Use of Personal Data

Your Personal Data

This applies to all current and former employees, job applicants, workers, contractors, honorary position holders, volunteers and visiting lecturers at the University.

The following definitions apply:

  • "Data Protection Laws" means any law, Codes of Practice or other binding restriction (as amended from time to time) which relates to the protection of individuals with regards to the processing of Personal Data to which the University of Nottingham is subject, including the Data Protection Act 2018 ("DPA18") and from 25 May 2018 the General Data Protection Regulation (“GDPR”) (or, in the event that the UK leaves the European Union, all legislation enacted in the UK in respect of the protection of personal data);
  • "Data Controller", "Personal Data" and "Processing" shall have the meaning set out in the DPA and from 25 May 2018 the GDPR and "Process" and "Processed" shall be construed accordingly;
  • "Special Categories of Personal Data” (formerly “Sensitive Personal Data”) shall from 25 May 2018 shall mean the categories of data listed in Article 9(1) of the GDPR, namely racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life and sexual orientation, genetic data and biometric data which is processed to uniquely identify a person.

The University of Nottingham will use your personal data in accordance with Data Protection Laws and as set out in the following provisions and in the Privacy Notice for Staff, Job Applicants and Other Working at the University.

You will at all times during your employment/work with the University act in accordance with the Data Protection Laws; you are required to be are fully aware of and to comply with the University’s policies relating to data protection and data security, which are set out in the University’s Governance web pages.

You agree to provide the University in its capacity as Controller with all Personal Data relating to you which is necessary or reasonably required for the proper performance of this agreement and in connection with your employment/work. This includes the payment of salary, the provision of benefits and/or pension scheme and maintaining records of attendance, health, discipline and grievances, the administration of the employment/work relationship (both during and after the employment/work); the conduct of the University’s functions and/or where such provision is required by law (the "Authorised Purposes").

You agree to inform the University’s HR and payroll departments promptly of any change in your personal circumstances which will require your records to be updated.

In order to keep and maintain accurate records relating to your employment/work, it will be necessary for the University to record, hold and process Personal Data (including Sensitive/Special Categories of Personal Data), relating to you held in manual and electronic form which is subject to the Data Protection Laws.

The University may disclose your Personal Data to third parties where this is necessary or reasonably required to achieve one or more of the Authorised Purposes. Such third parties include without limitation:

  • third party service providers, including payroll, benefits, rewards, occupational health, IT service providers and pension providers;
  • insurance providers;
  • the University’s professional advisors;
  • the Vacancy Manager, Clarilis and MyView platform providers;
  • HM Revenue & Customs or other authorities.

In certain circumstances, it may be necessary to transfer such Personal Data (including Sensitive/Special Category Personal Data) outside the European Economic Area. In respect of such transfers, the University will take reasonable steps to ensure an adequate level of protection for all Personal Data transferred outside the European Economic Area, which includes a Data Sharing Agreement for data transferred between the University and the branch campuses in Malaysia and China.

Where it is necessary or reasonably required to achieve one or more of the Authorised Purposes, the University may process your Personal Data, including Special Category Personal Data such as self-certification forms or medical certificates to explain your absence by reason of illness or injury, any records of sickness absence, any medical reports or health assessments, any details of any disabilities, any details of your trade union membership, any information relating to your gender, religious or other beliefs, race or ethnic origin and any information relating to any criminal convictions or any criminal charges secured or brought against you. In particular, this includes your line manager/supervisor having access to relevant Personal Data for example your home address, home/mobile telephone number, marital status record, emergency contact details and absence records.

Personal Data will also be used in an anonymous format to provide statistics and management information that will enable the University to monitor the effectiveness of its policies and procedures. The University is also required to supply data to external bodies such as the Higher Education Statistical Agency (HESA) and the Office for Students in an anonymous format.

It is necessary for the University to carry out proportionate and lawful monitoring of computer usage and communications sent via its networks, to detect and prevent harmful and/or unauthorised usage of its IT systems or misconduct carried out using the University’s IT networks. Communications which may be monitored include office telephone networks, mobile telephones usage, social media, internet usage and email systems. The monitoring is carried out by authorised personnel and to the extent required for the above purposes. Random monitoring is also undertaken in accordance with the University’s IT and Computer Use policies.



Last edited May 23, 2021