Privacy Notice for University of Warwick websites
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The University of Warwick (“UoW”) is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how UoW collects and uses personal data when you access our websites (e.g. websites ending in warwick.ac.uk and wbs.ac.uk), in accordance with the UK General Data Protection Regulation 2016 (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
The UoW collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the UK GDPR and DPA 2018 and we are responsible as ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how UoW will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
The UoW is the data controller under the UK GDPR and the DPA 2018 and we will process your personal data in accordance with the UK GDPR and DPA 2018 at all times. You, as a ‘data subject’, therefore have specific rights to the data that we hold, collect and process.
Throughout this notice, “University”, “we”, “our”, and “us” refer to the UoW; “you” and “your” refer to those accessing our websites.
If you would like this notice in another format (for example: audio, large print, braille), please contact us (see ‘How to contact us’ below).
Please note that although our websites include hyperlinks to other websites; this privacy notice only applies to the University’s own websites.
The personal data we collect and use
The following are examples of personal data which may be collected, stored and used:
- IP Address
- Location
- Connections details
- Browser details
- Source or referral data (e.g. hyperlinks from emails, search terms used, etc.)
- Previous visits to the website
- Pages accessed on the website
- Website personalisation preferences
- Your WBS ID number and login details
- Time and date of visit and login
If you complete an e-form on our website e.g. to request a prospectus, to register to attend an event or to sign-up to a mailing list, we may process additional personal data. This personal data may include your name and contact details. The e-form will explain whether requested personal data is required or optional. These e-forms will be subject to their own privacy notice or the University’s Enquiry and Applicant Privacy Notice.
If you make a payment using our websites, we will process your payment information. The University uses a third party payment provider, Global Payments, which maintains its own privacy notice.
Our websites and our emails to you use cookies. For further information, please see the University’s cookies notice.
How the University of Warwick obtains your personal data
We collect your personal data as follows:
- automatically when you visit our websites
- when you complete our e-forms; and
- through the use of cookies (including Google Analytics).
The processing of some of your personal data is required to access our website
Purpose and associated lawful basis
We process your personal data for the purpose of our legitimate interests, including-
- to provide you with information about the University and its services;
- to improve the use of our websites
- to maintain web server logs;
- statistical analysis of the use of our websites;
- system diagnostic and problem solving purposes; and
- to enable you to log-in to receive services
We may use your personal data for other compatible purposes. Any direct marketing conducted by the University will be subject to a separate privacy notice.
Please also note that the University is sometimes required to disclose information for law enforcement purposes.
Retention of your personal data
The UK GDPR and DPA 2018 require that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University's Record Retention Schedule (RRS) is a tool that enables the University to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by UoW.
Full details of the retention periods of records can be found by viewing the records management page and selecting the University's Record Retention Schedule (RRS), which is kept up to date separately.
Transfers outside the United Kingdom and the United Kingdom (UK)
If we have to transfer any of your personal data outside of the UK we will let you know if the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request to Legal and Compliance Services.
Data subject rights
Under the UK GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- be informed of how we collect and use your personal data;
- access your personal data;
- require us to correct any mistakes in the data we hold on you;
- require the erasure of personal data concerning you in certain situations;
- restrict our processing of your personal data in certain circumstances;
- receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights explore Data Subject Rights. If a subject access request is made and the request for access is clearly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.
Keeping your personal data secure
The UoW keeps your personal data secure at all times using organisational, physical and technical measures.
Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the UK GDPR.
UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
How to contact us
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you may raise about our use of your personal data on the contact details below:
The DPO can be contacted via email at infocompliance@warwick.ac.uk or by post at:The Data Protection Officer
Legal and Compliance Services
University of Warwick
University House
Kirby Corner Road
CV4 8UW
The UK GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone on 0303 123 1113.
Changes to this Privacy Notice
This privacy notice was published on 09 August 2021 and last updated on 03 February 2023.
We may change this privacy notice from time to time, when we do we will inform you by putting a message on the website and/or email.