JiscMail
has asked me, as the list owner, to highlight the following
changes to the
The main changes in these service policies are 2 new
sections:
Section 5: Mailing List Privacy Notice; and
Section: 12: Data Protection Schedule,
As well as re-numbering sections as appropriate, and there
are some updates to:
Section 4: Role of List Owners,
Section 7: Mailing List Archives,
Section 9: Limitations,
Section 10: Data Protection.
The new sections and updates are described below.
New sections
Section 5: Mailing List Privacy Notice
Provides the default privacy notice for mailing lists, it
explains how information (provided by subscribers, when
joining a mailing list or using a mailing list) is used, is
stored and (in some cases) shared, and how it can be removed.
As mentioned in the previous update, it is important that list
owners make subscribers aware of the privacy notice.
This schedule describes the agreement between Jisc/JiscMail
(the Data Processor), and the List Owner (Data Controller).
As such GDPR requires that there be a written agreement
between the Controller (LIST OWNER) and Processor (JiscMail)
that sets out the Processor obligations with regard to this
Processing. Jisc's legal team are taking a consistent approach
with Jisc services and are putting in place a standard Data
Protection Schedule (you may have already seen a version of
this for other Jisc services you/your organisation may use).
We would ask all list owners to review the information in
the Data Protection Schedule, and If you have any questions,
please email
[log in to unmask]
Updates:
We have added an additional point to the bullet which
starts "Keeping the list active by......" the point now ends
with "New mailing lists are expected to be used within 6
months of creation"
An additional statement has been added below these bullet
points, referring to the new Data Protection Schedule:
"In relation to data protection legislation, each list
owner is the Controller of the Personal Data in their lists,
see the Section 12: Data Protection Schedule for details of
JiscMail's obligations as a Processor of this Personal
Information."
Section: 7 Mailing List Archives
We have described the different types of mailing list
archive settings which may be applied to a mailing list, and
explained that "The archive privacy setting is displayed on a
list homepage,
www.jiscmail.ac.uk/LISTNAME (replacing
LISTNAME with the name of the mailing list)"
We have repeated limitations of the service, these existed
in other sections of the policy, but we felt it was important
to bring them together here too:
"JiscMail does not control or bear any liability for the
content of messages you or others post to lists, it acts as a
conduit for messages and we are not liable for the conduct of
any other JiscMail user. JiscMail neither moderates nor edits
messages before they are posted to the list.
JiscMail cannot assume any responsibility for the content
of any messages sent to lists other than those from JiscMail
themselves and we do not review, screen or edit the content."
We have added a sub-section called "Service Performance" to
describe how we alert list owners of downtime
(planned/unplanned).
The Data protection section has been updated to reference
new legislation, and the following statement:
"The Data Protection Schedule sets out JiscMail's
obligations to each list owner (the data Controller) with
regard to any Personal Data it processes on behalf of the list
owner. In the event of any conflict between the Data
Protection Schedule and any other provision of these service
policies, the relevant provision of the Data Protection Policy
shall take precedence."