Borders College

PRIVACY NOTICE

Effective 6/06/2018.

Introduction

Personal data has a wide definition but put simply means information that relates to a living individual, who can be identified from that information (and other information held by the organisation) for example names, e-mail addresses, home addresses, phone numbers, bank account details, personal description and photograph, etc. Please note this list is not exhaustive.

This Privacy Notice tells you what to expect when Borders College collects personal information.  It sets out what data we collect and how we process that information. It also describes your rights under data protection law.  You can find out more about your rights here.

We will update this Privacy Notice from time to time by publishing a new version on our website.

UK Information Commissioner’s Office (ICO)

Borders College pays an annual fee to the Information Commissioner’s Office (ICO) and is a Data Controller under data protection legislation.  For the purposes of data protection legislation, the College is considered to be a public authority.

Data Protection Officer – contact details

If you have any questions relating to your personal data, how we process it or your rights as a Data Subject, you should contact the College’s Data Protection Officer (DPO):

Alice Wilson, Data Protection Officer, Borders College, Nether Road, Galashiels, TD1 3HE

Mail to: gdpr@borderscollege.ac.uk

If you remain unsatisfied or you believe that we are not processing your data in accordance with your rights under data protection legislation, you can complain to the Information Commissioner’s Office (ICO) by calling their helpline on 0303 123 1113.

You can find further information, including contact details on the ICO’s website at:  https://ico.org.uk/for-the-public/.

Data Protection Statement

We will only process your personal data for the specific purpose or purposes notified to you in this notice, and only to the extent that it is necessary for those specific purposes.  We will keep the personal data we store about you accurate and up to date.  Please notify us if your personal details change or you become aware of inaccuracies in the personal data we hold about you.

We will process your data only in accordance with data protection legislation, this Privacy Notice and in adherence to the College’s Data Protection Policy and other information governance policies. We will take appropriate technical and organisational measures to protect your rights as a Data Subject. In the event of a data breach which results in high risk to your rights and freedoms, we will communicate the nature of that breach to you including our contact details, the likely consequences of the data breach and details of the measures taken or which we plan to take to address the data breach and to mitigate its consequences.

You can find out more about your rights later in this document.

Data Protection Legislation

Data Protection Legislation means:

  • The General Data Protection Regulation (Regulation (EU) 2016/679)
  • The Privacy and Electronic Communications (EC Directive) Regulations 2003
  • Any applicable legislation adopted by the United Kingdom after the United Kingdom ceases to be a Member State of the European Union, and
  • All applicable laws and regulations relating to the processing of personal data and privacy.

The Personal Data we collect

This notice applies to information we collect about:

  • Visitors to our website and through social media
  • Student applicants and enrolled students, including applicants for funding
  • Individuals or companies purchasing courses
  • Job applicants, current and former employees (including volunteers and Board members)
  • Alumni, supporters and friends
  • Complainants

Purposes and categories of information

In this Section we have set out the:

  • general categories of personal data that we will process, where relevant to the purpose for processing, and where there is a clear legal basis for processing:
    • identifying information
    • authentication information
    • contact information
    • communication information
    • professional and public life information
    • preference and personal history information
    • health information
    • ethnicity and demographic information
    • knowledge and personal beliefs
    • physical characteristics information
    • criminal activity information
    • financial account, ownership and transactional information
  • purposes for which we will process personal data
  • legal basis of the processing
    • Conditions for processing your personal data are
      • The data subject has given consent (where this is used, it will be clear and consent can be withdrawn at any time)
      • Processing is necessary for compliance with a legal obligation to which the controller is subject
      • Processing is necessary for a contract we have with you, or you have asked us to take specific steps before entering a contract
      • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
    • At least one of these conditions need to be met for data protection legislation. Where the requirement is in relation to legal obligation or exercise of official authority, these relate to the HE/FE legal framework we operate under.

