Data Protection Statement
Glasgow Caledonian University (GCU) is a Data Controller for the purposes of the Data Protection Act 1998 (DPA). GCU processes personal data in line with the Act and its notification to the Information Commissioner's Office. This Data Protection Statement explains how we use this data. A separate Statement has been provided for students.
GCU staff have access to personal information and manage information in accordance with the DPA and University policy and guidelines.
Purposes for which Personal Data is obtained and processed
Personal data relating to members of staff and stakeholders may be held in paper and electronic form in accordance with the provisions of the DPA, and may be used for a range of purposes associated directly with University business, including:
· Recruitment and retention of staff
· Management, support and administration
· Absence management and protecting health and safety
· Monitoring compliance with the Equality Act 2010
· Managing grievance and disciplinary matters
· Preventing and detecting crime
· General administrative functions such as library use, online access to information, verification processes and events
· Controls to access buildings and facilities
· Making external statutory returns including HMRC and the Higher Education Statistics Agency (HESA). HESA provides a separate privacy notice.
· Pension fund activity
· Advertising, marketing, public relations and general advice services
· Statistical and archive purposes
· Internal research including monitoring quality and performance
· Administering past criminal convictions and schemes such as the Protection of Vulnerable Groups (PVG) Scheme.
Publishing Personal Data
A member of staff’s name, department/section, job title, email address and telephone number will normally appear in the University’s staff directory.
In exceptional circumstances, and in consultation with the line manager, a member of staff may have their details removed in full or in part.
External Study, Employment and Placement
Where a member of staff’s employment with the University requires study, employment or a placement at another organisation it may be necessary for the University to transfer personal data to this party, within the UK or abroad.
Staff should be aware that some countries outside the European Economic Area (EEA) have lower standards for the protection of personal data.
Disclosure to third parties
Personal data will only be provided to external parties as permitted under the DPA. GCU may be required to disclose personal data to organisations contracted to work on its behalf, including pension providers, insurers and auditors and other organisations in the course of funding, accrediting or quality review activities.
Your rights
As a Data Subject you have a number of rights under the Act including the right to:
•Access the personal data the University holds about you
•Have inaccurate data corrected
•Prevent processing of information which may cause you harm or distress
•Prevent unsolicited marketing
•Prevent automated decision making
Retaining your personal information
The University will retain your personal data for as long as necessary for the purposes for which it is held including statutory, regulatory or administrative requirements.
CCTV
The University’s premises are monitored by CCTV systems for the purposes of public safety and the prevention and detection of crime. CCTV footage may also be used for investigations or proceedings arising under the University’s regulations, codes and policies.
System use and monitoring
Use of GCU data, systems and networks, including internet use and email activity, are monitored for inappropriate use. Further information is available in our Information Systems Policy.