The University of Cumbria General Privacy Notice
We are committed to protecting your personal information as required by the data protection laws, including the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR).
This Privacy Notice describes how, when and why the University of Cumbria process information about you also referred to as personal data.
"Personal data" is any information from which you can be identified. The personal data we collect, and how we process it, varies depending on your interactions with us. “Process” means anything we do with your personal data.
We explain how we keep your personal data secure, who we share it with and what rights you have under data protection law.
We also process your data as set out in our Data Protection Policy.
Who We Are
When we say “we”, “our” or “us” in this or any of our other Privacy Notices, we mean the University of Cumbria. We are a committed to ensure that all personal data is processed in accordance with the General Data Protection Regulations 2016 and Data Protection Act 2018. We have separate Privacy Notices with more information depending on your relationship with us.
University of Cumbria Privacy Notices
Our privacy notices have more information about what we will do with your personal data, the right you have and how to exercise these rights.
- Student Recruitment and Outreach Privacy Notice
- Student Applicants Privacy Notice
- Current Students Privacy Notice
- Alumni Privacy Notice
- Staff Privacy Notice
- Research Participants Privacy Notice
- Business Engagement Privacy Notices
- Job Applicant Privacy Notice
Legal Basis for Processing
Under data protection law, we must have a legal basis to process your personal data and this will be one of the following:
- We have your permission or consent to use it
- We have a contract with you
- We have a legal obligation
- We have a vital interest
- We need it to perform a Public Task
- We have a legitimate interest.
In some cases, we process sensitive personal data also known a special category personal data and need an additional lawful basis for doing so. This includes data about your ethnicity, sexual orientation, political opinions, religious or philosophical beliefs, or health. This also includes personal data relating to criminal offences. We normally rely on the following lawful bases:
- We have your consent,
- We need it for substantial public interests e.g. to support you if you have a specific need or to keep you safe,
- For the establishment, exercise or defence of legal claims,
- For scientific or historical research or statistical purposes.
How We Keep Your Personal Data Secure
We have Information Security and Data Protection policies in place. All staff complete training in these areas and are responsible for handling your personal data securely.
When we share your personal data with third parties, we make sure we have data sharing agreements or contracts in place to make sure that these parties take care of your personal data. If we must transfer your personal data outside the European Economic Area (EEA) we make sure that we have the necessary safeguards as required under the data protection law.
We normally only keep your personal information for as long as we need it and in line with our Records Retention Schedule.
Under data protection law you have the following rights which you can exercise in some circumstances.
Right to Be Informed
Right of Access
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Rights Related to Automated Decision-Making Including Profiling
How to Exercise Your Rights or Complain
If you have any questions about the way we handle your personal information, or would like to exercise any of your rights, or make a complaint, please contact our Data Protection Officer in the first instance.
The Data Protection Officer can be contacted via email at email@example.com or via the following postal address:
Data Protection Officer,
Vice Chancellor’s Office,
University of Cumbria,
Lancaster LA1 3JD.
You also have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint using the ICO’s website.
This Privacy Notice was last updated on 25 September 2020.