Data Protection Information: Information Services
Introduction
Information Services at Aberystwyth University collects and processes personal data for itself and its own services and functions. It also manages systems and platforms used by other University departments and support services. All of these contain personal data/information in one form or another and are used to support some of the University’s core functions. Information Services is committed to upholding privacy and taking appropriate and secure care of the personal data it processes in line with current data protection legislation.
Where do we get information from (Staff Students, others)?
The personal data held and processed by Information Services comes from a range of sources, but most is primarily supplied by UCAS (for undergraduate students) or is provided by staff and students themselves, either directly to Information Services or via other University academic or service departments.
Staff and students also generate information when at the University and much of this will be held as records or logs on central IS systems; for instance, when cards are swiped to indicate attendance at lectures, or when entering a building, or exam results entered by departments on AStRA the student records system, or websites visited or material sent through the University’s printing system.
Some sections of the University’s network may require you to provide personal information to us in order to provide a particular service or to verify your identity.
What systems hold personal data?
- AStRA – this is the main student records system which holds core student personal data (including academic data).
- ABW – provides Human Resources with a system to manage personnel function and salaries and the Finance Department with a means of managing general finance information. It also allows individual staff across the University to access and update their own basic personal information. Access levels are strictly managed, particularly admin access.
- Aladdin – provides information to personal tutors (and a number of other staff) to assist with personal tutoring plans and support students. It also includes elements of information associated with Learning Analytics such as attendance data. It is also used to track and manage students with poor attendance. The data is, essentially, held in AStRA (see above). All staff who have access to student profiles in AStRA have access to Aladdin, primarily tutors and administrative staff.
- Blackboard – this delivers learning and teaching materials, online assessments and feedback to students.
- Calm – provides a system for tracking individual actions, jobs and tasks undertaken by Information Services. Individual staff and students are identified only in relation to those tasks
- Events & Training System - this system collects personal data in order to manage people’s booking information, to collect additional requirements and produce anonymised statistical data about the University events and training sessions. Data Protection Information: AU Events and Training system.
- Library systems (Alma/Primo) - these systems, normally accessed only by Information Services staff, undertake all aspects of library work and hold accounts for members of the university and other users, including contact details, borrowing histories and details of payments or fines. Expired library accounts are deleted once a year in September.
- VPN - The GlobalProtect App collects data on your operating system. We collect this information to profile devices connecting to our network for security purposes. This includes checking that the operating system and installed software are up to date and anti-virus protection is enabled. Please see the GlobalProtect documentation for full details on what data the GlobalProtect App collects on each operating system: https://docs.paloaltonetworks.com/globalprotect/9-1/globalprotect-admin/host-information/about-host-information/what-data-does-the-globalprotect-app-collect-on-each-operating-system.html"
Details of smaller systems will be added in due course
Who has access to the data?
Access to the personal data held and any logs, such as those noted above, is strictly controlled. Information Services staff can only access data if their duties involve technical systems maintenance or they are directly involved with a particular system or service which requires access to that data.
Information Services also provide University-wide access control/authentication for a number of key systems such as AStRA.
Access to personal data held by Information Services is only accessible to third parties external to the University is specific and strictly controlled situations, usually when contracted to provide a service to the University and its staff and students.
In what other circumstances might this information may be used?
Normally, the information processed by those systems above will only be used in conjunction with the primary focus of that system (e.g. Primo/Alma – used for borrowing and library related matters). In exceptional documented circumstances there may be a need to access data or logs for other purposes and/or supply information to the police, for instance, in the case of searches for missing persons or serious breaches of rules and regulations, or to establish facts in relation to complaints.
For further information, see also: