At Newman University we recognise that your privacy is a serious and important matter and we support the principles of protecting privacy within the context of current UK legislation. The processing of personal data is regulated by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
The UK General Data Protection Regulation and the Data Protection Act 2018 seek to strike a balance between the rights of the individual and the sometimes competing interests of those with legitimate reasons for using personal information. It gives individuals certain rights regarding information held about them. It places obligations on those who process information while giving rights to those who are the subject of that data.
What is ‘personal data’?
Under the legislation ‘personal data’ means any information about a living person who can be directly or indirectly identified through the information.
The General Data Protection Regulation and the Data Protection Act 2018 applies to both automated personal data (for example, information on computers) and to manual filing systems where personal data are accessible according to specific criteria.
Personal data that has been pseudonymised – e.g. student ID numbers – can fall within the scope of the ‘personal data’ depending on how difficult it is to attribute the pseudonym to a particular individual. Completely anonymous data does not count as personal data.
What are ‘special categories of personal data’?
The UK GDPR and the DPA 2018 refer to sensitive personal data as ‘special categories of personal data’. This includes, but is not limited to, information about a person’s race, ethnic origin, religion, sexual orientation and health.
You can read more about the definitions of personal data on the Information Commissioner’s Office website.
What are the privacy principles?
Anybody processing personal information must comply with the following principles: Personal data must be:
- Processed lawfully, fairly and in a transparent way
- Processed for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and, where necessary, kept up to date
- Not kept any longer than necessary
- Processed in a manner than ensures appropriate security.
What rights do I have about my personal data?
The UK GDPR provides the following rights for all individuals, including staff and students:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure*
- The right to restrict processing*
- The right to data portability*
- The right to object
- Rights in relation to automated decision making and profiling.* These rights apply in certain circumstances.
You can read more about your rights on the Information Commissioner’s Office website (www.ico.org.uk)
What lawful basis do you have for using my personal data?
Under data protection laws we must have a lawful basis for processing your personal data. There are different lawful grounds within data protection law that apply to the different data that we process. These are explained here.
I think the personal data you have about me is inaccurate, what can I do?
If you have reason to believe that any personal data that we have about you is out of date or inaccurate please log onto MyNewman (students) and / or iTrent (staff) and update your details. If the information is not held or accessible on MyNewman and / or iTrent please email (firstname.lastname@example.org) or write to us to notify us of any changes that should be made. We will amend your personal data if you tell us to or if we consider that it contains factual errors or is out of date.
How do I stop receiving direct marketing from the University?
When you enquire about a course, enrol on a course or become a member of staff you might start to receive direct marketing from the University about topics we believe you might be interested in e.g. courses, University events or continued professional development. We tell you at the time you provide your data that this is the case but you do have the right to ‘opt-out’. Simply email or write to the Data Protection Officer (email@example.com) or follow the ‘unsubscribe’ link on any direct marketing emails. If you email it would be helpful if you could ‘No direct marketing’ in the subject line. It may take a few days to activate this.
May I access my personal data?
You have the right to access your personal data held by Newman University. If you wish to enquire about the personal data which the University holds on you, you may make a data subject access request (DSAR). If you make a DSAR, you are entitled to know what personal data the University holds about you and what your personal data is used for. You are entitled to know the purposes for which the University uses the information and who it is shared with. Only information which is considered to be your personal data will be released under a DSAR unless you can prove that you have the legal right to access personal data on someone else’s behalf.
I would like to know more. Who can I contact with an enquiry or advice?
If you would like to know more than the information provided on this page we recommend that you read the University’s full data protection policy. We do not want you to be worried about the protection of your personal data, so if you have any concerns or queries please contact the Data Protection Officer via firstname.lastname@example.org, Data Protection Officer, Newman University, Genners Lane, Bartley Green, Birmingham, B32 3NT or 0121 476 1181. If you would like to, you are welcome to use the template letter available on the ICO website.
If you feel the University has been unable, or unwilling, to resolve your information rights concern, you can raise the matter with the ICO. They will use the information you have provided, including the University’s response to your concerns, to decide whether your concern provides an opportunity to improve information rights practice. If they believe it does provide that opportunity, they will take appropriate action which can take a variety of forms. You should raise the matter with the ICO within three months of your last meaningful contact with the University. You can find out more about this on the ICO website.