What is data protection?
Data protection concerns information relating to living individuals. This might include names, addresses, dates of birth, photos, fees paid, NI number, religious beliefs, nationality and so on. Included is any data which is in, or is likely to come into, the possession of the data controller, i.e. Queen Mary and its employees, relating to individuals. It includes any expression of opinion about the individual and any indication of the intentions of Queen Mary, its staff or any other person in respect of the individual. Please see the glossary for more explanations of terms.
Staff should familiarise themselves with Queen Mary's Data Protection Policy [PDF 365KB] and its appendix of guidelines.
How Queen Mary uses your personal data
Queen Mary collects and processes information about students (and staff) for various teaching, research and administrative purposes, including the health, safety and welfare of individuals. All personal information will be treated strictly in accordance with Queen Mary's Data Protection Policy [PDF 365KB] and the Data Protection Act 1998 (DPA). This means that privacy will be respected, all appropriate security measures will be taken to prevent unauthorised disclosure or loss and the data will be used only for the purposes stated in Student Handbooks and at enrolment on the Fair Processing Notice (also available on request) or any other point of collection. You will be advised of any changes to this. Personal information will also be processed as per Queen Mary's notification with the Information Commissioner's Office (search for Z5507327) and its agreement with the Students' Union [DOC 32KB], which is a separate data controller.
Some of the personal information processed by Queen Mary is classed as "sensitive" data under the DPA (for example ethnic origin, criminal records, health records, etc). If you give Queen Mary any information regarding a disability or learning difficulty it may be passed to any member of Queen Mary who requires it in order to ensure appropriate arrangements for teaching, examination or other facilities, unless you explicitly object.
We do all we can to ensure that data remain accurate and up-to-date. It is important that you inform us of any changes to your personal information and keep your record updated on MySIS or MyHR.
In addition, Queen Mary is obliged to send some data about you to the Higher Education Statistics Agency (HESA). Please see HESA's fair processing notice for further details. QMUL staff should read HR's page. Disclosure may also be necessary in other circumstances such as a medical emergency or during the course of investigations being carried out by agencies such as the police.
See also the Right to Privacy and the Monitoring of Data [PDF 187KB].
How to access your personal data and requests
If Queen Mary processes your personal data you have a right to know what is held, for what purposes and to a copy of this data, on payment of the appropriate fee, by making a data subject access request. Queen Mary will not usually release information to third parties, including family members, without your consent. For further details please see the Information Commissioner's guidance.
You also have the right to object to any processing if you feel this causes you significant damage or distress. The Information Commissioner also has guidance on this.
If you wish to make a subject access request please fill in this form [DOC 46KB] and send it to firstname.lastname@example.org or to: Records & Information Compliance Manager, Room E04 Queens’ Building, Mile End Road, London E1 4NS. A response will be made within 40 calendar days. It is not compulsory to use the form, but any request must be in writing and there are instructions on it explaining the requirements to enable a request to be processed. Separate requests may be made to the Students' Union in relation to data it holds.
Members of staff who receive any requests for personal information should advise the Records & Information Compliance Manager. It is especially important to note that third party requests must be made in writing and properly authorised to ensure that the request is legitimate. If you are contacted by a third party such as the police you are under no obligation to provide any information unless the enquirer is in possession of a valid court order/warrant. The Records & Information Compliance Manager will advise.
For more information contact the Records and Information Compliance Manager. Training is available on request and via the Centre for Academic and Professional Development.
Visitors to our website should also view the Privacy Notice.