Data Protection Policy

Similar documents
Data Protection Code of Practice

DATA PROTECTION POLICY FOR PUPILS AND PARENTS

Subject Access Requests

Privacy & Data Protection Policy

BECCLES INDOOR BOWLS CLUB

DATA PROTECTION POLICY: PUPILS AND PARENTS

PSNC Briefing on the NHS Complaints procedure (from 1 April 2009)

Accord Group Privacy Policy

Privacy Notice for Applicants and Tenants

RECRUITMENT & SELECTION PRIVACY NOTICE May 2018

Triodos Bank. UK Recruitment Privacy Statement

Summit Asset Managers Limited

A-1110 Wien. Privacy Notice

Purpose... 1 Definitions... 1 Policy... 2

SNAKK MEDIA LIMITED FINANCIAL PRODUCTS TRADING POLICY AND GUIDELINES

PAYMENT BY CARD TERMS & CONDITIONS

We process personal data for some or all of the following purposes depending on our relationship with the individual data subject:

This Privacy Notice applies to La Prairie employees, applicants and, where applicable, to contractors who provide services to La Prairie.

The Company is a public company incorporated in Bermuda and its securities are listed on AIM.

Audit and Risk Management Committee Charter

What credit related information do we collect and hold and how do we collect it?

Trustee Benefits. 1. Expense payments

2.6 When introducing new systems, care must be taken to ensure:

How to Become a Delaware Public Benefit Corporation

Producer Statements will be accepted only in accordance with this policy.

Flexible Working Policy

LMA GUIDANCE: GDPR CORE USES INFORMATION NOTICE

Pershing Financial Services Guide (FSG) including its Privacy Policy

UK Employment Law Changes in 2010: New Statutory Rates, Limits and Entitlements

HIPAA Privacy Rule LINKS AND RESOURCES AFFECTED ENTITIES IMPACT ON EMPLOYERS. Provided by Brown & Brown of Louisiana, LLC

The Coombe Secondary Schools Academy Trust Incorporating Knollmead Primary School. Data Protection

AusNet Electricity Services Pty Ltd. Information Sharing Protocol and Register

MIFID Policy Client classification

Guidelines for submission to the NSW Population and Health Services Research Ethics Committee. Version June 2015

Terms and Conditions 19 December 2018

JAUPT Appraisal Criteria Centre Application. November 2016

Best Execution & Client Order Execution Policy. October P age 1 6. BE31/10/17 v1

Bournemouth Borough Council. Penalty Notice Code of Conduct - For failure to ensure regular attendance at school of a registered pupil

Privacy Policy. What information does Kaplan collect about you?

Alabama Department of Revenue Driver Or Vehicle Data Information Request

TD Insurance s Multi-Year Accessibility Plan

The kinds of personal information (including credit-related information) we collect, and the purposes for which we do that;

CODE OF CONDUCT AND ETHICS POLICY ON CONFLICTS OF INTEREST

Disciplinary Policy. WHO is this policy for?

Policy Coversheet. Link Tutors: appointment and responsibilities

Frequently Asked Questions (FAQs) for Providers

Approval Process and Arrangements for University Consultancy Work

Information concerning the constitution, goals and functions of the agency, including 1 :

Manual of Administrative Policies and Procedures

Queen s University Housing & Hospitality Services Residence Agreement. Graduate Students - Confederation Place Hotel

The Brown Act. The Brown Act of 1953 (Government Code ) governs meeting access for local public bodies.

Details of Rate, Fee and Other Cost Information

CHARTER OF RESERVES, HEALTH, SAFETY, ENVIRONMENT AND SOCIAL RESPONSIBILITY COMMITTEE 2018

NCTJ Conflicts of Interest Policy and Procedures

Non-Regulated Activities. Application Guidelines

GENERAL DATA PROTECTION REGULATION (GDPR) POLICY

Grant Application Guidelines

Environmental Health & Safety Requirements for Master Agreement of Services

Audit & Risk Committee Charter

Body Corporate and Community Management and Other Legislation Amendment Bill April 2011

Article 5.2 of the Grant Agreement (GA) defines forms of costs and how they can be applied to the different budget categories.

