University Data Protection Privacy Notices
Introduction
To comply with the Data Protection Act the below Privacy Notice must be included on all online forms/surveys/questionnaires, and paper documents, when collecting personal data. Even if the personal information collected from individuals is anonymous a Privacy Notice must be included:
Standard/Model University Data Protection Privacy Notice:
1998 Data Protection Act, Consent to Process Personal Information
The personal information collected on this form/questionnaire/survey/other (please insert) will be processed by the University in accordance with the terms and conditions of the 1998 Data Protection Act. We will hold your data securely and not make it available to any third party unless permitted or required to do so by law. Your personal information will be used/processed as follows (please insert):
1. Purpose for collecting the information.
2. To whom the information will be disclosed/shared and why.
3. How long the information will be kept/when it will be destroyed.
4. Where the information will be stored and how secure it will be.
I agree to the University processing my personal data as described above.............................................tick box/signature).
The University Data Controller is William Marshall, Pro-Vice Vice Chancellor,
Commercial Director and Corporation Secretary.
What is a Data Protection Privacy Notice
A privacy notice is the written (or oral) statement that individuals are given when personal information is collected from them. In order to comply with the fair processing terms and conditions of the Data Protection Act such notices must always be included on all forms/on-line surveys/questionnaires (or other medium including the internet) which asks for personal data. The basic legal requirement of a Privacy Notice is to make sure people know who you are, what you intend to do with their information, who it will be shared with or to whom it will be disclosed. Depending on the circumstances you may decide to inform people:
- if you intend to pass personal data on, the name of the organisations involved and details of how they will use the information;
- how long you or other organisations intend to keep the information;
- whether replies to questions are mandatory or voluntary;
- the consequences of not providing information
- whether the information will be transferred overseas;
- what you are doing to ensure the security of personal information;
- about their rights and how they can exercise them, for example, the fact that a person can obtain a copy of their personal information or object to direct marketing;
- who to contact if they want to complain or know more about how their information will be used;
- about the right to complain to the Information Commissioner if there is a problem.
Transparency and Consent
Individuals should not be mislead when their personal data is requested. It is important to make sure that where people have a choice about whether to supply their personal information, they are given a genuine opportunity to exercise it. A good example of this is the opportunity to subscribe to, or unsubscribe from, direct marketing, or the completion of a survey or on-line training. Even if individuals have no real choice, the collection of information about them still has to be fair and transparent. A privacy notice must therefore be included which ensures the individual either provides a signature, or ticks a box, agreeing to the processing of their data as described. When collecting personal data on-line privacy notices should be clearly displayed. An individual should not be able to continue completing online surveys/questionnaires/forms etc. unless their prior consent has been given (e.g. via a tick box) at the start of the survey/questionnaire/form. For further information please see https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/
John Elliott (Ext. 82607)
Insurance and Data Protection Compliance Officer
[email protected]
11.10.16