Privacy notice: schools and colleges liaison service

This privacy notice tells you what to expect us to do with your personal data when you interact with the University’s Schools and Colleges Liaison Service, usually as a teacher or adviser. Personal data (or personal information) is any information which relates to, and identifies, you. Data protection legislation (the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA)) set out how we should handle your personal data.

The University of Lancashire (formerly the University of Central Lancashire) is the controller for the personal data we process, unless otherwise stated. We are registered with the Information Commissioner’s Office and our registration number is Z5512420.

There are many ways you can contact us, including by phone, email, social media and post. View our main contact details on our website.

You can also email the Schools and Colleges Liaison Service, or speak to your nominated school/college/organisation lead.

Email the University’s Information Governance Manager & Data Protection Officer. Further information and contact details can be found on our data protection web pages.

We will use information that you give to us when you register for events and conferences that we run. We will also use information that we collect during any engagement we have with you (such as details of previous or future activities undertaken on or off campus) or any feedback or views you give us via any method.

Administration, communication and events

We use your information to run and administer the Schools and Colleges Liaison Service and its events and conferences, which includes registering you and your organisation with the Service; administering and sending you information about events you have booked on to; improving our service based on engagement, evaluation and feedback; and monitoring and reporting on our service. We will also contact you periodically to check that your information is accurate and up to date to help us ensure that the information we send and activities we run remain relevant and offered to the correct people. To update us about changes at any time email the team, or speak to your nominated school, college, or organisation lead.

We will use your information to send you updates, events, and opportunities about the University and our work, which we think will be of interest to you and your organisation, including but not limited to information about new programmes, student support services, schools and colleges liaison services/activities (such as opportunities for your students on/off campus), conferences/workshops, guest speakers, networking, facility tours, and higher education sector updates.

You can opt out of receiving our marketing communications at any time by contacting us directly or by unsubscribing from marketing emails using the instructions on those emails. Please note that not all of the communications we send to you are marketing so you cannot opt out of everything we send.

The University operates a CCTV system for security and crime prevention purposes, which includes the use of body worn video devices. The CCTV system covers University buildings (inside and outside) and public areas across our campuses. If you attend any events on one of our campuses, your images are likely to be captured by the CCTV system while you are on, in, or near University premises. CCTV footage will be used to maintain the security of the University community, enhance public safety, prevent and detect crime and apprehend and prosecute offenders. CCTV footage may be used, where there is a lawful basis, in the investigation of complaints and allegations made under the University’s rules, regulations, procedures and codes of practice. Further information is available in our CCTV Privacy Notice.

We will use your information to ensure and monitor our compliance with legislation including laws relating to equality and health and safety. We will also use your information to monitor our compliance with regulatory requirements set by external agencies.

Your information will also be used for research purposes, including research by University staff for planning and development purposes, and University researchers for the purposes of academic research.

The University relies on the following lawful bases from the UK GDPR to process information about you for the purposes set out in this notice:

Article 6(1)(c), which allows us to process personal data when it is necessary to comply with a legal obligation. We are legally required to monitor compliance with laws relating to health and safety and equality, among other things.

Article 6(1)(e), which allows us to process personal data where it is necessary to perform a task in the public interest. Research; some monitoring and internal reporting; and auditing are also carried out as part of our public tasks.

Article 6(1)(f), which allows us to process personal data where it is in our, or someone else’s, legitimate interests to do so and it does not unduly prejudice your rights and freedoms. We rely on this condition to, among other things:

• administer the Service, run our events and activities; send you communications about our work, events and activities, and the University that we think may be of interest to you and your organisation; and evaluate and monitor the service. It is in our legitimate interests to do so to enable us to offer services and events that may be of interest to your organisation and its students and staff and does not unduly prejudice your rights and freedoms as we only obtain your details if you have interacted with us and you can opt out of receiving marketing communications from us at any time.
• provide a security service and CCTV monitoring. It is in the interests of the University community and the general public to make the University a safe and secure place to live, work and study.
• produce some internal reports, research and statistics. It is in our legitimate interests to use these to evaluate, plan and assess how the University is operating and make any changes we think are appropriate and will benefit current and future students.

