1. ABOUT THIS NOTICE:
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The Academy for PhD Training in Statistics (APTS) is a collaboration between major UK statistics research groups to organise training courses for first-year PhD students in statistics and applied probability nationally. It is managed by the University of Warwick (“UoW”) on behalf of the APTS Executive Committee.
The UoW is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how UoW collects and uses your personal data, in accordance with the General Data Protection Regulation 2016 (“GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
The UoW collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the GDPR and DPA 2018 which applies across the European Union and we are responsible as ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how the UoW will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
The UoW is the data controller under the GDPR and the DPA 2018 and we will process your personal data in accordance with the GDPR and DPA 2018 at all times. You, as a ‘data subject’, therefore have specific rights to the data that we hold, collect and process.
Throughout this notice, “University”, “we”, “our”, “us” and “APTS” refer to the UoW; “you” and “your” refer to those expressing an interest in gaining further training in statistics and engaging into the training in the academy or the provision thereof.
If you would like this notice in another format (for example: audio, large print, braille), please contact us.
2. THE PERSONAL DATA WE COLLECT AND USE:
The following are examples of personal data which may be collected, stored and used:
- Email address
- Year of study
- Mode of study
- PhD supervisor’s e-mail address
- Topic of your research (research details)
- APTS courses you are attending
- Special category data including dietary requirements and disability requirements
Special Category Data:
Special Category personal data is any identifying information including but not limited to the following: racial or ethnic origin, political opinions, religious or philosophical beliefs, data concerning health or data concerning a natural person’s sex life or sexual orientation.
3. HOW THE UOW OBTAINS YOUR PERSONAL DATA
We may collect your data in a number of ways, for example:
- When your institution registers you with us to attend one or more APTS courses
- From the form you complete
- From any information provided to us by yourself when making enquiries
- Through communication to or from you or your institution by telephone and email
4. PURPOSE AND ASSOCIATED LAWFUL BASIS
The personal data that we collect will only be used where it is necessary and there is a legal basis for us to process that information.
Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:
- Where you have given us your consent.
- In order to fulfil UoW’s obligations to you as part of a contract or services (for example, certain data need to be processed to facilitate your studies at APTS).
- Where UoW needs to comply with a legal obligation (for example, the detection or prevention of crime and financial regulations).
- Where it is necessary for APTS’ legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- To protect the vital interests of the data subject or of another person (for example, in the case of a medical emergency).
- In order to perform a task carried out in the public interest.
Special Category data
During the training programme we may collect and process special category personal data. We may also collect special category personal data from you when you are completing an application form. We may only process special category personal data in the following circumstances where, in addition to a lawful basis for processing, there exists one of the following grounds:
- Explicit consent – where you have given us explicit consent.
- Legal obligation related to employment - The processing is necessary for a legal obligation in the field of employment and social security law or for a collective agreement.
- Vital interests - The processing is necessary in order to protect the vital interests of the individual or of another natural person where the data subject is physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
- Not for profit bodies - The processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
- Public information - The processing relates to personal data which is manifestly made public by the data subject.
- Legal claims - The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest - The processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law.
- Healthcare - The processing is necessary for healthcare purposes and is subject to suitable safeguards.
- Public health - The processing is necessary for public health purposes and is based on Union or Member State law.
- Archive - The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on Union or Member State law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
APTS will only use personal data for the purposes for which it was collected unless it is considered reasonable that it is needed for another purpose and the reason is compatible with the original purpose. If APTS needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. The University may process your personal data without your knowledge or consent, in compliance with this policy and procedure, where this is permitted by law.
5. LAWFUL BASES FOR PROCESSING YOUR PERSONAL DATA UNDER THE GDPR AND DPA 2018
The legal basis for us processing your personal data is that it is necessary for the performance of your contract with your institution to attend the APTS training programme. To achieve this, we need information about you in order to allocate places on APTS courses, to manage attendance at APTS courses, to communicate with you about APTS, to conduct surveys about your experience attending APTS, and to certify your attendance at APTS courses.
6. RETENTION OF YOUR PERSONAL DATA
The GDPR and DPA 2018 requires that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University’s Record Retention Schedule (RRS) is a tool that enables the University to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by UOW.
Full details of the retention periods of records can be found by viewing the records management page and selecting the University’s Record Retention Schedule (RRS), which is kept up to date separately.
7. DATA SHARING
We may share your personal data with organisations within and outside of the European Union. Where any sharing or transfer of data occurs we will always ensure that there are appropriate safeguards in place to protect your personal data and that there is a lawful basis to share/transfer that data.
Such personal data will be the minimum required for the purpose, only sent when necessary, justifiable and where we have the appropriate legal basis to do so.
Examples of times your data may be shared would include the following:
- We may share your personal data with host institutions of APTS courses for the purposes of event management, for example to reserve accommodation.
- We may also share information, in aggregate form only, for the information of APTS stakeholders (sending institutions, member institutions, the APTS Advisory Committee and APTS Executive Committee, and module leaders).
- We may share your gender with host institutions who may make use of single-sex accommodation; we otherwise use gender, along with mode of study, in aggregate form only for statistical purposes.
- We may inform your institution of your attendance or non-attendance at APTS.
8. DATA SUBJECT RIGHTS
Under the GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- Be informed of how we collect and use your personal data;
- Access your personal data;
- Require us to correct any mistakes in the data we hold on you;
- Require the erasure of personal data concerning you in certain situations;
- Restrict our processing of your personal data in certain circumstances;
- Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights please find out more here. If a subject access request is made and the request for access is clearly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.
9. KEEPING YOUR PERSONAL DATA SECURE
The UoW keeps your personal data secure at all times using both physical and technical measures.
Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the GDPR and DPA 2018.
UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
10. HOW TO CONTACT US
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
- The DPO can be contacted via e-mail at infocompliance at warwick dot ac dot uk or write to:
The Data Protection Officer, Legal and Compliance Services, University of Warwick, Coventry CV4 8UW
- For Subject Access Requests, see https://warwick.ac.uk/services/sim/dataprotection
- More information can be found at the Warwick Information and Data Compliance webpage.
- The GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
11. CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 6 November 2018 and last updated 2 September 2020.
We may change this privacy notice from time to time, when we do we will inform you by putting a message on the website and/or e-mail.