You will generally not have to pay a fee to access your personal information (or to exercise any of the other rights). If you make a request, we have one month to respond to you. We may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Please see our policy on Data Rights for further information. If you wish to exercise any of your rights, or have any questions about your rights, please contact the Data Protection Officer at firstname.lastname@example.org.
6. Data sharing
We may have to share your data with third parties, including third-party service providers and suppliers.
We require third parties to respect the security of your data and to treat it in accordance with the law.
If we have to transfer any of your personal data outside the UK we ensure the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request.
Our privacy notices will set out more details about whom we will share data with.
7. Data security
We have put in place measures to protect the security of your information.
Where third parties have access to your data, we will provide instructions for them to process your personal information only on in accordance with our instructions, and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a relevant business need. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The University’s overarching approach to data protection is set out in our Data Protection Policy.
8. Links to other websites
9. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the DPO at email@example.com
10. International Transfers
If we have to transfer any of your personal data outside the European Economic Area (EEA) we ensure the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections, we will put safeguards in place. Details of these safeguards can be provided to you upon request.
If you are dissatisfied with the way the University of Essex has processed your personal data, or if have any questions or concerns about your data please contact firstname.lastname@example.org. If we are not able to resolve the issue to your satisfaction, you have the right to complain to the Information Commissioner’s Office (ICO). They can be contacted at https://ico.org.uk/make-a-complaint/
The ICO’s address:
Information Commissioner’s Office
Helpline: 0303 123 1113
12. Changes to this Privacy Notice
This privacy notice was published on Monday, 31 January 2022. We may change this privacy notice from time to time. Last revised 31 January 2022.