Privacy notice

Privacy notice for the Directorate of Finance

Updated on 10 May 2022

How the Directorate of Finance process the personal information of staff, students, and other stakeholders

On this page

How we use your information

The Finance directorate is responsible for all activities concerning the financial management of the University. This includes processes such as accounts payable, accounts receivable, financial accounting, finance business partnering, research finance, procurement, insurance and cash office functions.

These activities can and do involve the processing of personal information about staff, students and other stakeholders.

Financial accounting and finance business partnering are responsible for the University’s financial ledgers. They have access to all aspects of the University’s financial arrangements including all personal data concerning staff, students and other stakeholders in the finance and other systems relevant to their role.

Accounts receivable hold information concerning customers of the University. Accounts payable hold information concerning the University’s suppliers. Data will also be held concerning previous customers and suppliers. Accounts payable also manage the reimbursement of expenses processes and the student stipend payment process, including processing all personal data (including banking details) necessary to make such payments.

Research finance manage the financial aspects of the University’s externally-funded research contracts. This includes information on the status and salary of University staff and/or students funded in this way. Similar information will be held concerning employees of other institutions when working in partnership with them.

Procurement process the personal data of staff and business contacts and contractors, further to the management of the University’s relationships with suppliers, including the negotiation and management of procurement contracts.

The insurance team, as well as overseeing the overall insurance arrangements for the University, hold information on designated University drivers, including copies of their driving licenses and any declarations they may have made concerning their fitness to drive vehicles under the University’s insurance policies.

Sole traders should note that where they carry out work for the University, their personal data including their names, contact details and banking information will be processed by the University.

Personal data

Personal data will include identifiers such as name, role, email address, correspondence address, date of birth and banking/payment information. Depending on the process it may include data such as professional references or reports on performance.

This information may be provided by individuals, be sourced from University systems such as the OneUniversity system, the student records system or the finance system, or may be provided by agents or representatives on behalf of data subjects.

Sensitive (special categories) of personal data

Special categories of personal data may be processed, for example where disclosed to the University to claim appropriate taxation allowances, or where they are disclosed so that reasonable adjustments can be made.

Data controller

The data controller for personal data processed by Finance is normally the University of Dundee. Data will be processed using the University’s core business systems., which may also include M365 which is cloud based.

Data will also be stored in the major University line of business systems such as the OneUniversity system, the finance system and the student records system. Data in the OneUniversity system is stored securely in the Cloud and the students records system is stored on the University's servers. The Finance system is provided by Technology One and is cloud-based. The student record system is SITS.  The University has contractual controls in place to safeguard your data in these systems.

Lawful processing

The lawful grounds for processing personal data within Finance are normally:

  • the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The lawful grounds for processing special categories of personal data within Finance are normally:

  • the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law;
  • processing relates to personal data which are manifestly made public by the data subject;
  • processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  • processing is necessary for reasons of substantial public interest;
  • processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1).

Personal data and special categories of personal data may also be processed to protect vital interests should that be necessary.

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email You may also wish to contact the Information Commissioner’s Office.


Data Protection
Corporate information category Data protection