Visitors to the Website and through Social Media

Our public facing websites are:

Borders College: http://www.borderscollege.ac.uk/

Scottish Borders Campus: http://www.scottishborderscampus.ac.uk/

Borders College Regional Board: http://board.borderscollege.ac.uk/

Student Association: http://www.tartanmonkey.co.uk/

Third Party Websites

Our websites include hyperlinks to, and details of, third party websites.  We do not share data with these websites.  We have no control over, and are not responsible for, the privacy policies and practices of third parties.

Use of cookies by Borders College

When someone visits a Borders College website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.   This helps us to monitor and improve our website and services, to ensure we provide information clearly and effectively, and to facilitate access to our services.

You can read more about how we use cookies on our Cookies page: http://www.borderscollege.ac.uk/terms-and-conditions/cookies/.

If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Search engine

Our website search is powered by Google.  We do not log search queries and results.  We do not collect user-specific data during this process.

Email subscriptions and E-newsletter

We invite users to sign up to receive information on a variety of areas, using Mailchimp.  You can manage your own preferences, subscribe and unsubscribe at http://www.borderscollege.ac.uk/resources/mailing-lists/

We will only use your information to contact you for the reason you have subscribed.  We will not pass your information to any third parties, other than Mailchimp who provide the newsletter mailing service.

We use Mailchimp, to deliver our occasional e-newsletters. We gather statistics around email opening and clicks, using industry standard technologies to help us monitor and improve our e-newsletter.  For more information, please see https://mailchimp.com/legal/privacy/

People who contact us via Twitter and Facebook

We use a third party provider, Hootsuite to manage our social media interactions. Any tweets or posts are passed only to the relevant member of staff to deal with and the personal data is not shared further.

Course enquiries via the website

When you enquire online about a course, we collect your name and email address so that we can respond to your enquiry.

Online website enquiries

If you have any queries please email helpdesk@borderscollege.ac.uk

Student Applications and Enrolments

This privacy notice provides you with information about us, why we collect information from you, what we do with the information we collect from you, who we share your information with and your rights in relation to that information under Data Protection legislation and related guidance.  We may update this notice from time to time.

What data do we collect and why?

When we process your personal data, we are fulfilling our obligations as a College and as a public authority in the provision of Education in the public interest, the requirements of the Education (Scotland) Act 1980 and in order to comply with other legislation, for example, the Equality Act 2010.  Processing has a wide definition but includes collect, store, use and share. 

"Personal data" means any information we hold about you from which you can be identified or may be identifiable. It may include contact details, other personal information, photographs, IP addresses, expressions of opinion about you or indications as to our intentions about you.

Student Applications

When you apply to be a student at Borders College, we collect personal information about you to enable us to process your application fairly, transparently and accurately. We will collect your personal information to assist in the process of applying for a course and to ensure that we give your application fair and equal consideration.

We will only collect the minimum of your personal information necessary to process the application. Categories of data collected are:

  • identifying information
  • authentication information
  • contact information
  • communication information
  • professional and public life information
  • preference and personal history information
  • health information
  • ethnicity and demographic information
  • knowledge and personal beliefs
  • physical characteristics information
  • criminal activity information
  • financial account, ownership and transactional information

We collect data from you, which we will use to communicate with you about the progress of your application, to provide essential information about funding or to request more information from you.  We will use your data to assess your application against the entry requirements of the course(s) you have applied for.  For some courses, we are required by law to collect information to carry out additional checks such as Protecting Vulnerable Groups (PVG) checks and to seek declarations of criminal convictions. 

Data provided in the application process will be used for statistical purposes and will be anonymised.  It will also be used in an anonymised form for archiving purposes in the public interest.

We will also collect personal data from you in order to assess and process applications for student funding, including transport and additional support arrangements where appropriate.

You can see how we will share your data later in this document.

Student Enrolments

When you enrol in a course, we collect updated personal information about you. This is so that we can deliver your education, communicate with you, and monitor attendance and progress in your course(s). 