FINANCIAL SERVICES GUIDE

Renewal of Manager s Certificate

NESA School Governance Compliance Requirements supporting the NSW Education Act 1990

Training course and online qualification bookings Updated June 2018

Guidelines and Recommendations Guidelines on periodic information to be submitted to ESMA by Credit Rating Agencies

Key issuing Procedure

Renewing an Insurance Policy

Document ID Document Name Document Classification Version Date GP_GDP_COM01 Data Protection Policy Internal V Apr-18

The UK Register of Trusts 23 October 2017

FINANCIAL SERVICES GUIDE Adams Triglone, Gregory Thomas Adams, Judith Anne Constantine

FSB Press Release 20 August 2015

Guidance on active substance suppliers

St Christopher's C of E (Primary) Multi-Academy Trust PRIVACY NOTICE

Understanding Self Managed Superannuation Funds

INFORMATION TECHNOLOGY SERVICES NIST COMPLIANCE AT FSU - CONTROLLED UNCLASSIFIED INFORMATION

NO LATE ENTRIES WILL BE ACCEPTED.

Summerlin Banyo. Terms and Conditions of Website Use. 1. Ownership of Website

RENEW DERMATOLOGY NOTICE OF PRIVACY PRACTICES

BBSRC POLICY ON PERSONAL DATA PROTECTION

Europa Group Privacy Policy

Guide to: BODIES CORPORATE

Latest Version 24 th November Secondment Policy. Printed copies must not be considered the definitive version

AUDIT & RISK COMMITTEE CHARTER

Record Keeping and Notes in Records for Claims Adjusters

STATE OF NEW YORK MUNICIPAL BOND BANK AGENCY

Model Data Processing Agreement Version 2.0

You can get help from government organizations that are not connected with us

Accessibility Plan and Policies for Equifax Canada

Local Code Of Corporate Governance

Clearing arrangements

TERMS OF REFERENCE FOR THE PROVISION OF OUTSOURCED INTERNAL AUDIT SERVICE

Intellectual Property Policy

The UK Register of Trusts 21 December 2017

Sewer Blockage Procedure

COMPLAINTS POLICY ARUNSIDE PRIMARY SCHOOL. POLICY ADOPTED: 20 th JUNE 2016 THE POLICY IS TO BE REVIEWED: November 2017

TERMS OF REFERENCE. Audit and Risk Committee (the "Committee") of Wilmcote Holdings Plc (the "Company")

Gifts & Hospitality. Effective Date Author Owner Approval Last Review Revise Date August 2017

Ramsey Million Partnership

AMENDMENTS TO NASDAQ RULES ON COMPENSATION COMMITTEES

Transcription:

Data Prtectin Plicy PLEASE NOTE: A new Data Prtectin Plicy, cmpliant with the requirements f the Data Prtectin Act 2018 and the Eurpean General Data Prtectin Regulatin (GDPR), is currently underging the apprval prcess at the University and will shrtly replace this plicy. Intrductin The University f Birmingham ("the University") needs t keep certain infrmatin abut its emplyees, students and ther users t allw it t mnitr perfrmance, achievements, and health and safety, fr example. It als needs t prcess infrmatin s that staff can be recruited and paid, curses rganised and legal bligatins t funding bdies and gvernment cmplied with. T cmply with the law, infrmatin must be cllected and used fairly, stred safely and nt disclsed t any ther persn unlawfully. T d this, the University must cmply with the Data Prtectin Principles, which are set ut in the Data Prtectin Act 1998 ( the Act ). In summary these state that persnal data shall: Be btained and prcessed fairly and lawfully and shall nt be prcessed unless certain cnditins are met. Be btained fr a specified and lawful purpse and shall nt be prcessed in any manner incmpatible with that purpse. Be adequate, relevant and nt excessive fr thse purpses. Be accurate and kept up t date. Nt be kept fr lnger than is necessary fr that purpse. Be prcessed in accrdance with the data subject's rights. Be kept safe frm unauthrised access, accidental lss r destructin. Nt be transferred t a cuntry utside the Eurpean Ecnmic Area, unless that cuntry has equivalent levels f prtectin fr persnal data. Anyne wh prcessed data n behalf f the University, including staff (including hnrary staff), students, vlunteers, cntractrs r thers wh prcess r use any persnal infrmatin must ensure that they fllw these principles at all times. In rder t ensure that this happens, the University has develped the Data Prtectin Plicy. A glssary f terms and list f useful resurces is attached t this Plicy. Status f the Plicy This plicy des nt frm part f the frmal cntract f emplyment, but it is a cnditin f emplyment that emplyees will abide by the rules and plicies made by the University frm time t time. Any failures t fllw the plicy can therefre result in disciplinary prceedings. Any member f the University, wh cnsiders that the plicy has nt been fllwed in respect f persnal data abut themselves, shuld raise the matter with the Data Prtectin Officer initially. If the matter is nt reslved satisfactrily it culd be raised as a frmal grievance r cmplaint. Respnsibilities f Staff All staff are respnsible fr: Checking that any infrmatin that they prvide t the University in cnnectin with their emplyment is accurate and up t date. Infrming the University f any changes t infrmatin, which they have prvided, eg changes f address. Infrming the University f any errrs r changes in staff infrmatin. The University cannt be held respnsible fr any such errrs unless the staff member has infrmed the University f them. If and when, as part f their respnsibilities, staff cllect infrmatin abut ther peple, (eg abut students' curse wrk, pinins abut ability, references t ther academic institutins, r details f persnal circumstances), they must cmply with the guidelines fr staff (Appendix 1).

