Exeter IT users
Why this statement is required
The University is committed to safeguarding your privacy and personal data at all times and it is important we are able to demonstrate how we achieve this.
This statement has been produced to support the University’s commitment to protecting your privacy and personal data and you are encouraged to also read the Data Protection policy and Privacy and Personal Data policy.
Within the University of Exeter, there are numerous supported IT systems that process personal data. As Exeter IT are required to supply and support IT systems this means that our staff may, from time to time be exposed to datasets that contain personal data.
There are other departments around the University that process your personal data as well. These would include Professional Services (HR, Finance etc), Library Services, Student Information Desk, Admissions, Colleges etc. They also are required to ensure that any processing of your data is carried out in a lawful manner and in line with the requirements set out in the new General Data Protection Policy which came into force on 25 May 2018.
In order to ensure your data is being protected, Exeter IT supported systems data is regularly backed up. Backups of IT supported systems are stored in three data centres, all within the South West of England and have a variety of access control measures.
Supported IT systems also have technical security controls in place such as secure networks, firewalls, routers, full disk encryption on laptops, malware protections and all this is supported with policies and procedures.
Although some IT solutions are designed in-house, we more regularly buy off-the-shelf solutions. We also makes use of Cloud services, and we ensure our suppliers are accredited to industry standards such as
- SOC1,2 or 3
- PCI DSS
- Privacy Shield
- HIPAA regulation
Every effort is taken to try and use third parties suppliers within the boundaries of the European Economic Area (EEA) to ensure the Data Protection rights of individuals. However, there may occasions where the system is supplied by an organisation that is outside of the EEA. If this is the case, you will be notified accordingly and maybe asked to give consent for your personal data to be used and processed outside of the EEA.