Privacy Notice for Individuals | Legal and Compliance Services

Privacy Notice for Individuals (who are neither staff nor students) who interact with 吃瓜群众

1. Introduction

吃瓜群众 (BU) is the data controller in relation to your information, as defined in the Data Protection Act 2018 and is committed to protecting your rights, in line with the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR).

The University’s nominated representative for data protection legislation, and the Data Protection Officer is:

Legal and Compliance Manager Governance Services Corporate Services

吃瓜群众 College Road 吃瓜群众

Gwynedd LL57 2DG

This statement explains how the University handles and uses your personal information. The University is committed to protecting your personal information and to being transparent about what information it holds. The University has a range of data protection related policies and procedures in place which can be found on the Governance webpage.

Personal听information about you can be collected both centrally, and by Schools and departments of the University, for example by Pontio Arts, Canolfan Brailsford, and the University Nursery T铆r na n脫g. In addition to this privacy notice, further fair processing/privacy notices will be provided at the point of collection of your data as required.

2. What information do we collect about you?

BU will collect information about you throughout its dealings with you as an external individual who interacts with the University. We may also receive information about you from outside the University, such as supplementary information requested by the University, as well as information supplied by referees. The types of personal information processed include, though is not limited to, the following:

Contact details and other information submitted during your interaction with University processes e.g. attending events at the University, booking theatre or cinema tickets, booking sporting activities, taking a short course, using the University nursery,
Details of room bookings and
Financial and personal information collected for the purposes of administering payments for goods and services;
Information on health and disability in order to provide support and assistance to visitors and guests;
Language preferences;
Photographs and videos for marketing
Images for coaching, match analysis and similar education processes
Contact details for next of kin, or others, to be used in an
Information related to the prevention and detection of crime and the safety and security of staff, students and visitors, including, but not limited to, CCTV recording and data relating to breaches of University rules and
Information gathered for the purposes of equal opportunities
Information gathered for the purposes of research, where you are a research

Some of this data may be categorized as special categories data, as defined by the Data Protection Act 2018.

3. How will your information be used?

It is not possible to state every purpose for which your information will be used by BU during your interactions with us. The following are examples of how information is likely to be used. The number in brackets refers to the legal basis relied upon by the University in order to lawfully process your data, as defined by the General Data Protection Regulation.

To make contact with you as in order to provide you with information about the university, it’s听goods and services.听(i)
To administer your interaction with us (e.g. your conference booking, sports booking or nursery placement)听(i), (iv)
To provide services to individuals with disabilities)听(ii)
To administer all financial aspects of your interaction with us听(i).
To provide or offer facilities and services to you (e.g. accommodation, sporting facilities, computing facilities and use of the Library)听(i), (ii,) (iii).
To operate security, complaint and quality assurance processes and for general identification purposes(i).
To monitor our responsibilities under our equalities legislation policies听(iv), (v).

Legal basis for processing your information

By interacting with us as a visitor or guest, BU will be required to collect, store, use and otherwise process information about you for any purposes connected with administration, support, research,asset recovery, your health and safety and for other reasons deemed听necessary for the听performance of any contractual agreement with the University. See GDPR Article 6(1)(b)
The University听will obtain consent from you听in order to collect and process your personal data. See GDPR Article 6(1)(a).
Processing of your personal data may also be necessary for the听pursuit of our legitimate interests听or by a third party’s legitimate interests -but only where the processing does not fall within our core public function, is not unwarranted and will not cause a prejudicial effect on the rights and freedoms, or legitimate interests, of you as an individual See GDPR Article 6(1)(f).
Processing of your personal data is necessary for the听performance of a task carried out in the public interest听or in the exercise of official authority vested in the University (see GDPR Article 6(1)(e)) and for statistical and research purposes (see GDPR Article 89).
Processing of Special Categories data is necessary for the听statistical and research purposes听in accordance with article 89(1) based on the duties in the Equality Act 2010 (see GDPR Article 9(2)(j))

4.听 Who receives your information?

Where necessary, in order to provide the services which we have informed you of, personal information will be shared internally with both academic and professional services across the University as necessary. Personal information being shared in this way will be protected by the University as set out in its听Information Security Policy, and information will not be disclosed to third parties without your consent, or, unless it is permitted by law or contract.

This section outlines the major organisations and the most common circumstances in which the University discloses information. Where this involves international transfer, information will only be transferred if it meets the conditions outlined in the Data Protection Act 2018.

Debt recovery and control companies听in order to recover debt on behalf of the University, where internal debt recovery procedures have been
UK agencies with duties relating to prevention and detection of crime,听collection of a tax or duty or safeguarding national security.听You should note that there is a statutory duty for higher education institutions to have due regard to the need to prevent individuals from being drawn into terrorism. This may mean that, in particular circumstances, the University will need to pass on personal data to coordinating bodies and partner organisations such as local government and the police. Also courts or Coroners’
Auditors, solicitors, insurers, debt collection agencies and other agents of the University听may require access to personal data from time to time where this becomes necessary. These decisions will always be made on a case by case basis by the Head of Governance and Compliance.
听to support the contact tracing process under Covid- 19 regulations, when required. Data collected specifically for this purpose will be held for 21 days in line with government guidance.
Gecko Engage听to capture enquiries from prospective students, and to register attendees at our virtual and on campus
Any other disclosures that the University makes will be in accordance with data protection legislation and your interests and rights will be carefully

5.听 Further information relating to your data

Automated decision-making, including profiling

The University may undertake automated decision making in only a limited number of circumstances, those usually relating to assessment of fees status, suitability for financial assistance and in the area of learning analytics. If you have any queries relating to these processes, please contact the Data Protection Officer.

Transfers to Third Party Countries outside the European Union (EU)

In order to achieve the purpose for which we are processing your data, we may need to share your data with organisations outside the EU. In these circumstances the University will ensure that appropriate safeguards are in place. In most cases, transfers will be necessary for the performance of the contract between you and the university and/or will be undertaken with your consent.

Third party services

The University may use, under contract and agreement, third party suppliers or processors to provide particular services to staff and students, such as email or data storage. These services will be compliant with GDPR and data will, normally, be processed within the EU. Similarly, the University or external organisations, may use third parties to undertake survey or other work which may involve these third parties having access to your data.

Your rights

You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to move (port) your personal information. If you have provided consent to BU to process any of your data then you also have a right to withdraw that consent. Please visit the University Data Protection webpages for further information in relation to your rights.

Any requests or objections should be made in writing to the University Data Protection Officer.

Security

Data protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, and paper files will be stored in secure areas with controlled access. Further information on these processes can be found in the University’s听Information Security Policy.

Retention

The University retains your information in line with established higher education retention schedules. A core record showing your dates of attendance, details of your degree or other qualification or other outcome will be held in permanently. Further information can be found in the University’s retention schedule which can be accessed on our webiste.

Complaints

If you are unhappy with the way in which your personal information has been processed you may, in the first instance, contact the University Data Protection Officer using the contact details above.

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:听

The Information Commissioner 2nd听Floor

Churchill House Churchill Way Cardiff

CF10 2HH

Tel: 02920 678 400

Your responsibilities

You have a responsibility to keep your personal details up-to-date. For further information consult the University’s听Data Protection Policy.

Reviewed by the Head of Legal Services for the 2022/23 academic year

January 2023