Privacy notice for members of the Court

Privacy notice for potential, current and former members of the Court, Court committees and the Edinburgh Business School Advisory Board

Introduction

We could not exercise our responsibilities to support the work of the University Court and its Committees, the Edinburgh Business School Advisory Board (EBSAB), and the members of those bodies without collecting, holding and using your personal data as a member. This guide explains what we do with your personal information and why. It applies to persons who apply for positions in the membership of the University Court and its Committees, and the EBSAB, those who are currently members, and those who are former members of those bodies.

If you use University services, we will give you further information at that time.

Who is the data controller?

Heriot-Watt University is the Data Controller for personal data we hold about you. Where we use the term ‘University’, this includes all members of the Heriot-Watt University Group. We hold your personal data securely and restrict access to personal information to people who need to use it in the course of their duties. When collecting and processing information about you, we must comply with the UK Data Protection Act, 2018, the European Union General Data Protection Regulation (GDPR) and other privacy laws, such as the Malaysia Personal Data Protection Act, 2010, that apply in the countries in which the University operates.

What personal information we collect and use

We collect and hold personal information in all formats for the purposes set out in this guide.

• Your contact details including postal and email address (your University email address if you are a staff member) and Skype address should you wish to use this means of participating in meetings from time to time
• Your telephone number if you become a member and we need to make contact quickly (University extension number if you are a staff member)
• Your curriculum vitae information including your education and, relevant employment details and other information you provide in support of your application for membership in your CV and covering letter; other personal profile information you provide that is relevant to your membership
• Details of your participation in the business and activities of the Court and Committees and the EBSAB you undertake in your capacity as a member
• Information you declare in our Register of Interests
• Still and moving images

Where this is necessary to meet a legal obligation e.g. under equality law, or with your consent, we may also process sensitive information, also known as special categories of data under GDPR, or protected characteristics under the UK Equality Act 2010, which may include:

• Age
• Disability
• Gender Reassignment
• Marriage and Civil Partnership
• Physical or mental health details
• Pregnancy and Maternity
• Racial or ethnic origin
• Religion and Belief (including no belief)
• Sex
• Sexual Orientation
• Trades union membership;
• Criminal convictions and alleged offences

Why we collect and use your personal data

1. For recruitment, membership and governance purposes

What is our legal basis?

• In order to consider your application for membership we need to process your data to take steps at your request prior to entering into a contractual agreement with us.
• The University Charter and Statutes gives us legal authority to process your personal data where this is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University as a Data Controller. For example, we keep records of your participation in University governance and publish personal profile information about you on our website to meet our accountability to internal and external stakeholders.

We collect and use your information to:

For candidates

• We may communicate with those who have submitted an application either by email or postal mail.
• If you have applied to us through another agent, such as an executive search firm, we will have received the information that you have provided to them.
• Decisions made about candidates to be shortlisted for an interview are made solely on the basis of the information they provide in a CV and a covering letter in support of their application.

For members

• We keep records of your participation in University governance committees and activities.
• We publish a personal photograph and profile information about you, (including honours/awards, memberships of professional bodies, external appointments, educational qualifications, career history, any relevant areas of research) on our website and communications channels to provide information about who our Court, Court Committee and EBSAB members are and meet our accountability to internal and external stakeholders.
• We record information about your professional skill set/ areas of experience In order to be able to monitor the balance of skills and experience across the membership of the Court and its Committees and the EBSAB and to help inform membership succession planning.
• We use information about any special dietary requirements you disclose to us to inform catering arrangements for Court /Court Committee/EBSAB lunches/dinners and any other events to which you as a member might be invited.

2.  For administrative and financial purposes: to administer any expenses claimed, where applicable

What is our legal basis? Where this is necessary to:

• Comply with a legal obligation; this may be under employment, social security and social protection law, immigration law or another statutory duty
• Protect vital interests in an emergency;
• Exercise or defend legal claims or comply with court judgements;
• Provide medical and health services;
• Protect public health.
• Comply with legal duties in the substantial public interest e.g. for equality monitoring

We maintain a register of members’ interests (including registerable information about remunerated and non-remunerated positions, relevant contracts, interest/ownership in houses/land/buildings, share and securities interests, any gifts and hospitality received, any non-financial or other interests) in order to meet our statutory obligations to hold, to be transparent about, and to publish information about such interests.

Further information can be found in the Court and Court Committee Membership Policy.

To meet our obligations under equality law. Under the UK Equality Act 2010, we need to collect sensitive personal data about our applicants and members to assist with monitoring equality of opportunity and eliminating unlawful discrimination. We hold this information in strictest confidence and only disclose it, again in confidence, to bodies with a statutory duty to collect it, like HESA. You can choose whether you want to provide information for this purpose. If a candidate or member declares that they have a disability, we have a duty to disclose this information on a need-to-know basis to appropriate staff to ensure that reasonable adjustments are made, enabling disabled members to meet their full potential and to work safely.

