Governance Privacy Notice

This Privacy Notice sets out how we use your personal data and your rights regarding that information.

Who will own my data?

The University of Liverpool

Why do you need my information?

  • To fulfil our governance duties in accordance with legal obligations. For example, to carry out assessments against fit and proper criteria. Fit and proper assessments ensure the governance arrangements we make do not present a risk to students or public funds.
  • To allow the Governance team to perform administrative tasks and undertake ‘business as usual’. For example, circulating papers and administering committee business, contacting members, processing expense claims where appropriate, collating information relevant for interview processes, the processing of any subsequent appointments to post, preventing discrimination during recruitment and inviting members to participate in the wider aspects of their committee role.
  • To allow the Governance team to uphold the Policy on Disclosure of Interest.

What allows you to use my information?

In order to exercise our governance functions and activities, we are required to process personal information. There is an additional legal basis for processing your personal data: it is necessary for the performance of a task in the public interest.

Office for Students (OfS)

As part of its ongoing conditions of registration with the Office for Students (OfS), the University must be able to demonstrate that it is controlled by fit and proper persons (Condition E2: Management and Governance)

OfS requirements are outlined in the Higher Education and Research Act 2017. As set out in the OfS regulatory framework and advice notices, to satisfy the management and governance conditions, the University of Liverpool is required to pass on to the Office for Students personal details of the following individuals: Nominated ‘accountable officer’, Chair of your governing body, main stakeholders, directors or trustees.

Employment
regulations
The Governance team collect personal information for recruitment in line with the right to work guidance and the Equality Act 2010.
Financial regulations

The Finance Act 2010, owing to the exempt charitable status of the University, UK Money Laundering Regulations 2007 and to comply with the requirements of the Charities Act 2011

Who will my information be shared with?

Internally Alumni Relations – completing checks against Fit & Proper information.
Finance – processing payments/expenses.
HR – we may share identifiable information such as a staff number provided by you, to obtain equal opportunities monitoring information for recruitment processes (including internal committee recruitment). We require this data to support our institutional priority of diversifying our committee memberships.
Other internal departments – dietary requirements, investigation or complaints, or for the collation of anonymised statistical data for the purposes of internal reports.
Externally – public website Details of Members’ Trusteeship (in accordance with Charities Act 2011). The register of member’s interests, minutes of meetings, (in line with the University’s Publication Scheme), public Terms  of Reference, biographies (provided by Council members), and University Financial Statements (names of Council members).
Externally – companies/ agencies Information may be shared without consent with agencies such as law enforcement (to prevent/detect crime), in the instances of investigations or complaints, or for the collation of anonymised statistical data.
External credit agencies, investment fund managers, banking counterparties and external funders may request personal information about individuals to verify identity.
We may perform checks against declarations made by sharing information with external credit agencies.
Your information may be shared with the OfS if required and/or similar organisations with regulatory/inspection oversight responsibilities (such as Auditors) over the University.
Equality & Diversity data may be shared with Advance HE. This data is required to be submitted to support our application for the Race Equality Charter.
Convene The Governance team uses Convene to administer central committees at the University. We use the following data to administer our business as usual:
  • Staff emails so that members can log in using SSO
  • Other provided emails for non-MWS users
  • Meeting attendance in order to review attendance on an annual basis
  • Results of both anonymous and ‘show of hands’ votes
  • Comments, chat logs and annotations made in relation to Committee documentation where required
  • Signatures where the need for formal declarations arise
  • Access history in order to ensure data remains secure.

Do I have to provide this information and what will happen if I don’t?

On appointment, members agree to meet this requirement under OfS requirements - Condition E2: Management and Governance.

How long will you keep this data for and why?

The information will be held by the Governance team for the duration of your time as a member of the University/commmittee, including any amendments made during the period of your role plus 6 years, in line with the University Records Retention Schedule. All University departments adhere to this schedule.

How will my information be stored?

Information will be held securely by the Governance team. Access to this information will be restricted to designated persons within the Governance team and relevant third parties (outlined above) who are authorised to view it as a necessary part of their work.

Will this information be used to take automated decisions about me?

No

Will my data be transferred abroad and why?

Data is not routinely transferred abroad. However, there may be ad-hoc occasions where minutes are shared with members who are currently abroad or, where requests from credit agencies/external funders are received and the company is based abroad.

Convene processes data on servers located in the USA and other countries or cities which include but are not limited to the United Kingdom, Australia, Hong Kong, Singapore and the Philippines. We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Notice and UK GDPR. You can view Convene’s Privacy Policy here.

What rights do I have when it comes to my data?

Under the UK General Data Protection Regulation, you may have the following rights with regards to your personal data:

  • The Right to subject access – you have the right to see a copy of the personal data that the University holds about you and find out what it is used for.
  • The Right to rectification – you have the right to ask the University to correct or remove any inaccurate data that we hold about you.
  • The Right to erasure (right to be forgotten) you have the right to ask the University to remove data that we hold about you.
  • The Right to restriction – you have the right to ask for your information to be restricted (locked down) on University systems.
  • The Right to data portability – you have the right to ask for your data to be transferred back to you or to a new provider at your request.
  • The Right to object – you have the right to ask the University to stop using your personal data or to stop sending you marketing information, or complain about how your data is used.
  • The Right to prevent automated decision making – you have the right to ask the University to stop using your data to make automated decisions about you or to stop profiling your behaviour (where applicable).

Please note that not all rights apply in all situations. To find out more about your rights under the UK GDPR, please visit the Information Commissioner’s website.

To request a copy of your data or ask questions about how it is used, contact the University Data Protection Officer.

  • Email: legal@liverpool.ac.uk
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

Who can I complain to if I am unhappy about how my data is used?

You can complain directly to the Data Protection Team by writing to the University Data Protection Officer.

  • By email: legal@liverpool.ac.uk
  • Post: Legal & Governance, University of Liverpool, Foundation Building, 765 Brownlow Hill, Liverpool L69 7ZX

You also have the right to complain to the Information Commissioner’s Office using the following details:

  • The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
  • Telephone: 08456 30 60 60 or 01625 54 57 45
  • Website: ico.org.uk

Version: August 2024
Last updated: 14 August 2024

Back to: Legal & Governance