This applies to Jisc staff. If you're a member, customer or the public then see our general privacy notice
Jisc may process your personal data because:
We need it for the purposes of your employment
If you don’t provide us with the required personal data, we’ll try to continue to employ you, but it may mean that some options aren’t available to you. We’ll keep your data for as long as you remain an employee; your staff file will be kept for a further six years; basic information will be kept thereafter in case you need us to provide references, etc. If another organisation provides us with employment services (eg payroll), we’ll also make necessary data available to them. If this involves transferring information to a country not recognised as providing equivalent protection, we’ll use additional safeguards approved by UK or EU regulators. We require all organisations we work with to keep information as safe as we do.
The law requires us to
We’ll keep your personal data for as long as the law requires; after that, unless we need it for another purpose, we’ll delete it. The law may require us to disclose information to relevant authorities either routinely (eg taxation) or in specific circumstances (eg a criminal investigation).
We need it to ensure a safe and healthy workplace
We’ll keep the information for as long as you remain an employee, or until it is no longer relevant (for example because of a change in your role, or when a problem has been resolved). Any processing of medical data will be governed by the relevant professional code of practice.
We need it to identify problems, or to protect the company and other employees
We’ll keep information about your use of Jisc equipment and services for up to six months after you use them; after that, unless we need it for a particular investigation, we’ll delete it. Sometimes we use automated processing to detect and respond to problems more quickly: if you’re individually affected by this processing, you can ask us to review its results. If there are attacks on our services, or other criminal activity, we may share information with the police.
All these uses are checked to make sure they create a benefit, rather than a risk, for individuals. If you have particular circumstances that may increase your risk you may contact our data protection officer (see below) to ask for a review of that assessment.
You’ve asked us to, for example by subscribing to an optional mailing list or discussion group
We’ll keep your personal data until you ask us to change or delete it.
Individual activities may have their own privacy notices with further information about how they use your personal data.
Access to your own data
By law you have certain rights over your personal data that we hold:
- To receive a copy of the data
- To ask us to correct any errors
- To delete it once we no longer need it
To contact us regarding those rights, or anything else in this privacy notice, please contact our data protection officer by either emailing firstname.lastname@example.org, or writing to our registered postal address below. If you don’t feel we’ve dealt with your request appropriately, you can appeal to the Information Commissioner’s Office (ICO).