Policy on privacy and cookie notices
The University is committed to respecting and protecting the privacy of information that is provided to it. This policy has been updated to reflect the General Data Protection Regulation (GDPR) introduced in May 2018.
You must provide a prominent link to a copy of the University privacy and cookies notice on the front page of all University websites. This applies to all websites with URLs containing leeds.ac.uk and any websites that are operated by or for the University.
The privacy and cookies notice is required in order to meet the requirements of the General Data Protection Regulation (GDPR) 2018 and the University’s Code of Practice on Data Protection (PDF). It is the personal responsibility of the registered school, faculty, service, group or department webmaster to make sure privacy notices are updated and adhered to.
If you have any questions about data protection, privacy or the legislation, contact the IT Servicedesk.
Model privacy and cookies notice
Every University website must display a prominent link to the privacy and cookie notice on its first page. Since the introduction of the ‘cookie law’, a link at the top of the page rather than the bottom has been suggested, but this may not always be feasible depending on the design or functional constraints of the system used. ‘Privacy and cookies’ is a suitable link.
The University requires that notices are based on the template privacy and cookie notice. All of these sections are required, but you may also need to add specific sections of your own.
You will need to check for any additional cookies in use on your site and include them in the notice. If the operator of a website asks for any material variation to this model, you will need to obtain permission by emailing the IT Servicedesk.
This notice is intended to be as simple and easy to implement as possible. Contact IT Servicedesk with any questions or queries.
Obtaining consent for cookies
The Information Commissioners Office issued new guidance on handling cookies in July 2019. Their advice is being considered and will inform updates to how consents are handled.
Major websites in Jadu that are supported by IT services will be provided with a way to help users manage consent for cookies. Work is underway to support standard template sites in WordPress. However, other sites – including web applications or web-based systems also involve cookies.
Cookies which are essential to the function of the site
This includes those used for personalisation (ones to remember a user’s cookie settings). Most of these cookies are set as a part of, or after a login process. Thus, this section essentially consists of a short statement to be placed alongside a login button on a website. It also incorporates text which is required where Active Directory (IT login) accounts are taken by the login process.
Please note that other similar wording may be acceptable depending on the purpose of the website. It is important to state that a cookie will be set as part of the login process if that is the case, otherwise it may be sufficient to rely solely on your overall privacy notice.
Tracking and analytics
Use of Google Analytics (and Google Tag Manager) and other tracking tools needs to be noted and the notice for www.leeds.ac.uk includes these for reference.
If your website is using the University’s main analytics account then cookies which help us use targeted advertising are part of Google Tag Manager for external-facing websites. Exceptions can be managed, please contact firstname.lastname@example.org for more information.
Third-party cookies and tracking
If your website includes third-party services, for example YouTube embed files or Twitter feeds, then these will also be using cookies and need to be listed.
Please email email@example.com if you require help with or advice on anything relating to privacy notices. For detailed advice on privacy and compliance, contact the Secretariat.