Information governance privacy notice

Information you need to know

The Data Protection team is part of the Legal Services department at Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk.

This privacy notice explains how we use your personal information and your rights regarding that information.

For information about how the wider university uses personal data, please see the Privacy notice section of our website.

Information we are collecting

We collect personal data when individuals contact the university to request information under the Freedom of Information Act 2000, the Environmental Information Regulations 2004, or data protection legislation, including the UK General Data Protection Regulation (UK GDPR). We also collect personal data where individuals contact the university’s Data Protection Officer directly.

When we receive a request, we record your name and contact details so that we can correspond with you and provide a response. We may also collect limited information that you choose to provide which helps us understand and monitor the types of requests we receive and overall demand for information rights services.

Where you make a request for access to your own personal data and we need to verify your identity, we may temporarily collect copies of identity documents for verification purposes. Any copies of identity documentation are securely deleted once identity checks have been completed.

Source of the personal data

Personal data is usually collected directly from you when you submit a request or otherwise contact the university in relation to information rights or data protection matters.

In some cases, personal data may also be provided to us by a third party acting on your behalf. This may include solicitors, legal representatives, or other authorised individuals who contact the university in relation to an information rights or data protection matter.

Where appropriate, we may also receive relevant personal data from other internal university teams, or from external organisations, where this is necessary to respond to a request or manage a matter properly.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

Your personal data is processed so that we can respond to your enquiries and requests and meet the university’s legal duties under information and data protection legislation, including the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the UK General Data Protection Regulation (UK GDPR).

The lawful basis for processing your personal data is Article 6(1)(c) of UK GDPR, as the processing is necessary for the university to comply with its legal obligations.

Who has access to this data

Your personal data will only be used by relevant LJMU staff where it is necessary for them to carry out their role. This may include the Data Protection Officer and members of their team, as well as staff in other university teams who hold personal data where this has been requested by you or on your behalf, or where we are investigating a personal data breach or carrying out an internal review of a decision.

We may also be required to share information with external organisations where this is lawful and necessary. This can include bodies such as the Information Commissioner’s Office, the Student Loans Company, the police or other law enforcement agencies, and providers of software or systems used to support information governance.

Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role.

How the university protects your data

We are committed to keeping your personal data safe in line with data protection legislation and our information security and data protection policies.

Personal data handled by the Data Protection team is held primarily in secure electronic systems with appropriate access controls in place. In very limited circumstances, paper records may be created for internal use. Where this occurs, they are stored securely within the team’s offices in locked cabinets and accessed only by authorised staff.

How long the university keeps your data

Personal data relating to information requests is retained in line with the university’s Records Retention Schedule. In most cases, details of information requesters are retained for six years after the last entry on the relevant case file.

Where identity verification is required, the university will not normally retain copies of identification documents. Instead, we may retain a limited record to confirm that identity checks have been completed, for example noting the type of document seen and a minimal reference to it. This information is retained in line with the same retention period as the associated case.

Your rights

As a data subject, you have a number of rights. You can:

access and obtain a copy of your data on request - this could be in a portable electronic format
request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

We need to collect certain personal data in order to respond to your request and to meet our legal obligations under information and data protection legislation.

If you do not provide sufficient contact details, we may be unable to respond to your enquiry or request. Where you are requesting access to your own personal data, the university is required to verify your identity before any information can be disclosed. If you do not provide appropriate identification when requested, we will be unable to process your request for security reasons.

Transfers of data outside the UK

We normally keep your personal data within the UK. In some cases, however, we may need to transfer it to another country - for example, to deliver a contract with you or to work with a partner organisation such as a university based overseas.

Whenever this happens, we make sure your information stays protected. This could be through a UK “adequacy regulation” (which confirms that the other country’s data protection laws are up to UK standards) or by putting strong safeguards in place.

These safeguards might include:

model contractual clauses
formal data sharing or processing agreements
binding corporate rules

In short, even if your data travels abroad, it will continue to be treated with the same care and respect as it would under UK law.

Automated decision-making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
Telephone: 0303 123 1113.
Email: contact can be made by accessing the ICO website.

Undergraduate

Postgraduate

Degree Apprenticeships

Continuing Professional Development

Order a prospectus

Visit us

Your student experience

Liverpool

Student support

Fees and funding

Thinking of applying

Making your application

Holding an offer of study

International partnerships

Our vision, values and strategy

The people who shape LJMU

Contact and explore LJMU

Public information

Vacancies and your working life at LJMU

Information governance privacy notice

Information you need to know

Information we are collecting

Source of the personal data

Why we are collecting your data and the legal basis for this

Who has access to this data

How the university protects your data

How long the university keeps your data

Your rights

If you do not provide data

Transfers of data outside the UK

Automated decision-making

How to complain to the university

How to complain to the Information Commissioner’s Office

Information governance privacy notice

Information you need to know

Information we are collecting

Source of the personal data

Why we are collecting your data and the legal basis for this

Who has access to this data

How the university protects your data

How long the university keeps your data

Your rights

If you do not provide data

Transfers of data outside the UK

Automated decision-making

How to complain to the university

How to complain to the Information Commissioner’s Office

Cookie settings