Governor Privacy Notice
This Privacy Notice explains the types of personal data held by the University as data controller.
It explains what information we collect about you, how we will use that information, who we will share it with, when we will share it and the steps we will take to ensure it stays private and secure.
1.1 This Privacy Notice explains the types of personal data held by the University as data controller. It explains what information we collect about you, how we will use that information, who we will share it with, when we will share it and the steps we will take to ensure it stays private and secure.
1.2 This Notice applies to you if you have been appointed or nominated as a governor of the University. It continues to apply even when you cease to be a governor.
1.3 We know there is a lot of information. However, we want to inform you fully about your rights, and how the University uses your data.
1.4 We hope the following sections will answer any questions you have. If not, please do get in touch with us.
1.5 We will need to update this Privacy Notice from time to time. We will notify you of any significant changes. You are welcome to come back and check it whenever you wish. You can obtain the current version of this Notice at: https://www.canterbury.ac.uk/privacy/Governors. We welcome comments on the Privacy Notice. We take any comments into account in updating the Notice.
2.1 Canterbury Christ Church University is the data controller for the processing activities described below.
This means the University decides the reasons for, and how, we process your personal information.
2.2 Our contact details are as follows:
Canterbury Christ Church University
Anselm
North Holmes Road
Canterbury
CT1 1QU
Website: https://www.canterbury.ac.uk/
Contact details: Key contacts
2.3 Where this Privacy Notice refers to “we”, “our” or “us” or “the University”, we mean Canterbury Christ Church University. Where we refer to “you” or “your” we mean a governor at Canterbury Christ Church University.
2.4 We will only collect your information in line with relevant regulation and law. We may collect it from a
range of sources including when you interact with us, e.g., visit our website or call us. It is essential for us to do so to manage our operations effectively, especially supporting you in your role. We hold data in electronic and paper formats that include your personal details and related information.
2.5 There is a statement on our approach to managing personal information in our Data Protection Policy
2.6 The University Data Protection Officer is
Robert Melville
Assistant University Secretary
Canterbury Christ Church University
Anselm
North Holmes Road
Canterbury
CT1 1QU
E-mail: dp.officer@canterbury.ac.uk
Telephone: 01227 767700
3.1 Data protection law sets out several reasons for collecting and processing your personal data. In this section, we outline the legal bases we rely on.
3.2 If the law requires us to, we may need to collect and process your data.
3.3 For example, we need to ensure we meet our statutory obligations, including those related to filing details of your appointment with Companies House, Financial Conduct Authority and the Charities Commission. Failure to provide this data would result in your appointment not taking effect.
3.4 We need your personal data to enable us to perform a task in the public interest or in the exercise of our official authority.
3.5 For example, we need to process personal data to maintain statutory company registers.
3.6 In certain situations, we require your data to pursue our legitimate interests. We do this in a way that does not materially impact on your rights, freedom or interests.
3.7 For example, we have a legitimate interest in enabling a training provider to provide you with services you have requested, or assess your suitability for services.
3.8 In specific situations, we might collect and process your data with your consent. We will tell you if we need your consent. We will ask you to give consent before processing your data.
3.9 When we collect your personal data, we explain to you what data is necessary in connection with a specific requirement. We do this when we seek your consent. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You need not give a reason. However, this may restrict the requirement, and we may explain this to you.
3.10 For example, if we need to undertake a University survey, we will tell you about the survey and how we will use your data.
3.11 We may need to process your data to protect your vital interests or those of another person. This will take place only where we cannot process your data on another legal basis. We will invite you to provide next of kin detail if you wish. You should ask your next of kin before providing their details.
3.12 For example, if you need admitting to the A & E department of a hospital with life-threatening injuries following a serious road accident, we may need to disclose information to protect your vital interests.
4.1 We obtain personal data about you from various sources.
4.2 As soon as you are nominated or appointed, we create records in your name. Information collected may include: names, addresses, landline and mobile telephone numbers, date of birth, gender, nationality, national insurance number, next of kin/emergency contact, name of spouse/partner, educational and career background, your CV and biography, public and voluntary appointments, bank details (for payment of expenses), vehicle registration, dietary requirements, photographs, correspondence, health and safety records, terms of office, feedback, meeting attendance, declarations, related party transaction returns, manifesto ballot details and results (for staff governors) and other information about you that is given to us by filling in forms or by communicating with us, whether in person, by telephone, email, online, or otherwise. Your image may be taken for reports and other publications and audio recordings of meetings of the governing body and its committees at which you contribute might also be taken.
