You have the right under the General Data Protection Regulation 2016 (‘GDPR’) to have your personal data erased where one of the following grounds applies:
- the personal data we are holding is no longer needed in relation to the purposes for which it was first collected or otherwise processed;
- you have withdrawn your consent to our processing of your data and there is no other legal ground for us to process;
- you have objected under Article 21(1) of the GDPR to our processing and we have no overriding legitimate grounds for the processing, or you have objected under Article 21(2) [direct marketing] to such processing;
- your personal data has been unlawfully processed;
- your personal data has to be erased for us to meet our legal obligations;
- your personal data was originally collected in relation to the offer of ‘information society services’ as referred to in Article 8(1) of the GDPR.
Where we have made your personal data public we will take reasonable steps, to inform other ‘controllers’ who are processing your personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, your personal data.
Refusing your request in full or partly
The University will not erase your personal data if:
- it is needed to exercise rights of freedom of expression and information;
- we need it to comply with a legal obligation or to perform a task carried out in the public interest or in the exercise of official authority by us;
- it is needed for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
- it is needed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR where if the personal data where erased this is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
Time period to comply with your request
The University will tell you how we have dealt with your request without delay and at the latest within one month of receipt of your request.
The University is able to extend to the period of compliance by a further two months where necessary, taking into account the complexity and the number of requests. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
If we are unable to comply with your right to erasure request we will inform you of the following:
- The reasons why we are not taking action;
- Your right to make a complaint to the ICO or another supervisory authority; and
- Your right to seek to enforce this right through a judicial remedy.
To help us faciliate your Right to Erasure Request, it would be helpful if you could complete a Data Subject Rights Form, providing as much information as possible, and submit this by email to infocompliance at warwick dot ac dot uk or send it to:
Information and Data Compliance
University of Warwick
In addition you will need to send a copy of your ID such as a passport, driving license, birth certificate or other internationally recognised ID card. The University will not release personal data to you unless fully satisfied as to your identity.
Download a Data Subject Rights form here:
Who you should contact if you have any questions
Should you have any further questions, you can contact the IDC team:
By email: firstname.lastname@example.org