1. About this policy

This policy explains which types of personal information will be gathered when you use the Oxford Nexus services, and how this information will be used. This policy applies to services accessed via a web browser within the nexus.ox.ac.uk domain (including sharepoint.nexus.ox.ac.uk and owa.nexus.ox.ac.uk).

Web pages accessed within the nexus.ox.ac.uk domain are delivered using Microsoft SharePoint and Microsoft Exchange with log-in services delivered using Microsoft Internet Security and Acceleration Server and/or Microsoft Threat Management Gateway (ISA/TMG).

When accessing a page within the Oxford Nexus domain (for example within an email that has been sent to you, or within a document posted by a colleague) you may follow a link to other websites. If you do this, please check the policies of those pages or services before you submit any personal information to those websites.

References here regarding "the University", "we", "our" and "us" etc. are references to The University of Oxford.

2. Information collected

Generally no personal information is collected over and above that which you have provided to the University in becoming a member and receiving a University card, but Oxford Nexus may also process information such as your work telephone number, work address and unit affiliation for account management processes. As Oxford Nexus is a core University service, available to its members, the service uses a subset of the data that you or others have already provided to us. We collect names and email addresses of external people who have applied, via an internal University sponsor, for temporary access to Oxford Nexus SharePoint. This is in order to issue login credentials and to remind them when their account is about to expire.

We may also collect information about your computer including, where available, your IP address, operating system and browser type, for system administration and troubleshooting purposes. These data are not routinely analysed and are kept for 90 days.

When emails are sent, records of dates/times, subject lines and other technical information including the sender and recipients' email addresses are kept for troubleshooting purposes. Apart from this, we do not log the content of email in transit. These data are kept for 90 days.

Most data stored within the Oxford Nexus services are backed up periodically. These backups are kept for 90 days.

3. How the information collected is used

Personal information provided to the University by you and processed within the Oxford Nexus services is not routinely examined. It may be examined in order to perform certain account management duties, such as when you change work address or unit affiliation. Personal information is not sold to third parties, or provided to direct marketing companies or other such organisations. Personal information collected and/or processed by the University is held in accordance with the provisions of the Data Protection Act 1998 (see the Oxford University Policy on Data Protection).

Personal information such as work address, unit affiliation and work telephone number is provided to all members of the Nexus Service through the Address Book, which can be downloaded and viewed offline.

Statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of the Oxford Nexus services. Any disclosure of this information will be in aggregate form and will not identify individual users. Where a fault, or a change in the service may affect you, we may use some of this information to identify you and warn you of such changes. This is normally performed without accessing private material.

Information contained within logs, as outlined above, is sometimes processed in order to warn you of an imminent change that may affect your use of the service. This information is sometimes shared with central and local IT support staff in order that they can support you if you have a difficulty with the service. Otherwise, disclosure to others of personal information in logs is only usually performed according to paragraph 16 of the 'Regulations Relating to the use of Information Technology Facilities'.

4. How we store information collected

Information which you, or other systems within the University, provide to the Oxford Nexus services will ordinarily be stored on our secure servers.

5. Protection of private material

Information contained within emails and within other documents is considered to be private material and procedures are in place to ensure that all such material remains private.

Disclosure to others of private material on our servers and in backups is only performed according to paragraphs 2 and 16 of the 'Regulations Relating to the use of Information Technology Facilities'.

Systems administration staff are obliged to work within the guidelines pertaining to 'Examining Users' Data' within the 'Regulations Relating to the use of Information Technology Facilities'. Systems administrators endeavour to avoid specifically examining the contents of users' files without proper authorisation. Occasionally we work with third party contractors and these individuals are also obliged to operate in accordance with the guidelines pertaining to 'Examining Users' Data', as outlined above.

6. Access to information

The Data Protection Act 1998 gives you the right to access information held about you. For further information about this right and how to exercise it, please see the University’s Policy on Data Protection.

7. Changes to this Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.

8. Contact

Any queries or concerns about privacy within the Oxford Nexus services should be sent by email to groupware@oucs.ox.ac.uk or addressed to the Oxford Nexus Service Manager, Oxford University IT Services, 13 Banbury Road, Oxford, OX2 6NN.

October 2012