Data protection privacy notice for business engagement and knowledge exchange activities

Data is provided either:

• by you when you contact us about one of our services or initiatives or
• by your organisation.

We may collect the following types of personal data about you:

• name
• job title
• email address
• phone number
• postal address
• organisational or personal bank or building society account details

Data will be processed for the following purposes:

To engage in discussion with you about possible business opportunities:

• To submit bids for external funding for knowledge exchange projects
• To log and track business engagement opportunities
• To take steps at your request prior to entering into a contract with you

To manage your contract with us:

• to enable contract partners to undertake their roles in the performance of the contract
• to pay for your services into your bank account.

To comply with data protection laws:

• to respond to freedom of information and subject access requests.

We have identified appropriate legal bases for processing data as follows:

Contract

• We process some of your data because it is necessary for the performance of a contract to which you are a party or take the necessary steps to enter into a contract with you.

Legal obligation

• We process some of your information in order to comply with data protection laws.

We may share some of your personal data with:

Other Kingston University employees

• employees of Kingston University only where they have legitimate need to access the data.

Other third parties

• other collaborators involved in collaborative funding bids as well as external funding bodies.

In all cases access will be restricted to individuals with the appropriate permissions and duty of confidentiality

We keep your personal data only for as long as is necessary.

Business Engagement and Knowledge Exchange data will generally be retained:

• where you enter into a contract with us - after the end of the contract for the current tax year plus 6 years.
• where you don't enter into a contract with us – 6 years from date of last activity

For full details you can access the University retention schedule on our website at policies and regulations.

Data will be anonymised or securely destroyed at the end of its retention period.

Under the GDPR and the Data Protection Act 2018, you have the following rights:

• to access the personal data we hold about you
• to require us to correct the personal data we hold about you
• to require us to erase your personal data
• to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal)
• to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to another controller
• to object to any of our particular processing activities where you feel this has a disproportionate impact on your rights
• to not be subject to a decision based solely on automated processing, including profiling, which has a legal effect on you

Please note that the above rights are not absolute and we may be entitled to refuse requests where exceptions apply.

When considering your personal data, contract partners should ensure the information provided to the University remains accurate and up to date. You should inform the University as soon as possible if details, such as your address, change.

When handling other people's personal data, contract partners are required to maintain confidentiality and abide by the GDPR principles. These responsibilities are set out in our Data Protection Policy.

If you have any queries about this privacy notice or how we process your personal data, or you wish to request access to the personal data we hold about you, please contact BusinessServices@kingston.ac.uk.

If you then wish to exercise your rights as a data subject, please use the Data Subject Request form on our website under policies and regulations.

If you have further questions, please email dataprotection@kingston.ac.uk.

If you are not satisfied, you can make a complaint to the Information Commissioner. You can find out more about your rights under data protection legislation from the Information Commissioner's Office website.