4.3
You may give us information about “special categories” of data, including your racial or ethnic origin, religious or philosophical beliefs, health, or sex life or sexual orientation. We use your “special categories” of data for activities including: equal opportunities monitoring and informing research. We will process special category data with your explicit consent or as otherwise permitted by law.
4.4
You may give us further personal information if you start to use some of our services, for example, the library, IT, support and disability services, port, the bookshop, and the Chaplaincy. We may give you more information about what we do with your personal data when you start to use the service.
4.5 We automatically collect information about your participation in your use of the virtual learning environment (Blackboard) and the library.
4.6 We will also add to your record any activities that you carry out on our website. We may automatically collect technical information when you browse our websites. We give further information in our Privacy and Cookies Policy.
4.7 If you use a University email address and other Microsoft Office 365 services, then we collect data about your use of the service.
4.8 We may receive information about you from third parties, for instance, references.
4.9 When we obtain personal data about you from third party sources, we ensure the third party has lawful authority to provide us with the data.
5.1 The range of personal data we collect about you is to facilitate the University’s governance arrangements and support you, to manage our operations effectively, and to meet our legal requirements. We will only use your information where we have your consent or we have another lawful reason four using it. These reasons include where we:
5.2 The purposes for which we may use personal data (including special category personal data) we collect include:
5.3. We may contact you about for business administration and support purposes. This could be by email, letter, Skype or telephone.
5.4. Information about any declared disabilities and special requirements you have will also be used to inform the provision of reasonable adjustments and other provisions for your appointment.
5.5. We keep records of your attendance at governing body meetings for audit, reporting and compliance purposes.
6.1 We share data with several organisations for specific purposes. In this section we give some examples of the way we might share your data.
6.2 When you are appointed as a governor, we will provide your information with the Office for Students, Charities Commission and Companies House as these are legal requirements. We may also share your information with law enforcement, government, courts, regulators, auditors and any party appointed or requested to investigate or audit our activities.
6.3 We may disclose your information to our third-party service providers and agents for the purposes of providing services to us, or directly to you on our behalf. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service. We have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
7.1 How long we keep your personal information depends on several factors including our purpose for using the information and our legal obligations. We keep your information in line with our data retention policy.
7.2 Records are kept for as long as they are needed to meet the operational needs of the University, together with legal and regulatory requirements, including: Data Protection Act 2018, General Data Protection Regulation 2018, Freedom of Information Act 2000, Limitation Act 1980, Companies Act 2006, Charities Act 2011. Our retention schedule can be found here. Minutes of governing body meetings, annual reports and financial statements, biographies and photographs are retained permanently. Records of expenses claims and payments and banking details are retained for seven years for tax and audit purposes. Information relating to event bookings and parking permits will be retained for the period of office of each governor. Manifestos made by successful candidates are kept for their period of office. In the case of unsuccessful candidates, the retention period is six months after the election. Election results (votes cast, turn-out) are retained for six years after the completion of the election.
8.1 We know how much data security matters to our governors. We will treat your data with the utmost care and take all appropriate steps to protect it.
8.2 We have a commitment to the data protection principles of good practice for handling information. All personal information is held securely, and we will only transfer data within the University on a ‘need-toknow’ basis so that we can support you.
8.3 We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to improve security.
8.4 Generally, the information you provide to us is stored on our secure servers, or on our cloud-based systems which are located within the European Economic Area (EEA).
8.5 However, there are times when we need to store information outside the EEA. If we transfer your information outside the EEA, we will ensure appropriate security measures are taken to protect your privacy rights. This would either be imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection.
9.1 You have the right to ask for a copy of the information about you that we hold. There is no charge. If you would like to make a request for information you can email the DP officer.
9.2 You have the following rights:
9.3 You can make a request orally or in writing. We will respond in a calendar month.
10.1 If there is anything you are unclear about, you can contact our Information Governance Manager (email:
information.governance@canterbury.ac.uk), who is happy to answer any queries you may have concerning this Notice or the way in which we process your personal data.
11.1 If you have a complaint about the way we handle your data, you can complain to the University’s Data Protection Officer.
11.2 The University Data Protection Officer is
Robert Melville
Assistant University Secretary
Canterbury Christ Church University
Anselm
North Holmes Road
Canterbury
CT1 1QU
E-mail: dp.officer@canterbury.ac.uk
Telephone: 01227 767700
12.1 If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to make a complaint to the Information Commissioner’s Office. The contact details are:
The Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113