Privacy Notice - Members of the Public
Here at the University of Salford we work hard to ensure that you get the very best experience without having to worry if your information is safe.
Outlined below is how and why we collect, use, and share your personal information, and your rights in relation to that data.
This Privacy Notice covers contractors and members of the public who use the following services:
- Car parks
- Sports centre
- Other services provided by the university, e.g. clinics
Additionally, the university engages with industry and employers to undertake knowledge transfer through the provision of commercial consultancy, training products and services. In order to further develop business through these means there is sometimes the need to capture and process data. This privacy notice also covers these areas.
There’s lots of information here but it’s important that you’re fully informed – we hope the following sections will answer any questions you have but if not, please do get in touch with us:
Estates (including car-parking): firstname.lastname@example.org
Sports centre: email@example.com
Contractor Services: firstname.lastname@example.org
A bit about us
The University of Salford is the “Data Controller” of your personal data & is subject to the UK General Data Protection Regulation 2016 (“GDPR”). We are registered with the Information Commissioner’s Office (“ICO”), registration number Z469563X, and are committed to ensuring that your personal data is handled in accordance with the regulation.
Our Data Protection Officer is Andrew Hartley
Why do we collect your data?
Under the GDPR we have to have justification (“legal basis”) for obtaining your information and for members of the public we believe the legal basis for this is:
1. Public task
To ensure that we can carry out our roles as an educational and research establishment, meeting legal, moral and contractual obligations, as laid out in the university’s charter
In order to meet our contractual duties to you and provide you with services as laid out in our agreement with you
3. Legitimate interest
To ensure that we can carry out activities and services out effectively and provide required levels of service, across the wide range of services we offer.
4. Explicit consent
To provide you with services some special category data will be collected only with your explicit consent.
When do we collect data?
We collect data about you at various stages in your relationship with us. This may be:
- When you first contact us querying a service we offer, office space or a virtual tenancy
- When you, as a representative of an employer or an Industry, contact us about a service we offer and throughout the contractual relationship between us
- When you complete documentation to enable us to set up a tenancy agreement (actual or virtual)
- When you complete your induction at the university, if you are a contractor
- If we are considering engaging your services either as an individual consultant/contractor or through your company and we need details of your qualifications and work experience
- When you register with us as a sport centre member and throughout your time as a sport centre member, collating information relating to your health, performance, the activities/events you partake in, personal programs
- When you contact the sport centre querying a service we offer or to make a casual booking or hire agreement
- When you request to join the library as an alumnus, community access or sconul member
- When you use library services i.e. borrow library material, access electronic resources or use printing facilities
- Attendance at teaching and training sessions
- If you attend a clinic offered by the university or a third party
- If you wish to park your vehicle in the university’s car parks and where we capture CCTV images
What sort of data do we collect?
Under the GDPR we will only collect the minimum amount of information needed to carry out a specific purpose. We may collect the following type of personal data about you:
1. Information that helps identify you:
- Your name and date of birth
- Company details
- Contact information (address, email, phone number)
- National Insurance number
- Passport number (or National Identity Card details)
- Country of domicile and nationality
- Photograph, for ID purposes
- Vehicle registration number
- Bank details, in order to set up a direct debit mandate
2. Information relating to your education and employment history
- Places of work and vocational qualifications achieved
3. Sensitive personal data, including:
- Information concerning your health and medical conditions
- Information about your racial or ethnic origins, religion or political beliefs & sexual orientation
- Certain criminal convictions
- Records of misconduct within the university
4. Information about your activity in the university
- Library loan history
- Use of electronic resources
- Access and use of university systems and spaces
- Authorship of research outputs and data
- Evaluation and feedback of teaching and training
How do we use your information?
We will process your personal information and data for a range of purposes associated with your use of our facilities and services. The primary purposes are:
- Student administration, including registration, provision of contractor ID card, provision of email and IT accounts, timetabling, engagement monitoring, provision of library services
- Membership registration, provision of membership ID card, casual bookings/hire agreements, engagement and retention monitoring
- Fitness program, fitness training, and health and wellbeing support
- Providing facilities and services, such as IT and car parking provision
- Student wellbeing and support, including pastoral support counselling services, personal tutoring.
- Financial administration, including collection of library charges, payment for clinics and services, rents and recharges incurred
- Complying with statutory requirements, such as monitoring equal opportunities
- To gather statistics for internal and mandatory reporting on the use of services
- Assessment of research activity
- Providing work authorisation certificates and permits to work
- To evaluate tenders to determine the competency of individuals who will be involved in projects
- Service design and planning
- Ensuring acceptable use of university systems and resources
- Preventing and detecting crime, using CCTV and ID photographs
How long do we keep your data for?
Data is retained for as long as it is required to perform its purpose, or for as long as is required by law (see the link below). At the end of that retention period, your data will either be deleted completely or anonymised.
Who do we share your information with?
Sometimes we share your personal data with trusted third parties, in order to meet contractual needs, deliver required services or to improve our services.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy
- We provide only the information they need to perform their specific services,
- They may only use your data for the purposes we specify in our contract with them,
- We work closely with them to ensure that your privacy is respected and protected at all times
- If we stop using their services, all of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
1: Our employees, agents and contractors where there is a legitimate reason for them receiving the information, including:
- Third parties who provide student support services, e.g. counselling and accommodation
- Suppliers and contractors where there is a legitimate reason for them receiving the information, for example, our car parking enforcement company or the providers of our web-hosted permit to work systems
- Third parties who provide out of hours IT support
- Third parties providing services, e.g. the British Library
- Organisations operating anti-plagiarism on our behalf
- Internal and external auditors
- Organisations responsible for the recovery of money i.e. Library charges.
2. Government departments and agencies where we have a statutory obligation to provide information, for example:
- The home office, in connections with UK Visas and immigration
- Council Tax and electoral Registration officers for the purpose of assessing liability for Council Tax and for electoral registration purposes
3. Crime Prevention or detections agencies, e.g.
- The Police
- Department for Work and Pensions
- Trading Standards
We will only share information with parents, guardians or next-of-kin when there is a legitimate reason for disclosure.
International data transfers
Some of the personal information we process about you may be transferred to, and stored at, a destination outside the UK, for example where it is processed by staff operating outside the UK who work for us or for one of our suppliers, or where the personal data is processed by one of our suppliers who is based outside the UK or uses a storage facility outside of the UK.
Sharing sensitive personal data
Sometimes we may need to share your sensitive personal date with colleagues or outside the University. We will try to do so only with your explicit consent but there may be occasions when obtaining your consent is impossible or inappropriate, e.g.
- To protect your or another person’s vital interests,
- Where the provision of confidential counselling, support or similar would be prejudiced,
- To meet statutory obligations for equality and diversity monitoring,
- For the purpose of prevention or detection of crime, pursuant to a court order or for the University to obtain legal advice.
- Equal opportunities monitoring,
- Provision of occupational health and wellbeing services,
- Providing a safe environment and supporting fitness for all.
How can you find out what information we hold on you?
You have certain rights in respect of the personal information the University holds about you. Visit our data protection, privacy and cookies page for more information about individual rights under GDPR and how you exercise them.
From time to time we may make changes to this statement because the way we are processing your personal information changes. All alterations will be posted on this page and will apply from the time we post them. Where we have a valid email address for you we will periodically email you to inform you what changes have been made and to send you a link to our current privacy statement.
This statement was last updated on 10 February 2021.