²ÝÁñÊÓƵ Safe Trace Privacy Notice
This page sets out how ²ÝÁñÊÓƵ will process personal data you supply in relation to Safe Trace. It sets out our lawful basis for such processing, explains who we will share this information with, and sets out your rights under GDPR/The Data Protection Act 2018
Identity of Controller
²ÝÁñÊÓƵ is the data controller. This means that we determine the purpose of the processing and are responsible for the adequate protection of personal information. All our staff are appropriately trained and understand their responsibilities for protecting personal data.
Data Protection Officer
If you have any concerns or wish to complain about a data protection issue, please contact our Data Protection Officer at DPO@dmu.ac.uk
If you are dissatisfied with the way ²ÝÁñÊÓƵ has handled your complaint, you have a right to complain to the Information Commissioner’s Office at
What we collect and our lawful basis for doing so
Categories of Data Subjects |
What personal information we collect |
Why we collect it |
Who we share it with |
Lawful basis |
Staff members, Students, Visitors |
Name, email address, contact telephone number and timestamped location data. |
This information is collected as part of Safe Trace in order to identify individuals who may have been in close proximity to someone who has tested positive for Covid 19. |
This information may be shared with Local and National Government Track and Trace Services. |
Explicit Consent |
Retention
Information will be retained for 21 days from point of capture and then deleted.
Special Category Data
The GDPR defines some types of information as special category data because it is more sensitive. This includes information relating to health. While the data collected by Safe Trace is not inherently health related data, the cross referencing of individual’s location data with a positive Covid 19 result means that at that point the data becomes Special Category Data. Explicit Consent remains our lawful basis for processing in these circumstances.
Your Rights
The GDPR gives you rights over how your personal information is used:
- The right to withdraw consent at any point.
- The right to be informed - we must tell you how we process your personal information.
- The right of access - you can ask to see what personal information we hold about you. This is called a Subject Access Request (SAR).
- The right of rectification - where information about you is inaccurate, you can ask us to correct it.
- The right to erasure – in some circumstances, or where ²ÝÁñÊÓƵ has no compelling reason to retain your personal information, you can request deletion of that information.
- The right to restrict processing – in some circumstances, you can ask us to restrict the processing of your personal data. This right, where it applies, also allows you to ask us to retain your personal information but not to use it.
- The right to data portability – in some circumstances, you can request a copy of the personal data you have provided to us in a machine-readable form, so you can transfer it to another organisation for a similar purpose.
- Right to object – where there is no legal obligation for ²ÝÁñÊÓƵ to process your data, you can object to us processing your personal information.
- Rights in relation to automated decisions and profiling - where computers make decisions about you, including automated profiling, you have a right to challenge the decision or ask for a human to check an automated decision.
To discuss any of these rights, please contact dataprotection@dmu.ac.uk and let us know how we can help.
Read ²ÝÁñÊÓƵ’s full Privacy Notice.