Finance Department privacy notice
Tier 2 Privacy Notice
Information you need to know:
The Finance department is part of Liverpool John Moores University. Further information on the institution can be found here: https://www.ljmu.ac.uk/
Liverpool John Moores University is the Data Controller.
Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk
LJMU takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. We will always use your data as set out in the principles of the General Data Protection Regulation (GDPR) and all current Data Protection Legislation. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.
For information about how the wider University uses personal data please see the Privacy Notice section of our website.
What information are we collecting?
The Finance team hold personal data of students and their sponsors, staff and anyone else who we make a payment to. The types of Personal data held include names, addresses, Dates of Birth, bank details, salary information, National Insurance numbers, union membership and contributions, pension membership and contributions, and maternity information. In some cases CV’s may need to be retained.
Why are we collecting your data and what is the legal basis for this?
LJMU will collect personal data from you for several reasons, and will at all times do so in compliance with the principles of the GDPR, and for one of the legal basis set out in Article 6 of the Regulation.
Most of the information we hold, where it is needed to verify or evidence a payment enables us to perform a contractual requirement with the data subject.
In some cases we may also be required to process personal data to comply with a legal obligation, such as collection of taxation or pension contributions and for statutory reporting.
Who has access to this data?
Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role.
Examples of relevant staff may include
- Payroll Staff
- Payments Staff
- Finance Managers
- Budget Holders
Examples of external parties we may lawfully share information with include:
- Student Loan Company
- Pension Schemes
- Debt Collection Agency’s
- Internal and External Auditors
- Funding Providers
How does the University protect your data?
The University takes Data Protection very seriously and at all times your personal data will be handled in line with the University’s Information Security Policy.
Paper documents are kept either in the Finance Department in Exchange Station, Tithebarn Street, Liverpool or off site at a secure storage facility (Iron Mountain). The Finance Department has a key card access system, and documents are kept in locked filing cabinets.
Digital information is held on secure University Servers and within the Finance System (Oracle Staff Infobase). Both ensure only the relevant staff members have access to the data they require in performance of their duties.
For how long does the University keep your data?
Data is kept for the relevant periods required by law/guidance, with reference to the following legislation: -
- Limitation Act 1980
- HMRC Guidance
- JISC guidance
- EC No. 1260/1999 Article 38
- Taxes Management Act 1970
- SI Regulation
- The Statutory Sick Pay (General) Regulations
- The Statutory Maternity Pay (General) Regulations
- The Retirement Benefits Schemes (Information Powers) Regulations
As a data subject, you have a number of rights. You can:
- Access and obtain a copy of your data on request, this could be in a portable electronic format;
- Require the University to change incorrect or incomplete data if you think that it is inaccurate or out of date
- Require the University to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing
If you would like to exercise any of these rights, please contact the Data Protection Officer DPO@ljmu.ac.uk
What if you do not provide data?
In most cases if personal data is not provided, we will be unable to process payments or collect fees in line with our contractual or legal obligations. This could result in our inability to make or receive payments.
Transfers of data outside the EAA
Generally, we do not send your personal data outside the European Economic Area. Where we transfer the personal information we collect about you to countries outside the EU in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a University based outside of the EU. We ensure that your personal information does receive an adequate level of protection and we have put in place the following appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection, for example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).
Automated decision making
We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human. How to complain to the Information Commissioner’s Office?
You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted:
By post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
By phone: 0303 123 1113.
By email: contact can be made by accessing www.ico.org.uk