Use the links below to quickly navigate to the information you are looking for:
- About this Notice
- The personal data we collect and use
- How the University of Warwick obtains your personal data
- Purpose and associated lawful basis
- Lawful bases for processing your personal data under the UK GDPR and DPA 2018
- Special category data
- Warwick Sport
- Data Sharing
- Retention of your personal data
- Data subject rights
- Keeping your personal data secure
- How to contact us
- Changes to this Privacy Notice
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal data, your rights in relation to your personal data and on how to contact us and supervisory authorities in the event that you have a query or complaint.
The University of Warwick (“UoW”) is committed to protecting the privacy and security of personal data. The purpose of this notice is to promote transparency in the use of personal data, and to outline how UoW collects and uses personal data during and after your working or visiting relationship with us, in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018 (“DPA 2018”).
The UoW collects, uses and is responsible for certain personal data about you. This is known as “processing”. When we do so we are regulated under the UK GDPR and DPA 2018 which applies across the UK and we are responsible as ‘data controller’ of that personal data for the purposes of those laws.
The purpose of this notice is to explain how the University of Warwick (“UoW”) will collect and use (process) your personal data, what rights you have in relation to that data and to provide transparency about the data collected about you.
The UoW is the data controller under the UK GDPR and DPA 2018 and we will process your personal data in accordance with the UK GDPR and DPA 2018 at all times. You, as a ‘data subject’, therefore have specific rights to the data that we hold, collect and process.
Throughout this notice, “University”, “we”, “our”, and “us” refer to the University of Warwick; “you” and “your” refer to job applicants, employees, (current and former), workers (including agency), apprentices, interns, work experience and volunteers, contractors, honorary/ visiting associates.
If you would like this notice in another format (for example: audio, large print, braille), please contact us (see ‘How to contact us’ above).
The following are examples of personal data which may be collected, stored and used:
- Personal contact details such as name, date of birth, title, addresses, telephone numbers, and personal email addresses
- Marital status, personal relationships and dependants
- Next of kin and nominated emergency contact information
- National Insurance number, bank account details, payroll records and tax status information
- Salary, annual leave, pension and benefits information
- Copy of driving licence where your employment involves driving for UoW
- Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)
- Employment records (including job titles, work history, working hours, training records and professional memberships)
- Compensation history, including merit pay and SPRR payments
- Salary benchmarking and pay modelling
- Personal development information (including PDR, training and progression)
- Disciplinary, grievance and performance management information
- Information relating to maternity, paternity, shared parental or adoption leave
- CCTV footage and other information obtained through electronic means such as swipe/identity card records
- Information about your use of our information and communications systems
- Information relating to Research Passports in order to facilitate research in the NHS
- Information about your involvement in research, your outputs and individual circumstances
- "Time off"
We may also collect, store and use the following types of special category personal data:
- Information about your race or ethnicity, religious beliefs for equality, diversity and inclusion monitoring and institutional reporting
- Trade union membership
- Information about your health, including any medical condition, health and sickness records, and disability information.
We may also process information about criminal convictions and offences
Some of your information you are legally or contractually obliged to provide. If you decline to provide the information to us we may not be able to employ/continue your employment or meet our legal obligations
Personal data of employees, workers (including agency), volunteers and work experience, contractors, honorary position holders and visiting individuals is typically collected through the application and recruitment process, either directly from you or sometimes from an employment agency or background check provider. Additional information may be collected from third parties such as former employers, and other referees. UoW will also collect additional personal data in the course of work-related activities throughout the period of you working for or with the University.
|Making a decision about your recruitment, continued engagement or termination.||Performance of a contract and/or compliance with a legal obligation.|
|Checking you are legally entitled to work in the UK.||Compliance with a legal obligation|
|Paying you and making the relevant tax and National Insurance deductions, as appropriate and required.||Performance of a contract and/or complying with a legal obligation.|
|Providing associated workplace benefits.||Performance of a contract.|
|Liaising with your pension provider and administering your pension, including spousal and dependents entitlement.||Compliance with a legal obligation and/or performance of a contract.|
|Administering the contract the University has entered into with you.||Performance of a contract.|
|Administering the University's staff policies e.g. the Personal Relationships Policy, etc..||Performance of a contract|
|The provision of education including the delivery of lectures, seminars, etc (both in person and pre-recorded)||Performance of a contract and undertaking a task in the public interest|
|To facilitate research||Performance of a contract and undertaking a task in the public interest|
|Business management and planning, including accounting and auditing.||Compliance with a legal obligation and/or legitimate interest of sound management of the business of the University.|
|Conducting performance reviews, managing performance and determining performance requirements, including making decisions in relation to completion of probation.||
Performance of a contract.
