Privacy Policy
The Universities for Nottingham (UfN) initiative is a partnership collaboration between the University of Nottingham and Nottingham Trent University. As such, this website is the joint responsibility of each institution to manage and maintain. A separate Memorandum of Understanding sets out the shared roles and responsibilities of each institution.
On behalf of the Universities for Nottingham initiative, for the purposes of our responsibilities specifically relating to data protection and data handling through the UfN website as set out in this Privacy Policy, the University of Nottingham will act as the first point of contact on behalf of both institutions. The policies and processes set out below for handling personal data, are therefore, those of the University of Nottingham.
Please note that the Universities for Nottingham website is a standalone site, separate from each institution’s main websites. It was developed by external contractors Optima Graphic Design Consultants Ltd and will be managed separately by the UfN Project Team going forward.
This privacy policy explains how we use any personal information we collect about you when you use this website. It also explains your rights in relation to your personal data processed by us.
We will keep this privacy notice under regular review, and we will place any updates on this web page.
This privacy notice was last updated on 3 January 2020.
What information do we hold?
We collect information about you when you visit our website for the first time, and when you interact with our pages. We also collect information when you voluntarily complete contact/sign-up forms, provide feedback and submit queries.
Website usage information is collected using cookies.
How do we use it and why?
We use your information collected from the website to personalise your repeat visits to our website, and to help us understand what works and what doesn't on our website. We'll use information you submit through our contact forms and other ways of giving feedback to help you with your specific requests.
Under the GDPR we must establish a legal basis for processing your personal data and let you know what this is. It is in the University's legitimate interest to process your personal data for the outline above. This processing shouldn't impact on you negatively and is necessary for our website to function correctly.
Who do we share it with?
We use several different third-party services to process your data, which allow us to give you the best possible experience. If we do want to collect personally identifiable information through our website, we will be up front about this. We always make clear when we collect personal information and explain what we intend to do with it.
We can't take responsibility for the behaviour of sites linked to or from our website. You should consult their individual privacy policies for more information.
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
The following cookies may be set whilst browsing our website:
- We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google's privacy policy is available at: https://www.google.com/policies/privacy/. Google Analytics uses the following cookies: _ga – Used to distinguish users. Expires after 2 years. _gid – Used to distinguish users. Expires after 24 hours. _gat_UA-156252403-1 – Used to throttle request rate. Expiry time: session.
- Our website sets exp_cookies_allowed, exp_cookies_accepted or exp_cookies_declined to track and respect your choices. Around our website we use cookies to remember where you are and to help and protect you. We use exp_last_activity so every time the page is reloaded the date and time of your last activity is available. This is used to determine form or login expiry. This is essential for logged in users to record their data and not lose it as it is being input. The expiry time 12 months. exp_last_visit Sets the date and time that the you last visited the site. Affects guests and logged in users. The expiry time is 12 months. exp_tracker Tracks the last 5 pages you viewed and is used primarily for redirection after some actions on the site ie moving back to pages. This affects guests and logged in users. This cookie expires when you leave the site. We also use exp_csrf_token. This cookie protects against Cross Site Request Forgery (CSRF). A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. It expires from your computer after one hour.
Here you can edit your cookie preferences for this site.
Embedded content
Sometimes we'll embed content in our pages that we don't control or operate. This is common for social media sites such as Facebook and Twitter. When you interact with these elements, which are always marked clearly, you've not interacted with our website but instead the service embedded, and we can't guarantee what data is collected.
Google Analytics
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
SMRS
We contract a third party, SMRS, to run digital campaigns, and as such they need access to certain data to work out if their campaigns are running correctly. They use Google's DoubleClick to collect data that is anonymised upon collection, and only processed in a way which does not identify anyone. We do not make, and do not allow SMRS or Google to make, any attempt to find out the identities of those visiting our website.
Optima
Optima support and host our website and content management system. We'd only ever give them personal information if it was strictly necessary to fix specific faults or errors, and we ensure no data is kept or copied.
How long do we keep your data?
Personally identifiable data that's used at a top level for the maintenance and upkeep of the website is held in your browser in the form of cookies, which you have control over. You may delete them at any time.
