Privacy Notice

Introduction

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or hold.  This Data Processing and Privacy Notice describes how and why we collect and use personal information about you.  It is issued under your right to be informed about how the University collects, uses and stores your personal data.

The Storefront online shop is owned and maintained by University of Chester.  This site allows users to reserve attendance at University of Chester events, buy University of Chester press books, make payment for copies of University of Chester transcripts or certificates, and purchase University of Chester memorabilia or gifts.

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

What Personal Data does the University collect?

1. Personal contact details that you provide such as your name, title, address, telephone numbers and email address;

2. If you are purchasing attendance at an event or training course: Any further information provided relevant to your attendance. This may include, where appropriate: membership of professional bodies, academic/student status, attendance preferences, your student number, dietary requirements, access requirements

3. If you are purchasing a gift or memorabilia item: Product preferences, for example, size and colour of ordered products

4. If you are purchasing copies of University certificates or transcripts: Your academic qualifications (including programme title, campus and start/end dates) and your student number. For nursing transcripts and badges, we also request your NMC pin number.

What Special Category Data does the University Collect?

If you have provided any access requirements or health related dietary requirements as part of your booking for a University of Chester event then we may use this information in order to accommodate your requests and support your attendance. This data will be used to ensure that we are offering an inclusive and accessible experience and that we are able to meet the needs of our customers.

Why does the University need this data and how will the University use this data?

The information you provide may be used to:

  • Provide you with the information, products or services that you have asked for and/or
  • Facilitate your attendance at an event
  • Manage your customer service queries
  • Maintain your Storefront account

What is the Legal Basis for processing the data?

University of Chester Storefront will use the following legal bases for processing data, depending on the customer category and purpose for processing the data:

 

Customer Category

Purpose of processing data

Legal basis for processing

Prospective Purchasers of goods or services

Necessary communications

Legitimate interests

Purchasers of goods or services

Fulfilment of an order

Contract

Purchasers of goods or services

Recording a transaction

Legal obligation

Event attendees providing special category data

Fulfilment of an order

Consent

 

 

For how long will the University keep this Data?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  Storefront transaction records are kept for up to seven years.

Who has access to the data and with whom will the University share this data?

Your information may be shared internally for the purposes of facilitating your attendance at an event or proving a product or service that you have ordered.  Members of the organising committee for events, the Conference Department, the Finance department and those employees that are concerned with fulfilling Storefront orders may use your information where appropriate to access the data necessary for performing their role.

In some circumstances we must provide data to external organisations that require this information in order to assist in fulfilling your order.  Some examples of this would be if we needed to pass on an attendance list to the host of an event that was not held on our campus, or details of your dietary preference to an event caterer.  We do not provide data to any third parties for marketing communication reasons.

All credit/debit card payments are processed by Worldpay. As such, we pass your name, address and amount of your order to Worldpay. They require this information to process your payment.

How will the University keep this data secure?

We maintain technical and organisational security measures in order to protect your personal data. These measures include encryption, the use of SSL and firewalled systems.  Access to customer data is only permitted to authorised employees who require this information in order to process your order. Your credit/debit card information is not stored or retained on Storefront. 

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. 

What Rights do you have as a Data Subject?

As a data subject of the University, under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data.  As such you have the right to…

  • Withdraw consent - where the University has used consent as the legal basis for processing;
  • Be informed – about how the University, collects and uses your data;
  • Access your personal data that the University holds and process;
  • Rectify or correct any inaccuracies in your personal data that we hold;
  • Be forgotten by requesting that your details are removed from the University systems;
  • Restrict the processing of your data whilst it is being verified or corrected;
  • Port your data in a machine readable and commonly used format; 
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.

You may contact the University’s Data Protection Officer as necessary regarding your rights. 

Who is the Data Controller and who is the Data Protection Officer?

The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ.  The Data Controller’s representative is Mr Adrian Lee, University Secretary, who may be contacted at the University address and on 01244 511000. 

The University’s Data Protection Officer (DPO) is Rob Dawson.  He may also be contacted at the University’s address and tel number and also by email on dpo@chester.ac.uk.

How to raise questions, comments, concerns, or complaints.

Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above. 

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.