Privacy Notice for Lay Members of Council and its Committees
The University of Bradford is registered with the Information Commissioner’s Office as a controller of personal data and is in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
The University needs to hold information (known as personal data) relating to and and, as required by current data protection legislation, this page explains what personal data is held and why it is held.
Under what legal basis does the processing of my personal data take place?
The GDPR and DPA provide for a number of different legal bases under which processing of personal data may take place. In this case, the following apply:
- The University needs to process your personal data to comply with its legal and regulatory obligations, such as declaring details of company directors and for the requirements of registration with the Office for Students (OfS);
- Processing is necessary for the performance of our tasks carried out in the public interest or in the exercise of official authority vested in the University;
- Processing is necessary for the purposes of the legitimate interests pursued by the University or by a third party;
Where this lawful basis applies, the following examples indicate the types of processing:
- To monitor and evaluate the performance and effectiveness of Council and the University;
- To seek advice on our rights and obligations, such as where the University seeks legal advice and it provides personal information to its legal advisers.
- You have given your consent to the processing of personal data; and
- In the case of special categories of personal data and personal data relating to criminal convictions and offences, the processing is undertaken with explicit consent and/or because it is necessary for reasons of substantial public interest set out in Schedule 1 of the Data Protection Act 2018, particularly paragraphs 6 and 12.
On becoming a Member of Council, the University will collect the following types of personal data:
- Your name and contact information (such as an address, email address, and telephone number;
- Date of birth;
- Information required by Companies House to register you as a Director of University companies. This includes your date of birth, any additional names by which you have been known, nationality, job title;
- Information required by the OfS, such as details of all other directorships and trusteeships held at other organisations;
- Biographical details and a photograph.
On an annual basis you will be asked to complete:
- A “Declarations of Interests Form”, requesting information about your other interests which are relevant to your role at the University;
- A “Fit and Proper Persons Declaration” to demonstrate, as required by OfS that you:
- are of good character
- have the qualifications, competence, skills and experience that are necessary for your role;
- are able by reason of your health, after reasonable adjustments are made, to properly perform the tasks of the office or position for which you are appointed
- have not been responsible for, been privy to, contributed to, or facilitated any serious misconduct or mismanagement (whether unlawful or not) in your employment or in the conduct of any entity with which you are or have been associated
- know of no other reason why you should not be a Member of Council or one of its committees.
- A “Personal Details Form” asking for details related to the protected characteristics as covered by the public sector equality duty and any additional information required by the OfS and the Higher Education Statistics Agency.
These include: age; gender reassignment; married/civil partnership status; pregnancy/maternity leave status; disability, race; religion; gender and sexual orientation. Previously completed forms are destroyed when an updated form is received. Anonymised statistics will be retained by the University
Additional personal data is collected during your connection with the University for example:
- bank account details, in order to pay any expenses that you have claimed;
- car registration number, to facilitate car parking; and
- dietary requirements, in order to ensure that you receive appropriate food and drink during the course of meetings and other events you attend.
The information is provided by you as part of the application process and annual reviews and the University may also collect publicly available information about you.
The University may share some of your personal data with certain third parties due to your role as a Member of Council or one of its committees, for example:
- Companies House;
- OfS: OfS may ask us to get your consent for it to hold and process you data;
- The Higher Education Statistics Agency which requires the University to provide equality information about the members of its governing body;
- Advance HE and other providers in relation to bookings made on behalf of Members for training and events;
- Hotels for bookings, to confirm accommodation, dietary and access requirements etc.; and
- Other organisations such as research funding bodies which may be required as part of their own due diligence arrangements to ensure that their resources are appropriately distributed and consequently ask for information about members the governing bodies of organisations which are potential recipients of funding.
The University may also pass on certain details to other organisations, for example in connection where they require it for the purposes of complying with a regulatory requirement.
Your name and brief biographical information is also published on the University website along with a photo. This is produced in consultation with you and if you do not want your biographical information and photo to be published, your wishes will be respected.
As is required by the Office for Students, the University also published the Register of Interests.
The University does not anticipate transferring the information overseas and would only do so where there is adequate protection in place or where your explicit consent to do so has been received.
Following sector recommendations made by JISC, the HE sector body with responsibility for such matters, the retention period for records relating to Members of statutory committee is six years after the end of the term of the office. Information held in minutes and other committee papers is held in accordance with the retention period for those papers: for statutory committees, this will be permanent retention.
As a person whose personal data is processed by the University, you have certain rights in respect of that personal data. In respect of the information the University holds about you as a lay member of Council or a committee of Council, the following rights are relevant:
- To withdraw consent where consent is the legal basis used to process the personal data (contact email@example.com);
- To access your personal data that is held;
- To rectify inaccuracies in personal data that is held about you if it is inaccurate or incomplete;
- To request the erasure of your personal data where there is no compelling reason for its continued processing;
- To request that the processing of your personal data be restricted in certain ways;
- To object to certain processing of your personal data;
- To complain to the Information Commissioner’s Office about the way in which we process your personal data.
Please note that the above rights are not absolute and the University may be entitled to refuse requests where exceptions apply. For example, if you asked the University to erase all personal data it held about you, while most personal data would be erased, the University would not be able to remove any personal data from formal documents such as Council minutes.
If you have queries, concerns or wish to raise a complaint regarding the way in which your personal data has been processed you should contact the Data Protection Officer in the first instance at firstname.lastname@example.org
If you remain dissatisfied, then you have the right to refer the matter to the Information Commissioner’s Office (ICO). The ICO can be contacted at:
Information Commissioner’s Office
You can also call the Information Commissioner’s Office by telephone: 0303 123 1113
About this notice
|Written by:||John Giddings & Matthew Stephenson, revised after feedback from Gwyn Arnold and|
|Reviewed by DPO:||MS 03/09/2019|
|Next Review Date:||01/08/2020|