Privacy Policy
Introduction
This privacy policy explains what Personal Data is collected by University and details how that Personal Data is used in accordance with the provisions of Bahrain Law No. (30) of 2018 on the Issuance of the Personal Data Protection Law. The University is committed to protecting and respecting your rights in relation to the Personal Data.
Definition
“Data” or “Personal Data” means personal information of a student including personal details contact numbers, study records and grades. Various categories of Personal Data that is collected by University listed in Annex A.
Collection and use of Personal Data
Personal Data processing (in part or whole) is undertaken using automated means or through non-automated means, forming a part of a file system or intended to be a part of such system. Personal Data is also captured through web-based forms for feedback, registration, requests, etc.
Access to Personal Data within the University will be provided to authorized staff, in relation to their work with the University. The Personal Data may also be shared with the Ministry of Education, Government of Bahrain upon receiving a request from the Ministry.
The University will hold Personal Data on the systems for as long as it is still used for the purpose stated when originally requested. The Personal Data collected will be kept in servers for archiving to maintain the student’s academic records. Unless a longer retention period is required or permitted by law, the University will only retain Personal Data for as long as University needs such Data to fulfill the intended purposes, including any relating to legal, accounting, or reporting requirements.
Technology and organizational standards
Based on the nature of the Personal Data collected and on the risk and cost analysis, the University has adopted the following technology and organizational standards to protect the Personal Data against unintentional or unauthorized destruction, accidental loss, unauthorized alteration, disclosure or access:
- Only authorized staff is provided access to Personal Data;
- The University adopts Local Area Network (“LAN”) firewalls policies and ADD authentication methods to verify the user.
Cookies
This Website uses cookies – a small piece of information stored on your computer in the form of a file – where necessary or beneficial for the purposes of making the website work, for monitoring performance or facilitating functionality. You may refuse the use of cookies by adjusting the settings of your web browser; however, please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the use of cookies and use of the data they provide.
Sharing of Personal Data
The University may share your data with third parties who provide services to the University, such as those who help the University to operate the website or undertake outsourcing activities. All third-party service providers are required to execute a written contract with the University and they are required to take appropriate security measures to protect your data in line with the policies of the University. The University does not allow them to use your data for their own purposes. The University permits them to process the Personal Data only for specified purposes and in accordance with the instructions of the University.
Personal Data is stored on the cloud servers. However, the University may take a backup of the Personal Data on the local servers. The University may also share your personal data with third parties and professional advisers if the University is under a duty to disclose or share your Personal Data in order to comply with any legal obligation or an enforcement order.
Transfer of Personal Data outside Bahrain
The PDPL has been made effective from 1 August 2019 and as per Article 12 of PDPL, the University is prohibited from transferring personal data outside the Kingdom except when the transfer is made to a country or region listed in a statement that the personal data protection authority prepares and updates. The PDPA has not been established as on the date of the last update of this policy, therefore, the University would require your consent under Article 13 (1) to transfer your Personal Data outside Bahrain through the use of cloud service providers.
The University would endeavor to engage a reputable could service provider, however, due to the nature of could service your Personal Data would be stored on servers which may be outside Bahrain. By submitting your Personal Data, you unequivocally provide your consent to the University to transfer your Personal Data outside Bahrain.
Third-party websites
Our site contains links to and from various third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the University does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Contact
If you wish to raise any queries or concerns about this privacy policy please contact the information compliance team by email at the University’s IT Department. You may submit an application, together with proof of your identity, to rectify, block or erase your Personal Data if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.
Updating
Any changes which the University may make to this privacy policy would be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.