Privacy notice for contractors or suppliers

This Privacy Notice explains who we are, what personal data we hold, how and why we use your personal data, our lawful bases for processing, who we share your personal data with, relevant retention periods and how you can exercise your privacy rights. Please do read this notice to understand our practices and if you have any questions contact us using the details provided.

Who we are

The Manchester Metropolitan University (‘the University’) is the Data Controller in respect of the personal data we process about you as a contractor or supplier. The University is registered as a Data Controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the General Data Protection Regulation (GDPR) and the University’s Data Protection Policy. Throughout this Notice, “University”, “we”, “our” and “us” refers to the Manchester Metropolitan University and “you” and “your” refers to our contractors and suppliers.

The personal data we process

As a contractor or supplier, we will collect a range of personal data about you. For example, where we procure the services of you or your company, we may need certain details to comply with legal obligations and fulfil the associated contracting processes such as those related to payments and benefits. We may also use information about you for equality monitoring and for health and wellbeing purposes, or for compliance with our security policies and procedures. Information may also be required for managing access to the University site, or used in emails or any other communication which you may send to us in the course of potential or agreed engagement with us.

We may collect and process the following personal data about you:

Personal information - such as your name, title, date of birth, profile photo, home address, telephone number, e-mail address, signature and dietary requirements.

Training records - membership identifiers of professional bodies, details of certificates of competence or qualifications and medical examination certificates.

Information about your position - your role, title and department information, location of workplace including telephone and address, information about your use of and access to our information and communications systems.

Security and safety information – CCTV images and building access information captured while on campus; vehicle details and access to our car parks, health and safety information, next of kin and emergency contact information. Any information in relation to your involvement in any incidents on our premises, including exposure to asbestos and the advice provided to the persons involved in exposure incidents.

The recipients or categories of recipients of the personal data

We may also disclose your personal data to other organisations in the below circumstances

• To our suppliers and data processors who help us to deliver our IT systems and services.
• To the University’s insurers and external legal advisers.

Whenever we enter into a data processing arrangement with a third party this is conducted under the terms of a contract, which defines the purpose and limits the use personal data and introduces information security and confidentiality requirements.

Data retention

We will retain information about you for as long as required to meet our purposes. In particular:

• Information relating to our HR and finance processes are retained for 6 years following our date of last contact with you.
•  Site access permits are retained for 3 years following their expiration or completion of works.

For further information about how we retain records that relate to you, please see our Retention and Disposal Schedule.

Your data subject rights

Data protection legislation provides data subjects with the following data subject rights:

• The right to be informed – this privacy notice assists with fulfilling these obligations for our employees.
• The right of access - to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing by the University.
• The right to rectification – to have inaccurate or incomplete personal data rectified.
• The right to erasure – to have personal data erased if we have retained it for longer than necessary, processed your personal data unlawfully, or if we are relying upon consent or the legitimate interest lawful basis.
• The right to restrict processing – to have personal data restricted or suppressed in certain ways - applies in certain circumstances. 
• The right to data portability – to have personal data made available with the intention of reuse for your own purposes
• The right to object – give employees the right to object to processing in certain circumstances.

To request to exercise any of these rights please write to: [email protected]. Please note that the above rights can be subject to limitations and exemptions meaning the University may be exempt from complying with your request. We will inform you if this is the case.

Further information

For simplicity we have specific privacy notices for particular areas of service that may be applicable to you as a contractor or supplier

• Privacy Notice – CCTV Systems
• Privacy Notice – For Health and Safety Incident and Near Miss Reporting

For further information about data protection and the data subject rights please see: https://www.mmu.ac.uk/data-protection and the Information Governance Intranet Pages.

Contacting us

This privacy noticed is owned by Estates Facilities and Capital Development. For questions or concerns about this notice or our use of your personal information, please contact the Help Desk [email protected] in the first instance. Our Data Protection Officer can also be contacted using [email protected], by calling 0161 247 3331 or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO. If you wish to contact the ICO the following contact information can be used: [email protected] or telephone: 0303 123 1113. For any further contact information please see: https://ico.org.uk/global/contact-us/.