This privacy notice explains who we are, how and why we collect and use personal information about you, what personal data is collected and held about you for Freedom of Information request and rights requests, our purposes and lawful bases for processing, who we share your personal data with, relevant retention periods, and how you can exercise your privacy rights.
Please do read this notice to understand our practices and if you have any questions please contact us using the contact details provided below.
Who we are
Throughout this notice, “University”, “we”, “our” and “us” refer to the Manchester Metropolitan University, an exempt charity under Schedule 2 to the Charities Act 1993 (amended by the Charities Act 2011). The University is the Data Controller in respect of the personal data you provide as part of your freedom of information or rights request.
The University is registered as a controller with the Information Commissioner’s Office (ICO). We manage personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the University’s Data Protection Policy.
The personal data we process
We collect and process certain data about you. This may include:
- your name
- address
- email address
- details of your request
- a form of identification, such as a driving license or passport
The purposes of the processing
In relation to responding to freedom of information and rights requests, the legal basis for processing your personal data is that it is necessary to comply with a legal obligation placed on us as the controller.
Sensitive ‘special category’ personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Although we do not collect any sensitive personal data, we may process this in responding to a subject access request. We may also process data about criminal convictions in responding to a subject access request.
If you contact us, we may also keep a record of that correspondence.
The recipients or categories of recipients of the personal data
If a complaint is lodged against the University in relation to your request, we may have to disclose personal data about you to the Information Commissioner’s Office to ensure compliance.
To coordinate the collation of the data held by the University to answer your rights request, we may have to disclose personal data such as your name and the nature of your rights request, to the employees of the University who hold the data.
Data retention
Your personal data will only be retained for as long as it is necessary in accordance with the University’s Retention and Disposal Schedule. Specifically, we will retain your personal data for 3 years when you submit a rights request or freedom of information request.
Your rights in respect of the processing
The UK GDPR provides data subjects with the following data subject rights:
- The right to be informed – this privacy notice assists with fulfilling these obligations
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Please note, that these rights apply in certain circumstances, for example according to the lawful basis used by the University. The right of access to personal information held about you exists in order to be aware of, and verify, the lawfulness of the processing. Please use the contact information below to exercise these rights.
Contacting us
Our Data Protection Officer can be contacted:
- by email at [email protected]
- by calling 0161 247 3884
- or in writing to: Data Protection Officer, Legal Services, All Saints Building, Manchester Metropolitan University, Manchester, M15 6BH
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) as the supervisory authority in respect of the processing of your personal data. We would encourage you to expend our internal complaints procedure through our initial contact and the University Data Protection Officer, prior to contacting the ICO.
Please:
For any further contact information please see: https://ico.org.uk/global/contact-us/.
Updates to this privacy notice
We may update this privacy notice from time to time in response to changing legal, technical or business developments. When we update our privacy notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.