Data Protection Policy

Similar documents
GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations

Welcome To Your Data Protection Journey. Paula Tighe Information Governance Executive

GLOBAL DATA PROTECTION POLICY URUP

Fitzwilliam College Data Protection Policy

Data Protection Policy. Newbury Academy Trust

DATA PROTECTION POLICY

Southern Golden Retriever Rescue Data Protection Policy

This information, or "personal data" as it is often referred to, must be processed according to the principles contained within the Regulation.

POSITIVE SOLUTIONS FAIR PROCESSING NOTICE

Fair Processing Notice

What is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:

DATA PROTECTION AND PERSONAL INFORMATION FAIR PROCESSING POLICY

Privacy Notice under the General Data Protection Regulation (GDPR)

DATA PROTECTION POLICY

1.1. This policy lays out how Glebe Primary School will comply with its responsibilities under the Data Protection Act 1998.

DATA PROCESSING TERMS DEFINITIONS

DATA PROTECTION POLICY. Little Baddow Parochial Church Council

Data Sharing Agreement Between University of Chichester and University of Chichester Students Union

The following guidelines have been developed to assist all staff with the adherence to the Privacy & Data Protection Act (Vic) 2014 (the PDP Act ).

Depending on the circumstances and the stage of your membership, we may hold some or all of the following information about you:

* Unless otherwise indicated, this policy will still apply beyond the review date.

Mobius Life Limited Data Privacy Notice

BINDING CORPORATE RULES

ERGO Versicherung AG UK Branch Data Privacy Notice

Appropriate Policy Document

Privacy Notice Student Loans Company Ltd

DATA PROTECTION NOTICE

London Borough of Redbridge

Privacy. Policy. Purpose. Coverage. Policy. Code and version control:

Data Protection Act Policy

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

BDML Connect Ltd Privacy Policy_v1.0_March updated Markerstudy Group 2018 Page 1 of 11

Privacy Policy. Naval Group

Claims Handling We process Your Personal Data in order to record and handle your insurance claim. This may include sharing your Personal Data with:

Bradfield College. Information and Records Retention Policy

The Pension and Life Assurance Plan of NG Bailey (Scheme) Privacy notice

WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

Multi Agency Assessment Panels Data Protection Protocol

The Controller and Processor Data Protection Binding Corporate Rules of BMC Software

Document Title. Date coming into force: Review Date: Edition No:

Privacy Policy. HDI Global SE - UK

Data Protection: Fair processing of student personal information Contents

Voyages Privacy Policy

Privacy Policy. Who we are. Definitions

All Sorts UK Limited Data Protection Policy 17 th May 2018

ASTRAZENECA GLOBAL POLICY DATA PRIVACY

PRIVACY STATEMENT. There are terms in bold with specific meanings. Those meanings can be found in the attached Glossary.

DATA PROTECTION INSURANCE MARKET CORE USES INFORMATION NOTICE

EnerSys UK Pension Scheme (the Scheme) Privacy Notice

Legal Compliance Education and Awareness. Privacy Act (Commonwealth)

Management of Personal Information Policy (Privacy Policy)

Ximedica, LLC Privacy Shield Policy

1.1 This document is the Privacy Policy of Ricoh Australia Pty Ltd (ABN

EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY

PROTECTION OF PERSONAL INFORMATION POLICY (PoPI)

Newsletter NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN: Similarities and Differences. Atsumi & Sakai

We are bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles set out in the Act.

Institutional Investment Advisors Limited

Data Sharing Agreement Between University of Chichester and University of Chichester Students Union

Arcare Aged Care APP Privacy Policy

Ark Syndicate Management Limited. Privacy and Transparency Notice. Version 1

Santia Special Conditions (Accreditation Only)

Data Protection Privacy Notice for people not directly involved in the accident

Lexus Asset Protector (GAP Insurance)

henriksen limited This document sets out how Henriksen processes data and your rights as the data subject.

Inteum EU or Switzerland Safe Harbor Policy

TIFFANY AND COMPANY: EU-U.S. PRIVACY SHIELD PRIVACY POLICY - CONSUMER DATA

What does GDPR and the new Data Protection Act mean to Brokers/Intermediaries?