Categories of data collected are:

  • identifying information
  • authentication information
  • contact information
  • communication information
  • professional and public life information
  • preference and personal history information
  • health information
  • ethnicity and demographic information
  • knowledge and personal beliefs
  • physical characteristics information
  • criminal activity information
  • financial account, ownership and transactional information

For example, we will use your personal data to:

  • verify your identity
  • enrol you in your course
  • timetable your classes
  • process your funding
  • communicate with relevant awarding bodies
  • liaise with placement providers
  • assess progress, and
  • perform other activities directly related to your course such as personal protective equipment, ID photos, funding and payment including debt recovery.

We will process your personal data where processing is necessary to comply with legal obligations.  We will process your personal data where we need to protect your interests (or someone else’s interest) for example where there is a health incident and securing help for an individual’s interests, or where it is needed in the public interest or for official purposes.  

We may process “special categories of data” in order to comply with legal requirements, such as considering if we need to make appropriate adjustments during your course in relation to any disabilities.  We may also process information relating to your health to monitor absences and to provide you with support if required.  

We will only process "special categories of data" about ethnic origin, political opinions, religious or similar beliefs, trade union membership, health or sex life where we either have your explicit consent, when it is needed in the public interest,  or if we are legally required to do so.  For example, we are required to collect Equality Monitoring Information however we make it clear at the point of collection that you have the option to tell us you would prefer not to say.

We provide additional services to students including Student Support and Support for Learning, etc.  When you access these services, we will collect and process your information only as far as it is necessary to provide them, and we will explain this at the time.

After you complete your course, we use your details to enable us to process Awards and arrange graduations.  We will contact full-time students to gather information on their destinations after they have left their course if they wish to provide this information.

Sharing your data

We may share your data with organisations in the following categories:

  • The Scottish Government, the Student Awards Agency for Scotland (SAAS), Scottish Further and Higher Education Funding Council (SFC), Skills Development Scotland (SDS)
  • Local Authorities (for example Scottish Borders Council and schools)
  • Transport Providers, to facilitate transport arrangements
  • Awarding bodies including the Scottish Qualifications Authority (SQA) etc

Any sharing of your data is done in the public interest in the area of Education and for archiving purposes in the public interest and for statistical purposes.

Any sharing of data is subject to appropriate safeguards to protect your data, for example through Data Sharing Agreements with the organisations that we share data with and ensuring the organisations meet certain security requirements, e.g. encryption.

We do not use your information for marketing purposes unless we have specifically asked you and you have provided specific consent.  For example, we may ask you at enrolment if we can contact you when you complete your course about our Alumni Association, but you can choose not to consent to this.  Find out more at http://www.borderscollege.ac.uk/resources/mailing-lists/.

Where your employer has enrolled you in a course, we will have a contract with them and will share limited personal information only within the terms of the contract.

Keeping your data

We will keep your data only for so long as is necessary, in line with our Retention and Disposal Schedule. 

Your data rights

You have rights over your data under Data Protection legislation.  You can find more detail on your rights and how to exercise, them later in this document.

 

Individuals or companies purchasing courses

This clause sets out the basis on which we will process your personal data when you purchase a course from us.

Collecting Personal Data

We will collect the following personal data:

  • Order by Customer for Customer: personal data about the Customer that we collect from the Customer or that the Customer provides to us during the Order process. This includes information that the Customer gives to us by filling in the Booking Form; or by corresponding with us by phone, e-mail, post or otherwise;
  • Order by Customer for Attendee: personal data about the Customer and the Attendee(s) that we collect from the Customer and / or the Attendee or they provide to us during the Order process. This includes, information that the Customer and / or Attendee gives us by filling in the Booking Form or by corresponding with us by phone, e-mail, post or otherwise;
  • Services: personal data about you we collect from you or that you provide to us when we provide the Services to you. This includes information that you give us by corresponding with us by phone, e-mail, post or otherwise.

