Associate Privacy Notice

1) Description of the Service

An Associate is an individual who is affiliated to the University and through that affiliation is given and / or needs to use University services.

The University collects and processes personal data relating to Associates to manage the affiliation with the University. The University is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

2) What information does the University collect?

The University collects and processes a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number and date of birth;
• details of the Associate role within the University;
• details of your current employer;
• details of accidents, incidents and near misses, related to the University’s activities, you have reported or been involved in

The University will collect this information on the Associate Personal Details form.

Data will be stored in a range of different places, including in the University's HR management systems, Incident Reporting system and in other IT systems (including the University's email system and data within test environments).

3) Why does The University process personal data?

The University is required to manage health and safety in compliance with relevant legislation related to:

• risk assessment and management strategies;
• training;
• health surveillance;
• compliance assessments;
• incident management; and
• personal emergency evacuation plans

In addition the University has a legitimate interest in processing personal data to:

• maintain accurate and up-to-date records and contact details;
• provide facilities such as IT services and Library Services;
• ensure effective general business administration.

4) Who has access to data?

Your information may be shared internally, including HR&OD, your line manager, managers or nominated administrators in the business area in which you are an Associate for, incident Investigators, lead fire wardens and IT staff if access to the data is necessary for performance of their roles.

The University will not transfer your data to countries outside the European Economic Area.

5) How does The University protect data?

The University takes the security of your data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.

Where the University engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

6) For how long does The University keep data?

The University will hold your personal data for the duration of your role as an Associate and for a period of three years following the end of the role.

7) What if you do not provide personal data?

You have some obligations to provide the University with data such as contact details. If you do not provide other information, this will hinder the University's ability to administer its rights and obligations.

8) The Data Controller and further information

Canterbury Christ Church University is the Data Controller for this personal data.

Please click the link below to access further information regarding:

• The Data Controller
• The name and contact details of the University Data Protection Officer
• Where to make a complaint
• Your rights as a Data Subject
• How to contact the Regulator

Find out more

  

9) Version Control

Title:	Privacy Notice - Associate
Applicable to:	Associates (HR)
Process Owner:	HR&OD
Date approved:	30 November 2020
Date of review:	25 May 2021
Date last amended:	30 November 2020