Your data rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data via a subject access request
- require the university to change incorrect or incomplete data
- require the university to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
- to restrict the processing of your personal data in certain ways
- to withdraw consent where we have requested and obtained your consent
- to object to certain processing of your personal data by us
- where our lawful basis is consent or performance of a contract we will allow portability of your data.
If you would like to exercise any of these rights – see our Requesting information page, or contact the data compliance team at 01273 642010 or firstname.lastname@example.org.
What follows are some details on our primary processing tasks. Other privacy notices exist within the university in respect of data held, you will be presented with these as and when you access services or use facilities.
Transfers of data outside the UK
It may be necessary for us to transfer personal data outside the UK where our data processors hold servers outside the UK or where the university’s suppliers, service providers and research partners are based outside the UK.
Where we transfer personal data outside of the UK as part of these relationships, we ensure appropriate contracts or other safeguards are in place, and ensure compliance with the UK GDPR and the Data Protection Act (2018).
How long will we keep the personal data we process for?
The university only holds personal data for as long as is necessary for the purpose(s) for which it is collected and we have a detailed schedule of retention timeframes in place.
How does the university protect data?
The university takes the security of your data seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place as appropriate to protect the data and to comply with our data protection, confidentiality and security standards.
The right to complain to the ICO
If you are unsatisfied with the way the university has processed your personal data, or have any questions or concerns about your data please contact email@example.com. If we are not able to resolve the issue to your satisfaction, you have the right to apply to the Information Commissioner’s Office (ICO).