WHISTLE BLOWING POLICY AND PROCEDURE

Privacy & Data Protection Procedure-Box Hill Institute Group

Highland Distillers Pension Scheme (the "Scheme") Privacy Notice

TEREX CORPORATION DATA PROTECTION POLICY

Privacy Statement. Key Definitions. Data Controller. Processing

Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification

PRIVACY NOTICE Use of Information Data Controller and Data Processor

DATA PROTECTION NOTICE

DATA PRIVACY & FAIR PROCESSING NOTICE

Code of Conduct & Practice

Privacy Policy. Munich Re Australia

General Data Protection Regulations Briefing (the presentation you ve all been waiting for)

The Allied Group Privacy Shield Policy

THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL

GDPR: Frequently Asked Questions to Brokers Ireland, February 2018.

ARE YOU READY FOR THE NEW DATA PROTECTION LAWS?

Data held by BASC clubs and syndicates - a brief guide

DDB. EU/Swiss-U.S. Privacy Shield: Consumer Privacy Policy

Privacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.

Privacy Notice. 1. Who we are and our approach to your privacy

KCSP Data Protection Policy

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

Australia's new mandatory data breach notification laws

ERGO Versicherung AG UK Branch Data Privacy Notice

LOCAL GOVERNMENT PENSION SCHEME (LGPS) GENERAL DATA PROTECTION REGULATION - THE IMPLICATIONS FOR THE LGPS

1. What Data do we collect and where do we get it from?

Aegon Asset Management Europe ICAV ( the Fund ) Data Protection Policy

Application to become a Lloyd s Open Market Correspondent

FINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: PRIVACY NOTICE

THE SCOTTISH FA. Equity Policy

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

DATA PROTECTION NOTICE

Transcription:

Data Protection Policy 1.0 Policy 1.1 This policy applies to all members of the University of Wolverhampton ( the University ). For the purposes of this policy, the term Staff means all members of University staff including permanent, fixed term, and temporary staff, governors, secondees, any third party representatives, agency workers, volunteers, interns, agents and sponsors engaged with the University in the UK or overseas. This policy also applies to all members of staff employed by any of the University s subsidiary companies. 1.2 All contractors and agents acting for or on behalf of the University should be made aware of this policy. 1.3 This policy applies to all personal and sensitive personal data processed on computers and stored in manual (paper based) files. It aims to protect and promote the rights of individuals and the University. (i) Personal Data: Any information which relates to a living individual who can be identified from the information. It also extends to any information which may identify the individual. Examples of personal data: A person s name and address (postal and email) Date of birth Statement of fact Any expression or opinion communicated about an individual Minutes of meetings, reports Emails, file notes, handwritten notes, sticky notes CCTV footage if an individual can be identified by the footage Employment and student applications Spreadsheets and/or databases with any list of people set up by code or student/staff number Employment or education history (ii) Sensitive Personal Data: Any information relating to an individual s: Ethnicity Gender Religious or other beliefs Political opinions Membership of a trade union Sexual orientation Medical history Offences committed or alleged to have been committed by that individual Corporate Strategy & Governance Unit 1

3.0 Definition 3.1 The Data Protection Act 1998 is designed to protect individuals and personal data, which is held and processed on their behalf. The Act defines the individual as the data subject and their personal information as data. These are further defined as: (i) Data Subject: Any living individual who is the subject of personal data whether in a personal or business capacity (ii) Data: Any personal information which relates to a living individual who can be identified. This includes any expression of opinion about the individual. (iii) Data is information stored electronically i.e. on computer, including word processing documents, emails, computer records, CCTV images, microfilmed documents, backed up files or databases, faxes and information recorded on telephone logging systems (iv) Manual records which are structured, accessible and form part of a relevant filing systems (filed by subject, reference, dividers or content), where individuals can be identified and personal data easily accessed without the need to trawl through a file. 4.0 General Principles 4.1 The Data Protection Act 1998 sets legislative requirements for organisations processing personal data (referred to under the Act as Data Controllers ). The University will be open and transparent when processing and using private and confidential information by ensuring we follow the 8 Data Protection Principles of good data handling: (i) (ii) (iii) Principle 1: Personal data shall be obtained and processed fairly and lawfully. Principle 2: Personal data shall be obtained only for the specified and lawful purposes and shall be processed for limited purposes. Principle 3: Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is obtained. (iv) Principle 4: Personal data shall be accurate and kept up to date. (v) Principle 5: Personal data shall not be kept for longer than necessary. Corporate Strategy & Governance Unit 2

