1.Data Controller
Registration Number: Z7674926
University of
Northumbria at Newcastle (“we”, “our”, “us”) processes
personal data in accordance with our obligations under the General Data
Protection Regulations (‘GDPR’) and is a registered Data
Controller with the Information Commissioner’s Office (‘ICO’), which is the
supervisory authority responsible for the oversight and enforcement of Data
Protection Legislation within the United Kingdom.
2.Overview
We are committed to protecting the privacy of
all individuals. For purposes of this Privacy Notice, personal data means any
information about an identifiable individual. Personal data excludes anonymous
or de-identified data that is not associated with a particular individual.
This privacy notice is a statement that
describes how and why we processes personal data in relation to any individual
(“you”, “your”) visiting any of Websites owned or operated by us that link to
this page. It does not cover third party websites that you may access from
links on our website(s), so when opening pages that take you away from our
sites, you should exercise caution.
This notice also
explains how you might control the use of your personal data in accordance with
your rights under the GDPR. You may be given further information about the uses
of personal data when accessing specific services and facilities.
3.Where do we get your personal data from and what data is collected?
You may provide us with
some of your information directly when you use any of our online forms, for
example to make an enquiry, submit request to register of an open day, or to
subscribe to receive email marketing communications such as online newsletters.
Examples of personal data we may process include:
Category |
Example |
Biographical information |
Name, title, birth date, age and gender, interests |
Administrative |
Contact details, event applications etc |
Historical |
Your employment or academic history |
Some form you may use could ask you to submit credit/debit card details. In this case you be aware that the University is fully PCI-DSS compliant.
Where you submit this information, a relevant Privacy Notice associated with the processing will be made available to you.
We will only collect personal information, e.g. name and address where you knowingly supply the information through using on line forms or by sending us an e-mail.
If you visit protected pages, where to gain access a user ID and password is required, then we also automatically collect the user ID used to access each page.
You may also provide data to us through your use of our website. As with most web servers, our web servers automatically collect the following information:
- Requested URL (Uniform Resource Locator)
- IP (Internet Protocol) address (this may or may not identify a specific computer)
- Domain name from which you access the internet
- Referring URL
- Software (browser/operating system) used to access the page
4.Activities we process your personal data
Data is required for the following activities, which have been identified as necessary “necessary for the purposes of the legitimate interests pursued by the controller or by a third party” as the information you provide is used by us as follows:
- We will only use the personal information, which you supply, for those purposes described at the point of collection or for those purposes, which are legally permitted. We may use this information to contact you, at a later date, with details of news and events relevant to your original request providing we have your consent. If you choose not to give consent, we will only use your personal information to respond to your enquiry.
- We will also analyse how you interact with this website, such as the pages you visit and what elements you interact with, this will then be used to provide you with personalised content to enhance your user experience and help us to improve the website. Non-personal information such as you IP address will used to determine your general location to provide personalised information.
- We will only disclose your personal information to third parties (i.e. people or organisations outside ϲ) in ways which are permitted by this Statement or when required by law, e.g. to comply with a Court Order.
Our websites use ’cookies’, which are text files placed on your computer when you visit a site which help us understand how you use our websites. Some of our cookies remain on your computer after you leave the website, others are deleted automatically when you close your browser and others expire after a given period. The following table provides a list of the cookies used on our website along with information about how long they will remain active for, and or how you can disable them manually. Please note ϲ does not control dissemination of 3rd party cookies you should check the relevant third party website for more information about these.
Communications
We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us including: events, benefits and opportunities offered by us, or in relation to operational information (e.g. building closures etc).
If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.
Should you unsubscribe from our marketing messages you will miss regular communications about our services and updates.
5.How personal data is stored securely by ϲ
We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.
All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it. Your data may be transferred and processed between relevant departments in order to provide you with access to services, to provide you with support or to fulfil the processing activities listed above.
We utilises many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.
Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.
6.Your Rights under GDPR
Under the GDPR, you have a number of rights in relation to the processing of your personal information, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:
- Be informed as to how we use your data (via this privacy notice)
- Request access (a copy) of the personal information that we hold about you.
- Correct inaccurate or incomplete data
- Request that we stop sending you direct marketing communications.
In certain circumstances, you may have the right to:
- Ask to have your data ‘erased.
- Request is to restrict the processing of your personal data.
- Request that data you provided electronically to us be returned in as a data file
- Object to certain processing of your personal data by us
In some cases, there may be specific exemptions as to why we aren’t able to comply with some of the above. Where this is the case, we will explain the reasons why.
For more information about any of the above please see the GDPR pages of our website.
In order to exercise any of the above rights, please contact the Data Protection Officer (details below).
7.Data Protection Officer
The Data Protection Officer for ϲ is Duncan James.
Please do not hesitate to email us at dp.officer@northumbria.ac.uk. If your request is urgent, please call +44 (0)191 243 7357
8.Lodging a Complaint with the Information Commissioners Office (ICO)
If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us about it, you have the right to complain to the ICO.
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510
For more information see Information .
9.Changes to this privacy notice
We keep this privacy notice under regular review and will communicate any significant updates to you. This privacy notice was last updated in November 2024 and will be reviewed annually.