Policy on privacy statements
The University of Leeds is committed to respecting and protecting the privacy of information that is provided to it.
The University requires all those who wish to establish University websites, being websites with URLs containing leeds.ac.uk (with the exception of the Students Union, who will have their own privacy statement, and purely personal web sites) to provide on the front page of their website a prominent link to a copy of their privacy statement. This privacy statement is required in order to comply with legal requirements under the Data Protection Act 1998. The statement is also required in order to comply with the University’s Code of Practice on Data Protection that can be found at http://campus.leeds.ac.uk/dpa/code.htm.
Where data is being used elsewhere it is important that you indicate this in the relevant section. It is also important that you check with the remote site and incorporate any statement that they may require (for example Google Analytics Terms of Service actually require you to use a complete paragraph which they provide for you).
It is the personal responsibility of the registered departmental webmaster to ensure that a privacy statement is adhered to and kept up to date.
If you have any enquiries relating to privacy statements or more generally rights and obligations under the Data Protection Act or the University’s Code of Practice as they apply to University websites please send them to the University’s webmaster (webmaster@leeds.ac.uk).
Model Privacy Statement
Every University website as defined above must on its first page prominently display a link to a privacy statement. The University requires the model detailed below to be used as a template statement. The University recognises that not all parts of the privacy statement will be required on every occasion. There will be permutations depending upon the activity carried out from the website, hence inclusion of optional wording in square brackets. If the operator of a website requires any material variation to the model, consent of the University’s webmaster at the above email address is required.
Note that where you make use of external services such as Google Analytics there is the additional requirement that these services are declared in your privacy statement. Google Analytics issues the text you need to apply when you apply for the account; other services will have similar text, otherwise add a note in each case that these services are used and where they are etc. Include a link to their privacy policy if they have no suitable prepared text.
The whole of the text below can be cut and pasted to form your privacy statement. You then need to cut out any optional sections that do not relate to your site and the check the section numbering. A basic statement is available here for sites which do not use cookies or process data other than web logs.
Note that sections 1 and 2 should always remain.
Note also there are two versions of section 4, choose one or other but you must choose one. Also section 5 refers to sections 2 and 3, so if you do not need to use section 3 but do use cookies then edit that part.
Please take care with section6 regarding eCommerce transactions.
Section 7 and the final paragraph need to be in place and you should put the contact details of your departmantal webmaster in, or anyone else as appropriate to your department/office/group etc.
This statement has been prepared in an attempt to keep it as simple and as easy to implement as possible - please contact me with any questions.
PRIVACY STATEMENT
1. Purpose of this Statement
This statement tells you how the University will collect and process your personal data when you access this website.
2. Automated Collection of Personal Information
As with most other web servers, when you access these web pages certain information you provide will automatically be recorded by the University. This will include your IP address, browser type, and information relating to the page you last visited. This information is processed to estimate how much usage of the server is made by different categories of users and in the event of a breach of security may be used to aid detection.
3. Non-Automated Collection
Where you are required under this website to provide personal data this data will be used for the following purposes: [Give full details]
4. Third Party Access
Your personal data that you have provided will not be sent to other third parties and will remain confidential, accessible only by those who have a legitimate need to know within the University.
4. Third Party Access
Your personal data will be forwarded to the following third parties in connection with the purposes outlined under 2 and 3 above:
[Give full details]
5. Cookies
This website uses cookies. Cookies set by our website can be read by our web server and may contain information you have provided to us for use in connection with the purposes outlined under 2 and 3 above.
6. eCommerce transactions
[PLEASE NOTE you must not accept or process credit / debit card details within the University. Where you have an external provision you must ensure the payment processor is PCI:DSS compliant. The preferred supplier is WPM via store.leeds.ac.uk.
You must include the following section in your privacy policy to make it clear to the user they are being redirected and they should check any policies provided by the remote site. Where you draft privacy policies for inclusion on an external website you must draft it in a form that includes any specific policies the merchant may have and make it clear who is processing the data. E-mail webmaster@leeds.ac.uk for further advice.]
Where you are purchasing products or services or making payments we work with PCI:DSS compliant merchants and you will be redirected to their website in each case. In some cases these merchants use addresses containing leeds.ac.uk with our permission. Please note that the University does not process your card details in any way but it may receive information from the merchant that your transaction has completed and this may also include personal information required to identify your payment which may then be processed by the University. Please refer to the privacy policy provided by the merchant for information about how your data is used.
[Please note that where you transfer a user to a website outside the University you should include text of the form 'You will be transferred to a website outside of the University and operated by XYZ. Please review their privacy policy at URL'.]
7. Changes to this statement
This statement and therefore the ways in which your data may be processed can be changed from time to time. Any changes will only be notified via this web page.
If you have any queries relating to the privacy statement then please contact [Details of local departmental web contact to be inserted] who is responsible for the pages to which it relates. If you feel dissatisfied with the response given then please contact the University’s webmaster (webmaster@leeds.ac.uk).
Information maintained by Jeremy M. Harmer; Last updated 27 April 2010