(vi) Principle 6: Personal data shall be processed in accordance with the rights of the data subject under the Data Protection Act 1998. (vii) Principle 7: Personal data (manual and electronic) must be kept secure. (viii) Principle 8: Personal data shall not be transferred outside the European Union unless that country provides adequate levels of protection for the rights of the data subject. 4.2 The University recognises and understands the consequences of failure to comply with the requirements of the Data Protection Act 1998 may result in: Criminal and civil action; Fines and damages; Personal accountability and liability; Suspension/withdrawal of the right to process personal at by the Information Commissioners Office (ICO); Loss of confidence in the integrity of the University s systems and procedures; Irreparable damage to the University s reputation. 4.3 The University may also consider taking action, in accordance with the University s Disciplinary Procedure, where staff do not comply with the Data Protection Act 1998. 5.0 Roles and Responsibilities 5.1 Staff will not attempt to gain access to information that is not necessary to hold, know or process. All information which is held will be relevant and accurate for the purpose for which it is required. The information will not be kept for longer than is necessary and will be kept secure at all times. 5.2 The University will ensure that all personal or sensitive personal information is anonymised as part of any evaluation of assets and liability assessments except as required by law. 5.3 Staff who manage and process personal or sensitive personal information will ensure that it is kept secure and where necessary confidential. Sensitive personal information will only be processed fairly and lawfully and in line with the provisions set out in the Data Protection Act 1998 and only processed in accordance with instructions set out by the respective Data Controllers. Corporate Strategy & Governance Unit 3

5.4 The University will ensure that all staff are made aware of the reasons why personal and sensitive personal data is being processed: how it will be processed who will process it how it will be stored and how it will be disposed of when no longer required. 6.0 Data Subjects Rights 6.1 The University acknowledges individuals (data subjects) rights under the Data Protection Act to access any personal data held on our systems and in our files upon their request, or to delete and/or correct this information if it is proven to be inaccurate, excessive or out of date. 6.2 The University recognises that individuals have the right to make a request in writing and upon payment of a fee, obtain a copy of their personal information, if held on our systems and files. 6.3 The University recognises that individuals have the right to prevent data processing where it is causing them damage or distress, or to opt out of automated decision making and stop direct marketing. 7.0 University (Data Controllers) Obligations 7.1 The University will follow Code of Practice issued by the ICO when developing policies and procedure in relation to data protection. 7.2 The University will ensure that Data Processing Agreements are applied to all contracts and management agreements where the University is the data controller contracting out services and processing of personal data to third parties (data processors). The University will ensure this agreement clearly outlines the roles and responsibilities of both the data controller and the data processor. 7.3 The University will adhere to and follow the 8 principles of data protection when conducting surveys, marketing activities etc., where the University collects, processes, stores and records all types of personal data. 7.4 The University will not transfer or share personal information with countries outside of the European Economic Area (EEA) unless that country has a recognised adequate level of protection in place in line with the recommendations outlined in the Data Protection Act. 7.5 The University will ensure all staff are provided with data protection training and promote the awareness of the University s data protection and information security policies, procedures and processes. Corporate Strategy & Governance Unit 4

8.0 Complaints 8.1 Complaints relating to breaches of the Data Protection Act 1998 and/or complaints that an individual s personal information is not being processed in line with the 8 principles of data protection will be managed and processed by The Registrar. 8.2 All complaints of dissatisfaction will also be processed in accordance with the University s Complaints Process and should be sent to: Head of the Conduct & Appeals Unit: c/o MB Building, City Campus South University of Wolverhampton The George Wolverhampton West Midlands WV1 1LY 9.0 Confidentiality and Information Sharing 9.1 The University will only share information in accordance with the provisions set out in the Data Protection Act 1998. 9.2 Where applicable the University will inform individuals of the identity of third parties to whom we may share, disclose or be required to pass on information to, whilst accounting for any exemptions which may apply under the Data Protection Act 1998. VERSION: 1.1 Approved Date: Review Date: April 2013 April 2015 AUTHOR/ OWNER: Approved By: Sonia Hawley, Information Officer Helen Wildman, The Registrar Corporate Strategy & Governance Unit 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback