Skip to main content
Governance
Aerial View of Geography Campus 2018

Privacy Notice - University Secretary's Office: Council & Sub-Committee Members

Part 1: Generic Privacy Notice Information

Durham University's responsibilities under data protection legislation include the duty to ensure that we provide individuals with information about how we process personal data. We do this in a number of ways, one of which is the publication of privacy notices. Our privacy notice comprises two parts - a generic part and a part tailored to the specific processing activity being undertaken.

Data Controller

The Data Controller is Durham University. If you would like more information about how the University uses your personal data, please see the University’s Information Governance webpages or contact Information Governance Unit:

Email: information.access@durham.ac.uk

Data Protection Officer

The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. If you have any concerns regarding the way in which the University is processing your personal data, please contact the Data Protection Officer:

Andrew Ladd, email: info.access@durham.ac.uk 

Your rights in relation to your personal data

Privacy notices and/or consent

You have the right to be provided with information about how and why we process your personal data. Where you have the choice to determine how your personal data will be used, we will ask you for consent. Where you do not have a choice (for example, where we have a legal obligation to process the personal data), we will provide you with a privacy notice. A privacy notice is a verbal or written statement that explains how we use personal data.

Whenever you give your consent for the processing of your personal data, you receive the right to withdraw that consent at any time. Where withdrawal of consent will have an impact on the services, we are able to provide, this will be explained to you, so that you can determine whether it is the right decision for you.

Accessing your personal data

You have the right to be told whether we are processing your personal data and, if so, to be given a copy of it. This is known as the right of subject access. You can find out more about this right on the University’s Subject Access Requests webpage.

Right to rectification

If you believe that personal data we hold about you is inaccurate, please contact us and we will investigate. You can also request that we complete any incomplete data.

Once we have determined what we are going to do, we will contact you to let you know.

Right to erasure

You can ask us to erase your personal data in any of the following circumstances:

  • We no longer need the personal data for the purpose it was originally collected
  • You withdraw your consent and there is no other legal basis for the processing
  • You object to the processing and there are no overriding legitimate grounds for the processing
  • The personal data have been unlawfully processed
  • The personal data have to be erased for compliance with a legal obligation
  • The personal data have been collected in relation to the offer of information society services (information society services are online services such as banking or social media sites).

Once we have determined whether we will erase the personal data, we will contact you to let you know.

Right to restriction of processing

You can ask us to restrict the processing of your personal data in the following circumstances:

  • You believe that the data is inaccurate and you want us to restrict processing until we determine whether it is indeed inaccurate
  • The processing is unlawful and you want us to restrict processing rather than erase it
  • We no longer need the data for the purpose we originally collected it but you need it in order to establish, exercise or defend a legal claim and
  • You have objected to the processing and you want us to restrict processing until we determine whether our legitimate interests in processing the data override your objection.

Once we have determined how we propose to restrict processing of the data, we will contact you to discuss and, where possible, agree this with you.

Retention

The University keeps personal data for as long as it is needed for the purpose for which it was originally collected. Most of these time periods are set out in the University Records Retention Schedule.

Making a complaint

If you are unsatisfied with the way in which we process your personal data, we ask that you let us know so that we can try and put things right. If we are not able to resolve issues to your satisfaction, you can refer the matter to the Information Commissioner’s Office (ICO). The ICO can be contacted at:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: Information Commissioner’s Office

Part 2: Privacy Notice for the University Secretary's Office

This section of the Privacy Notice provides you with the privacy information that you need to know before you provide personal data to the University Secretary’s Office for the particular purpose(s) stated below.

University Council and Sub Committee Members: Type(s) of personal data collected and held by the University and methods of collection

The University Secretary’s Office will collect and store data relating to your membership of Council and its sub-committees. This will include:

  • Contact Details (name, address, telephone number, email address), date of birth, ethnicity, gender
  • Personal data
    • CVs
    • Start date, end date
    • Skills
    • Register of interests
    • Biographical details
    • Annual review
    • Bank details (Lay member expenses)
    • CIS user name (Lay members)
    • Dietary requirements

This information will be collected in a variety of ways such as initial application and through correspondence with you.

University Council and Sub Committee Members: Lawful basis

The University has a legitimate interest in processing personal data to facilitate your role as Council / Sub-Committee member.

Processing data allows the University to ensure compliance with legal obligations.

In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with the details of the information that we would like and the reason we need it, so that you can consider whether you wish to consent.

University Council and Sub Committee Members: How personal data is stored

Data will be stored in a range of different places, including in your electronic and hard copy file within the University's document systems and other IT systems (including the University's email system).

University Council and Sub Committee Members: How personal data is processed

The University has a legitimate interest in processing personal data about Council members to ensure legal compliance and processing for legitimate purposes. Special categories of personal data require higher levels of protection. We may process such data in the following circumstances:

1.In limited circumstances, with your explicit written consent;

2. Where we need to carry out any legal obligations;

3. Making statutory or external returns for example to the Higher Education Statistics Agency (HESA) and the Office for Students (OfS).

The University will not use your data for any other purpose than in respect of being a Council / sub-committee member at Durham University.

We will process your data to:

  • Support your attendance at meetings and events
  • Process expenses payments
  • Assess skills for a particular task
  • Monitor engagement

Monitor your use of our information and communications systems to ensure compliance with our IT policies and to ensure network and information security including preventing unauthorised access to our computer and electronic communication systems and preventing malicious software distribution.

Your name, biographical detals and Register of Interest will be published on the University website.

Organisations stated in your Register of Interest with which the University transacts will be listed alongside your name in the University's Annual Report.

University Council and Sub Committee Members: How we use sensitive personal data

Special categories of personal data require higher levels of protection. We may process such data in the following circumstances:

  • In limited circumstances, with your explicit consent.
  • Where we need to carry out any legal obligations.

We will use information about your racial or ethnic origin to ensure meaningful equal opportunity monitoring and reporting.

University Council and Sub Committee Members: Who the University shares data with

The University Secretary's Office will share your personal data with Durham University staff / departments required to deliver our services:

  • Event Durham
  • Computing and Information Services
  • Human Resources

The University will share data with third party agencies such as the Higher Education Statistics Agency (HESA) and the Office for Students (OfS).

Further information about Disclosures to HESA: Every year, the University sends some data to HESA. The data is sent in coded form and names are not given.

University Council and Sub Committee Members: How the University protects data

The University takes the security of your personal data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not access except by our employees legitimately in the performance of their duties or by third parties as outlined in this Privacy Statement.

University Council and Sub Committee Members: How long personal data is held by the University

The University keeps personal data for as long as it is needed for the purpose for which it was originally collected. Time periods are set out in the University Records Retention Schedule.

University Council and Sub Committee Members: How to object to processing your personal data

Please contact the University Secretary's Office at university.secretary@durham.ac.uk or +44 (0) 191 334 6115

University Council and Sub Committee Members: Use of cookies

A cookie is a simple text file that is stored on your computer or mobile device by a website's server and only that server will be able to retrieve or read the contents of that cookie. Cookies allow websites to remember user preferences, choices and selections, such as what's in your shopping basket. Durham University also makes use of the Google Analytics service to understand how you navigate around our site.

Durham University does not use cookies to collect personal data about you. For more information about the use of cookies on Durham University's website, or to set your cookie usage preference, please see our Cookies Policy.

University Council and Sub Committee Members: Links to other websites

This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy notices on the other websites you visit.

University Council and Sub Committee Members: Changes to this privacy notice

We regularly review our privacy information to ensure that it remains accurate and current. We will review and update this privacy information whenever we plan to use personal data for any new purpose. Any changes to this privacy information will be communicated to you.

University Council and Sub Committee Members: Further information

If you have any questions which you feel have not been covered by this Privacy Notice, please contact us:

Email: information.governance@durham.ac.uk

Information Governance Unit, University Secretary’s Office, Durham University, The Palatine Centre, Stockton Road, Durham DH1 3LE