DMLL Web Site(s) Privacy Statement – v1.0 – December 2018
Contents of this Privacy Notice:
- Who we are?
- What information do we collect?
- How do we use personal information?
- What legal basis do we have for the processing of your personal data?
- When do we share personal data?
- Where do we store and process personal data?
- How do we secure personal data?
- How long do we keep your personal data for?
- Your rights in relation to personal data;
- How to contact us;
- Linking to other websites / third-party content.
Privacy is important to Coventry University Group and its subsidiary companies, full details of Group Structure can be found here The following privacy notice contains information on what data is stored by us, how we process your data, and the rights you have as a data subject under General Data Protection Regulation 2016 (“the GDPR”) and Data Protection Act 2018 (“the Act”). We recommend you read the following Privacy Notice carefully, and, if you have any questions or concerns contact the Information Governance Unit at:
Information Governance Unit,
Alan Berry Building,
This privacy notice applies to the use of the DMLL.org.uk website, sub domains, and associated sites listed below (this list may be amended periodically to include new sites, and to remove sites no longer in use):
All DMLL.org.uk websites, subdomains and associated sites process data in the same way.
For the purposes of the GDPR and the DPA the data controller in respect of your personal data processed in connection with your use of the above sites will be Coventry University Group of Priory Street, Coventry CV1 5FB.
This service is delivered by Coventry University Group for use by academic staff and students, but also the wider general public, and access is provided to the general public. The service is overseen by the Director of the Disruptive Media Learning Lab, Coventry University. In addition, this service is under the oversight of the University Data Protection Officer.
We collect anonymised website usage data if you agree to opt into cookies through one of the sites listed above.
We also collect personal data when submitted through an email enquiry form or other forms embedded within the sites listed above, where applicable.
Through using the above site, we collect personal data from you, including:
- web pages visited and time spent within those pages;
- Information about the device used to access service (PC computer, iOS mobile etc.);
- your location of access to web pages, to the accuracy level of town/city (e.g. Coventry);
- date and time of activity across web pages;
- email address, message content where this is voluntarily provided through online email enquiry and/or feedback forms;
- Plus, any additional information you choose to share via web pages through text input fields as part of evaluation forms (including such personally identifiable information).
Please note: All information submitted via email form, personal or otherwise, is sent directly to the email@example.com email address. No form data is stored within the websites listed above.
Coventry University will use personal data provided for two purposes;
- To analyse the use of, user experience, and popularity of our sites to provide iterative improvements to the user experience.
- To answer enquiries sent to us via embedded email and/or feedback forms contained within the above websites.
Your personal data will be processed by Coventry University Group for the performance of contract with you and for the purpose of our legitimate interest: namely the smooth delivery of services and support to staff and students.
We treat your personal data as confidential, and will only disclose it with other departments within Coventry University Group where necessary to help answer enquiries. We will never disclose your data to anyone outside of Coventry University Group unless we have a legal obligation to do so, or where such disclosure is necessary for the performance of our public tasks in the public interest, and there are prior legal agreements in place to safeguard the information you have provided and it is in the interests of you, the user of the website.
Anonymised analytics data is stored on our hosting service within the EU, and backed up within the EU, in line with General Data Protection Regulations (GDPR). All email enquiries are stored within our Coventry University Group Servers.
We will ensure that appropriate measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
We have in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. We will only transfer personal data to a third party if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.
Maintaining data security means guaranteeing the confidentiality, integrity and availability (for authorised purposes) of the personal data.
Any personal data provided to us is only retain for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
All personal data submitted through email enquiry forms, or other forms embedded within the sites listed above, is forwarded directly to Coventry University Group servers.
Email addresses that have been provided for inclusion into mailing lists are stored within Coventry University Group servers and are retained until no longer required, or until removal from the mailing list is requested. No email data is processed by third-party software. All mailing list correspondence is managed using Coventry University Group services only.
We do not retain any personal data within our web sites. Anonymised analytics data and aggregated reports are never deleted, but do not contain personal information. User IP addresses are anonymised by 2 bytes: e.g. 192.168.xxx.xxx.
You have the right to:
Request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data that we hold about you corrected, although we may need to verify the accuracy of the new personal data that you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
You can withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You can ask us to stop sending you marketing messages at any time by following the “unsubscribe” (or similar) links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a purchase, product/service experience or other transactions.
If you wish to exercise any of your above rights, please send a written request to:
Information Governance Unit,
Alan Berry Building,
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have any questions or concerns about the privacy, storage, or security of your data, or if you wish to file a complaint, you can contact our Data Protection Officer in following ways:
By email: Enquiry.firstname.lastname@example.org
Information Governance Unit,
Alan Berry Building,
The following cookies are used when you opt-into cookies on the websites listed above:
- cookie_notice_accepted – (expires after one month)
- 1.c4b8 – (expires after on day)
- 1.c4b8 – (expires after one year)