This central privacy notice explains how Queen Mary University of London (QMUL, ‘we’, ‘us’, ‘our’) collects and uses your personal data, about your rights and gives contact details of our Data Protection Officer (DPO). It should be read in conjunction with other privacy notices usually presented at the point of collection, which will provide more specific information such as the legal bases for processing your personal data. Those notices will link here to provide the following additional information.
QMUL is a data controller in terms of Article 4 of the General Data Protection Regulation (2016/679; GDPR), registered with the Information Commissioner’s Office. This means we are responsible for deciding how we can use your personal data. QMUL processes information about applicants, students, alumni, staff, research subjects, donors, contractors, visitors, enquirers, people who use our services and others, for various teaching, research, employment and administrative purposes, including the health, safety and welfare of individuals. Your privacy is important to us. All personal data will be treated strictly in accordance with our Data Protection Policy [PDF 342KB], the GDPR and the Data Protection Act 2018. Depending on your relationship with QMUL, we require or will request certain information about you (personal data), which you may give us or we may collect directly or indirectly. This could include special category personal data. This information, the purposes for which QMUL may process it and the legal bases relied on will be explained in this privacy notice and those available at the point of collection and otherwise accessible to you. We will also inform you of any sharing of your data and how long it may be retained.
QMUL will respect privacy and appropriate security measures will be taken to prevent unauthorised access, disclosure or loss. We do all we can to ensure that data remain accurate and up-to-date. It is important that you inform us of any changes and, for example, keep your information updated on MySIS or MyHR. If you provide us with someone else’s personal data you will need to direct them to the appropriate privacy notice and make sure they agree to us using this for the purposes set out.
Your personal data will be retained for as long as necessary for the purposes for which it has been collected. This will vary depending on your relationship with QMUL. Please refer to our Records Retention Policy and Schedule found at http://www.arcs.qmul.ac.uk/governance/information-governance/records-management/
We do not sell your personal data to anyone. We do not share your personal data with any third parties unless they are providing services to us under contract or disclosure is permitted by, or required by, law. Please refer to our other privacy notices for more information.
Where personal data are processed in a third country/ies outside the EEA and where there is not deemed to be adequate protection, this shall be safeguarded by methods approved by UK or EU regulators, such as Standard Contractual Clauses between QMUL and the other party. Copies are available from the DPO.
Apart from our Data Protection Policy, we have a range of Information Security policies in place to protect the data we hold, including your personal data. You can read more about these policies and technical standards at http://www.its.qmul.ac.uk/governance/policies/ On a day-to-day basis, staff access to personal data is restricted on a ‘need to know’ basis as far as possible. Our policies and procedures make clear that all staff have a responsibility to ensure that they handle personal data appropriately and that suitable organisational security measures are in place. When we share your personal data with third parties we ensure that we have appropriate data sharing agreements in place.
You have the following rights in relation to your personal data:
If you have given your consent for the processing of your personal data and you wish to withdraw it, please contact our DPO using the contact details set out below or the department responsible. Please note that where our processing of your personal data relies on your consent and where you then withdraw this, we may not be able to provide all or some aspects of our services to you and/or it may affect the provision of those services.
You have the right to a copy of data held by QMUL about you. This is called a subject access request. Please contact the DPO for more information.
For instance, you can ask us to rectify inaccurate or incomplete data or perhaps add a supplementary statement to your record.
You have a limited right to request that QMUL deletes data it holds about you; this is generally only applicable where you have initially given us your consent to process your personal data and there will often be a requirement for us to continue to hold some data.
In certain circumstances, you have the right to request that QMUL restricts its use of your personal data, where we still store some but no longer process it further, and to object to QMUL’s processing of your personal data based only on grounds relating to your particular situation.
In some cases, you have a right to data portability where you can request that QMUL provides you with a copy of your personal data to allow your own use, for example to transfer to another provider.
In certain circumstances, you can object to processing, including the sending and receipt of direct marketing. If you've already agreed to us using your personal data for direct marketing purposes, you can change your mind by contacting us directly, altering your preferences or by selecting the 'unsubscribe' link at the bottom of any marketing emails we send you.
If you wish to complain about any aspect of QMUL’s handling of your data, you have the right to raise a concern with the Information Commissioner’s Office. Please see ico.org.uk for details.
QMUL will not ordinarily charge you in respect of any requests we receive to exercise any of your rights detailed above. However, if you make excessive, repetitive or manifestly unfounded requests, we may charge you an administration fee in order to process such requests or refuse to act on such requests. Where we are required to provide a copy of the personal data undergoing processing this will be free of charge; however, any further copies requested may be subject to reasonable fees based on administrative costs.
We reserve the right to make changes to this notice in the future. Any changes will be posted on this page and, where appropriate, notified to you by email. We therefore encourage you to review this page from time to time to stay informed of how we are processing your personal data.
Data Protection Officer: if you need further information on the above or wish to exercise a right, please contact email@example.com or write to Data Protection Officer, Queens’ Building, Mile End Road, London, E1 4NS, and/or read the data protection pages on the QMUL website. You can find our Data Protection Policy at http://www.arcs.qmul.ac.uk/media/arcs/policyzone/Data-Protection-Policy-v03.0.pdf
Please note that Queen Mary, University of London Students’ Union, Barts Health NHS Trust and the University of London are all separate data controllers.