 Use of Personal Data

We will use your personal information for the following purposes:

  • Order: to process your Order; and to contact you in relation to your Order;
  • Services: to provide the Service to you; to contact you in relation to the Services; and to process your certification under the Services; and
  • Direct Marketing: if you have provided your specific consent, to provide you with information that we believe may be of interest to you, such as information concerning our courses, products, or services. You can manage your preferences and unsubscribe at any time at http://www.borderscollege.ac.uk/resources/mailing-lists/.

Legal basis for processing Personal Data

We will hold and process your personal data on the following legal basis:

  • When we process your personal data, we are fulfilling our obligations as a College and as a public authority in the provision of Education in the public interest, the requirements of the Education (Scotland) Act 1980 and in order to comply with other legislation, for example, the Equality Act 2010.
  • Performance of Contract: in the Order and supply of Services it is necessary to process your personal data to enter a Contract and without your personal data the Contract cannot proceed;
  • Certification of Services: processing is necessary for compliance with legal obligations to which we are subject.
  • Direct Marketing: based on your specific consent only.

Sharing Personal Data

We may share your personal data with:

  • the Scottish Qualification Authority; City and Guilds; and other awarding bodies for Awards and certification purposes including REHIS, AoFA, City & Guilds, People 1st, British Safety Council (BSC), British Computer Society (BCS), LANTRA, IQA / EQA; 
  • if relevant, your employer, as the Customer;
  • depending on your method of payment, our current third party suppliers Worldpay for the purposes of processing your payment; and

Any sharing of your data is done in the public interest in the area of Education and for archiving purposes in the public interest and for statistical purposes.

Any sharing of data is subject to appropriate safeguards to protect your data, for example through Data Sharing Agreements with the organisations that we share data with and ensuring the organisations meet certain security requirements, e.g. encryption.

Retention Period

We will not store your personal information longer than necessary and in line with our Retention and Disposal Schedule for the purposes outlined above, unless it is required to do so to comply with the law and / or any regulatory requirements.

European Economic Area (EEA)

We will not transfer your personal data outside the European Economic Area (EEA) without ensuring that the data will be processed in line with privacy law.

Your Rights

You have certain rights under data protection legislation.  You can find further detail regarding your rights later in this document.

 

Job applicants, current and former College employees, volunteers and Board members

Borders College is the data controller for the information you provide during the recruitment and appointment processes unless otherwise stated. If you have any queries about the recruitment or appointment processes or about how we handle your information, please contact us at hr@borderscollege.ac.uk.

What will we do with the information you provide to us?

All of the information you provide during the recruitment and appointment processes will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. 

What information do we ask for, and why?

We collect your information for HR purposes only, including the recruitment and appointment processes. We do not collect more information than necessary for HR purposes and will not retain it for longer than is necessary for those purposes.

Application stage

We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

You will also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to anyone outside of our recruitment team, including hiring managers, in a way which can identify you. Any information you do provide will be used only to produce and monitor equal opportunities statistics.

Shortlisting

Our hiring managers shortlist applications for interview. They will not be provided with your name, contact details or referees or with your equal opportunities information if you have provided it. They will only have access to the detail given in your application including education, skills, experience and yours answers to the questions on the application relevant to the role you are applying for.

Assessments

We might ask you to participate in assessment days, complete tests or occupational personality profile questionnaires, and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held securely by the HR department in the College for recruitment.

Conditional offer

If we make a conditional offer of employment, or volunteering opportunity, we will ask you for information so that we can carry out checks. You must successfully complete these checks to progress to a final offer. We are required to confirm the identity of our employed staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability. 

Both employees and volunteers will therefore be required to provide: 

  • Proof of your identity – you will be asked to attend our office with original documents, we will take copies.
  • Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
  • You will be asked to complete a criminal check through Disclosure Scotland which would normally be the Protection of Vulnerable Groups (PVG) check.
  • We will contact your referees directly, using the details you provide in your application, to obtain references.

Employees will also be asked to complete a questionnaire about your health. This is to establish your fitness to work.

