Who we are:

University of Warwick, a royal charter company with registered number RC000678, with offices at University House, Kirby Corner Road, Coventry CV4 8UW

Our Data Protection Officer:

Director of Legal and Compliance Services

infocompliance@warwick.ac.uk

Our contact for this work:

Network Replacement and Security Programme team

NRSP@warwick.ac.uk

The source from which your personal data originates:

We process personal data provided by you when you use the network.

The categories of your personal data that we will process:

Information about your use of our information and communications systems including:

· IT Account usernames.

· Email address and mobile phone number for guest users without an IT Account.

· Allocated IP addresses.

· Off campus IP addresses.

· Device details, such as MAC addresses and host names.

· Identity of Wireless Access Point or wired network port connected to.

· Connection times.

· Network administrator activity records.

· Network traffic inspection, scanning and logging, including, but not limited to:

o Network traffic type (protocols).

o Source and destination IP addresses.

o DNS lookup requests.

o Web URLs requested.

o Files and data sent/received

The special categories of your personal data that we will process:

None

Our lawful basis for processing your personal data:

The processing is necessary for the purposes of our legitimate interests in ensuring proper usage and network security of the University’s IT systems.

Our purposes for processing your personal data:

To monitor your use of the University’s information and communication systems to ensure compliance with the University’s IT policies, including:

· To monitor the quality of the service provided by the network.

· To investigate any issues raised by individuals with regard to the operation of, or faults reported on the network solution.

· To investigate complaints of misuse of University computing facilities.

· To detect and investigate indications of cyber security compromises.

· To monitor compliance with University information security policies and guidelines using technologies provided by Cisco including (but not limited to) AnyConnect and Umbrella.

· To be able to identify individuals connecting to the JANET network via the University as required by JANET.

Please see our Network Replacement Security Programme webpage for further information.

Who we will share your personal data with:

We will share your personal data with our data processors pursuant to data processing agreements. Our processors include BT and Cisco.

We will also share your personal data with our internet service provider JANET. For further information, please see the JANET Acceptable Use Policy.

Will we transfer your personal data outside of the United Kingdom:

The University’s processor Cisco is based in the United States with support teams worldwide. Transfers to the United States and other countries will be subject to adequate safeguards.

Will we use automated means (e.g. profiling) to make decisions about you:

Contravention of the University’s information and communications systems access policies may automatically quarantine an individual’s network access.

Access to different services through the network will be automated depending on whether an individual is student or staff, and on details such as their attributed department or role at the University.

An individual’s device posture may also be automatically checked to ensure compliance with University device security standards.

Are you obliged to provide this personal data:

Staff may be required to use the University’s network as part of their employment; but there is no statutory or other general obligation on individuals to use the University’s network.

How long will we keep your personal data:

We keep all personal data in accordance with our Information and Records Management Policy and the University Records Retention Schedule.

Your rights:

You have the right to request access to and rectification or erasure of personal data, or restriction of processing concerning you, or to object to processing, as well as the right to data portability. If our lawful basis for processing your personal data is your consent – you have the right to withdraw it at any time. To exercise these rights, please contact us by email at infocompliance@warwick.ac.uk.

You have the right to complain to the Information Commissioner’s Office, which can be contacted at www.ico.org.uk. If we fail to comply with your rights, you have the right to seek a judicial remedy.