The General Data Protection Regulation (GDPR) provides individuals with a number of other rights aside from the right of access.
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
We must provide you with information including: the purposes for processing your personal data, our retention periods for that personal data, and who it will be shared with. This is known as ‘privacy information’ and is set out in our Privacy Policy.
We must provide privacy information to you at the time we collect your personal data from you. Should we obtain personal data from other sources, we must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.
Should you believe that we have not provided you with sufficient information about how we are going to process your data then you can ask us to show you the ‘privacy information’ or explain the legal basis we have used to process your data.
The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
Should you believe that the personal data we are processing about you is inaccurate you can submit a request for rectification.
There are certain circumstances when we can refuse a request for rectification.
The GDPR introduces the right to erasure. This is also known as the ‘the right to be forgotten’.
This is not an absolute right and it will only apply in certain circumstances. The Information Commissioner’s Office have further information on the circumstances when data can be requested for erasure and it may be useful to read their guidance on your right to get your data deleted before submitting a request.
You will also have a right to request the restriction or suppression of your personal data. As with the right to be forgotten, this is not an absolute right and will only apply in certain circumstances. You should refer to the Information Commissioner’s Office guidance on your right to limit how organisations use your data for further information on this.
Should we restrict processing for an individual the Trust will be able to store the information but we will not be able to use it.
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
The right of portability only applies to information an individual has provided to the University.
You can find further information on this your right to data portability on the Information Commissioner’s Office website.
The GDPR gives you a right to object to the following:
-
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
-
direct marketing (including profiling); and
-
processing for purposes of scientific/historical research and statistics.
You must provide us with specific reasons in order to exercise this right to object to processing for research purposes.
You can find further information on the right to object to the use of your data on the Information Commissioner’s Office website.
If you wish to exercise any of the above rights please complete our online form to outline the details of your request.
You can also contact the Data Protection Officer by telephoning 012472 582525 or by emailing [email protected].