College website privacy statement

The College privacy policy outlines the way this website and related systems used by the College of Arts, Humanities and Social Sciences, processes, stores and protects user data and information.

Website privacy policy

Our privacy policy outlines the way this website and related systems used by the College of Arts, Humanities and Social Sciences, processes, stores and protects user data and information.

What is this privacy policy for?

This privacy policy sets out additional areas where user privacy is concerned on the College areas of this website; www.ed.ac.uk, other College websites that fall within the hss.ed.ac.uk or cahss.ed.ac.uk subdomains and related systems used by the College. Furthermore, this policy details the way the College websites process, store and protect user data and information.

As part of the University of Edinburgh, all College websites are also covered by the University Website Privacy Policy.

The information within this privacy policy should be considered in conjunction with our website terms and conditions.

Further information

Terms and Conditions - The University of Edinburgh

Privacy policy - The University of Edinburgh

Website visitors

Like most website operators, this website collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. The College’s purpose in collecting non-personally identifying information is to better understand how visitors use this website.

This website also collects potentially personally-identifying information like Internet Protocol (IP) addresses. With the exclusion of staff and individuals with administrative privileges, the College does not use such information to identify its visitors.

Gathering of personally-identifying information

Certain visitors to this website choose to interact with this website in ways that require this website to gather personally-identifying information. The amount and type of information that this website gathers depends on the nature of the interaction.

For example, visitors may sign up to College mailing lists, register for an event or submit personal information as part of an application process.

Visitors can always refuse to supply personally-identifying information, with the understanding that it may prevent them from engaging in certain website-related activities.

The College always aims to minimise the amount of personally-identifying information to only that needed to deliver the services provided through the website and related systems used by us.

Storage of personally-identifying information

In most cases, personally-identifying information is stored on University of Edinburgh servers within the European Union (EU). We use strict procedures and security features to prevent unauthorised access.

We do not sell or rent your personal information to third parties without your consent. We take all measures reasonably necessary to protect against the unauthorized access, use, alteration, or destruction of personally-identifying and potentially personally-identifying information.

In some cases, personally-identifying information is stored with a third-party service. We use selected third-party services to enhance the quality, service and functionality of web services available to visitors.

Use of Click4Assistance and their privacy policy

The College uses Click4Assistance to provide live chat facilities on parts of our websites.

Information about individuals such as personal details, information about interactions with our staff and publicly available information are stored on Click4Assistance servers within the EU for the purposes of managing our interactions and relationships with individuals and organisations that choose to use the live chat facility.

Further information

Click4Assistance privacy statement (external website)   

Use of dotdigital and their privacy policy

The College uses dotdigital as our bulk email service to send email communications. Recipient lists, including email addresses, are stored on dotdigital servers in the EU for the purposes of email newsletter distribution.

If you would prefer that your data is not shared with dotdigital, you can opt out from further communications at any point by clicking on the unsubscribe link in the footer of emails sent by us via dotdigital.

Further information

dotdigital privacy policy (external website)

Use of Microsoft Office 365 services and their privacy policy

The College uses services provided by Microsoft through their Office 365 for Education service to capture data via online forms and other similar mechanisms.

All data are stored on servers in the EU and are encrypted in transit and at rest.

Further information

Office 365 trust centre (external website)

Use of Simitive WAMS and their privacy policy

WAMS from Simitive Ltd is the College's online system for academic workload modelling, and is used to securely store and process selected personal and business data for academic staff.

What information is stored on WAMS?

WAMS utilises basic staff information for facilitating workload allocation, such as

• name,
• title,
• FTE
• and subject area.

We also process PhD student information solely for supervision time allocation.

We also store basic grade information for the purposes of cost modelling.

No sensitive personal data or special category data is stored on WAMS.

Why does the University store personal data on WAMS?

The data are used solely for the purposes of facilitating academic workload allocation and modelling in a transparent, fair and consistent management tool.

WAMS will assist Heads of College, School and Subject Area and other senior managers to discharge their responsibility to staff in ensuring that workloads are appropriate.

Who has access to the personal data on WAMS?

Staff included in workload models can see and comment on their own personal data in WAMS. This is the primary purpose of the system.

There is also a function for staff to see the workloads of other staff in their department under the general headings mentioned above.

The default position is for this function to be switched off unless the department agrees otherwise.

In generating workload allocations, academic line managers have access to the system and the data, specifically Heads of School and Subject Areas. They have access only to information on staff within their Schools/Subjects.

School WAM co-ordinators have access to the system to support the process, as does the College WAM Lead.

The College BI team have access to College-wide information for the purposes of data upload and reporting.

No third party organisations other than Simitive Limited have access to the personal data in WAMS.

How are the data protected?

The College data is held in the EU and is subject to GDPR protection and legislation. A DPIA has been completed and approved for the use of the system.

The College has also reviewed the Simitive security policies and procedures and has deemed them appropriate for the data which are stored and process on WAMS.

How long is personal data stored on WAMS?

WAMS data are held in accordance with the relevant University data retention schedules for these types of data.