Customer Privacy Notice
This Privacy Notice refers to prospective, new, existing and former customers of the University.
In this Privacy Notice we use the term ‘customer’ to refer to those who entered or have expressed an interested in entering into a contractual relationship, with Canterbury Christ Church University (CCCU) for a specified service other than as a student or an employee.
- 1) Information about you: what we collect and how we use it
- 2) The legal basis for the processing of the data
- 3) What happens if you refuse to provide your personal information?
- 4) Recipients of your Personal Data
- 5) How does The University protect data?
- 6) Retention Period
- 7) The Data Controller and further information
1) Information about you: what we collect and how we use it
CCCU, as the operator or the service provider, collects and processes personal data. This is for the performance of a contract or to take steps at your request prior to entering into a contract with you.
CCCU could require and process the following personal data:
- Your name, surname and information useful to identify you
- Information relevant for the fulfilment of the service included in the contract
- Your contact details or any other contacts you could provide us in order to contact you in relation to the contract
- Any other personal data necessary for the performance of or for you to enter into a contract and specified in the pre-contract information.
2) The legal basis for the processing of the data
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Contractual obligations
CCCU will process your personal data to provide you with a service or product in fulfilling the contract.
This includes when we may share your personal data with other organisations that we engage to process data on our behalf.
We may be required also to process your personal data using a different legal basis for the processing.
5.1.4 The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(b):
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”
Legal Obligation
We may need to process your data in order to ensure we are complying with relevant laws and legislation.
This may be to ensure we meet our statutory obligations, including those related to diversity, equal opportunities and health and safety.
There may also be occasions in which we have to pass on details of people involved in fraud or other criminal activity to law enforcement and regulatory bodies
5.2.5 The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(c):
(c) processing is necessary for compliance with a legal obligation to which the controller is subject.”
Legitimate Interest
If the interest of the University overrides your legitimate right to privacy, we could share your data with other organisations for clear and well defined legitimate purposes. This includes sharing your data with one of our agents if a debt you own to CCCU should be recovered.
We might process your personal data for Direct Marketing purposes. Please read further information in our Direct Marketing Privacy Notice.
3) What happens if you refuse to provide your personal information?
If you choose not to submit any personal information when requested, we may not be able to perform the contracted service and/or personalized features. This may limit the services we want to provide you.
For example, if you refuse to share your contact details, you will not be able to receive any communication via of our customer service helpdesk. If you refuse to provide your credit card number, you will not be able to purchase services you could require from the University.
4) Recipients of your Personal Data
To fulfil the contractual relationship, CCCU may need to transfer your data to third party organisations including our contractors.
When CCCU uses a company to process data on our behalf, we put in place a contract that meets the requirements of the UK General Data Protection Regulations.
CCCU may also share your data with Partners, Agents, Contractors and other third parties. Examples of these third parties include debt recovery companies, solicitors, and courts in relation to unpaid fees.
5) How does The University protect data?
The University takes the security of your data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the University engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
6) The Data Controller and further information
CCCU will retain your data for as long as required by the purpose included in this Privacy Notice. This is the limitation period for Simple Contract as stated by the Limitation Act 1980, which is six years after the completion of the contract.
7) The Data Controller and further information
Canterbury Christ Church University is the Data Controller for this personal data.
Please click the link below to access further information regarding: