Information Services
Information Services
Contact us

Privacy Notice

Our Privacy Notice for users of ASTA

PRIVACY STATEMENT

 

Information about you: how we use it and with whom we share it

The information you provide will be used by the University to track time spent on activities, billing, forward planning of resourcing and work allocation, reporting on effort spent and budget management.

We are using information about you because it is necessary for the proper management of Projects, Programmes, and Portfolios and their Stakeholders, and in some cases for the performance of your contract with us.

Information about you may be shared with downstream services that you might need access to including: Projects Website, Office 365, wiki, email, and reporting documents.

We will not share your data with any third party unless when there is a legal obligation to do so.

We will hold the personal data you provided us for as long as required. Projects, Programmes, and Portfolios determine retention periods for user access and historical records. This is in line with corporate retention periods.

If you have any questions, please contact the University of Edinburgh, Project Management Office (PMO), Information Services Group (PMO@ed.ac.uk).

 

Data controller and contact details

For data collected under this privacy notice, the University of Edinburgh (the “University”) is the Data Controller (as that term is defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679), registered with the Information Commissioner’s Office, Registration Number Z6426984. You can contact our Data Protection Officer at dpo@ed.ac.uk. Our data protection policy is on our website at http://www.ed.ac.uk/records-management/data-protection/data-protection-policy

 

Mandatory data sharing

In addition to the primary purposes, we are also legally obliged to share certain data with other public bodies such as HMRC and will do so where the law requires this; we will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate.

 

Transfers outside the EEA

The University will only transfer data to countries outside the EEA when satisfied that both the party which handles the data and the country it is processing it in provide adequate safeguards for personal privacy. Details of such transfers and safeguards are on our website.

 

Your rights

You have the right to request access to, copies of and rectification or erasure of personal data held by the University and can request that we restrict processing or object to processing as well as the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact.

If we have asked for your consent in order to process your personal data you can withdraw this consent in whole or part at any time. To withdraw consent, please email your local contact, who will explain the consequences of doing so in any particular case and initiate proceedings for withdrawing consent.

 

Complaints

If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office at casework@ico.org.uk but we ask that you raise the issue with our Data Protection Officer first.

This article was published on