4.  For public safety and the prevention and detection of crime

What is our legal basis?

• Where this is necessary for the prevention, investigation, detection or prosecution of criminal offences,
• Where required by law
• For the safeguarding against and the prevention of threats to public security.

Processing for these purposes includes:

• Use of CCTV systems to monitor and collect visual images;
• Reporting incidents of suspected criminal activity to the police
• Applying security, welfare and other procedural measures where necessary for the safety and security of the University community under health and safety and other relevant laws.

5.  To promote the University Group

What is our legal basis?

• Where processing is necessary in the public interest under the Charter and Statutes •
• Where we have your consent;
• Where necessary for archiving purposes in the public interest.

We may take photographs, and other images and recordings for possible use in our publicity and promotional material in print and online on our websites and social media.

We keep some copies of promotional material in the University Archive as a record of University life down the years.

6.   For archiving and research

What's our legal basis?

• Where this is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

While always protecting your rights to privacy we will:

• Keep a permanent archival record of your time serving on the Court or one of its Committees or the EBSAB
• Retain copies of promotional material and other records of University community life that may include images and other information about you;
• Produce management and statistical information to monitor and improve our performance and inform future planning, for example, to monitor and improve equality and diversity across our committee memberships.

Who your information may be shared with and why

We may publish or share your personal data only where we have your consent or where one of the following conditions are met.

A request made to you to share your personal data will normally relate only to your contact details, with the intention of sharing this information for the following purposes, which are given as examples:

• to enable other members of the University Court or Court Committee or EBSAB to communicate with you, member to member;
• to enable another department in the University which does not have an agreement with you to hold your data to communicate a request to you. This might include, for example, an invitation to sit on a senior staff recruitment panel, or an invitation to join a panel reviewing company tender bids;
• to enable you to receive regular information and news about the University and its activities;
• to enable you to receive invitations to University events or external events which require University representation;
• so that others in the University may communicate with you in relation to a project you might be advising on or engaged with.

We may appoint people and organisations to work for us and contract with them to act as data processors on our behalf under a duty of confidentiality to ensure the security of your data for any of the above purposes. Examples include:

• IT Services
• Travel and accommodation services, where relevant

To meet our legal obligations to you and to other organisations

We will:

• Help the emergency services (fire, police, ambulance) or a health professional to protect your vital interests or someone else’s e.g. in a medical emergency;
• Submit statistical returns to the government or its agencies, including the Scottish Funding Council, and other official bodies, such as the Higher Education Statistics Agency (HESA). This may include sensitive data for equality monitoring purposes. You can find a copy of the HESA Data collection notice;
• Provide limited information necessary to an organisation with a statutory function, such as the police, Home Office or other Government Agency where this is necessary for law enforcement.

International data transfers

As a global organisation, we need to process your personal information in a country other than the UK, where this is necessary to fulfil our duties under the Charter and Statutes.

For instance, we contract with IT services, which host University data on servers outside the UK. When doing so we:

• Make sure that appropriate safeguards are in place to protect your information and your rights under privacy law;
• Apply the same high standards of privacy and security wherever we process your data

Automated decision making

We do not take any decisions about you based solely on automated processing or profiling.

How long we keep your data

We will keep the personal information that you provide to us for a period of six years beyond the end of your period of membership of the Court or a Court Committee or the EBSAB after which time it will be destroyed in accordance with the University’s records retention policy.

We may wish to use your contact details to contact you in this period beyond the end of your membership, e.g. to seek advice based on your expertise, to invite your participation or involvement in a University event or project. You can ask us to stop contacting you at any time after the end of your membership.

As minutes of Court, Court Committees and the EBSAB are kept permanently for archival purposes records with value as part of the University memory, there will be a permanent record of the fact that you were a member of the University Court, Court Committee or the EBSAB. More information about how long we keep your personal data and why.

Your rights

You have the right to:

• Find out what personal data we process about you and obtain a copy of the data, free of charge within one month of your request by contacting dataprotection@hw.ac.uk We may make a charge for additional copies of the same information.
• Ask us to correct inaccurate or incomplete data If you think we are acting unfairly or unlawfully you can:
• Object to the way we are using your data;
• Complain to the UK Information Commissioner’s Office.

Under certain conditions, you also have the right to ask us to:

• Restrict the use of your data e.g. if you have raised issues about the accuracy or use of your personal data, until we have investigated and responded to your concerns;
• Erase your information or tell us to stop using it to make decisions about you;
• Comply with your wishes where you have previously agreed to us processing your data for a particular purpose and have withdrawn your consent to further processing;
• Provide you with a portable electronic copy of data you have given us.

Data Protection Officer and contact details

If you have any questions about what we do with your personal information or your rights under privacy laws, you can contact us at the addresses below.

Find out more about your rights under privacy law

In our Data Protection Policy and our webpages.

Find out about our Information Security policies and procedures.

On the website of the UK Information Commissioner's Office.