Privacy notice

Finance Privacy Notice

Updated on 15 May 2020

How the Directorate of Finance process the personal information of staff, students, and other stakeholders

On this page

How we use your information

The Finance directorate is responsible for all activities concerning the financial management of the University. This includes processes such as accounts payable, accounts receivable, management accounting, research finance, procurement, insurance and cash office functions.

These activities can and do involved the processing of personal information about staff, students and other stakeholders.

Management and financial accounting control the University’s ledger. They have access to all aspects of the University’s financial arrangements including all personal data concerning staff, students and other stakeholders in the finance and other systems relevant to their role.

Accounts receivable hold information concerning customers of the University. Accounts payable hold information concerning the University’s suppliers. Data will also be held concerning previous customers and suppliers.

Research finance manages the financial aspects of the University’s externally-funded research contracts. This includes information on the status and salary of University staff and/or students funded in this way. Similar information will be held concerning employees of other institutions when working in partnership with them.

Procurement process the personal data of staff and business contacts and contractors, further to the management of the University’s relationships with suppliers, including the negotiation and management of procurement contracts.

The insurance team, as well as overseeing the overall insurance arrangements for the University, hold information on designated University drivers, including copies of their driving licenses and any declarations they may have made concerning their fitness to drive vehicles under the University’s insurance policies.

Personal data

Personal data will include identifiers such as name, role, email address, correspondence address and date of birth. Depending on the process it may include data such as professional references or reports on performance.

This information may be provided by individuals, be sourced from University systems such as the HR system, the student records system or the finance system, or maybe provided by agents or representatives on behalf of data subjects.

Sensitive (special categories) of personal data

Special categories of personal data may be processed, for example where disclosed to the University to claim appropriate taxation allowances.

Data controller

The data controller for personal data used in this Directorate is normally the University of Dundee. Data will be processed using the University’s business systems. The University has contracts with providers for their cloud services to safeguard your data.

Data will also be stored in other key University systems such as the human resources system, the finance system and the student records system. Data in the human resources system and the finance system is stored on the University’s servers. The finance system will move to a cloud-based provider (TechnologyOne) during 2018. The University has contractual controls in place to safeguard your data in this system.

Lawful processing

The lawful grounds for processing personal data within Finance are normally:

  • The data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
  • Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The lawful grounds for processing special categories of personal data within Finance are normally:

  • The data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
  • Processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law.
  • The processing relates to personal data which are manifestly made public by the data subject.
  • Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
  • Processing is necessary for reasons of substantial public interest.
  • Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1).

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email You may also wish to contact the Information Commissioner’s Office.


Data Protection
Corporate information category Data protection