DIT Students' Union MSL Website User Policy
Third party ‘Memberships Solutions Limited (‘MSL’) provide an information management system to link in with the Dublin Institute of Technology’s (DIT) student record system – personal data of students is not directly accessible by us (DITSU). MSL are bound by contract stating that personal information will not be modified, deleted, or shared, without the instructions of DITSU, or used for any purpose other than that specified by us (DITSU). Both DITSU & MSL are contractually obliged to abide by GDPR.
MSL maintains a storage bucket on Amazon S3 used as a staging area for data uploads. This file is uploaded on a regular basis (once per day, usually overnight) using Windows - S3.exe (s3tools.org).
The storage bucket is locked to Amazon’s EU data region and is set up with ‘at rest’ encryption. The data is stored in a Microsoft SQL Server 2014 and is fully patched and firewalled. The only remote access is via remote desktop and this is strictly limited to trained MSL staff. All access attempts are logged and MSL regularly review procedures to ensure high levels of security.
Currently the only data we receive from DIT is the student name and student number, this is to ensure that the student attempting log-in is a registered student with DIT. This has been agreed between DITSU and DIT. The SSO data is continuously updating so any users that are no longer registered are deleted. If students set up profiles, data information will be kept in accordance with our GDPR policy.
Students have full control over their data and can opt out from the SSO at anytime through the email address firstname.lastname@example.org.