Swansea University Computer Society Data Policy
Date: May 2018
GDPR (EU regulation 2016/679) replaces the Data Protection Directive (EU directive 95/46/EC) on 25/05/2018. As per articles 12, 13, and 14 here is our policy on data.
This is aimed to be the one and only place with regards to data within Swansea University Computer Society, henceforth refereed to as SUCS. This is written in as simple language as possible therefore may include some informal phrasing.
Clarifications:
Interested groups:
Swansea University Computer Society (SUCS). SUCS is not a legal entity. We are a ‘group’ of unpaid volunteers within a larger charity. SUCS does not have a data protection officer. We are able to deal with data related queries directly via the email address admin@sucs.org
In this document we consider “our” stuff to be any computer system or network we manage, even if we do not directly own such system or network.
Swansea University Students' Union (Charity number: 1149941). Is the organisation we are a part of, legally no difference between us (SUCS) and them. You may contact them via info@swansea-union.co.uk for any queries.
Swansea University (Charity Number: 1138342). You may contact them via dataprotection@swansea.ac.uk for any queries.
You, the ‘data subject’, just by reading this (it’s only available via our website) we have collected personal data on you.
Data:
Non-members:
SUCS stores data about your interactions with our systems as per Article 6, Paragraph 1, Point F, Recital 49 of GDPR. It is not used for purposes other than described in Recital 49.
Such data is exempt from Right To Be Forgotten (Article 17) requests as per Article 17, Paragraph 3, Point E.
It may be shared with Swansea University ISS Networking Team and Law Enforcement upon request.
No other data is stored.
Members:
SUCS stores data about all your interactions with our systems as per Article 6, Paragraph 1, Point F, Recital 49 of GDPR. It is not used for purposes other than described in Recital 49.
Such data is exempt from Right To Be Forgotten (Article 17) requests as per Article 17, Paragraph 3, Point E.
It may be shared with Swansea University ISS Networking Team and Law Enforcement upon request.
SUCS only starts to store other personal data until a member has created a account on our systems.
Once you have created a account we hold the following personal data that you give us:
Name
Contact Details
Phone number
Address
Email address
SUCS Username
SUCS UID
Swansea University ID
CCTV images & video
SUCS username is used to identify and address you.
SUCS UID is used in reference to GDPR Recital 49.
Swansea University ID is used to verify membership eligibility and linkage when interfacing with Swansea University Students’ Union and Swansea University.
CCTV is used in a non-monitoring fashion, history is only accessed by staff when there is reasonable need. CCTV may be shared with Swansea University (Estates and Facilities – Security) and law enforcement.
Other stored details are used for contact purposes. They are not shared with any third party outside of SUCS. However, they may be shared with law enforcement when required.
We do not share data with third parties, that includes the Students’ Union unless otherwise stated.
Data Requests:
Non-members:
You may send data requests for your data to admin@sucs.org
Members:
You may send data requests for your data to admin@sucs.org
Students’ Union Staff:
We do not share data directly, if you would like some data please speak to us at admin@sucs.org
Swansea University Staff:
ISS Networking Team - You may send data requests to admin@sucs.org
Estates Security - You may send data requests to admin@sucs.org
Other – We do not share data directly.
Law Enforcement:
You may send data requests to admin@sucs.org. If you wish to have a specific person to liaise with, please say so in the original email.