cyber security

Privacy notice for employers and businesses

policy info

  • Last revised: November 2022

Content

body

1. Introduction

1.1 This notice is for all employers and businesses which interact with the University of West London (UWL) to explain the purposes for which we hold information about you and your employees (your personal data). It sets out how and on what basis the information is collected, stored and used and what your rights are in relation to this data.

1.2 All personal data will be held in accordance with the General Data Protection Regulation (GDPR).

1.3 UWL is registered as a Data Controller with the Information Commissioner. The University Secretary and Chief Compliance Officer is the Data Protection Officer (University registration number: Z4666761).

1.4 All data is held and processed in line with the University’s Data Protection Policy which can be accessed via the policies and regulations page. All data which we receive from you or which is created while you are a student is kept securely and only used for legitimate purposes in connection with your education.

2. How does the University collect your data?

2.1 The University will collect your data through interactions with you and your staff in relation to your attendance at careers events, providing placement and volunteering opportunities for our students.

2.2 We will collect data directly as part of your professional relationship with us, including via business cards, emails, telephone or web enquiries, event attendance or collaborative working, and data is further collected or updated as part of this ongoing relationship.

2.3 We may also obtain information from third parties such as one of your colleagues, from your organisation or from publically available information on your organisations website or professional profile.

3. Types and categories of data

3.1 To carry out our activities and to manage our relationship with you, we may collect, store, and process the following categories of personal data:

  • Biographical, eg Name, Title.
  • Contact details, eg job title or role, relevant business contact addresses, telephone numbers, email addresses etc.
  • Professional details, eg area of work (industry/sector).
  • Administrative, eg enquiry and correspondence records, records relating to our professional relationship, event booking and attendance, opportunity advertising University related interests, marketing preferences etc.
  • Financial, eg banking or payroll information.
  • Special category (“Sensitive”) personal data, eg information concerning your health or disability needed to ensure your accessibility and health & safety at careers events or other events on campus. Nb only information which you have disclosed to us.
  • Photographs, eg we may take photographs of events which you attend at the University.
  • CCTV, eg CCTV is installed at strategic locations to provide a safe and secure learning environment in all buildings as a part of the University’s commitment to community safety, security and crime prevention.

4. Purpose of collection and processing of your data

4.1 The University needs to process your personal data to manage its events and provide employment, placement and volunteering opportunities to our students

4.2 To this end we may use your personal data in the following:

  • Administration of organisations /student recruitment applications and facilitation.
  • Promotion of your employment and other opportunities (e.g. Volunteering) to students and staff of the University.
  • Research and analysis relating to the recruitment of University of West London students and graduates for management reporting and strategic planning of employer engagement purposes.
  • Processing and recovery of accounts and payments, e.g. sponsorship of fairs, attendance of part-time fairs.
  • Building strategic, cross University of West London partnerships and relationships, making connections between parties and communities interested in advancing or investigating areas of mutual interest.

4.3 If you attend campus, the University will also use your personal data to ensure your safety and security as a part of the University’s commitment to community safety, security and crime prevention.

5. Additional notices and guidance/policies

5.1 We also have some additional notices, guidelines and policies with further useful information about the way in which we process your personal data:

6. Lawful basis for processing

6.1 Most of the activities, such as facilitating student opportunities are undertaken in relation to our public task in providing education to our students and in conjunction with this developing their employability. Research is also carried out on the basis of public task.

6.2 When you come to the campus, your data will be used in relation to the legitimate interests to provide a secure and safe environment.

7. How personal data is stored securely by University of West London

7.1 The University has implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

7.2 All of our employees, contractors with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it.

7.3 The University utilises many different storage solutions and IT systems, some of which are outsourced to third party providers. For example (but not limited to):

  • University email accounts are provided by the Microsoft Live@Edu service.
  • For the Student Hub service we have engaged GTI Media TARGETconnect as system hosts.

8. Disclosures to third parties

8.1 Employer information will be made available to students and graduates to facilitate their applications.

8.2 The University may from time to time make other disclosures without your consent. However, these will always be in accordance with the provisions of the General Data Protection Regulations or the Data Protection Act (2018).

9. Transfers to countries outside the EU

9.1 Data protection law requires us to take reasonable steps to ensure that any personal data we process is accurate and up-to-date. If your contact details or any other personal information about you that is held by us changes, please use the contact details provided on the PIS to let us know. 

10. Retention of your data

10.1 Your data will be retained as set out in the University’s Records Retention Schedule, visit our privacy and data protection page for more information.

11. Your rights

11.1  Under the GDPR you have a right to request a copy of your personal data held by the University. The University is required to fulfil this request within one month. You may make the request via the GDPR form for personal data.

11.2  You also have the right to:

  • withdraw consent where that is the legal basis of our processing;
  • rectify inaccuracies in personal data that we hold about you;
  • request to remove some personal data we hold about you (this will not apply to your basic student record or data held as part of the University’s legal obligations)
  • restrict the processing in certain ways;
  • object to certain processing of your personal data by us.

11.3 Please see https://ico.org.uk/ for further information on the above rights. You may also contact the Data Protection Officer for further information (university.secretary@uwl.ac.uk).

11.4 You have a right to complain to the Information Commissioner’s Office about the way in which we process your personal data. Please see the Information Commissioner’s Office details.

12. Communications

12.1 The University will contact you in relation to events and services that we believe are relevant to you based upon their similar nature to your engagement with us. e.g. if you are a hospitality employer, we may send you information about a hospitality related event.

12.2 If, at any stage, you are concerned about the content (e.g. unwanted marketing), frequency (too many) or method (change preference) of these communications, you can unsubscribe or update your preferences using the link which will be provided at the bottom of the relevant correspondence.

13. Your responsibilities

13.1 You have a responsibility to keep your personal details accurate and up to date and should notify the University of any changes.

Appendix 1

Lawful basis for processing your data under GDPR

GDPR is new law and it has not yet been applied to circumstances similar in context to our relationship with students. The extent of lawful grounds for processing data has yet to be fully understood. Table 1 gives the University’s present view on the grounds for processing against each specified purpose. As legal views mature the University may change its views on its legal basis for processing.

Consent – on specific occasions the University will only process certain data if you consent e.g. provision of medical records for the purposes of mitigation.

Necessary for the performance of your student contract – on many occasions, the University will process your data to enable it to meet its commitments to you e.g. those relating to teaching and assessment.

Necessary to comply with a legal obligation – the University has legal obligations to provide your personal data to others e.g. HESA or the SLC. Where you are on a course leading to a professional qualification we also have a legal requirement to provide data on your studies and character.

For the purpose of protecting the vital interest of yourself or another – sometimes in extreme circumstances the University will have to release information to protect your interests or the interests of others e.g. in medical emergencies.

Processing necessary for the performance of a task carried in the public interest – the University is an educational establishment and in particular, its educational activity is conducted in a public interest (including your interest and the interest of others). This includes ensuring that you are engaged in your studies.

Processing is necessary for the purposes of the legitimate interest of the University or a third party subject to overridden interests of the data subject – the University (and sometimes third parties) has a broad legitimate interest in activities that connect to the activities and education of students. Subject to those interests not being overridden by the interests of fundamental rights and freedoms of students, it will pursue those interests. A good example of this legitimate interest would be the University’s Alumni activities or the use of CCTV to ensure that the campus is safe and secure.

Automated decision-making necessary for performance of a contract – the University may sometimes automate decisions relating to its services it is providing to you.

Processing “special categories” of data

Consent – the University will process certain sensitive information about you with your consent for example the use of ethnicity to ensure that you are not disadvantaged in your study goals.

Necessary for the purposes of preventive or occupational medicine, medical diagnosis, the provision of health or social care or treatment. This would relate to the provision of 6 services through Student Services such as your Individual Support Plan or other support in connection with legal claims.

It is recognised that some of the above grounds will overlap and that the University could rely on multiple grounds justifying its lawful processing.

The University also reserves the right to rely upon other grounds that are not referred to under types and categories of data.