Privacy Policy

General

This policy explains what information we gather when you visit the Hughes Hall web site, and explains how that information is used.

This web site includes links to other independent sites, both within the University and elsewhere. This policy applies only to direct accesses to the Hughes Hall web site – URLs starting http://www.hughes.cam.ac.uk/. You will need to consult the appropriate information on other sites for information on their policies.

Any changes to this privacy policy will be posted on this page. It was last updated on 26th April 2012.

Data collected

In common with most web sites, this site automatically logs certain information about every request made of it (see below for more details). This information is used for system administration, for bug tracking, and for producing usage statistics. The logged information may be kept indefinitely.

Relevant subsets of this data may be passed to computer security teams as part of investigations of computer misuse involving this site or other computing equipment in the College or University. Data may be passed to the administrators of other computer systems to enable investigation of problems accessing this site or of system misconfigurations. Data may incidentally be included in information passed to contractors and computer maintenance organisations working for the College, in which case it will be covered by appropriate non-disclosure agreements. Otherwise the logged information is not passed to any third party except if required by law. Summary statistics are extracted from this data and some of these may be made publicly available, but those that are do not include information from which individuals could be identified.

[You should appreciate that a log is a record of what a server sees, not necessarily what was initially sent. If a request is sent via a proxy the log file will show the proxy’s address. If someone has forged your address the log file will show your address]

Cookies

Cookies are used which expire at the end of your browsing session as a technical measure to allow us to serve pages that you request. They are not used for any other purpose. Users of this site who are members of the college or the university should be aware that some college websites access any RAVEN cookies that you may have, for which you will have granted consent to the computing service to store on your machine, to allow your identification as member of the college and to allow access to protected pages.

We also use a commercial analytics service, Google Analytics, to allow us to see how users navigate our site. This system uses first party (set by www.hughes.cam.ac.uk) cookies. We do not, and will not, use this information to identify individuals in any way. We do not share this information. To opt out of google analytics you can use the “Do not track” setting in your browser which this website will honour. If your web browser sends us this preference we will not send the code that google analytics uses to your browser. The explanatory website from the mozilla foundation will also show you if your Do Not Track setting is on or off.

Alternatively you can use the google provided analytics opt-out plugin with your browser.

Logged data

The following data is automatically logged for each request:

  • The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request. Note also that the data recorded may be that of a web proxy rather than that of the originating client
  • The date and time of connection
  • The HTTP request, which contains the identification of the document requested
  • The status code of the request (success or failure etc.)
  • The number of data bytes sent in response
  • The contents of the HTTP Referrer header supplied by the browser
  • The content of the HTTP User-Agent header supplied by the browser
  • If you are logged in using RAVEN the crsid with which you have identified yourself

Logging of additional data may be enabled temporarily from time to time for specific purposes. In addition, the computers on which the web site is hosted keep records of attempts (authorised and unauthorised) to use them for purposes other than access to the web server. This data typically includes the date and time of the attempt, the service to which access was attempted, the name or network address of the computer making the connection, and may include details of what was done or was attempted to be done.

Access to personal data

For the purpose of the UK Data Protection Act 1998, the ‘Data Controller’ for the processing of data collected by this site is Hughes Hall, and the point of contact for subject access requests is the Bursar, Hughes Hall, Cambridge, CB1 2EW  Tel: +44 (0) 1223 334898.