For University members, cardholder details and entitlements are obtained from the University's staff and student databases.
The University will also issue UCards to non-members upon request from the Sports Centre, Library Services or suitably authorised University staff. Only the data required to identify the cardholder and print the UCard will be collected during the registration process. Additional entitlements: building access, library membership, etc. must be individually authorised and are held in their respective databases.
When you upload a photograph you may be asked to provide certain information about yourself such as your University logon id; student or UCAS number, date of birth and name before you are able to proceed with using the Photo Upload facility.
Your image data is classified by the University as "confidential" and as such will only be visible to some authorised members of the University. You can choose not to provide information, although this will require you to attend Royal Fort Lodge to have your photo taken and card produced
Each time a UCard is used to enter or exit a building or controlled location we record the following information;
For those members of staff to whom it applies, fingerprint images are not be retained as part of the enrolment process. A number is created after taking a fingerprint image and stored on the UCard alone (not on central University systems). When a finger is presented to the reader the number is recalculated and checked against the number on the card. No biometric information is held by the University.
The information is used for administrative purposes, e.g. to report on the total number of visits through any given door or controlled location. Your image data is stored on the University's central systems and may also be accessed for the purpose of identification and for security.
UCard data and access control data may not be used by the University's Faculties and Departments except to satisfy statutory obligations (including the University's duty of care to staff and students under health and safety legislation) or for investigation into criminal procedures. Exceptionally, personalised data may be accessed where there is an investigation into a criminal act or or suspected abuse of access privileges.
The University is your data controller. As your data controller the University has notified its activities to the Office of the Information Commissioner as required under the Data Protection Act 1998 (the "Act") and is listed in the Public Register of Data Controllers.
Personal information may be used by University departments to enable members of staff and students to access University facilities and services.
Personal information will not be extracted or shared with other university staff or systems without an explicit request to the Card Services manager or his/her representative and the Secretary/Director of Legal Services or his/her representative.
Any access preferences specified by the cardholder, held in the card, may only be made available to an authorised member of the University staff.
Unless specifically requested, for legislative or academic reasons, personal UCard data and visit data will be removed from the system 90 days after card expiry.
All freedom of information requests should be submitted to the University’s Information Rights Officer, or his/her representative.
If you wish to obtain any personal data in relation to your UCard, please make a subject access request via the Secretary's Office.
For any queries you may have in connection with this privacy policy, please contact:
Information Rights Manager, University of Bristol, Senate House, Tyndall Avenue, Bristol, BS8 1TH, UK
Email: data-protection@bristol.ac.uk
