Data and Information Privacy Notice

The data or information gathered by the University of Liverpool and the Digital Innovation Facility (DIF) is essential to enable security protocols to be followed by all staff, visitors, clients, and guests to ensure a safe, secure, and compliant environment for DIF users.

Who will own my data once I submit it?

The University of Liverpool, Digital Innovation Facility will own/hold data that is submitted by DIF users, this includes manual documents, electronic data and CCTV video.

Why do you need my information?

Security threats pose a significant risk to all organisations, and the Digital Innovation Facility (DIF) is no exception. This data or information is essential to maintain a high level of security protocols to ensure that all staff, visitors, clients, and guests remain safe. Also, due to the research activity within in the DIF we have a duty and obligation to maintain a secure environment for all users to operate with confidence that data/and information is safe.

What allows you to use my information?

Under the UK Cabinet Office Security Policy Framework we have a responsibility to ensure Physical Security is maintained at the DIF. Any individual who fails to provide the information listed at section 5 will not be allowed into the building. The legal basis for processing this data is public task.

What data or information will be gathered and retention period?

  • Basic personal details comprising of:
    • First name
    • Last name
    • Company/Department/organisation that you are part of
    • Nationality
    • Entry/Exist date and time.
  • CCTV recordings:
    • Internal
    • External (DIF perimeter).
  • Retention period:
    • Basic personal details – 25 years
    • CCTV recordings – 1 month (note: images/video may be retained longer if linked to a security incident or criminal investigation).

Where is the data or information stored?

The data and information gathered is stored at the University of Liverpool data centre/server room managed by University IT services.

Who will my information be shared with?

Data and information will only be shared with official UK government organisations or UoL senior management on request or in response to a security incident. Access is restricted to a small number of DIF senior staff. Any project related data is governed by individual project agreements.

Do I have to provide this information and what will happen if I don’t?

All staff, visitors, clients, and guests must provide the information at section 5, failure to provide this data or information will result in entry being denied. You can discuss this further with your DIF point of contact.

Will this information be used to take automated decisions about me or transferred abroad?

No 

What rights do I have when it comes to my data?

Under the UK General Data Protection Regulation, you may have the following rights with regards to your personal data:

  • The Right to subject access – you have the right to see a copy of the personal data that the University holds about you and find out what it is used for
  • The Right to rectification – you have the right to ask the University to correct or remove any inaccurate data that we hold about you
  • The Right to erasure (right to be forgotten) you have the right to ask the University to remove data that we hold about you
  • The Right to restriction – you have the right to ask for your information to be restricted (locked down) on University systems
  • The Right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request
  • The Right to object – you have the right to ask the University to stop using your personal data or to stop sending you marketing information, or complain about how your data is used
  • The Right to prevent automated decision making – you have the right to ask the University to stop using your data to make automated decisions about you or to stop profiling your behaviour (where applicable).

Please note that not all rights apply in all situations. To find out more about your rights under the UK GDPR, please visit the Information Commissioner’s website.

To request a copy of your data or ask questions about how it is used, contact the University Data Protection Officer:

  • Email: legal@liverpool.ac.uk
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX.

Who can I complain to if I am unhappy about how my data is used?

You can complain directly to the Data Protection Team by writing to the University Data Protection Officer.

  • Email: legal@liverpool.ac.uk
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX.

You also have the right to complain to the Information Commissioner’s Office using the following details:

  • The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 08456 30 60 60 or 01625 54 57 45
  • Website: www.ico.org.uk

Back to: Institute of Digital Engineering and Autonomous Systems