University Council members
The University of Exeter (the “University”) is a data controller and is committed to protecting your personal data and working in accordance with all relevant data protection legislation. As a member of Council or university committee, your data is used for activities relating to the governance of the University. This Privacy Notice explains how the University processes and uses your personal data and your responsibility should we need to share other people’s personal data with you.
The University may hold your data if you have requested a service or communicated with the University. The majority of data we hold has been provided by you in your communication with the University. The University will only use these details to provide the service you have requested and for other closely related purposes, for example, we might use information about guests or visitors to invite them to a University event.
Our records may include:
- Personal identifiers and biographical information – for example your student and alumni numbers, your date of birth, car registration
- Contact details – for example your address, email address and telephone number (we update these whenever you tell us they have changed)
- Personal details – for example disability and dietary preferences for event management purposes
- Information relating to statutory requirements for your role as a Trustee of the University.
We may also augment data you provide with data which is publicly available, for example we may record:
- Your career details and other achievements
This additional information helps us inform any staff that you might be meeting in the context of your visit.
The University will primarily use your data to communicate with you in relation to your role as a Council member, and to ensure the activity undertaken is properly arranged and meets your personal requirements.
Your data will only be used within the University, except where there is a statutory requirement to share with regulatory bodies such as the Charity Commission, HESA, Office for Students.
The University does NOT sell data to third parties or allow third parties to sell on data where data is shared with them.
Your data is held securely on the University’s systems. Where there is a statutory obligation to publish this data, you will be notified of such instances, for example, publication of your Declaration of Interest.
The University may contact you by post unless you request otherwise, and by telephone, text, email or other electronic means as you have previously consented.
If you no longer want to receive communications by post, telephone, text, email or other electronic means, please contact the University Committee Secretariat Team.
You have the right to:
- Ask to see, correct or delete the data we hold about you
- Object to specific data uses, as described above
- Object to receiving communications
- Ask for the transfer of your data electronically to a third party.
The University’s Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to personal data and can be contacted at firstname.lastname@example.org, you can also contact the DPO if you have any queries or concerns about the University’s processing of your personal data. You have the right to lodge a complaint with the Information Commissioner’s Office.
On completion of your term of office as a council member or committee member or if you ask us to delete your data and we have no legal obligation to retain it, we will maintain a skeleton record comprising your name, address and contact number to ensure that we do not inadvertently contact you in future. We may also need to retain some financial records for statutory purposes. Your detailed data will be retained 6 years after the end of your membership of council and its committees.
On occasions, you may be required to process personal data on behalf of the University. You must ensure that you only use the personal information for the reasons specified and in particular you must take reasonable steps to ensure the security of the information in line with data protection legislation. You must not disclose any Personal Data to any third party other than at the request of the University. You must notify the University immediately if any personal data is lost or damaged, or if you become aware of any unauthorised access or use of the personal data (the University has an obligation to report data breaches to the ICO within 72 hours). If a data security breach has occurred you should contact Exeter IT on 0300 555 0444; you may be found personally responsible if the appropriate steps are not taken. You must delete or return the data to the University when you are no longer using it on behalf of the University.
The legal basis for processing your personal data for the purposes as described above is that it is a legal obligation and necessary to support in your role and your responsibilities as a as a member of council and its committees.
This Privacy Notice will be kept under review. Any changes will be updated on our website and communicated to you as appropriate. This Privacy Notice was last updated in May 2018.