Privacy notice and cookies
Information you need to know
LJMU takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations. We comply with all legislation regarding the protection of your personal data including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. We have built-in security measures to reduce the risk of your personal data being misused, lost or stolen. Our secure network requires unique login details and passwords, and only allows access to personal data to those who need it.
Liverpool John Moores University is registered as a Data Controller with the Information Commissioner’s Office (ICO) under registration number: Z5616967. Our register entry is publicly available on the ICO’s website and sets out the general purposes for which we process personal data.
How to contact the Data Protection Officer
The Data Protection Officer advises the University on how to comply with the data protection legislation and manages and coordinates requests made under GDPR.
Email: DPO@ljmu.ac.uk
Data Protection and Information Officer
Legal and Governance Services
Exchange Station, 2nd Floor, Tithebarn Street
Liverpool
L2 2QP
The type of information we are collecting
LJMU is formed of many schools and departments, and we collect a wide range of information for different purposes. For example: personal data will be collected by LJMU whenever you apply for a course or a job or when you request information from us. Personal data is any information that refers to a living and identifiable individual. This could be your name, your contact details, your academic records or details of your health records.
The type of personal data we collect will be appropriate to your interaction with us, be that as a student, a member of staff or a visitor.
Why we are collecting your data and the legal basis for this
LJMU will collect personal data from you for many reasons and will, at all times, do so in compliance with the principles of the GDPR.
As a public body, the most common reasons we process personal data are:
- to carry out our official public functions of providing education and conducting research and
- to comply with our legal and regulatory obligations
The legal basis for processing personal data in specific circumstances is set out in each of the privacy notices we provide in this area of our website.
The source of this personal data
In most cases personal data will be collected directly from data subjects, however, in the case of students we may receive initial contact information for you from third parties UCAS, agents or employers.
Who has access to this data
Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role. We may also lawfully share information with third parties such as:
- The Student Loan Company
- Higher Education Statistics Agency (HESA)
- Media
- Police
- Providers of software we use or event organisers
Details of who we share data with are set out in each of the specific privacy notices.
Protection of your data
The University takes data protection very seriously. For services provided locally by Information Services, information is stored on servers located in secure University datacentres. These datacentres are resilient and feature security access controls, environmental monitoring, backup power supplies and redundant hardware. Information on these servers is backed up regularly and use a wide array of technology to ensure data security is continually dealt with to high professional standards. All Liverpool John Moores University staff who have access to your information have received data protection training. We only use third party systems to store and process your data for which we have completed a risk assessment exercise to ensure your data is secure.
The length of time your data will be stored for
We will keep your information only for as long as we need it and in accordance with our Records Retention Schedule. When we no longer need the information, we will dispose of it securely.
Your rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (this could be in a portable electronic format)
- require the University to change incorrect or incomplete data if you think that it is inaccurate or out of date
- require the University to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing
If your personal data has been provided by consent you have a right to withdraw that consent at any time.
If you would like to exercise any of these rights, please email the Data Protection Officer.
Transfers of data outside the UK
Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a university based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example, model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).
Automated decision making
We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human.
How to complain to the Information Commissioner's Office
You have the right to complain to the Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted:
Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF
Telephone: 0303 123 1113
Email: contact can be made by accessing the ICO’s website.
Changes to our privacy notices
We keep our privacy notices under regular review. This privacy notice was last updated in July 2022.