Finance Department privacy notice

Information you need to know

The Finance department is part of Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk.

This Privacy Notice explains how we use your personal information and your rights regarding that information.

For information about how the wider University uses personal data please see the Privacy Notice section of our website.

Information we are collecting

The Finance Team processes personal data relating to students and their sponsors, university staff, suppliers and contractors, and other individuals or organisations to whom payments are made.

This may include your name, address, date of birth and contact details, as well as bank and payment information. We may also process salary and pay-related information, National Insurance numbers, pension scheme membership and contributions, and trade union membership and subscription details where relevant.

In some circumstances, we may also process information relating to maternity, as well as gender, where this is required for administrative or reporting purposes. Copies of Curriculum Vitae may also be retained where necessary.

For members of staff applying for an LJMU procurement card, we may also collect additional information such as gender and nationality.

Source of the personal data

Most of the personal data processed by the Finance Team is provided directly by individuals or made available through university systems as part of standard processes.

Staff data

For staff, personal data is recorded within the Staff Infobase (Oracle) system by Human Resources as part of the onboarding process for new starters. This enables the Finance Team to administer payroll, process payments, and manage pension contributions and other statutory or voluntary deductions to relevant third parties. The data recorded typically includes personal and contact details, bank information, salary and pay-related information, National Insurance numbers, pension scheme details, and other information required for employment and payroll administration, such as maternity-related information and gender where applicable.

Staff data is maintained within these systems and will remain unchanged unless Human Resources are notified of updates. In some cases, staff members are able to update certain details themselves through the Staff Infobase self-service system, for example bank details or emergency contact information.

Contingent worker data

Contingent workers are individuals who are not directly employed by LJMU but provide services under a contractual arrangement, such as agency staff or consultants.

Their personal data is recorded within Staff Infobase and includes information such as their name, address, date of birth, National Insurance number, gender and bank details.

Student data

Student personal data is held in the Student Information System (SIS) and is provided directly by students during the recruitment and enrolment process.

Finance staff access this information to ensure tuition fees and any other charges or payments are accurately recorded on the student account.

Where students receive payments such as bursaries, bank details are provided directly by the student via the relevant bursary portal to allow payment to be made.

External visitor data

Where payments are made to ad hoc external visitors, individuals are required to provide their personal data directly in order to facilitate payment.

This includes information such as name, address, date of birth, National Insurance number, gender and bank details, where these are necessary to process payments.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

Most of the information we hold, where it is needed to verify or evidence a payment, enables us to perform a contractual requirement with the data subject.

In some cases, we may also be required to process personal data to comply with a legal obligation, such as collection of taxation or pension contributions and for statutory reporting.

Where special category data is processed, this is done in accordance with Article 9 of UK GDPR and the relevant conditions set out in the Data Protection Act 2018, including where processing is necessary for employment, social security or social protection law, or where explicit consent is required.

Who has access to this data

Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role.

Examples of relevant staff may include:

  • Payroll staff
  • Payments staff
  • Finance staff
  • budget holders
  • HR

Examples of external parties we may lawfully share information with include:

  • Student Loan Company
  • pension schemes
  • HMRC
  • debt collection agencies
  • internal and external auditors
  • funding providers
  • card issuers (Barclaycard)

How the university protects your data

We are committed to keeping your personal data safe in line with data protection legislation and the university’s information security and data protection policies.

Paper documents are kept either in the Finance Department in Exchange Station on Tithebarn Street or off-site at a secure storage facility (Iron Mountain). The Finance Department has a key card access system and documents are kept in locked filing cabinets.

Digital information is held on secure University servers and within the Finance system (Oracle Staff Infobase). Both ensure only relevant staff members have access to the data they require in performance of their duties.

How long the university keeps your data

Data is kept for the relevant periods required by law/guidance, with reference to the following legislation:

  • Limitation Act 1980
  • HMRC Guidance
  • JISC guidance
  • EC No. 1260/1999 Article 38
  • Taxes Management Act 1970
  • SI Regulation
  • The Statutory Sick Pay (General) Regulations
  • The Statutory Maternity Pay (General) Regulations 
  • The Retirement Benefits Schemes (Information Powers) Regulations

If you have applied for a procurement card, LJMU will hold the application data for 14 days while it is sent to Barclaycard. For more information on how Barclaycard process your personal data please see the Barclaycard website.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request - this could be in a portable electronic format
  • request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
  • request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

In most cases, if personal data is not provided, we will be unable to process payments or collect fees in line with our contractual or legal obligations. This could result in our inability to make or receive payments.

You cannot receive a procurement card if you do not provide this information. Therefore, you should discuss this with your line manager, as it may have implications for your role.

Transfers of data outside the UK

We normally keep your personal data within the UK. In some cases, however, we may need to transfer it to another country - for example, to deliver a contract with you or to work with a partner organisation such as a university based overseas.

Whenever this happens, we make sure your information stays protected. This could be through a UK 'adequacy regulation' (which confirms that the other country’s data protection laws are up to UK standards) or by putting strong safeguards in place.

These safeguards might include model contractual clauses, formal data sharing or processing agreements, or binding corporate rules. In short, even if your data travels abroad, it will continue to be treated with the same care and respect as it would under UK law.

Automated decision making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

  • Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
  • Telephone:  0303 123 1113.
  • Email: contact can be made by accessing the ICO website.