Third Parties and Visitors to Site Privacy Notice
Use the links below to quickly navigate to the information you are looking for:
- About this Notice
- The Personal Data we collect and use
- How the University of Warwick obtains your Personal Data
- Purpose and Associated Lawful Basis
- Lawful basis for processing your Personal Data under the UK GDPR and DPA 2018
- Special Category Data
- Data Sharing
- Retention of your Personal Data
- Data Subject Rights
- Keeping your Personal Data Secure
- How to Contact Us
- Changes to this Privacy Notice
About this Notice
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The University of Warwick (“UoW”) is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how UoW collects and uses personal data during and after your working or visiting relationship with us, in accordance with the UK General Data Protection Regularion 2016 (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
The UoW collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the UK GDPR and DPA 2018 which applies across the UK and we are responsible as ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how the University of Warwick (“UoW”) will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
The Personal Data we collect and use
The following are examples of personal data which may be collected, stored and used:
- Personal contact details such as name, date of birth, title, addresses, telephone numbers, and personal email addresses
- Marital status
- Gender
- Next of kin and nominated emergency contact information
- Employment records (including employer name, job title and working hours)
- CCTV footage and other information obtained through electronic means such as swipe/identity card records
- Information about your use of our information and communications systems
- Photographs
- Company name, company registration number and registered address
We may also collect, store and use the following types of special category personal data:
- Information about your race or ethnicity, religious beliefs for equality, diversity and inclusion monitoring and institutional reporting
- Information about your health, including any medical condition, health and sickness records, and disability information.
We may also collect and process information about criminal convictions and offences.
Some of your information you are legally or contractually obliged to provide. If you decline to provide the information to us we may not be able to provide services to you or to meet our legal obligations.
How the University of Warwick obtains your Personal Data
Personal data of third party visitors, tenants and licensees is typically collected through the event booking process, directly from you or sometimes from your on-site employer or UoW contact. Additional information may be collected from third parties such as former employers, current third party employers and other referees. UoW will also collect additional personal data throughout the period of you being on site at the University.
Purpose and Associated Lawful Basis
Purpose |
Lawful Basis |
Providing professional services |
Legitimate interest of the University to deliver a professional service to clients and relevant individuals |
Ensuring the safety and security of UoW, its people and facilities |
Compliance with a legal obligation |
Registering you as a visitor to the UoW campus site |
Compliance with a legal obligation |
Issuing identity access cards to visitors of campus |
Legitimate interest of maintaining security whilst allowing visitors access to university areas |
To monitor your use of our information and communication systems to ensure compliance with the University’s IT policies, where applicable |
Legitimate interest of ensuring proper usage and network security of University IT systems |
Providing visitor parking permits |
Performance of a contract |
Business management and planning, including accounting and auditing |
Compliance with a legal obligation and/or legitimate interest of sound management of the business of the University |
To prevent fraud |
Compliance with a legal obligation or legitimate interests |
Lawful basis for processing your Personal Data under the UK GDPR and DPA 2018
Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:
- Where you have given us your consent.
- In order to fulfil UoW’s obligations to you as part of any contract we have with you.
- Where UoW needs to comply with a legal obligation; where it is necessary for UoW’s legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests. Our interests are the effective and efficient operation of the University.
- To protect the vital interests of you or of another person (for example, in the case of a medical emergency).
- In order to perform a task carried out in the public interest.
Special Category Data
We may only process special category personal data in the following circumstances where, in addition to a lawful basis for processing, there exists one of the following grounds:
- Explicit consent – where you have given us explicit consent.
- Legal obligation – where the processing is necessary for us/ you to carry out/ exercise obligations and rights of a legal nature Vital interests – the processing is necessary in order to protect the vital interests of you or another individual where you are physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
- Not for profit bodies – the processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
- Public information – the processing relates to personal data which is manifestly made public by you.
- Legal claims – the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest – the processing is necessary for reasons of substantial public interest, on the basis of law.
- Healthcare – the processing is necessary for healthcare purposes and is subject to suitable safeguards.
- Public health – the processing is necessary for public health purposes and is based on law.
- Archive – the processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
In limited circumstances UoW may contact you about processing of particularly sensitive data. In such circumstances UoW will provide you with full details of the information needed and the reason it is needed. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Individuals need to write to infocompliance@warwick.ac.uk to withdraw their consent. Once UoW has been notified that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If the latter is the case we will inform you of this legitimate basis.
UoW will only use personal data for the purposes for which it was collected unless it considers reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If the University needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. The University may process your personal data without your knowledge or consent, where this is permitted by law.
Data Sharing
UoW may share your personal data with third parties where required by law, where it is necessary to administer our relationship with you or where there is another legitimate interest in so doing including, but not limited to, for joint appointments with other external organisations. Third parties with whom we may share your data include:
Third parties within the UK |
Lawful Basis |
Car Parking Partnership |
Performance of a contract |
Parking Eye |
Performance of a contract |
Departmental Administration |
Legitimate interests |
Campus Security |
Legitimate interests |
Our professional advisors e.g. insurers, auditors, lawyers, etc. |
Legitimate interests |
Visitor Parking Facilities
Visitors are offered the option of purchasing a permit to park in UoW car parks for the duration of their time on campus. The scheme is administered on behalf of UoW by Car Parking Partnership (“CPP”) and Parking Eye. By opting in to the scheme you enter in to a contract with UoW for the provision of a service, namely parking. UoW will collect the following data in order to provide that service under contract.
- Vehicle registration number
- Make and model of vehicle
If parking terms and conditions are breached, UoW will share the following data with CPP and Parking Eye for enforcement purposes:
- Your vehicle registration number
- The start and end date of your parking permit
Transfers of data outside of the UK
If we have to transfer any of your personal data outside the UK we will let you know if the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request to Legal and Compliance Services.
Retention of your Personal Data
The UK GDPR and DPA 2018 require that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University’s Record Retention Schedule (RRS) is a tool that enables the University to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by UOW.
Full details of the retention periods of records can be found by viewing the records management page and selecting the University’s Record Retention Schedule (RRS), which is kept up to date separately.
Data Subject Rights
Under the UK GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- Be informed of how we collect and use your personal data
- Access your personal data
- Require us to correct any mistakes in the data we hold on you
- Require the erasure of personal data concerning you in certain situations
- Restrict our processing of your personal data in certain circumstances
- Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights please find out more here. If a subject access request is made and the request for access is clearly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.
Keeping your Personal Data Secure
The UoW keeps your personal data secure at all times using organisational, physical and technical measures.
Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the UK GDPR.
UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
How to Contact Us
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
The DPO can be contacted via e-mail at infocompliance@warwick.ac.uk.
Or write to:
The Data Protection Officer
Legal and Compliance Services
University of Warwick
University House
Kirby Corner Road
CV4 8UW
The UK GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
Changes to this Privacy Notice
This privacy notice was published November 2018. We may change this privacy notice from time to time, so please do refer back to this page frequently to ensure you are aware of any amendments. Last revised: 03 February 2023.