What is a privacy notice and why do I need one?
Queen Mary has a central Privacy Notice to cover overarching processing of personal data by the University. However, to remain transparent and fair to individuals, a local privacy notice is often required.
What information do I need to include in a local privacy notice?
There are specific items that all privacy notices must include in order to fully inform the individual on how their data is being processed in a particular case. These are set out at Articles 13 and 14 of the UK-GDPR. The notice must be easy to read and understand and wherever possible should be placed at the point of collection for individuals to make an informed decision.
The following list contains information that must be included in a privacy notice. Not all the items are relevant to every privacy notice but do double check all essential information required is covered.
Information that MUST be included (if relevant)
Identity and contact details of organisation (the controller will always be QMUL) and a member of the team collecting the data
Who is collecting the data and how can they be contacted?
This privacy notice explains how Queen Mary University of London (QMUL) uses the personal data we collect from you.
If you have any questions or concerns about this notice, please contact the department/organiser at firstname.lastname@example.org
Types of Personal Data collected
Is there any data being collected that is not obvious to the individual, or might be collected at a later date?
We collect the following types of data: full name, email address and bank account details.
Purpose of processing data
What is your purpose for processing the data? What are you intending to do with it?
The information provided will be used to contact you and to improve our customer service.
Lawful Basis for processing
You need a lawful basis from Article 6 of GDPR (and Article 9 for special category personal data).
Is the lawful basis: consent, performance of a contract, legal obligation, vital interests, public task, or legitimate interests. The ICO has an interactive tool to help you decide. JISC also has some useful guidance.
The lawful basis for processing your personal data is that it is necessary to fulfil the contract between us.
By filling out the form you confirm that you understand how and why we will process your data in line with this privacy notice as well as our central privacy notice, which can found at https://www.qmul.ac.uk/privacy/
Opt in for marketing
Is this relevant to your form? Is your purpose to provide marketing? Make sure there is the option to opt in, if necessary and keep a record of the consent collected.
Please let us know if you would like us to contact you with details of our upcoming events by providing your email address.
Right to withdraw consent
This right is relevant for marketing and any processing where the only lawful basis is consent.
You have the right to withdraw your consent at any time. If you wish to, please contact us at email@example.com
You can also opt-out of any direct marketing using the unsubscribe link at the bottom of our communications.
Third Party recipients of data
Are you planning to share the personal data with somebody outside of Queen Mary?
Contact the Data Protection Officer at firstname.lastname@example.org to ensure the data is fully protected and there is an Information Sharing Agreement in place.
We will only share your personal data with the organisation that helps us to provide this service.
Transfers of data to a third country
Are you planning to transfer personal data outside of the U.K. or European Economic Area?
Contact the Data Protection Officer at email@example.com to ensure this complies with UK-GDPR.
In order to process your data, we work with our partner organisation Haryale University in the USA. We take all precautions to make sure your data is handled securely in line with UK-GDPR requirements including an Information Sharing Agreement.
Data retention period
All personal data should be kept in line with Queen Mary’s Record Retention Schedule. The example is sufficient detail for a local privacy notice.
All personal data is kept in line with Queen Mary’s Records Retention Policy.
Link to central privacy notice
This link reduces the amount of information needed in a local privacy notice by providing generic details.
If you need assistance to draft a privacy notice, please contact the Records & Information Compliance Manager.