We will also ask for the following:

  • Bank details – to process payments where relevant e.g. salary, expenses
  • Emergency contact details – so we know who to contact in case you have an emergency at work
  • Membership of either the SPPA or LGPS pension scheme (employees only).

Appointments to Board positions, following recommendation for selection, are subject to Ministerial approval.  Board appointees are bound by the principles of public life.  Their personal information will therefore be shared or publicised as required by legislation.

CHRIS

If you accept a post with us, some of your personnel records will be held on CHRIS, which is an internally used HR records system.  Your information will be available to you and your manager on HR21, the self-service module for CHRIS.  Borders College has an agreement with the software provider to ensure appropriate technical and organisational measures are in place to restrict access to your data and keep it secure.

Here is a link to their privacy notice.

https://gb.frontiersoftware.com/privacy-and-data-protection

Pensions

If applicable, your details will be provided to Scottish Borders Council or the Scottish Public Pensions Agency who are the administrators of the Local Government Pension Scheme or Scottish Teachers Pension Scheme respectively, of which the College is a member organisation.  You will be auto-enrolled into the pension scheme and details provided to the scheme administrators will be your name, date of birth, National Insurance number and salary.

Health Management

NHS Borders provide our employee Occupational Health service. If we make you a conditional offer of employment, we will ask that you complete a questionnaire which will help to determine if you are fit to undertake the work that you have been offered, or advise us if any adjustments are needed to the work environment or systems so that you may work effectively.

We will send you the questionnaire which you should send directly back to NHS Borders Occupational Health Service, who will provide us with a fit to work certificate or a report with recommendations. If an occupational health assessment is required at any time during your employment, this is likely to be carried out by NHS Borders Occupational Health Service.

Here is a link to their Privacy Notice.  Borders College has an agreement with NHS Borders to ensure data is processed securely.

http://www.nhsborders.scot.nhs.uk/patients-and-visitors/our-services/general-services/workplace-health-services/occupational-health-service/

How long do we retain your information?

If you are successful, the information you provide during the application process will be retained by us as part of your individual file for the duration of your appointment term plus 6 years following the end of your appointment. This includes your criminal records declaration, fitness to work (if applicable), records of any security checks and references.

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like us to retain your details in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.  At the end of this period, we will destroy all of your application information. 

If you are unsuccessful at any stage of the process, we will retain the information you have provided until that point for 6 months from the closure of the campaign.

We will retain information generated throughout the assessment process, for example interview notes, for 6 months following the closure of the campaign.

We will retain equal opportunities information connected to your personal details for 6 months following the closure of the campaign whether you are successful or not.  Anonymous equalities data for staff members is retained and reported to the Scottish Funding Council on an annual basis.  Equal opportunities information for Board members is recorded and retained to fulfil reporting requirements.

Employee pension and health information is retained for 30 years following cessation of employment as required by legislation.

How we make decisions about recruitment of staff and volunteers?

Final recruitment decisions are made by hiring managers and members of our recruitment team, appropriate to the position applied for. All of the information gathered during the application process is taken into account.

You are able to ask about decisions made about your application by speaking to your contact within our recruitment team or by emailing hr@borderscollege.ac.uk.

People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. Generally, we will consider an anonymous complaint if it gives enough information for us to make further enquiries. Failing this, we may decide not to pursue it.

We will keep personal information contained in complaint files in line with our Retention and Disposal Schedule.  We hold the details and outcomes of all complaints within College records for a period of five years.  We will retain this information in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

You can see more detail on how we handle complaints on our website.

 

Your individual rights

You have rights under data protection law, which we have summarised here. This is not a full statement of the law: some of the rights are complex, and not all of the details have been included in our summaries, the regulator of data protection law, UK Information Commissioner’s Office (ICO) has guidance on all of your rights and how to exercise them here: https://ico.org.uk/for-the-public/personal-information/.