Data collected through contact forms, feedback and queries will be held for a variable amount of time depending on exactly what it's being used for, but it'll usually be in line with our retention policy. We'll always tell you at the point when this data is going to be collected if it's not.
Where can I get more information?
If you have any questions about the website please contact the UfN Project Team via .(JavaScript must be enabled to view this email address)
How the University of Nottingham processes your personal data
The University of Nottingham, University Park, Nottingham, NG7 2RD (0115 951 5151), is committed to protecting your personal data and informing you of your rights in relation to that data.
The University of Nottingham is registered as a Data Controller under the Data Protection act 1998 (registration No. Z5654762).
One of our responsibilities as a data controller is to be transparent in our processing of your personal data and to tell you about the different ways in which we collect and use your personal data. The University will process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and this privacy notice is issued in accordance with the GDPR Articles 13 and 14.
We may update our Privacy Notices at any time. The current version of all of our Privacy Notices can be found here https://www.nottingham.ac.uk/utilities/privacy/privacy.aspx#Privacynotices and we encourage you to check back here regularly to review any changes.
The Data Protection Officer
The University has appointed a Data Protection Officer. Their postal address is:
Data Protection Officer,
Legal services
A5, Trent Building,
University of Nottingham,
University Park,
Nottingham
Ng7 2RD
They can be emailed at .(JavaScript must be enabled to view this email address) and telephoned on (0115) 748 7179.
Your personal data and its processing
We define personal data as information relating to a live, identifiable individual. It can also include "special categories of data", which is information about your racial or ethnic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly, information about criminal convictions and offences is also subject to strict requirements. "Processing" means any operation which we carry out using your personal data, for example obtaining, storing, transferring or deleting.
We only process data for specified purposes and if it is justified in accordance with data protection law. Details of each processing purpose and its legal basis is given in each privacy notice listed below - please consult the one more relevant to your relationship to the University.
How long we keep your data for
Unless specific time periods are given in the relevant Privacy Notice, your data will be kept in line with the University's Records Retention Schedule.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you need more detailed advice on how long your data will be kept for, please contact the data protection team .(JavaScript must be enabled to view this email address)
Your rights as a data subject
You have the following rights in relation to your personal data processed by us:
1. Right to be informed
The University will ensure you have sufficient information to ensure that you're happy about how and why we're handling your personal data, and that you know how to enforce your rights.
The University provides information in the form of privacy notices. You can read all of our privacy notices online.
2. Right of access / right to data portability
You have a right to see all the information the University holds about you. Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format that allows you to supply that data to a third party - this is called "data portability".
To make a request for your own information please see our Data Protection website.
3. Right of rectification
If we're holding data about you that is incorrect, you have the right to have it corrected. Please email any related request to the information compliance team .(JavaScript must be enabled to view this email address)
4. Right to erasure
You can ask that we delete your data and where this is appropriate, we will take reasonable steps to do so. Please email any related request to the information compliance team .(JavaScript must be enabled to view this email address)
5. Right to restrict processing
If you think there's a problem with the accuracy of the data we hold about you, or we're using data about you unlawfully, you can request that any current processing is suspended until a resolution is agreed. Please email any related request to the information compliance team .(JavaScript must be enabled to view this email address)
6. Right to object
You have a right to opt out of direct marketing. You have a right to object to how we use your data if we do so on the basis of "legitimate interests" or "in the performance of a task in the public interest" or "exercise of official authority" (a privacy notice will clearly state to you if this is the case). Unless we can show a compelling case why our use of data is justified, we have to stop using your data in the way that you've objected to. Please email any related request to the information compliance team .(JavaScript must be enabled to view this email address)
7. Rights related to automated decision-making including profiling
We may use a computer program, system or neural network to make decisions about you (for example, everyone that is on a particular course gets sent a particular letter) or to profile you. You have the right to ask for a human being to intervene on your behalf or to check a decision. Please email any related request to the information compliance team .(JavaScript must be enabled to view this email address)
Withdrawing consent
If we are relying on your consent to process your data, you may withdraw your consent at any time.
Exercising your rights, queries and complaints
For more information on your rights, if you wish to exercise any right, for any queries you may have or if you wish to make a complaint, please contact our Data Protection Officer .(JavaScript must be enabled to view this email address)
Complaint to the Information Commissioner
You have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO's website https://ico.org.uk/