NEWCASTLE POLICY IMPACT fa-home Created with Sketch.
Newcastle University Logo
Asbtract image of campus

Policy Newcastle Privacy Notice

Policy Newcastle Privacy Notice

1. Data Controller

University of Newcastle upon Tyne (“we”, “our”, “us”, “The University”) processes personal data in accordance with our obligations under the General Data Protection Regulations (‘GDPR’) and is a registered Data Controller (Registration Number Z5470161) with the Information Commissioner’s Office (‘ICO’), which is the supervisory authority responsible for the oversight and enforcement of Data Protection Legislation within the United Kingdom

2. How is your personal data collected?

We use different methods to collect data from and about you including through:

  • Digital forms, and surveys for the purpose of providing information about the University, its policy engagement activities and relevant events.
  • Correspondence with us by face to face, phone, email, live chat, social media or otherwise.
  • As you interact with our websites, we may automatically collect data about your device, IP address, and browsing patterns we collect this by using opt-in cookies.
  • The University’s CRM automation systems also use email tracking pixels.

3. What personal data is collected?

  • Identification and contact details: Your name, email address, job title and organisation

 

4. Where do we get your personal data and for what purpose?

We will only use collect and use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

  • Where you consented to the processing.
  • Where it necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We have set out below, in a table format, a description of all the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity

Type of Data

Lawful basis for processing including basis of legitimate interest.

To contact you in the future about events, activities, and other general information about the University and its programmes of policy engagement.

Communications, Contact

Consent

Anonymising and sharing with social media platforms to see if the adverts have been successful (you cannot be identified) and to serve you or similar audiences with more relevant messages.

Communications, Profile

Legitimate Interests

Enhancing our service; to meet our interests of understanding who our stakeholders and contacts are and their needs and interests

Profile

Legitimate Interests

Providing statistics for management and business intelligence reports on the effectiveness of an event and or communications activity.

Profile

Legitimate Interests

Photographs, video, and audio may be taken at events for use in marketing materials, including on our website and on social media. Where you are not the subject of the image, i.e. if it is a “group” or “crowd” photograph, we may use such images without requiring your consent, however, where you are the subject, you will be asked to provide explicit consent to use the image.

Profile

Legitimate Interests and Consent where appropriate

We track email open and click through rates, user’s browser and device, IP address and location to review communications for reporting purposes and to ensure the University does not spam disengaged contacts.

Profile

Legitimate interests


5. Where do we securely process and store your personal data?

5.1 Within the UK and EEA

All personal data is processed by Newcastle University staff based in the UK however for the purposes of IT hosting and maintenance this information is located on servers within the EEA.

5.2 Outside the UK and EEA

HubSpot - We use forms created by HubSpot. HubSpot’s product infrastructure is hosted on Amazon Web Services (AWS) in the United States East region. HubSpot leverages the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany region) to support the processing of local customer data that is critical to its customers' businesses.

Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and PCI-DSS requirements where applicable, and verified to be secure.

6. Sharing your personal data with third parties.

Your personal information will only be disclosed to third parties where we have an appropriate lawful basis to do so, which may include the following:

  • With third parties who securely process data on our behalf in order to facilitate our relationship with you, such as software service providers providing externally hosted software solutions
  • Where appropriate, with third parties who we work closely with to facilitate relevant events and for feedback/information purposes

7. How long do we hold personal data?

Personal data is retained for as long as it is required to fulfil the purpose for which is it held and then to fulfil any legal requirements, usually a further 6 years.

Any information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. To withdraw or amend your contact methods at any time either click the link at the bottom of an email from us or contact us on email; consent.options@ncl.ac.uk and we will endeavour to action this within 2 working days.

 

8. Your Rights Under GDPR

Under the GDPR, you have a number of rights in relation to the processing of your personal information, each of which may apply to differing degrees’ dependent upon the nature of the processing and the legal basis for it. You have the right to:

  • Be informed as to how we use your data (via this privacy notice)
  • Request access (a copy) of the personal information that we hold about you.
  • Correct inaccurate or incomplete data
  • Object to the processing of your data, including sending direct marketing communications.
  • Withdraw your consent

In order to exercise any of the above rights, please visit https://www.ncl.ac.uk/data.protection/accessyourpersonaldata/

9. Further information

If you would like to discuss this further, please contact us on rec-man@ncl.ac.uk. If you would like more information about how we manage personal data more generally, including your rights under law, and the contact details of the University’s Data Protection Officer, visit our Data Protection website.

10. Lodging a complaint with the Information Commissioners Office (ICO)

If you are unhappy with our use or storage of your data, you have the right to complain to the Information Commissioner's Office (ICO) about this. Please see the ICO website for more details of how to complain.