1. The user shall use the data held in MARS only for the purpose of research administration, in accordance with the role assigned to them by their department or division.
2. If the user’s assigned role changes they need to discuss their access to MARS with their Department User Manager so that access can be removed if no longer required.
3. The user shall process any personal data (including any sensitive personal data) held in MARS in accordance with the requirements of the General Data Protection Regulation (GDPR) and the University’s data protection policy and guidelines.
4. The user shall not disclose (verbally or in writing) any data held in MARS to any unauthorised person. Unauthorised persons may include colleagues and other staff of the University, including other MARS users who may not have authority to access particular types of data. Data shall be disclosed only to those with a legitimate need to use it.
5. In handling the data held in MARS, the user shall comply with the University’s Information Security policy.
6. The user shall not release their access password or log-in details to any other person and must take all reasonable steps to ensure that these details remain confidential and secure at all times.
7. Any data saved from the system (whether in electronic or printed form) shall be held in a secure and confidential manner and shall be held only for as long as it is needed for research administration purposes.
8. If data is downloaded to a laptop or other portable device, the device shall be encrypted.
9. If leaving their desk, the user shall log out of MARS or lock their PC.
10. If accessing MARS remotely (ie away from their workplace), the user shall ensure that data displayed on the screen is not visible to unauthorised persons.