Privacy notice: business support
Please see below for the University’s business support privacy notice.
For more details please contact the Information Governance Manager.
This privacy notice tells you what to expect us to do with your personal data when you register your interest in the services provided by the Business Support team at the University of Lancashire. Personal data (or personal information) is any information which relates to and identifies you. Data protection legislation (the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA)) set out how we should handle your personal data.
The University of Lancashire is the controller for the personal data we process, unless otherwise stated. We are registered with the Information Commissioner’s Office and our registration number is Z5512420.
There are many ways you can contact us, including by phone, email, social media and post. Please see our main contact details on our website.
You can Email the Business team use our online forms on the Business at the University of Lancashire web pages.
The University's Information Governance Manager & Data Protection Officer can be contacted via email. Further information and contact details can be found on the data protection pages of our website.
The University uses information you provide when you register your interest in the services provided by the Business team. We collect this information when you book on events; when you make enquiries by phone, email, live chat, social media or other similar methods; and when you visit our stand at an exhibition or fair.
When you make an enquiry about the University’s business support services, we will use your information to answer your enquiry and to communicate effectively with you via email, post, telephone, text (SMS), social media or other methods, as appropriate.
We like to keep in touch with our enquirers and, if you opt in to our mailing list, we will also use your information to send you messages about University business events, such as business networking breakfasts and masterclasses, and to keep you updated about the latest business news and events at the University. You can update your marketing preferences by clicking the link at the bottom of any of our marketing emails.
We will use information about your organisation to maintain accurate records of the businesses we work with and to support the administration of apprenticeship programmes. This includes, and is not limited to, building a profile of your organisation to understand the nature of your business and the apprentices associated with it.
We may also use your information for research purposes, including conducting surveys and market research, compiling statistics and for internal reporting purposes, to help us with corporate planning and to improve our customer service.
The University can only process personal data about you if there is a lawful basis from the UK GDPR which allows us to do so.
From the point you initially contact the Business team, information will be collected, and records will be created and maintained, for the purposes set out in this notice. The lawful bases on which we rely for processing information for those purposes are as follows:
Article 6(1)(a) UK GDPR, which allows us to process personal data where you have provided your consent. Where we rely on consent, we will ensure your consent is freely given, fully informed and that you can withdraw it at any time. We rely on your consent to send some types of electronic messages which inform you about University events, services and products.
Article 6(1)(f), which allows us to process personal data where it is in our, or someone else’s, legitimate interests to do so and it does not unduly prejudice your rights and freedoms. We rely on this condition to, among other things:
- Respond to queries and enquiries and keep records of our interactions with enquirers.
- Send information about our services, products and events to you, unless you tell us not to. It is in the University’s legitimate interests to promote its services and events to those who may be interested.
- Produce some internal reports, research, market research, surveys and statistics. It is in our legitimate interests to use these to evaluate, plan and assess how the University’s services are operating and make any changes we think are appropriate and will benefit current and future students and apprentices, businesses and members of the public.
We share your information with some external organisations and bodies, some of which are processing personal data on our behalf. We only share your personal data with another person or organisation where the law allows us to and we consider it to be appropriate under the circumstances. The external parties we will share information with include the following:
- Government agencies and authorities, including the police for the prevention and detection of crime, apprehension and prosecution of offenders, the collection of tax or duty and safeguarding national security, among other things.
- Internal and external auditors to provide assurance that the University is following its risk management, governance and internal control processes and to independently inspect our financial statements and records.
- Companies or organisations acting on our behalf: We use processors who are third parties who provide elements of services for us, such as Microsoft, which provides our CRM system. We have contracts in place with our processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.
Occasionally we may need to send your personal data outside the European Economic Area (EEA) e.g. to obtain a service from a processor. We only transfer personal data outside the EEA if there is a lawful basis to do so and appropriate safeguards are put in place to protect your information and ensure it remains secure.
All information will be retained and disposed of in line with the University’s retention schedule.
We will retain records of your enquiries and our replies for five years after we stop providing you with business support.
Records of events we run and all information associated with their design and delivery will be retained for three years following the end of the event then will be considered for permanent preservation in the University Archive.
If your personal data is contained in records of a project that we have supported, we will keep those records for seven years following the close of the project. If the project is ERDF-funded, the records will be kept for ten years following the close of the project.
Your contact details will be kept up to date and retained indefinitely unless you contact us to ask us to delete them.
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Further information about each of these rights can be found on the Information Commissioner’s Office website. To make a request to exercise any of these rights, please Email the Information Governance Manager & Data Protection Officer.
You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For further information or to make a request, please see the data protection pages of our website.
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
You have the right to ask us to erase your personal data in certain circumstances.
You have the right to ask us to restrict the processing of your information in certain circumstances.
You have the right to object to any processing we carry out, if we carry it out on the basis that it forms part of our public task or is in our legitimate interests. You also have the right to object to your personal data being used for direct marketing purposes.
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information because we have your consent or because it is necessary for a contract you are a party to, and the processing is automated.
We work to high standards when it comes to processing your personal data. If you have queries or concerns, please contact the Information Governance Manager & Data Protection Officer in the first instance.
If you remain dissatisfied, you can make a complaint about the way we process your personal data to the Information Commissioner’s Office, which is the UK supervisory authority for data protection. Further information can be found on the data protection pages of our website.