Wireless network privacy notice

Information you need to know

The IT Services department is part of Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk.

This privacy notice explains how we use your personal information and your rights regarding that information.

For information about how the wider university uses personal data, please see the Privacy notice section of our website.

Information we are collecting

Whenever you connect to a university wireless network, we collect technical log information. This includes your LJMU username, the date and time of the connection, the network location and the IP address assigned to your device.

This information is used to manage and secure the university’s network. In some circumstances, network logs may be cross‑referenced with logs from other university systems for purposes such as troubleshooting, security investigations, or responding to misuse of university IT services.

Source of the personal data

The information we process is generated directly when you connect to the university’s wireless network. This includes technical log data created automatically by the network and authentication systems during your connection.

We do not obtain wireless network log information from third parties.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

We collect and use wireless network log information to operate, manage and secure the university’s IT networks. This includes supporting users with technical issues, monitoring network performance, and investigating security incidents or misuse of university IT services. For example, network logs may be used to identify and respond to malicious activity such as phishing or other threats to the university’s systems.

The legal basis for processing this information is Article 6(1)(f) of the UK GDPR - legitimate interests. The university has a legitimate interest in ensuring the security, integrity and appropriate use of its IT networks and services.

Who has access to this data

Your personal data is only accessed by authorised LJMU staff where this is necessary to carry out their role.

This access is limited to IT Services technical and information security staff responsible for supporting and securing the university’s wireless network.

In limited circumstances, information may be disclosed to law enforcement agencies, such as the Police, where the university is legally required to do so.

How the university protects your data

We are committed to keeping your personal data safe in line with the data protection legislation and the university’s information security and data protection policies.

Wireless network log information is stored within secure university systems. Access to these systems is restricted and limited to authorised IT Services technical and information security staff only, who require access to perform their roles. Appropriate technical and organisational measures are in place to protect this information from unauthorised access, use or disclosure.

How long the university keeps your data

Authentication data is retained for six months on the university’s local authentication servers. A copy of relevant log information is also held on the university’s security monitoring (SIEM) platform, where it is retained for 60 days.

Once these retention periods have been reached, the data is deleted in line with the university’s records retention and information security procedures.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request - this could be in a portable electronic format
  • request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
  • request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

Wireless network log data is generated automatically when you connect to the university’s network. If sufficient information is not available, for example to identify the relevant username, date or time, we may be unable to investigate technical or security‑related issues or respond to requests for information.

If you request access to your own records, we will need to verify your identity before any information can be disclosed, in line with our security obligations.

Transfers of data outside the UK

We normally keep your personal data within the UK. In some cases, however, we may need to transfer it to another country - for example, to deliver a contract with you or to work with a partner organisation such as a university based overseas.

Whenever this happens, we make sure your information stays protected. This could be through a UK “adequacy regulation” (which confirms that the other country’s data protection laws are up to UK standards) or by putting strong safeguards in place.

These safeguards might include:

  • model contractual clauses
  • formal data sharing or processing agreements
  • binding corporate rules

In short, even if your data travels abroad, it will continue to be treated with the same care and respect as it would under UK law.

Automated decision-making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

  • Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
  • Telephone: 0303 123 1113.
  • Email: contact can be made by accessing the ICO website.