Who we are:
When we say “we”, “our” or “us” in this or any of our other Privacy Notices, we mean the University of Cumbria. We are a committed to ensure that all personal data is processed in accordance with the General Data Protection Regulations 2016 and Data Protection Act 2018. We have separate Privacy Notices with more information depending on your relationship with us.
University of Cumbria Privacy Notices
Our privacy notices have more information about what we will do with your personal data, the right you have and how to exercise these rights.
Legal basis for processing
Under data protection law, we must have a legal basis to process your personal data and this will be one of the following:
- We have your permission or consent to use it
- We have a contract with you
- We have a legal obligation
- We have a vital interest
- We need it to perform a Public Task
- We have a legitimate interest.
In some cases, we process sensitive personal data also known a special category personal data and need an additional lawful basis for doing so. This includes data about your ethnicity, sexual orientation, political opinions, religious or philosophical beliefs, or health. This also includes personal data relating to criminal offences. We normally rely on the following lawful bases:
- We have your consent,
- We need it for substantial public interests e.g. to support you if you have a specific need or to keep you safe,
- For the establishment, exercise or defence of legal claims,
- For scientific or historical research or statistical purposes.
How we keep your personal data secure
We have Information Security and Data Protection policies in place. All staff complete training in these areas and are responsible for handling your personal data securely.
When we share your personal data with third parties, we make sure we have data sharing agreements or contracts in place to make sure that these parties take care of your personal data. If we must transfer your personal data outside the European Economic Area (EEA) we make sure that we have the necessary safeguards as required under the data law.
We normally only keep your personal information for as long as we need it and in line with our Records Retention Schedule.
Under data protection law you have the following rights which you can exercise in some circumstances.
Right to be informed
You have the right know how and why we use your personal data, and how to exercise your rights. This is contained in our privacy notices.
Right of access
You have a right to see all the information we hold about you. To make a request for a copy of this information please complete the Subject Access Request Form
Right to erasure
In some cases, you can ask us to delete your personal data. Where this is appropriate, we will take reasonable steps to do so.
Right to restrict processing
If you think the personal data we hold about you is not accurate, or we're using data about you unlawfully, you can request that any current processing is suspended until a resolution is agreed.
Right to data portability
Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format that allows you to supply that data to a third party - this is called "data portability".
Right to object
You have a right to opt out of direct marketing.
You can also object to how we use your personal data if we rely based on "legitimate interests" or "Public Task". Unless we can show a compelling case why our use of data is justified, we must stop using your data in the way that you've objected to.
Rights related to automated decision-making including profiling
You have the right not to be subject to a decision based only on automated processing, including profiling, which affects you in a significant way.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
Further information about your rights can be found on the Information Commissioner’s website at: www.ico.org.uk
How to exercise your rights or complain
If you have any questions about the way we handle your personal information, or would like to exercise any of your rights, or make a complaint, please contact our Data Protection Officer in the first instance.
The Data Protection Officer can be contacted via email at firstname.lastname@example.org or via the following postal address:
Data Protection Officer,
Vice Chancellor’s Office,
University of Cumbria,
Lancaster LA1 3JD.
You also have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint using the ICO’s website.
This Privacy Notice was last updated on 25 September 2020