|Gathering evidence for conducting investigations for possible grievance or disciplinary hearings.||Performance of a contract.|
|Education, training and development requirements (including online core training).||Compliance with a legal obligation and legitimate interest of ensuring staff have access to training and development where required.|
|Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.||Compliance with a legal obligation.|
|Ascertaining your fitness to work and managing sickness absence.||Compliance with a legal obligation and legitimate interest of ensuring the efficient running of the University.|
|To prevent fraud.||Compliance with a legal obligation.|
|To monitor your use of our information and communication systems to ensure compliance with the University’s IT policies.||Legitimate interest of ensuring proper usage and network security of University IT systems.|
|To enable the University to deal with requests (from you or others) under Freedom of Information and other transparency legislation or Data subject rights requests under the UK General Data Protection Regulation.||Compliance with a legal obligation.|
|Equal opportunities monitoring.||Compliance with a legal obligation.|
|Issuing identity cards to staff.||Legitimate interest of maintaining security whilst allowing staff access to university areas.|
|Providing staff parking permits.||Performance of a contract.|
|Ensuring the safety and security of UoW, its people and facilities.||Compliance with a legal obligation.|
|Carrying out DBS checks.||Compliance with a legal obligation.|
Monitoring your entry in to and movement within University buildings to ensure compliance with University regulations, policies/ procedures and relevant legislation – e.g. Health and Safety.
Processing card access data to ensure the health, safety and wellbeing of persons present on campus, preventing crime and disorder and individual or group compliance with reasonable directions given by Campus Security, your department, University regulations and policies/procedures and the law. Sharing information internally, where appropriate, to identify individuals suspected of or failing to follow University regulations, policies/procedure regarding access to buildings. Issuing warnings and/or instigating (and progressing) disciplinary action and where appropriate sharing information with regulatory authorities such as the Police.
|Compliance with a legal obligation (Health and Safety)
Legitimate interest of maintaining safety and security of the University community and enabling the University and relevant regulatory authorities, including the Police, to consider and take further action including disciplinary action, where appropriate.
Personal data will only be processed when the law permits this to happen. Most commonly personal data will be processed in the following circumstances:
- Where you have given us your consent. In order to fulfil UoW’s obligations to you as part of your contract of employment.
- Where UoW needs to comply with a legal obligation
- Where it is necessary for UoW’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our interests are the effective and efficient operation of the University.
- To protect the vital interests of you or of another person (for example, in the case of a medical emergency)
- In order to perform a task carried out in the public interest
We may only process special category [that revealing ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation] personal data in the following circumstances where, in addition to one of the above a lawful bases for processing, there exists one of the following grounds:
- Explicit consent – where you have given us explicit consent.
- Legal obligation where the processing is necessary for us/ you to carry out/ exercise obligations and rights of a legal nature.
- Vital interests - The processing is necessary in order to protect the vital interests of you or of another individual where you are physically or legally incapable of giving consent. This is typically limited to processing needed for medical emergencies.
- Not for profit bodies - The processing is carried out in the course of the legitimate activities of a not-for-profit body and only relates to members or related persons and the personal data is not disclosed outside that body without consent.
- Public information - The processing relates to personal data which is manifestly made public by you.
- Legal claims - The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Substantial public interest - The processing is necessary for reasons of substantial public interest, on the basis of law.
- Healthcare - The processing is necessary for healthcare purposes and is subject to suitable safeguards.
- Public health - The processing is necessary for public health purposes and is based on law.
- Archive - The processing is necessary for archiving, scientific or historical research purposes, or statistical purposes and is based on law. Member States can introduce additional conditions in relation to health, genetic, or biometric data.
UoW will only use personal data for the purposes for which it was collected unless it is considered reasonably that it is needed for another purpose and the reason is compatible with the original purpose. If the University needs to use your personal data for an unrelated purpose, it will notify you and will explain the legal basis that permits it to do so. The University may process your personal data without your knowledge or consent, where this is permitted by law.
Once you have accepted an offer of employment with UoW, as part of the on-boarding process we will seek your consent for the processing of your personal data for the following services:
By providing your consent, you are agreeing to have the following personal data processed, including:
- Your full name
- Your date of birth
- Emergency contact details
- Your Warwick ID number
- Your employee photograph
- Your start date
|Benefits||Marketing to expect|
|Information||You will be provided with exclusive news, updates, discounts and marketing information.|
In limited circumstances UoW may contact you for your written consent to the processing of particularly sensitive data. In such circumstances UoW will provide you with full details of the information needed and the reason it is needed, so that you can consider whether you wish to give your consent.
