skip to primary navigationskip to content
 

Privacy policy

Each Managed Web Service website should have a privacy and cookie policy that includes details of any data collected from users and any cookies that are set from the site. This includes cookies set by tools such as Google Analytics and third-party apps such as 'ShareThis'. A link to the privacy and cookie policy should be clearly visible on every page of the site, in the header or footer.

Privacy

This page describes the personal data processed and stored by the Managed Web Service administration system, and the cookies that the site uses. This policy does not apply to web sites hosted by the Service, which have their own individual privacy policies.

Personal data stored explicitly

Details of current and recently deleted Managed Web Servers, including their site administrators and other users. An audit trail of operations performed on this site and who performed them is also stored indefinitely. This information is available to the site administrators of current sites and to the UIS staff who administer and support the service.

The information collected by this site is used to administer the Managed Web Service and to produce anonymised statistics on the use of the Service.

Data stored incidentally

Standard web server logs are kept, recording certain details of every HTTP[S] interaction. These logs are deleted after 2 weeks. Beyond that point only anonymous statistical data is kept for reporting purposes.

Relevant log files may be retained for longer if an investigation is under way for the purposes of assisting with the investigation.

Details stored in the standard Apache log files:

  • Internet address of connecting client
  • Time stamp
  • Request made
  • Server's response code and number of bytes returned
  • The "user agent" string identifying the make of client

This information is used for system administration, for bug tracking, for producing usage statistics, and for evaluating the usefulness of services offered.

Relevant subsets of this data may be passed to computer security teams as part of investigations of computer misuse involving this site or other computing equipment in the University. Data may be passed to the administrators of other computer systems to enable investigation of problems accessing this site or of system misconfigurations. Data may incidentally be included in information passed to contractors and computer maintenance organisations working for the University, in which case it will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to any third party except if required by law. Summary statistics are extracted from this data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.

Cookies

The Managed Web Service administration system may set one or more cookies that are essential for the operation of the site. These are set during a browsing session and will be deleted by your browser when that session ends. They are used internally by the site for session management. These cookies have the names 'sessionid' and 'csrftoken', 'Ucam-WebAuth-Session-S' and 'grafana_sess'.