TU Dublin SU endeavours to protect the rights of all students it holds data on - both with regard to the retention and dipsoal of data, as well as providing the means for students to request access to any information held on them.
TU Dublin SU Data Protection Policy
While carrying out our various functions and activities, TU Dublin SU collects information from individuals and external organisaitons and generates a wide range of data which is recorded and maitnained. The purpose of this policy is to enable us to:
- Demonstrate its commitment to the proper handling of personal data.
- Comply with Data Protection law.
- Protect the organisation from the consequences of any breach of its statutory and common law responsibilities.
- Encourage and support a culture of best practise within data protection.
You can find our general Data Protection Policy can be found here.
TU Dublin SU MSL Website User Policy
Third party ‘Memberships Solutions Limited (‘MSL’) provide an information management system to link in with the Dublin Institute of Technology’s (DIT) student record system – personal data of students is not directly accessible by us (DITSU). MSL are bound by contract stating that personal information will not be modified, deleted, or shared, without the instructions of DITSU, or used for any purpose other than that specified by us (DITSU). Both DITSU & MSL are contractually obliged to abide by GDPR.
MSL maintains a storage bucket on Amazon S3 used as a staging area for data uploads. This file is uploaded on a regular basis (once per day, usually overnight) using Windows - S3.exe (s3tools.org).
The storage bucket is locked to Amazon’s EU data region and is set up with ‘at rest’ encryption. The data is stored in a Microsoft SQL Server 2014 and is fully patched and firewalled. The only remote access is via remote desktop and this is strictly limited to trained MSL staff. All access attempts are logged and MSL regularly review procedures to ensure high levels of security.
Currently the only data we receive from DIT is the student name and student number, this is to ensure that the student attempting log-in is a registered student with DIT. This has been agreed between DITSU and DIT. The SSO data is continuously updating so any users that are no longer registered are deleted. If students set up profiles, data information will be kept in accordance with our GDPR policy.
Students have full control over their data and can opt out from the SSO at anytime through the email address firstname.lastname@example.org.