User identification and cookies
- When you log in with Raven, we receive your username (usually your CRSID) and information about the way in which you logged in (which we do not access or store). We receive no information about your Computing Service accounts, and specifically we do not have acccess to your password. Your password will be transmitted to the authentication server by a secure (SSL) link.
- To permit authentication, and features like single sign-in, Raven requires you to have cookies enabled. A cookie will be temporarily stored on your computer. This does not give us access to any personal information - it is only for session management - and it is automatically deleted when you close your web browser. If you are using a public computer, you should close your browser when you have finished to prevent another user from using your username to log in. More details.
- We do not make any record of the fact that you have logged in. The server logs may record this fact, but they will not record any personal information (for example your card number) and they are not available for public or commercial access. In making a booking, submitting a photo or using any of the other interactive facilities on our website you are requesting that we store the information you supply and (in addition) your username, but this will not be made available outside the College.
- We do not use cookies for identification or any other purpose, except for the session cookies created by the Raven authentication service. No information is collected by our website without explicitly requiring you to submit it.
Stored information
- We will store all the information for which you are prompted. In addition, we will record your username so that we can investigate any complaints of fraudulent use.
- You may view the information stored for your username or card number on request, or have it deleted immmediately unless it is being retained for misuse investigations at the request of a member of the College. Contact the Computer Officer.
- The full set of stored information is available only to members of the MCR Committee. They can access it using Raven authentication via the website, or directly in the database file, which is password protected. For guest night sign-up only, information is made available to kitchen staff to handle your booking and to charge your account. The information available to the kitchens is only the minimum required, and does not include your username. For events outside the college, only those details required to run the event will be supplied to anyone outside the college.
- User data is not stored any longer than necessary. For photos submitted to the gallery, the username of the person submitting the photo is not retained once the photo has been transferred to a gallery other than the User Gallery - there is no specific timescale for this to occur, but the Computer Officer will be happy to make this a higher priority on request. Event sign-up lists, including those for guest nights, will always be retained for at least a few days after the event to ensure that the kitchens have all the information they need (where applicable) and to allow any complaints of fraudulent use to be investigated. Old sign-up lists will be routinely deleted, and will certainly not survive more than a term from the date of the event.
Acceptance of this policy
- By using any features of this website for which you are required to log in, you are accepting the terms of this policy.
- Members of the university are likely to also be bound by the rules for appropriate use imposed by the University Computing Service, because our website is hosted on servers falling within their jurisdiction.
- If you have any comments or suggestions about this policy, please contact the Computer Officer.
|