Data Security All staff and students are respnsible fr ensuring that: Any persnal data, which they prcess, is kept securely in accrdance with the University s Infrmatin Security Plicy; Persnal infrmatin is nt disclsed accidentally r therwise t any unauthrised third party. Student Obligatins Students must ensure that all persnal data prvided t the University is accurate and up t date. They must ensure that changes f address etc are updated n the student registratin system. Students may, as part f a prject, prcess persnal data. If they d s they must cmply with the University s Data Prtectin Plicy and Infrmatin Security Plicy. Rights t Access Infrmatin Staff, students and ther users f the University have the right t access any persnal data that is being kept abut them either n cmputer r in certain files. Any persn wh wishes t exercise this right shuld cntact Legal Services, in writing. The University will make a charge f 10 n each ccasin that access is requested. The University aims t cmply with requests fr access t persnal infrmatin as quickly as pssible, but will ensure that it is prvided within 40 days. Subject Cnsent In many cases, the University prcesses persnal data with the cnsent f the individual. If the data is sensitive, express cnsent must almst always be btained. Agreement t the University prcessing sme specified classes f persnal data is a cnditin f acceptance f a student nt any curse, and a cnditin f emplyment fr staff. This includes infrmatin abut previus criminal cnvictins in accrdance with the Rehabilitatin f Offenders Act 1974. All prspective staff and students will be asked t cnsent t their data being prcessed when an ffer f emplyment r a curse place is made. A refusal t sign such a frm withut gd reasn may result in the ffer being withdrawn. Prcessing Sensitive Infrmatin Smetimes it is necessary t prcess sensitive persnal infrmatin. This may be t ensure the University is a safe place fr everyne, r t perate ther University plicies, such as the sick pay plicy r equality plicies. The University will als ask fr infrmatin abut particular health needs, such as allergies t particular frms f medicatin, r any health cnditins r disabilities. Because this infrmatin is cnsidered sensitive, and it is recgnised that the prcessing f it may cause particular cncern r distress t individuals, staff and students will be asked t give express cnsent fr the University t prcess this infrmatin. The Data Cntrller and the Data Prtectin Officer The University as a bdy crprate is the data cntrller under the Act, and the University Cuncil is therefre ultimately respnsible fr implementatin. Hwever, the Data Prtectin Officer will deal with day t day matters. The University has designated Mrs CM Pike OBE (Directr f Legal Services) t act as Data Prtectin Officer. Any query relating t the implementatin within the University f the Act and Subject Access Requests under sectin 7 f the Act shuld be referred t Legal Services. Examinatin Marks

Students will be entitled t infrmatin abut their marks fr bth cursewrk and examinatins as part f their tutrial supprt. This is within the prvisins f the Act relating t the release f data. Hwever, this may take lnger than ther infrmatin t prvide. Retentin f Data The University will keep sme frms f infrmatin fr lnger than thers. Data n students, including any infrmatin n health, race r disciplinary matters, will be destryed after 10 years but a skeletal recrd will be retained t include a full transcript f academic achievements. The University will need t keep central persnnel recrds indefinitely. This will include infrmatin necessary in respect f pensins, taxatin, ptential r current disputes r litigatin regarding the emplyment, and infrmatin required fr jb references. Research data must be retained in accrdance with the Cde f Practice fr Research. Cmpliance Cmpliance with the Act is the respnsibility f all members f the University. Any deliberate breach f the data prtectin plicy may lead t disciplinary actin being taken, r access t University facilities being withdrawn, r even a criminal prsecutin. It may als result in persnal liability fr the individual. Any questins r cncerns abut the interpretatin r peratin f this plicy shuld be taken up with the Data Prtectin Officer. This plicy was apprved by the University s Cuncil n 17 December 2007 and updated in May 2017 and takes immediate effect.

