Privacy Notice for Visitor Registration | Computing

This privacy notice explains what personal information the University holds about visitors. It explains why we hold this information, what we do with it, how long we keep it for and if we share it with third parties.

This privacy notice explains what personal information the University holds about you. It explains why we hold this information, what we do with it, how long we keep it for and if we share it with third parties.

For the purposes of this document and IT services you are classed as a visitor, a generic term which covers all users of IT services who are not on the staff payroll or applicants, students or alumni recorded in the systems of record for those users. The term does not necessarily imply that you are a visitor in the sense in general usage and includes many temporary or contractor staff, professors emeritus, employees of associated organisations, contractors and other types of people who require access to University IT services.

What information do we hold and why?

We collect and use your personal data for a number of purposes, but primarily in order to provide IT services that support your relationship with the University. The main pieces of information we hold are your personal details (name, address, email address, University provided email address if relevant) in order to provide you with services.

We also use individual visitor information to help us understand the make-up of the community we serve. We use it to generate reports and to help us to make decisions which will impact visitors and the services you use.

The table below describes in full the information we hold, what we need it for, where we get it from and who we share it with. It also explains the basis we can legally rely on to request and retain information about you. If you have a may be a specific contract (for instance if you are employed by the University as a contractor or via an agency) then that will be the basis or otherwise our legitimate interest in the provision of services if you have a different relationship with the University.

Use of your information

We will keep your personal data no longer than is necessary, your name and other identifying information will be retained for 7 years after the end of your engagement with the University so your account can be reactivated when you return.

We do not use profiling or automated decision-making processes. This means that a human decision maker will be involved in every decision made about you.

General information about the University’s approach to data protection and to your rights can be found here.

Where do we get your information?

Your information is provided via the department that sponsors your visit and authorises your use of University IT services. Please contact your department for more information.

IT Systems

The university is made up of many services and departments who collect, process and store your data in a variety of sub-systems to deliver their services. These local systems are part of the corporately-supported IT architecture which maintains a live service as well as copies of the live systems used for software development and testing. These development and testing systems will also contain your data and respect the University’s data retention periods.

Your usage of IT services will be recorded in usage logs and audit trails as part of the normal operation of the services. This information may be used to support your usage of systems, investigate information security or data integrity incidents, or provide evidence in disciplinary procedures. The data may also be used to understand usage and performance of IT systems.

It is in the legitimate interest of the University to use your data in this way to ensure that the services you interact with are secure and provide the best (student) experience possible.

The University uses 3^rd parties to provide a number of IT Services (such as Office 365 Email via Microsoft). While your data will be used by 3^rd parties to deliver these services the University retains control of your data as part of these arrangements, and the 3^rd parties will not be allowed to use your data for any other purpose.

Contact

If you have any questions, please contact your school Data Protection Champion.

If you write to us in Gaelic, we may be using a third party translator to translate your message into English and our response back into Gaelic.

Ma sgrìobhas sibh litir no post-d thugainn sa Ghàidhlig, tha e comasach gun cleachd sinn eadar-theangair airson do theachdaireachd eadar-theangachadh bhon Ghàidhlig gu Beurla agus freagairt air ais dhan a’ Ghàidhlig.

Additional privacy statements

The University maintains several other privacy statements that are specific to services delivered.

Information that we will process

The legal basis for processing will be determined on whether you have a contract with the Universtiy.

Data category	Short description/Why needed	Legal basis
Personal information about your identity	The University of Edinburgh will use data about you to be able to identify you as an individual when at or interacting with the University.	Performance of a contract or Legitimate Interest
Details of your ‘visits’ within the University, including start and end dates, sponsoring departments and services provided.	To administer your account at the University and provide you with access to IT services	Performance of a contract or Legitimate Interest
Information confirming you have read and understood our policies and procedures.	To confirm you have read and understood our policies and procedures.	Performance of a contract or Legitimate Interest
Swipe Card data. This includes your name, your photograph and your access to buildings and facilities such as the library and the Centre for Sport and Exercise.	To allow you to access areas of the University that are not open to the public or only available to specific people. To confirm your identity and that you have a relationship with the University. To support the security and management of the estate.	Performance of a contract or Legitimate Interest
Correspondence to and from you (electronic or otherwise).	To keep records.	Legitimate Interest

Information that we may process depending on your circumstances

As well as the information listed above there is other information that we may process depending on the nature of your relationship with the University

Please check with the person sponsoring your visit or the Data Protection champion for that area of the University if you have any queries.

Data category	Short description/Why needed	Legal basis
Qualifications and Professional Memberships.	Where specific qualifications and memberships are required for your role.	Performance of a contract or Legitimate Interest
Bank account details	In order to make payments to you	Performance of a contract or Legitimate Interest
Information relating to your performance at work, including Annual Review (appraisal) documents and training needs.	To identity objectives and training needs to ensure you are meeting the requirements of your role.	Performance of a contract or Legitimate Interest
Your training record.	To ensure you have the appropriate skills, knowledge, qualifications and/or professional registrations required for your role, including those that are required by law. To support your personal and career development aspirations	Performance of a contract or Legitimate Interest
Information about any medical or health conditions you may have, including your disability status.	To support your engagement with the University and in order to make any reasonable adjustments that are needed.	Performance of a contract or Legitimate Interest
Publicity photographs and/or video/digital images.	To promote your work and/or the work of the University. If you are the subject (i.e. not incidental) to the image you will be asked for your consent.	Consent
Information from exit questionnaires and interviews	To understand why people resign from their post and their experience of working for the University.	Consent
Your work pattern, including your days of work, hours worked and overtime.	To keep records to process your pay and benefits, such as annual leave.	Performance of a contract or Legitimate Interest
Your emergency contact details	To allow us to inform your contacts if you take ill or have an accident at the University.	Legitimate Interests

This privacy notice is continued at: Continued Privacy Notice

This article was published on 2024-10-08