Online payments privacy policy

In order to operate the University of Bristol (“University”) online-payments system, we may collect and store personal information you submit to it via this online-payments website or give to the University in any other way. Please read the following privacy policy to understand how the University uses and protects the information that you provide.

This online-payment system is provided and hosted by the University and its third party suppliers. By submitting your personal information, you are consenting to the University holding and using it in accordance with this policy. The policy is subject to change and any changes to it in the future will be notified on this page. By continuing to use this payment site you are agreeing to such changes. We recommend that you check the privacy policy each time you visit this site.

Contents

1. Information that we collect from you and your use of this site
2. How we use your information
3. How we handle the data submitted by you
4. Links to external web sites
5. How to contact us

1. Information that we collect from you and your use of this site

When you visit https://online-payments.bris.ac.uk/ you may be asked to provide certain information about yourself including your student or UCAS number, date of birth, name, contact and financial details before you are able to proceed with using the online-payment system.

1.1 Information you give us

We receive and save any information you enter on our website or give us in any other way. You provide most such information when you make a payment, or set-up a recurring card payment or direct debit mandate, or communicate with us for any other reason. This information may include your student or UCAS number, date of birth, name, contact and financial details.

You can choose not to provide information, although it may be needed to make a payment.

1.2 Automatic Information

We automatically receive and save certain types of information whenever you interact with the online-payments website. We use the information to monitor web site traffic and to assist with the navigation and user experience of the web site.

Information that we will automatically receive includes:

• Requested URL (Uniform Resource Locator)
• IP (Internet Protocol) address (this may or may not identify a specific computer)
• Domain name from which you access the internet
• Referring URL
• Software (browser/operating system) used to access the page
• Date and time pages were visited

When you visit some pages on the site, your computer may be issued with a small file - a “cookie”. A cookie is a piece of information in the form of a very small text file that is placed on an Internet user's hard drive. It is generated by the online-payments web server. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site. The server uses cookies to recognise your browser session if you visit multiple pages during your interaction with the online-payments system.

You can set your browser to refuse cookies or warn you before accepting them. However, the online-payments web site will not function properly without accepting cookies.

For further information about cookies, please see AboutCookies.org.

2. How we use your information

2.1 Fulfilment

Personal data collected as part of the payment process will be held primarily to settle your order. This data will be retained by reputable third-party banking and distribution institutions who handle our customers card transactions and order fulfilment and may be used for any of the following purposes: accounting, billing and auditing, administrative and legal purposes, security and payment verification.

2.2 Analysis

We may also use and analyse the information we collect so that we can manage and improve the services on the website. Demographic and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of the web site. Any disclosure of this information will be in aggregate form and will not identify individual users.

3. How we handle the data submitted by you

3.1 Data Protection Legislation

The University is your data controller. As your data controller the University has notified its activities to the Office of the Information Commissioner as required under the Data Protection Act 1998 (the “Act”) and is listed in the Public Register of Data Controllers. Personal information will only be collected and/or processed by the University in accordance with the Act.

3.2 Data Security

Please protect sensitive data at all times throughout your online transaction. Make sure that nobody can see over your shoulder when typing in personal information and close your browser when you have finished. The University and its third party suppliers have used their reasonable endeavours to ensure that access to information provided and the payments you make whilst using this site are secure. We work to protect the security of your information during transmission. The site is secured using a Thawte SSL Web Server Certificate to offer you secure communications by automatically encrypting all data when it is entered.

You should be aware that the computer that you use to attach to the online-payments system (via a web browser) must also be secure, and include the latest operating system, software and anti-virus updates. The use of a shared computer to connect to the online-payments system could increase the risk that others will see your sensitive information.

The University online-payments system will require you to enter your credit card details. The online-payments system will always have a web address (URL) that starts with https://online-payments.bris.ac.uk/.

3.3 Disclosure of your information

• Except as set out in this policy or as required by law, your personal data will not be provided to any third party without your prior written consent
• The information you provide to us will be held on our computers in the UK. It may be accessed by or given to third parties some of whom may be located outside the European Economic Area who act for us for the purposes set out in this policy or for other purposes approved by you. Those parties process information and may provide support services to the University or on the University’s behalf.
• Countries outside the European Economic Area do not always have strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with this policy.
• We employ other companies and individuals to perform functions on our behalf and in turn they may also use third parties for these functions. Examples include processing credit card payments and hosting the web site (“Contracted Agencies”). The Contracted Agencies have access to personal information needed to perform their functions, but may not use it for other purposes.
• Personal information provided by you may occasionally be shared with other organisations for the prevention of fraud. Should you fail to honour a payment to the University, the University may disclose sufficient personal data to a third party to enable it to pursue and recover the debt from you. Third parties may include solicitors, agents appointed by the University (for example, debt recovery and tracing agents) and the Courts.

3.4 Monitoring Use of University Systems

In order to protect the security and working of University network and computer systems, it may be necessary to monitor or log the use of these systems. If there are indications of abuse of systems or that individuals may be using systems in excess of their authority, files, messages and any or all uses of the systems may be intercepted, monitored, recorded, copied, audited, inspected and disclosed to authorised University and law enforcement personnel.

4. Links to external websites

This website may contain links to other websites that are outside the University’s control and are not covered by this privacy policy. The privacy policies of these other sites may differ from this one.

5. How to contact us

Should the information we hold about you be incorrect, you can change and update your personal information and you can have your information corrected by contacting us.

Where requested, we will provide you with a readable copy of the personal data that we keep about you, by contacting us at the address below. We may require proof of your identity before supplying you with this information to ensure confidentiality. 

We allow you to challenge the data we hold about you and where appropriate you may have the data erased, rectified, amended or completed. For complaints or queries about the privacy policy or data protection queries generally please contact:

Information Rights Manager
University of Bristol
Senate House
Tyndall Avenue
Bristol
BS8 1TH, UK.

Email: data-protection@bristol.ac.uk

 

August 2007 – University of Bristol