We also process some information only if you provide your consent. In this case, Article 6(1)(a) applies, and Article 9(2)(a) applies where the information is special category data (special category data is information about your race, ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used for ID purposes, health, sex life or sexual orientation). It will be clear where we are relying on your consent to collect and use your information because consent will be requested at the time you provide the information. When you are asked for consent, we will explain why we are asking for the information and how we will use it if you choose to provide it. Consent can be withdrawn at any time and we will explain how you can do this in each individual case.

Where we process special category data for the purposes set out in this notice, we rely on the following additional lawful bases from the UK GDPR and DPA:

Article 9(2)(g) UK GDPR, which allows us to process special category data if the processing is necessary in the substantial public interest and there is a basis to do so in law. The law which allows us to rely on Article 9(2)(g) is section 10 DPA by virtue of Schedule 1 DPA, which also provides the lawful basis for processing data about criminal convictions. The specific conditions from Schedule 1 DPA on which we rely for this type of processing are as follows:

• Schedule 1(6), which allows us to process special category data to comply with a statutory or legal function. Such functions include the duties set out in the Equality Act 2010.
• Schedule 1(8), which allows us to process special category data to monitor equality of opportunity or treatment.

When processing special category data or data about criminal convictions in reliance on the above conditions from Schedule 1 DPA the University must have an appropriate policy document, which can be read here: Data Protection: Processing special category data and criminal convictions data.

Article 9(2)(j) UK GDPR, which allows us to process special category data for archiving, scientific or historical research purposes or statistical purposes, where there is a basis to do so in law. The law which allows us to rely on this basis is section 10 DPA by virtue of Schedule 1(4) DPA.

We share your information within the University with colleagues who have a need to know for the purposes of administering the Service and its events. We also share your information with a small number of external organisations and bodies, some of which are processing personal data on our behalf. We only share your personal data with another person or organisation where the law allows us to and we consider it to be appropriate under the circumstances. The external parties we will share information with include the following:

• University insurers: information, including accident forms, is shared with our insurers to provide insurance cover and to enable us to make and defend insurance claims. This will only occur in certain circumstances e.g. if you have an accident on our premises.
• Internal and external auditors: to provide assurance that the University is following its risk management, governance and internal control processes and to independently inspect our financial statements and records. Your information may be provided to auditors if you claim expenses from us for attending one of our events.
• Companies or organisations acting on our behalf: We use processors who are third parties who provide elements of services for us, such as those who provide IT services or event booking services on our behalf. We have contracts in place with our processors. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will hold it securely and retain it for the period we instruct.

Occasionally we may need to send your personal data outside the UK and/or the European Economic Area (EEA) e.g. to communicate with you if you are based in another country; or to obtain a service from a processor. These transfers are usually carried out with your consent or because they are necessary for a task in the public interest. All transfers are carried out with appropriate safeguards in place to protect your information and ensure it remains secure. For example, we share information on the basis of the UK International Data Transfer Agreement or UK International Data Transfer Addendum when we share information with processors based outside the EEA. A copy of these Agreements, where applicable, can be obtained from the University on request.

We keep information about you indefinitely or until we are advised that you no longer represent your organisation or otherwise ask us to remove your details.

We will keep records of your input and feedback generated as a result of your participation in our activities for as long as it is useful to our ongoing activities. This may mean it is retained indefinitely. Where possible, we will anonymise this information so that you cannot be identified from it.

Information that we collect for the purposes of a specific event or activity, such as dietary or accessibility requirements, is not retained once the event is complete.

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Further information about each of these rights can be found on the Information Commissioner’s Office website. To make a request to exercise any of these rights, please email the Information Governance Manager & Data Protection Officer.

• Your right of access: You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process. For further information or to make a request, please see the data protection pages of our website.
  
  
• Your right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
  
  
• Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  
  
• Your right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
  
  
• Your right to object to processing: You have the right to object to any processing we carry out, if we carry it out on the basis that it forms part of our public task or is in our legitimate interests. You also have the right to object to your personal data being used for direct marketing purposes.
  
  
• Your right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information because we have your consent or because it is necessary for a contract you have signed up to, and the processing is automated.

We work to high standards when it comes to processing your personal data. If you have queries or concerns, please contact the Information Governance Manager & Data Protection Officer and we will respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal data to the Information Commissioner’s Office, which is the UK supervisory authority for data protection. Further information can be found on the data protection pages of our website.