University of Manchester: Privacy Notice relating to Hornet

Doormouse is the halls of residence network management and problem management system that residents register with to connect to the internet from their halls of residence and forms part of the Hornet service.

  1. Introduction
    1. This privacy notice relates to residents using the Wired Internet access within halls of residence (AKA HORNET) within halls of residence detailed in appendix A. The notice specifically relates to data held by the management module for this system, Doormouse, provided by Serotine Ltd.
  2. What is personal data (also known as personal information)?
    1. Personal information means any information which relates to or identifies you as an individual and includes opinions about you or information which may not explicitly identify you (e.g. where your name has been removed) but which nevertheless does identify you if it is combined with other information that is readily available.
  3. How does this notice relate to other information about data protection?
    1. The Doormouse system will use data from the University Accommodation system (Kinetics) to process account closures and room moves.
  4. Who will process my personal information?
    1. Personal information will be used by the HORNET team to provide user support to those on the HORNET system, and in order to remain compliant with the Regulation of Investigatory Powers Act 2000. Data will also be stored by third party Mimoto Ltd as providers of the Doormouse system
  5. What personal information will you process?
    1. The University needs to collect, maintain and use the following personal data relating to or about you:
      1. Name
      2. Spot ID
      3. University Email address
      4. Room Number
      5. IP Address(es) of any device(s) registered to access HORNET
      6. Telephone Number (If provided and redactable at any point)
  6. What is the purpose of the processing under data protection law?
    1. We will only use your personal information when the law allows us to do so by providing us with a legal basis or valid condition. Most commonly, we will use your personal information in the following circumstances:
      1. The data subject has given consent to the processing of their personal data for one or more specific purposes;
      2. Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  7. Can you provide examples of processing?
    1. Processing this data allows us to manage all wired and wireless accounts registered and the associated issues reported within halls of residence detailed in appendix A.
  8. What constitutes “Special Category Data”?
    1. Add where applicable – The University will also process some information about you that is considered more sensitive and this is referred to as ‘special category’ personal data in the General Data Protection Regulation and Data Protection Act 2018. When we process this type of information, we are required to apply additional protections. Special category personal data is defined as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life and sexual orientation, genetic data and biometric data which is processed to uniquely identify a person. In the UK this also includes any personal information relating to criminal convictions.
  9. How will you process my Special Category personal information?
    1. We will only process special category personal information in certain situations in accordance with the law. For example, we can do so if we have your explicit consent and, in some circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do, we will provide you with full details for the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent, which you can withdraw at any time…
  10. Who will my personal information be shared with?
    1. Data will be held on servers owned by Mimoto Ltd. in order to facilitate the management of registered wired accounts and any associated issues reported by the end user.
  11. What are my rights in connection with my personal information?
    1. Under certain circumstances, by law you have the right to:
      1. Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
      2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected
      3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing
      4. Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes
      5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
      6. Request the transfer of your personal information to another party
    2. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If you would like to exercise any of these rights, you should contact the University Data Protection Officer by email: dataprotection@manchester.ac.uk. Alternatively you can write to The Information Governance Office, University of Manchester, Christie Building, Oxford Road, Manchester M13 9PL. Further information about your rights is available from the University’s data protection web pages.
  12. How long is my information kept?
    1. Data will be held for 372 days after the closure of any account.
  13. Who can I contact if I have any queries?
    1. If you have any questions about how your personal information is used by the University as a whole, or wish to exercise any of your rights, please consult the University’s data protection webpages at [insert link]. If you need further assistance, please contact the University’s Data Protection Officer (dataprotection@manchester.ac.uk)
  14. How do I complain?
    1. If you are not happy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk).
  15. Are changes made to this notice?
    1. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information – 10th June 2019.

Apendix A – List of UoM and private halls:

  1. Allworthey
  2. Ashburne Hall
  3. Burgess Hall
  4. Burkhardt House
  5. Carfax Court
  6. Cobden House
  7. Dalton Ellis Hall
  8. George Kenyon Hall
  9. Horniman House
  10. Hulme Hall
  11. Langdale Hall
  12. Methodist International House
  13. Oak House
  14. Owens Park
  15. Pankhurst Court
  16. Richmond Park
  17. Sheavyn House
  18. St Anselm Hall
  19. The Firs Villa
  20. Unsworth Park
  21. Weston Hall
  22. Whitworth Park
  23. Woolton Hall
  24. Wright Robinson Hall