Commercial activity privacy notice

The Accelerate Project is part funded by the European Social Fund (ESF) and will drive Cheshire and Warrington’s growth and productivity through targeted and responsive skills development for employed people, to encourage employment progression and widen career choices, and to tackle disadvantage. Taking a holistic approach to the skills agenda, addressing all skills levels and focusing on priority employment sectors (informed by the Local Enterprise Partnership (LEP’s) Strategic Economic Plan and associated Skills and Education Plan and the emerging Local Industrial Strategy), the project will minimise the current gap between the skills employers seek to recruit and the skills that local employee-learners acquire.

Accelerate Project
Reference: 03S19 P03307
Strategic Economic Development Directorate

Introduction

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or holds.  This Data Processing and Privacy Notice describes how and why we collect and use personal information about you.  It is issued under your right to be informed about how the University collects, uses and stores your personal data. This data processing and Privacy Notice describes how and why we collect and use personal information about you for Accelerate Cheshire and Warrington, European Social Fund (ESF) Funding Project.  This notice should be read in conjunction with the Department for Work and Pensions (DWP) Personal Information Charter available from the GOV.UK website.

The project is part funded by ESF and will drive Cheshire and Warrington’s growth and productivity through targeted and responsive skills development for employed people, to encourage employment progression and widen career choices, and to tackle disadvantage.  Taking a holistic approach to the skills agenda, addressing all skills levels and focusing on priority employment sectors (informed by the Local Enterprise Partnership (LEP’s) Strategic Economic Plan and associated Skills and Education Plan and the emerging Local Industrial Strategy), the project will minimise the current gap between the skills employers seek to recruit and the skills that local employee-learners acquire.

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

What Personal Data does the University collect

As part of the registration process with the project participants will be required to provide the following personal data

  • Data relating to identity Eg:  Title, name, gender, DoB, NI number etc
  • Participant and employer contact details
  • Data relating to equal opportunity monitoring eg Ethnicity, Age, Disability
  • Data regarding the occupation, employment, household and immigration status
  • Reasons for training
  • Education and Highest qualification

What Special Category Data does the University collect

As part of the registration process participants will be providing the following special category data:

  • Ethnic Origin
  • Disability status

Data is collected and securely stored for project outputs, monitoring and evaluation purposes.

Why does the University need this data and how will the University use this Data

Accelerate requires the collection of personal data in order to monitor and evaluate widening participation and to aid reporting of outputs as per the Funding Agreement with the DWP ESF Managing Authority.  Further guidance relating to the evidencing of participant eligibility may be found at the following: https://www.gov.uk/government/publications/european-social-fund-eligibility-documents

What is the Legal Basis for Processing the Data

The DWP ESF Managing Authority, will be processing personal data in the ESF programme according to the following lawful bases, as detailed in the ESF Programme Action Note 018/18.

Article 6 (1) (e) GDPR

‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller’.

Article 9(2) (b) GDPR

This article of the GDPR provides DWP with the lawful basis for processing `special category’ (sensitive) data:

“processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;”

For how Long will the University keep this Data

The University of Chester will retain your data for as long as necessary to fulfil the purposes for which it was collected and in line with any necessary legal, financial accounting or reporting requirements, this should not be beyond 31st December 2027.

Personal data held by DWP for all other ESF purposes as required by European Commission regulations will be retained in line with the current guidance on GOV.UK at:

https://www.gov.uk/government/publications/european-social-fund-document-retention.

Who has access to the Data and with whom will the University share this Data

Data will be shared with Project Partners and the University of Chester Accelerate Project Team including Skills Brokers employed by the relevant Local Enterprise Partnership (LEP) and the Skills Providers for the purposes of your training..

The information you provide to Accelerate Project / University of Chester will be shared with the Department for Work & Pensions (DWP) and used to evaluate this project and to report to the Accelerate Project / University of Chester and European Social Fund for monitoring purposes, in line with European Commission regulatory requirements.

Your information will also be shared with research organisations working on behalf of the Department for Work & Pensions who may contact you to discuss your involvement in the project for research purposes.  Participation in research is voluntary and you will be asked to consent before taking part in any research activity you may be contacted about.  

The DWP may also link your personal details to official administrative records in order to monitor your employment status before your ESF support began and 6 to 12 months after you left. This information may also be shared with research organisations working on behalf of the DWP however individuals will not be identifiable and you will not be contacted about this research.

Data will not be used or shared for any commercial or marketing purposes.

How will the University keep this Data secure

The University of Chester operates an Information Security Policy which recognises that with the increasing demands being placed on ICT and Information Systems there is a need to understand and control, in a coherent manner, the associated risks.  The principal objective of the policy is to protect the information, including personal data, held by the University.  In support of this policy the University publishes an Information Security Framework which is based on ISO 27001:2005 and uses ISO/IEC 27002:2005 Information Security Techniques – Code of Practice for Information Security Management.

The University has detailed measures implemented in the areas of Business Continuity Management; Information Handling; User Management; Acceptable Use of Computers, the Network and JANET; System Planning and Operation and Incident Reporting and Handling.

Access to all information services shall use a secure log on process and access to the University’s business systems is also limited by the location of the initiating terminal.  All access to information services is logged and monitored in order to identify potential misuse of systems or information.

All users of University information systems must manage the creation, storage, amendment, copying, distribution and deletion or destruction of data (in electronic or paper form) in a manner which is consistent with the security policy, and which safeguards and protects the confidentiality, integrity and availability of such data.

The University will ensure that all employees are familiar with the principles set out in this policy and will provide training and guidance where needed on policy interpretation, the information asset security classification scheme and information owner responsibilities. 

Data will be stored on a secured bespoke CRM system and paper records will be stored securely in a locked cupboard. Electronic and paper records will be securely destroyed in accordance with ESF guidelines.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. 

What Rights do you have as a Data Subject

As a data subject of the University, under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data.  As such you have the right to…

  • Withdraw consent - where the University has used consent as the legal basis for processing;
  • Be informed – about how the University, collects and uses your data;
  • Access your personal data that the University holds and process;
  • Rectify or correct any inaccuracies in your personal data that we hold;
  • Be forgotten by requesting that your details are removed from the University systems;
  • Restrict the processing of your data whilst it is being verified or corrected;
  • Port your data in a machine readable and commonly used format; 
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.

You may contact the University’s Data Protection Officer as necessary regarding your rights. 

Who is the Data Controller and who is the Data Protection Officer

For the purposes of the Data Protection legislation, the DWP is the data controller in respect to information processed which relates to all participation in the European Social Fund.  ESF grant beneficiary organisations are data processors in respect to information processed which relates to participants in the operations and projects funded by the European Social Fund.

DWP is not the controller for any other and or additional data collected by Accelerate Project-University of Chester that is not essential for delivering the ESF programme, or for any personal data that would normally be collected anyway by Accelerate Project-University of Chester.   The Data Controller for these purposes is the University of Chester, Parkgate Road, Chester, CH1 4BJ.  The Data Controller’s representative is Mr Adrian Lee, University Secretary, who may be contacted at the University address and on 01244 511000. 

The University’s Data Protection Officer (DPO) is Rob Dawson.  He may also be contacted at the University’s address and tel number and also by email on dpo@chester.ac.uk.

How to raise Questions, Comments, Concerns, or Complaints

Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above. 

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.