Where you have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Individuals need to write to infocompliance at warwick dot ac dot uk to withdraw their consent. Once UoW have been notified that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If the latter is the case we will inform you of this legitimate basis.
UoW may share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where there is another legitimate interest in so doing including, but not limited to, for joint appointments with other external organisations. Third parties with whom we may share your data include:
|Third Parties within the UK||Lawful Basis|
|The respective pension scheme applicable to your contract (USS, UWPS, NHS).||Compliance with a legal obligation and/or performance of a contract.|
|United Kingdom Visas and Immigration (UKVI) for visa applications.||Compliance with a legal obligation.|
|Disclosure and Barring Service (DBS) checking organisation (GB Group).||Compliance with a legal obligation and/or legitimate interest.|
|NHS.||Performance of a contract and/or consent.|
|HMRC.||Compliance with a legal obligation.|
|Car Parking Partnership.||Performance of a contract.|
|Parking Eye.||Performance of a contract.|
|Higher Education Rankings||Legitimate interests of the University/necessary for the performance of contract|
|External professional accrediting bodies||Legitimate interests of the University/necessary for the performance of contract|
|Third party training organisations/facilitators engaged by the Learning and Development Centre||Consent and/or legitimate interest (for example, award of a qualification/ certification).|
|Contractors||Compliance with a legal obligation and/or performance of a contract.|
|Our professional advisors e.g. insurers, auditors, lawyers, etc.||Legitimate interests.|
Staff Parking Facilities
Staff are offered the option of purchasing a permit to park in UoW car parks. The scheme is administered on behalf of UoW by Car Parking Partnership (“CPP”) and Parking Eye. By opting in to the scheme you enter in to a contract with UoW for the provision of a service, namely parking. UoW will collect the following data in order to provide that service under contract.
- Vehicle registration number
- Make and model of vehicle
If parking terms and conditions are breached, UoW will share the following data with CPP and Parking Eye for enforcement purposes:
- Your vehicle registration number
- The start and end date of your parking permit
Transfers of data outside of the UK
If we have to transfer any of your personal data outside the UK we will let you know if the receiving country or organisation is deemed to have adequate data protection provision. Where a country or organisation does not have adequate protections we will put safeguards in place. Details of these safeguards can be provided to you upon request to Legal and Compliance Services.
The UK GDPR and DPA 2018 require that personal data should be kept for no longer than is necessary for the purposes for which the personal data are processed (except in certain specific and limited instances).
The University’s Record Retention Schedule (RRS) is a tool that enables the University to transparently demonstrate how the organisation complies with its data protection obligations by making provision for the time periods for which common classes of record are retained by UoW.
Full details of the retention periods of records can be found by viewing the records management page and selecting the University’s Record Retention Schedule (RRS), which is kept up to date separately.
Under the UK GDPR and DPA 2018 you have a number of important rights free of charge.
You have the right to:
- Be informed of how we collect and use your personal data;
- Access your personal data;
- Require us to correct any mistakes in the data we hold on you;
- Require the erasure of personal data concerning you in certain situations;
- Restrict our processing of your personal data in certain circumstances;
- Receive your personal data, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object in certain situations to our continued processing of your personal data or at any time to processing of your personal data for direct marketing; and
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights please find out more here. If a subject access request is made and the request for access is manifestly unfounded or excessive, the University reserves the right to refuse to comply with the request in these circumstances.
The UoW keeps your personal data secure at all times using organisational, physical and technical measures.
Where appropriate, we also take measures such as anonymisation to ensure data cannot be used to identify you and/or encryption to ensure that the data cannot be accessed without the right security accesses and codes.
Where UoW engages a third party to process personal data it will do so on the basis of a written contract which conforms to the security requirement of the UK GDPR. UoW takes measures to enable data to be restored and accessed in a timely manner in the event of a physical or technical incident.
UoW also ensures that we have appropriate processes in place to test the effectiveness of our security measures.
We hope that our Data Protection Officer (DPO) can resolve any query, concern or complaint you raise about our use of your personal data on the contact details below:
The DPO can be contacted via e-mail at email@example.com.
Or write to:
The Data Protection Officer
Legal and Compliance Services
University of Warwick
Kirby Corner Road
The UK GDPR and DPA 2018 also gives you the right to lodge a complaint with the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: [0303 123 1113].
This privacy notice was published on 22nd May 2018. Last revised 12 July 2023.