not:
Allow anyone else to use the user ID allocated to them on any UWS system or equipment.
Allow any unauthorised person to use UWS devices
Leave user accounts logged in at an unattended and unlocked computer.
Use weak or easily guessable passwords. Where weak passwords are identified IT may disable access to the account if the service user is not contactable.
Use someone else’s user ID and password to access UWS systems or equipment.
Leave passwords unprotected (for example written down in view of others).
Perform any unauthorised changes to UWS IT systems or information.
Install any unauthorised software on UWS equipment
Attempt to access data that they are not authorised to use or access.
Exceed the limits of their authorisation or specific business need to interrogate the system or data.
Gain or attempt to gain unauthorised access to accounts or passwords
Fail to return UWS equipment at the end of a loan period
Use USB storage devices which are not encrypted. Use of USB devices for storage should be by exception.
RESPOND TO EMAILS OR ANYONE ASKING YOU TO DISCLOSE YOUR PASSWORD. THE HELPDESK WILL NEVER ASK YOU TO DIVULGE YOUR PASSWORD.
2.2 Internet Access
Use of the internet via UWS equipment is intended for University use. Personal use is permitted, but should be kept to a minimum so that it does not compromise a staff member’s work or a student’s course related study. It should also not preclude others with work-related or course related needs from using the resources.
University emails may require to be disclosed under the Freedom of Information (Scotland) Act 2002 or the Data Protection Act 2018. Therefore users should be aware of the content and language used in e-mails and avoid emotive or subjective language.
Students must not send emails which make representations, contractual commitments or any other form of statement concerning the University unless they have specific authority to do so.
2.4 Social Media
Social media can be a useful tool to encourage student engagement and learning but can be far more informal in nature. Staff should be aware of this when communicating with students via social media and should never share information with students or interact with them in a way that they would not willingly or appropriately do in a University or other public setting. Staff should not communicate via social media in a way that may bring the University into disrepute e.g. using offensive or discriminatory language or posting inappropriate images/content.
Use of social media sites including Instagram, Facebook, Twitter, YouTube online blogs and wikis has increased the risk of inappropriate content being published. Users should be careful not to associate themselves with UWS on personal sites if the views or information on the site might cause conflict with the University.
Access to these sites is not controlled by the institution but users are expected to behave responsibly when using them, particularly when accessing them via the university’s network and to comply with the Guidelines for the use of Social Media at UWS.
2.5 Personal Data
Under UK GDPR, personal data is any information which is related to an identified or identifiable natural person. Users must be familiar with the University’s Data Protection Code of Practice. Personal data being sent outside the University must be encrypted. If personal data is being transferred outside of the European Economic Area (EU members states plus UK, Iceland, Norway and Liechtenstein), please contact the Legal Services team.
All users are accountable for their actions on the internet and when using email and social media. All institutional protocols and legislation restricting the disclosure of confidential or personal information must be maintained. Disciplinary procedures may be taken where this is not adhered to.
2.6 Unacceptable Use
Unless such use has been approved for an academic or research purpose, or pursuant to a formal University investigation, one or more of the following is considered unacceptable use for all users:
Installation of any software that is not provided by the University. Use of pirated software or illegal use of licensed software.
Use of software no longer receiving vendor security updates and not supported by a current maintenance agreement
Modifying or circumventing the precautions taken by the University to prevent virus infection.
Using the facilities for monetary gain
Preventing others from making legitimate, work related use of the facilities.
Trying to gain unauthorised entry to other computer systems or files ('hacking').
Copying, deleting or making changes to any files, directories or folders other than those in connection with their work.
Tampering, adjusting, switching on/off or otherwise interfering with the equipment in open access labs and teaching labs other than normal usage.
Transmission of unsolicited commercial or advertising material, save where that material is embedded within, or is otherwise part of, a service to which the recipient has chosen to subscribe
Creating, transmitting, transferring, downloading, browsing, viewing, reproducing or accessing any image, material or other data of any kind, which contains unacceptable content, including but not limited to:-
These restrictions apply to work, course related use and personal use. The University considers it important that all use is restricted in this way to avoid disruption in the workplace and the learning environment while reducing the likelihood of embarrassment, distress or offence to others. Any failure to comply may be dealt with under disciplinary Procedures
3.1 Monitoring and Compliance
The use of any University IT systems, equipment and network is monitored in order to ensure that this use is compliant with the law and with University rules.
All data that is created and stored on UWS computers remains the property of UWS. Only under certain circumstances will access to another user account or email be permitted. Any access requires to be authorised by the IT Security and Customer Support Manager, Legal Team, P&OD or Dean of School or Head of Department. Any access will only be given to an appropriate staff member subject to Data Protection laws and monitored by P&OD.
Personal data should not be stored on UWS equipment, network or cloud storage. Examples of this include but are not restricted to personal photographs, music, films and other media files. Network storage will be monitored for these files and may be deleted.
Inbound and outbound internet traffic is scanned for security threats. Access to categories of websites that are deemed unacceptable are blocked by Information Services from the University network.
Some staff and students may be involved in legitimate teaching or research that involves a blocked website. When this is the case, access should be requested via the Information Services Helpdesk. Authorisation will be required from the relevant Dean of School or Head of Department prior to this access being granted.
Investigations will be commenced where reasonable suspicion exists of a breach of this or any other relevant policy. The University may use an external agency to carry out appropriate technical investigations. Any suspected breach of this procedure must be reported immediately to the IT Security and Customer Support Manager or the Information Services Helpdesk to allow investigation of the incident prior to taking appropriate action.
All breaches will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with UWS disciplinary procedures for staff. Pending investigation of a suspected breach of the policy, IT services may be suspended for that individual.
User behaviour is subject to the laws of the land, even those that may not apparently relate to IT such as the laws on fraud, theft and harassment. Where investigation reveals activity that is considered to be in breach of current laws, the incident will be escalated to a senior member of staff. The matter may be reported to the appropriate authorities on the guidance of senior management. Relevant current legislation includes, but not limited to, the following:
3.2 Government Prevent Strategy
The University has a duty under the Counter Terrorism & Security Act 2015 to have “due regard to the need to prevent people from being drawn into terrorism”.
One way in which people can become drawn into terrorism or extremism is via online material. This policy prohibits accessing, posting or contributing any material (whether at the University or otherwise) that promotes terrorism or extremism as defined in the Government’s Prevent Strategy 2011: “Vocal or active opposition to fundamental British values, including democracy, the rule of law, individual liberty and mutual respect and tolerance of different faiths and beliefs. We also include in our definition of extremism calls for the death of members of our armed forces.” A secure web gateway provides UWS with web content categorisation. Website categories that would breach this policy are blocked by default. Some staff may be involved in legitimate teaching or research into blocked topics that are sensitive in nature. When this is the case:
Explicit approval must be obtained from the staff member’s line manager.
Ethical approval must be obtained through the appropriate School Ethics Committee or University Ethics Committee
Robust storage must be in place so the material is only accessible by the relevant individual(s)
Should a member of staff become aware that a student or member of staff has been attempting to access terrorism or extremism related content, they should discuss this confidentially with their line manager or a senior member of staff. If necessary, the line manager or senior member of staff will then escalate this via the VP (Governance) & University Secretary.