Governor Privacy Notice
1.1 This Privacy Notice explains the types of personal data held by the University as data controller. It explains what information we collect about you, how we will use that information, who we will share it with, when we will share it and the steps we will take to ensure it stays private and secure.
1.2 This Notice applies to you if you have been appointed or nominated as a governor of the University. It continues to apply even when you cease to be a governor.
1.3 We know there is a lot of information. However, we want to inform you fully about your rights, and how the University uses your data.
1.4 We hope the following sections will answer any questions you have. If not, please do get in touch with us.
1.5 We will need to update this Privacy Notice from time to time. We will notify you of any significant changes. You are welcome to come back and check it whenever you wish. You can obtain the current version of this Notice at: https://www.canterbury.ac.uk/privacy/Governors. We welcome comments on the Privacy Notice. We take any comments into account in updating the Notice.
2.1 Where this Privacy Notice refers to “we”, “our” or “us” or “the University”, we mean Canterbury Christ Church University. Where we refer to “you” or “your” we mean a governor at Canterbury Christ Church University.
2.2 We will only collect your information in line with relevant regulation and law. We may collect it from a range of sources including when you interact with us, e.g., visit our website or call us. It is essential for us to do so to manage our operations effectively, especially supporting you in your role. We hold data in electronic and paper formats that include your personal details and related information.
2.3 There is a statement on our approach to managing personal information in our Data Protection Policy
3. The legal bases we rely on
3.1 Data protection law sets out several reasons for collecting and processing your personal data. In this section, we outline the legal bases we rely on.
3.2 If the law requires us to, we may need to collect and process your data.
3.3 For example, we need to ensure we meet our statutory obligations, including those related to filing details of your appointment with Companies House and the Charities Commission. Failure to provide this data would result in your appointment not taking effect.
3.4 We need your personal data to enable us to perform a task in the public interest or in the exercise of our official authority.
3.5 For example, we need to process personal data to maintain statutory company registers.
3.6 In certain situations, we require your data to pursue our legitimate interests. We do this in a way that does not materially impact on your rights, freedom or interests.
3.7 For example, we have a legitimate interest in enabling a training provider to provide you with services you have requested, or assess your suitability for services.
3.8 In specific situations, we might collect and process your data with your consent. We will tell you if we need your consent. We will ask you to give consent before processing your data.
3.9 When we collect your personal data, we explain to you what data is necessary in connection with a specific requirement. We do this when we seek your consent. You can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You need not give a reason. However, this may restrict the requirement, and we may explain this to you.
3.10 For example, if we need to undertake a University survey, we will tell you about the survey and how we will use your data.
3.11 We may need to process your data to protect your vital interests or those of another person. This will take place only where we cannot process your data on another legal basis. We will invite you to provide next of kin detail if you wish. You should ask your next of kin before providing their details.
3.12 For example, if you need admitting to the A & E department of a hospital with life-threatening injuries following a serious road accident, we may need to disclose information to protect your vital interests.
4. When do we collect your personal data?
4.1 We obtain personal data about you from various sources.
Information you give to us
4.2 As soon as you are nominated or appointed, we create records in your name. Information collected may include: names, addresses, landline and mobile telephone numbers, date of birth, gender, nationality, next of kin/emergency contact, name of spouse/partner, educational and career background, your CV and biography, public and voluntary appointments, bank details (for payment of expenses), vehicle registration, dietary requirements, photographs, correspondence, health and safety records, terms of office, feedback, meeting attendance, declarations, related party transaction returns, manifesto ballot details and results (for staff governors) and other information about you that is given to us by filling in forms or by communicating with us, whether in person, by telephone, email, online, or otherwise. Your image may be taken for reports and other publications and audio recordings of meetings of the governing body and its committees at which you contribute might also be taken.
4.3 You may give us information about “special categories” of data, including your racial or ethnic origin, religious or philosophical beliefs, health, or sex life or sexual orientation. We use your “special categories” of data for activities including: equal opportunities monitoring and informing research. We will process special category data with your explicit consent or as otherwise permitted by law.
4.4 You may give us further personal information if you start to use some of our services, for example, the library, IT, support and disability services, port, the bookshop, and the Chaplaincy. We may give you more information about what we do with your personal data when you start to use the service.
Information we automatically collect
4.5 We automatically collect information about your participation in your use of the virtual learning environment (Blackboard) and the library.
4.6 We will also add to your record any activities that you carry out on our website. We may automatically collect technical information when you browse our websites. We give further information in our Privacy and Cookies Policy.
4.7 If you use a University email address and other Microsoft Office 365 services, then we collect data about your use of the service.
Information we receive from third parties
4.8 We may receive information about you from third parties, for instance, references.
4.9 When we obtain personal data about you from third party sources, we ensure the third party has lawful authority to provide us with the data.
5. How we use your personal information
5.1 The range of personal data we collect about you is to facilitate the University’s governance arrangements and support you, to manage our operations effectively, and to meet our legal requirements. We will only use your information where we have your consent or we have another lawful reason four using it. These reasons include where we:
- need to pursue our legitimate interests or those of a third party
- need to process the information to comply with a legal obligation
- need to protect your or another natural person’s vital interests
- believe the use of your information as described is in the public interest or the exercise of our official authority
- need to establish, exercise or defend our legal rights
- need to use your information for insurance or banking purposes
5.2 The purposes for which we may use personal data (including special category personal data) we collect include:
- Recruitment, selection, re-appointment and termination of governors
- Compliance with companies and charities legislation, including if you are also a director of a subsidiary or connected undertaking, by electronic or other means
- Management and transcription of minutes of meetings of the governing body and its committees
- Maintenance of registers, including statutory registers and registers of interests, whether on-line or in hard form
- Ensuring governors have not been disqualified in accordance with the Charities Act 2006
- Inclusion in governing body minutes and reports
- Succession planning
- Sharing your contact details with other governors
- Circulation of a statement to the electorate and production of ballot papers (for staff seeking election as staff governor)
- Inclusion in the University’s annual report and financial statements
- Audit and planning functions
- Publication of governance information on the University’s website and elsewhere
- Provision of reports and returns required by funding agencies, government departments and public bodies, including the Office for Students
- Monitoring and promotion of equality and diversity
- Inclusion in the University’s publication scheme
- Funding bids to UK and international funding bodies and contracts
- Protection of your vital interests
- In connection with the University’s banking arrangements
- Administration of your expense claims
- Issuing of parking permits
- Accommodation, dietary and access requirements
- Booking of training with external organisations
- Crime detection and prevention
5.3 We may contact you about for business administration and support purposes. This could be by email, letter, Skype or telephone.
5.4 Information about any declared disabilities and special requirements you have will also be used to inform the provision of reasonable adjustments and other provisions for your appointment.
5.5 We keep records of your attendance at governing body meetings for audit, reporting and compliance purposes.
6. Who we might share your data with
6.1 We share data with several organisations for specific purposes. In this section we give some examples of the way we might share your data.
6.2 When you are appointed as a governor, we will provide your information with the Office for Students, Charities Commission and Companies House as these are legal requirements. We may also share your information with law enforcement, government, courts, regulators, auditors and any party appointed or requested to investigate or audit our activities.
6.3 We may disclose your information to our third-party service providers and agents for the purposes of providing services to us, or directly to you on our behalf. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service. We have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
7. How long we keep your personal information
7.1 How long we keep your personal information depends on several factors including our purpose for using the information and our legal obligations. We keep your information in line with our data retention policy.
7.2 Records are kept for as long as they are needed to meet the operational needs of the University, together with legal and regulatory requirements, including: Data Protection Act 2018, General Data Protection Regulation 2018, Freedom of Information Act 2000, Limitation Act 1980, Companies Act 2006, Charities Act 2011. Our retention schedule can be found here. Minutes of governing body meetings, annual reports and financial statements, biographies and photographs are retained permanently. Records of expenses claims and payments and banking details are retained for seven years for tax and audit purposes. Information relating to event bookings and parking permits will be retained for the period of office of each governor. Manifestos made by successful candidates are kept for their period of office. In the case of unsuccessful candidates, the retention period is six months after the election. Election results (votes cast, turn-out) are retained for six years after the completion of the election.
8. How we protect and store your personal data
8.1 We know how much data security matters to our governors. We will treat your data with the utmost care and take all appropriate steps to protect it.
8.2 We have a commitment to the data protection principles of good practice for handling information. All personal information is held securely, and we will only transfer data within the University on a ‘need-to-know’ basis so that we can support you.
8.3 We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to improve security.
8.4 Generally, the information you provide to us is stored on our secure servers, or on our cloud-based systems which are located within the European Economic Area (EEA).
8.5 However, there are times when we need to store information outside the EEA. If we transfer your information outside the EEA, we will ensure appropriate security measures are taken to protect your privacy rights. This would either be imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection.
9. The Data Controller and further information
Canterbury Christ Church University is the Data Controller for this personal data.
Please click the link below to access further information regarding:
- The Data Controller
- The name and contact details of the University Data Protection Officer
- Where to make a complaint
- Your rights as a Data Subject
- How to contact the Regulator
10. Version Control
||Privacy Notice - Governor
||Governance and Legal Services
||25 May 2018
|Date of review:
||25 May 2020
|Date last amended:
||30 March 2020