IT Services privacy notice

IT Services is part of the University of Surrey. We are registered as a data controller with the Information Commissioner’s Office and are committed to ensuring that the personal data we process is handled in accordance with data protection legislation. We have a named Data Protection Officer, James Newby, who can be contacted via dataprotection@surrey.ac.uk.

What information do we collect from you

IT Services have data about you because you have provided this when submitting an IT Services request form or when emailing or calling the IT Service Desk. The IT Services team holds data about people who have completed these forms to request IT equipment, services, purchases, expressed interest in particular IT services and completed one of our contact forms. This data can include:

  • Name
  • Email address
  • Other contact details
  • Details of order/booking/request/interest/reporting an IT error or issue.

Why do we collect this information?

IT Services collect only the data we need and we keep the data up to date and only for as long as it is needed. We keep your personal data from IT request forms to meet the requirements of your request.

We do not use the data we collect to make decisions about individuals or to analyse information. We take our obligations for data handling very seriously and it is therefore important for you to know that the lawful basis for us processing your information is that consent has been provided by the data subject for the processing of their personal data for the purposes specified above.

What do we do with your information?

We collect the data about you from the forms you complete. The form data is kept in the IT support systems which enable us to fulfil your requirements.

How long do we keep your information?

We keep your personal data in accordance with the University’s retention schedules. This means that your data is kept for 5 years and then destroyed.

Who do we share your information with? 

Your data will not be shared with any other University department or external organisation.

What rights do you have in relation to the way we process your data?

You can find detailed information about your rights as a data subject on the University’s webpage. You have the right to ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing. Where the data we hold on you is inaccurate, you may request that we rectify these inaccuracies. You have the right to have your data erased by us, although in certain circumstances we may not be able to do this. The circumstances where this applies can be found in the data subject rights information on the University’s webpage. You have the right to restrict the ways in which we process your data. This means that, if requested, we will only store your data.