Data Prtectin Act 1998 Guidelines fr Staff Appendix 1 1. Members f staff will prcess persnal data n a regular basis. The University will ensure that staff and students give their cnsent t prcessing, r that anther cnditin fr prcessing applies, and are ntified f the categries f prcessing, as required by the Act. 2. Infrmatin abut an individual's physical r mental health; sexual life; plitical r religius views; trade unin membership; ethnicity r race; the cmmissin f criminal ffences and curt prceedings dealing with criminal ffences is sensitive and can nrmally nly be cllected and prcessed with their express cnsent. 3. Members f staff have a duty t make sure that they cmply with the data prtectin principles, which are set ut in the University Data Prtectin Plicy. In particular, staff must ensure that recrds are: accurate; up-t-date; fair; kept and dispsed f safely, and in accrdance with the University plicy. 4. Individual members f staff are respnsible fr ensuring that all data they are hlding is kept securely. 5. Members f staff must nt disclse persnal data, unless fr nrmal academic, administrative r pastral purpses, withut authrisatin r agreement frm the Data Prtectin Officer, r in line with the University plicy. 6. Members f staff must cmplete University registratins frms in respect f all databases hlding persnal data befre cmmencing prcessing f the data. The University may need t amend its registratin with the Office f the Infrmatin Cmmissiner. Frms and advice are available frm Legal Services n extensin 43916 r https://intranet.birmingham.ac.uk/legal-services/index.aspx. 7. Befre prcessing any persnal data, all staff shuld cnsider the checklist. 8. All staff shuld either cmplete nline data prtectin training thrugh Canvas r attend an pen training sessin thrugh POD, and make themselves aware f the Data Prtectin Tlkit and ther resurces n the Legal Services website. Staff Checklist fr Recrding Data D yu really need t recrd the infrmatin? Is the infrmatin 'standard' r is it 'sensitive'? If it is sensitive, d yu have the data subject's express cnsent? Has the individual r data subject been tld that this type f data will be prcessed? Are yu authrised t cllect/stre/prcess the data? If yes, have yu checked with the data subject that the data is accurate? Are yu sure that the data is secure? If yu d nt have the data subject's cnsent t prcess, are yu satisfied that ne f the ther cnditins fr prcessing data applies? In respect f databases cntaining persnal data, have yu ntified Legal Services that yu intend t hld the data and registered the database? Hw lng d yu need t keep the data fr, and what is the mechanism fr review/destructin?

Glssary f Terms Data Any infrmatin held by the University fr the purpses f University business. Persnal Data Infrmatin abut a living persn. This infrmatin is prtected by the Act. Data Subject The persn abut whm the data are held. Sensitive Data The Act intrduces categries f sensitive persnal data, namely, persnal data cnsisting f infrmatin as t: a. the racial r ethnic rigin f the data subject, b. their plitical pinins, c. their religius beliefs r ther beliefs f a similar nature, d. whether they are a member f a trade unin, e. their physical r mental health r cnditin, f. their sexual life, g. the cmmissin r alleged cmmissin by them f any ffence, r h. any prceedings fr any ffence cmmitted r alleged t have been cmmitted by them, the dispsal f such prceedings r the sentence f any curt in such prceedings. Data Cntrller A persn (r rganisatin) wh determines the purpses fr which, and the manner in which, any persnal data are, r are t be, prcessed. Prcessing Cvers almst anything which is dne with r t the data, including: btaining data recrding r entering data nt the files hlding data, r keeping it n file withut ding anything t it r with it rganising, altering r adapting data in any way retrieving, cnsulting r therwise using the data disclsing data either by giving it ut, by sending it n email, r simply by making it available cmbining data with ther infrmatin erasing r destrying data

Useful resurces Guidance and advice is available frm Legal Services (https://intranet.birmingham.ac.uk/legalservices/what-we-d/cntact-us.aspx - lgin required). The Legal Services intranet (https://intranet.birmingham.ac.uk/legal-services/what-we-d/data- Prtectin/DPA-Resurces.aspx - lgin required) cntains: Data Prtectin Key Pints and Reference Guide Data Prtectin Tlkits Breach/incident reprting guidance and reprting frm Privacy impact assessment guidance and template Infrmatin fr NHS Digital researchers Link t the Canvas Data Prtectin Training. The Infrmatin Cmmissiner s Officer s website cntains guidance n data prtectinhttps://ic.rg.uk/fr-rganisatins/guide-t-data-prtectin/.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback