This general privacy notice is for any individual who provides personal data or special category data to the University of York. It should be read in conjunction with the tailored information provided in this statement by the department that will gather your data.
For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office (ICO) and our entry can be found here on the ICO website. Our registration number is: Z4855807.
Please find below some more details about the ways in which SUCI deals with personal data, explaining:
The data will be collected through your own completion of the initial form, and the answers you give during a telephone interview with a member of the SUCI group following receipt of your form. This information will be electronically recorded and will be stored in University of York approved storage services. Additional data regarding protected characteristics or demographic information may be requested and stored where relevant to activities undertaken.
The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information see the University's IT Security webpage.
Under the General Data Protection Regulation (GDPR), the University of York has to identify a legal basis for processing personal data, and an additional legal basis for processing special category data. In line with the University’s charter, which states that we advance learning and knowledge by teaching and research, the University processes personal data for research purposes under Article 6 (1) (e) of the GDPR:
Processing is necessary for the performance of a task carried out in the public interest
Special category data is processed under Article 9 (2) (j):
Processing is necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes
In line with ethical expectations, and to comply with common law duty of confidentiality, SUCI will seek your consent to participate where appropriate. This consent is not, however, our legal basis for processing data under the GDPR.
A data controller is an organisation that has full authority to decide how and why personal data are processed; this includes using, storing and deleting data. The University of York is the data controller for SUCI.
The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule. You may choose to have the data removed at any time (please see below).
Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. For all requests, see the individual rights page of the University GDPR webpage.
You may choose to have your data removed from our database at any time. If you wish for us to remove your data or view the data we hold about you, please email email@example.com, clearly stating your request to view or remove data.
All information held by SUCI is kept in accordance with the Data Protection Act.
If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the SUCI forum in the first instance (firstname.lastname@example.org) or the University’s Data Protection Officer at email@example.com.
If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see www.ico.org.uk/concerns.
Department of Health Sciences, University of York.