To ensure that we process your personal data fairly and lawfully we are required to inform you:
We will also explain what rights you have to control how we use your information and how to inform us about your wishes. Durham University will make the Privacy Notice available via the website and at the point we request personal data.
Our privacy notices comprise two parts – a generic part (i.e. common to all of our privacy notices) and a part tailored to the specific processing activity being undertaken.
The Data Controller is Durham University. If you would like more information about how the University uses your personal data, please see the University’s Information Governance webpages or contact Information Governance Unit:
Telephone: (0191 33) 46246 or 46103
Information Governance Unit also coordinates responses to individuals asserting their rights under the legislation. Please contact the Unit in the first instance.
The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. If you have any concerns regarding the way in which the University is processing your personal data, please contact the Data Protection Officer:
Kristina Holt, email: firstname.lastname@example.org
You have the right to be provided with information about how and why we process your personal data. Where you have the choice to determine how your personal data will be used, we will ask you for consent. Where you do not have a choice (for example, where we have a legal obligation to process the personal data), we will provide you with a privacy notice. A privacy notice is a verbal or written statement that explains how we use personal data.
Whenever you give your consent for the processing of your personal data, you receive the right to withdraw that consent at any time. Where withdrawal of consent will have an impact on the services we are able to provide, this will be explained to you, so that you can determine whether it is the right decision for you.
You have the right to be told whether we are processing your personal data and, if so, to be given a copy of it. This is known as the right of subject access. You can find out more about this right on the University’s Subject Access Requests webpage.
If you believe that personal data we hold about you is inaccurate, please contact us and we will investigate. You can also request that we complete any incomplete data.
Once we have determined what we are going to do, we will contact you to let you know.
You can ask us to erase your personal data in any of the following circumstances:
Once we have determined how we propose to restrict processing of the data, we will contact you to discuss and, where possible, agree this with you.
The University keeps personal data for as long as it is needed for the purpose for which it was originally collected. Most of these time periods are set out in the University Records Retention Schedule.
If you are unsatisfied with the way in which we process your personal data, we ask that you let us know so that we can try and put things right. If we are not able to resolve issues to your satisfaction, you can refer the matter to the Information Commissioner’s Office (ICO). The ICO can be contacted at:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Website: Information Commissioner’s Office
This Privacy Notice will only be relevant to you if you are a Visitor to the University who will be visiting a department for 10 calendar days or more and undertaking self-directed work which is not funded by the University. If you are such a Visitor, the University will collect personal data relating to you to manage your visit to the University.
This section of the Privacy Notice provides you with the privacy information that you should be aware of before you provide personal data to the University as part of your visit to, and your time in, the University.
This notice does not form any part of any contract of employment or other contract to provide services.
The University collects a range of information about our Visitors. This will normally include:
The University will collect this information in a variety of ways. For example, data might be contained in any forms which you or you host department are asked to complete regarding your visit, it may be obtained from your passport or other identity documents, or otherwise provided by you, your host department or your home University.
If you fail to provide certain information related to your visit to the University when requested, depending on the nature of the information which has been withheld, the University may not be able to progress, or may need to end, your visit.
The University has a legitimate interest in processing personal data related to your visit to the University.
Processing data from Visitors allows the University to ensure compliance with legal obligations such as UK Visa and Immigration requirements. The University also requires information as to who is carrying out any engagement or work in the University to ensure health and safety. The information is also required to make provision for an IT account for Visitors, if considered appropriate by the University. The University may also need to process data from Visitors to respond to and defend against legal claims.
Data will be stored in a range of different places, including in HR management systems and on other IT systems including email and document management systems. Data may also be stored within the department which you are visiting.
The University has a legitimate interest in processing personal data about Visitors to ensure legal compliance and processing for legitimate purposes, such as having an overview of Visitors in the University. The University may also need to process data from Visitors to respond to and defend against legal claims.
The University needs to process data to ensure compliance with UK Visa and Immigration requirements and any other legal requirements.
Some of the reasons for processing your data overlap and there may be several grounds which justify our use of your personal data.
Special categories of sensitive personal information require higher levels of protection. We may process such data in the following circumstances:
Less commonly, we may process this information where it is needed in relation to legal claims, or where it is needed to protect your interests (and you are not capable of giving your consent) or where you have already made the information public.
The University will not use your data for any purpose other than in respect of being a Visitor to the University.
The department who are hosting you will share the data with the University HR team and CIS team (if an IT account is to be created). If there is a legitimate reason, managers of the University will be given access to your data.
The University will share your data with third party agencies such as the Home Office, UKVI and other relevant government or law enforcement departments to satisfy any legal requirements including in respect of your right to work in the UK. The University will also share your data with emergency services, your home University or relevant health and safety bodies (e.g. HSE) for reasons of health, safety and welfare.
The University may share statistical data about Visitors to the University with bodies such as the Higher Education Statistics Agency but this would not include your personal data.
The University will only retain your data for as long as necessary to fulfil the purposes we collected it for which includes satisfying any legal, accounting or reporting requirements.
All personal data related to your visit will be passed to HR. HR will hold your data for 6 years from the end of your visit. Thereafter the data will be deleted/destroyed.
In some cases, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
When someone visits www.durham.ac.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be transparent about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
A cookie is a simple text file that is stored on your computer or mobile device by a website's server and only that server will be able to retrieve or read the contents of that cookie. Cookies allow websites to remember user preferences, choices and selections, such as what's in your shopping basket. Durham University also make use of the Google Analytics service to understand how you navigate around our site.
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
We regularly review our privacy information to ensure that it remains accurate and current. We will review and update this privacy information whenever we plan to use personal data for any new purpose. Any changes to this privacy information will be communicated to you.
If you have any questions which you feel have not been covered by this Privacy Notice, please email us or write to:
Information Governance Unit