Your rights under data protection law are:

  1. The right to be informed (known as a privacy notice)
  2. The right of access
  3. The right to rectification
  4. The right to erasure (or ‘the right to be forgotten’)
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision-making and profiling

The right to be informed

As a data subject you should be informed when an organisation processes your personal information. This is known as a privacy notice. A privacy notice should be provided when you provide your personal information to the organisation or, if the information is received by another way, you must be informed within a reasonable period of obtaining the data and no later than one month.

The information to be provided is:

  • The name and contact details of our organisation.
  • The name and contact details of our representative (if applicable).
  • The contact details of our data protection officer (if applicable).
  • The purposes of the processing.
  • The lawful basis for the processing.
  • The legitimate interests for the processing (if applicable).
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
  • The recipients or categories of recipients of the personal data.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
  • The retention periods for the personal data.
  • The rights available to individuals in respect of the processing.
  • The right to withdraw consent (if applicable).
  • The right to lodge a complaint with a supervisory authority.
  • The source of the personal data (if the personal data is not obtained from the individual it relates to).
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
  • The details of the existence of automated decision-making, including profiling (if applicable).

The right of access

This means you have the right to obtain:

  • confirmation that your data is being processed
  • access to your personal data and other supplementary information that we hold about you

This is so that you can access your personal data to be aware of and verify the lawfulness of the processing.

The supplementary information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data.

We will supply a copy of your personal data to you, if this does not affect the rights and freedoms of others; we will provide this initial copy of the information free of charge.

We may charge a reasonable fee, based on the administrative cost of providing the information, in some circumstances.  This applies for additional copies of the same information.  It also applies when your request is manifestly unfounded or excessive, particularly if it is repetitive, in which case we may refuse to respond; where this is the case, we will explain why and inform you of your right to complain to the supervisory authority and to a judicial remedy without undue delay and at the latest within one month.

The right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

The right to erasure

The right to erasure is not an absolute ‘right to be forgotten’, but exists to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

You have a right to have your personal data erased and to prevent processing in specific circumstances:

  • where the personal data is no longer necessary in relation to the purpose for which it was originally collected or processed
  • when you withdraw consent to consent-based processing
  • when you object to the processing and there is no overriding legitimate interest for continuing the processing
  • the personal data was unlawfully processed the personal data has to be erased in order to comply with a legal obligation
  • the personal data is processed in relation to the offer of information society services to a child

We can refuse to comply with a request for erasure where the personal data is processed:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation for the performance of a public interest task or exercise of official authority
  • for public health purposes in the public interest
  • for archiving purposes in the public interest, scientific research, historical research, or statistical purposes
  • for the exercise or defence of legal claims

The right to restrict processing

In some circumstances, you have the right to restrict the processing of your personal data. Those circumstances are where:

  • you contest the accuracy of the personal data: we will restrict processing until we have verified its accuracy
  • processing is unlawful but you oppose erasure, and request restriction instead
  • we no longer need the personal data for the purposes of our processing, but you require the data to establish, exercise or defend a legal claim
  • you have objected to processing (where it was necessary for the performance of a public interest task) pending the verification of that objection.

The right to data portability

This right applies to you where you provided your personal information to us:

  • either giving your consent, or as part of entering into a contract with us, and
  • the personal data is processed by automated means (in practice this means most paper files are not covered by this right)

In these circumstances, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

The right to object to processing

You have the right to object on grounds relating to your particular situation to our processing of your personal data in circumstances where the legal basis for the processing is that it is necessary, for:

  • the performance of a task carried out in the public interest or in the exercise of any official authority vested in us, in which case we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims
  • direct marketing, in which case we will stop processing your personal information immediately
  • scientific / historical research and statistics, although where research is in the public interest we are not obliged to comply with an objection

Right to complain to a supervisory authority

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

In the UK the supervisory authority is the Information Commissioner’s Office - https://ico.org.uk

Right to withdraw consent

Where the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

Exercising your rights

You may exercise any of your rights in relation to your personal data by any of the following alternatives:

  • the form on our website
  • the postal address as published in this privacy notice

[Back to the top]