Your data and privacy About this noticeThis privacy notice provides information about how the University collects and uses your personal information in relation its financial processes and procedures. It explains why we hold this information, what we do with it, how long we keep it for and if we share it with third parties.About youThis privacy notice uses “you” to mean any individual about whom we collect and hold personal data, including staff, students, pensioners, customers, suppliers, alumni, funders, sponsors, parents or other stakeholders engaged with the University’s financial processes and procedures.What information may we collect about you?We may collect, store and use the following categories of personal data:your details including name, title, addresses, telephone numbers, personal e-mail addresses, signature financial data, including bank account details, payment information, purpose of payment, debit/credit card informationother relevant personal information. For example, if you are booking a place at a conference or event, the conference organisers may ask you to provide other relevant information e.g. details of any dietary requirements or allergiescustomer feedback. We may carry out customer research by providing customers with access to feedback questionnaires. Although this feedback is anonymous, the questionnaires provide the opportunity for free text comments, in which a customer may supply personally identifiable information about themselves, other customers or members of staffIP address in relation to online payments made to the Universityinformation needed to confirm employment status, including national insurance number, UTR personal information supplied as part of the procurement processSensitive personal data where consent is given in relation to :an insurance claim or other legal mattercollection of income due to the Universitya procurement processHow is your personal data collected?Information you give to us.You may give us your personal data through the information collected about you in order to make a payment to you, take a payment from you, respond to an email relating to an enquiry etc. Information transferred from third partiesYour personal data may be shared by third parties for the purposes of administering and managing finance. How we will use the information about you?If you have made a payment to the University or received a payment from the University or been involved with a procurement tender, you will have supplied information about yourself (your “personal data”). Your personal data will be used by the University to administer its financial processes, protect against fraud and manage its finances.We need to hold personal data for the following reasons:manage the payment processes between you and the Universitymaintain accurate and up-to-date recordsevent administrationreport information to the University’s insurers in respect of accidents or incidents disclosures of sensitive personal data in this context would only be made where explicit consent has been obtained, disclosure is in the substantial public interest, or where necessary for the establishment, exercise or defence of a legal claim.administer the repayment of debts, where recovery attempts have proved unsuccessful. we may use external agents of the University including (but not limited to) solicitors, debt recovery agents, tribunals and Courtscollect payments from externally hosted IT servicesprocess any complaint you submitto detect, investigate and prevent crime including fraudfor research and statistical purposesmaintain or develop systems and processesmeet legislative, statutory, contractual and audit requirementsimprove service levelsas part of the procurement processWhat is the legal basis for processing your personal data?We must have a legal basis for processing your personal data (and special categories of your personal data). The legal basis for processing personal data is set out in data protection legislation. Some of the above basis for processing will overlap with others, so there may be several grounds which justify us using your personal data.We will process your personal data based on the consent that you have provided to us e.g. for the purposes of making an insurance claim.We also have legal obligations to hold personal data, for example we must provide payment information to HMRC. We may therefore use your personal data to fulfil these obligations.We may also process your data on the basis of our legitimate interests i.e. for administrative purposes, management information or statistical analysis purposes.As we process special category data, we must also identify a special category condition for processing. We process special category data where we have your explicit consent.Third PartiesThe University will use one or more external companies to process information about you on the University’s behalf. The University remains responsible for the information and will ensure it is kept securely.Your personal data may be shared by and/or among the Joint Controllers for the purposes for administering payment processes. Who we share your information withWhy we share your informationFinancial Institutions including Brokers, Banks, Building Societies, BACS and other related payment service providersTo make or receive payments from youContracted Third PartiesTo help deliver our service, we may share you personal data with external bodies subject to data sharing agreements which include data protection safeguards e.g. external auditors, document scanning service providers, software providers, bank detail validationeMail service providersTo contact youExternal agents of the University including (but not limited to) solicitors, debt recovery agents, tribunals and CourtsTo recover monies due to the UniversityFunders/Sponsors e.g. United Kingdom Research and Innovation ("UKRI"), European Union, Charities, Commerical SponsorsTo verify funder terms and conditions have been metGovernment agencies related to High Education including The Scottish Funding Council ("SFC"), The Office for Students ("OfS"), Student Loans Company ("SLC"), Student Awards Agency for Scotland ("SAAS"), Universities UK (UUK), and the Higher Education Statistics Agency ("HESA")For the purposes of carrying out statutory functions relating to the funding of education and for statistical analysis. These agencies should not identify individuals in any published results.HMRCTo verify details or to provide information in relation to payments madeInsurers, brokers. solicitorsFor the provision of information relevant to insurance claimsThird-party payroll service providers, benefits providers, pension administrationTo support financial administration and payments made to individualsYou should check the privacy policies of the relevant Joint Controller and the organisations mentioned above (available on their websites) in order to fully understand how they will process your data.Storage of your personal dataWe have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.Our website may, from time to time, contain links to and from websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet, and any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security measures to try to prevent unauthorised access.Further information about the University’s Data Protection and Information Security policies can be found by clicking on the links below.Data ProtectionInformation SecurityData RetentionWe will retain your personal data for as long as it is necessary to fulfil the purposes for which we collected it, including satisfying any legal, accounting, reporting or statutory requirements.Data Retention PeriodsAutomated processing and profilingWe do not use profiling or automated decision-making processes. Some processes are semi-automated (such as anti-fraud data matching) but a human decision maker will always be involved before any decision is reached in relation to you.Changes to this privacy noticePlease check back frequently to see any updates or changes to this Notice.ContactQuestions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to Finance Department, Charles Stewart House, 9-16 Chambers Street, Edinburgh, EH1 1HT. You can also email us at: Finance.helpline@ed.ac.uk.This privacy statement is continued at: https://www.ed.ac.uk/records-management/notice. This article was published on 2024-07-01