1.       Introduction

Your personal data will be treated in accordance with data protection law including the Data Protection Act 2018 and the United Kingdom General Data Protection Regulation (UK GDPR) (“data protection law”).

GCU, on behalf of the CommonHealth Project, is a Data Controller in terms of Data Protection Legislation. GCU is registered with the Information Commissioner’s Office, our Registration Number is Z5761620.

The purpose of this statement is to inform you how your personal data will be processed by the University via the CommonHealth website.

Any questions relating to this privacy notice should be emailed to University’s Data Protection Officer (DPO) at dataprotection@gcu.ac.uk.

 2. Purpose of this Privacy Notice

This Privacy Notice sets out the GCU’s responsibilities and obligations as a Data Controller – The organisation that determines the purpose and means of processing of your personal data and is responsible for protecting your personal data. In addition, it:

  • Sets out the types of personal data processed by GCU

  • Provides an overview of the purposes for which we process your personal data;

  • Explains the legal basis relied on when processing your personal data;

  • Explains the sources of the personal data which we process;

  • Informs you who has access to your personal data and the limited conditions under which your personal data may be shared with a third party;

  • Explains your privacy rights under data protection law and the steps you can take to exercise these; and

  • Explains how GCU will protect your personal data, keeping this safe and secure.

 3. Your personal data and why we need it

Personal data is defined under data protection law as is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.

Personal data includes:

Your email address if contacting the project via the Contact Us website page

 4. Legal basis for processing your personal data GCU must have a legal basis for processing your personal and special category data. The legal bases, as defined in data protection law, relied upon by GCU for processing personal data are:

Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

 5. Sources of Personal Data – detail how the personal data is sourced

The personal data GCU holds about you is obtained from a number of sources including the information which you provide to us. When you visit our website our systems collect information about your device including your IP address, operating system and browser type.

 6. Sharing personal data with other parties – detail any parties the personal data captured is shared with e.g. research partners

The personal data you provide through the ‘Contact Us’ page will only be shared by GCU with relevant research partners to assist with responding to your query. Your personal data will only be shared where it is absolutely necessary to answer your question.

  7. Protecting your Information – again relevant only if GCU is the Data Controller

 GCU puts in place a series of technical and organisational measures to protect and safeguard all the personal data that it holds. Please see GCU’s IT regulations and policies webpages for information.

 8. Retention of your Personal Information

GCU will retain your personal data only as long as necessary for its purposes as described and/or until the CommonHealth project website is archived.

 9. Your Rights

Data protection law provides a number of rights including the right to:

  • Withdraw consent at any time, where that is the legal basis for our processing.

  • Access your personal data and obtain a copy

  • Rectify inaccuracies in personal data that we hold about you.

  • Erasure, that is to have your details removed from systems that we use to process your personal data

  • Restrict the processing in certain ways

  • Obtain a portable copy of data you have given to us in a commonly used electronic form

  • Object to certain processing of your personal data by us

Please note that the ability to exercise these rights is not absolute and will depend on the legal basis on which the processing is being carried out.

 Further information is available on the website at: https://www.gcu.ac.uk/dataprotection/rights/

 10.  Data Protection Contact Details and Further Information

GCU’s Data Protection Officer (DPO) can be contacted at dataprotection@gcu.ac.uk.

If you are not satisfied with our response you can contact the Information Commissioner’s Office (ICO).