Privacy Statement

Introduction

Your privacy and trust are important to us and this Privacy Notice provides essential information about how SIR, as part of the University of Strathclyde handles your personal information.
This notice is regularly reviewed and sometimes updated.
It is important that you check back often for updates to this Notice.
Updates may be made at any time and you will always find the most up to date version at https://www.scot-reman.ac.uk/privacy-statement
If we make significant changes we will contact you to inform you of this.

SIR can be contacted via

+44 (0) 141 548 2640
sir-enquiries@strath.ac.uk

SIR
Floor 7
James Weir Building
75 Montrose Street
Glasgow
G1 1XJ

What is personal data/personal information?

In simple terms, personal data is information which identifies and relates to you, either on its own or in conjunction with other information held by the University.

Sensitive personal data (or special categories of personal data, as it will be known under new EU legislation coming into force on 25 May 2018) is personal data which falls within one of these categories:

  • personal data revealing racial or ethnic origin,  political opinions
  • religious or philosophical beliefs trade union membership genetic data, biometric data for the purpose of uniquely identifying a natural person,
  • data concerning health data concerning a natural person’s sex life or sexual orientation shall be prohibited data relating to criminal convictions/criminal proceedings (this definition will change slightly under GDPR)

The types of personal information we collect

We collect identifiable information about you in order to create and maintain adequate records in relation to the various interactions you may have with SIR. Whenever you provide personal data there should be a privacy notice, like this one, which tells you what the information will be used for. If we are ever collecting sensitive personal data, as defined above, additional safeguards will be in place around how we can use that data.

How we use personal information

SIR uses your personal data for a variety of reasons. These include:

  • Responding to enquiries
  • Managing all aspects of education/research/knowledge exchange/consultancy services and facilities.
  • Financial reasons, i.e. payments made to/by the University on our behalf
  • Sending you information relating to special events, deals etc.
  • Managing events. Information relating to guests/visitors including food requirements/allergies, medical conditions etc.may be retained.

The legal basis for this processing of your data is :

Consent – mailing lists

Contract mangement

As we are using your consent as the basis for our processing of your data, then you should be aware that you can withdraw your consent at any time.

If you do not provide and/or consent to our use of your personal data, then we will be unable to provide the services associated with the use of your data.

Our Legitimate Interests

Are those which allow us to deliver and manage all aspects of education, research, knowledge exchange and consultancy as appropriate to a university.

Marketing

SIR may wish to send you marketing information, regarding related services, special offers etc.

We will only send these to you if you have previously provided us with your details or

if you have indicated that you consent to receiving such correspondence. You have the

opportunity to unsubscribe at any time. An unsubscribe option will be available in every electronic

communication. Alternatively you can write to: SIR via sir-enquiries@strath.ac.uk.

Where we store and process personal information

Electronic personal data is held on the University’s secure servers. Hard copy data will be stored

securely to prevent unauthorised disclosure.

How we secure personal information

The University has robust Information Security policies in place to protect all the data it holds, including your personal data.  You can read more about these policies and technical standards on the University website https://www.strath.ac.uk/staff/policies/informationsecurity/

On a day-to-day basis staff access to members’ personal data is restricted on a ‘need to know’ basis.

The University’s data protection policies and procedures make clear that all staff have a responsibility to ensure that they handle personal data appropriately and that suitable organisational security measures are in place.

Who we share data with

The University does not share your personal data with third parties. The only circumstances in which

we may share your personal data are if:

  • The University has engaged a third party to act on its behalf.
  • We are legally required to do so.
  • It is an emergency situation, e.g. regarding health/wellbeing
  • It is otherwise lawful and legitimate for us to do so, e.g. in relation to requests from the Police.

How long will we keep your data

The identified retention period for your data covered by this privacy notice is 3 years.  After which it will be reviewed, and if the purpose for which it is being processed is still valid, the retention period may be extended.

If however your data has served its purpose then it will be securely destroyed, sometimes data will be stored for longer periods eg for archiving purposes in the public interest, scientific or historical research purposes.

Your rights under the General Data Protection Regulations

You have a number of rights under the Act. These include the right to:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

For more information on your rights please see

https://ico.org.uk/for-the-public/is-my-information-beinghandled-correctly/

Right to access personal data

You have a right to request a copy of the information the University holds about you; this is known as a ’Subject Access Request’ (SAR). For more information see the University’s Data Protection web pages or contact dataprotection@strath.ac.uk

Right to complain

You have the right to make a complaint about how we are handling your data.  In the first instance you may wish to let us know directly (dataprotection@strath.ac.uk) to allow us to address your issue.

If however you wish to do so, you can make a complaint about our handling of your data with the information commissioners office (https://www.gov.uk/data-protection/make-a-complaint)

Keeping your information up to date

You can update your details at any time by contacting:

dmem-adminteam@strath.ac.uk

Status of this Privacy Notice

This privacy notice is subject to change. Data protection legislation is changing in May 2018 when the  new EU General Data Protection Regulation comes into force. You can find out more about the legislation on the ICO website www.ico.gov.uk

The University will advise you of any significant changes you need to be aware of, in relation to this privacy notice.

This Privacy Notice was last reviewed on 6th February 2018