Privacy notice for Estates and Campus Services

How we use your information

The Directorate of Estates and Campus Services manages the physical estate of the University, including its development, maintenance, environmental management, security, cleaning and waste disposal. It also oversees the management of the University’s Botanic Garden and the University areas of Ninewells Hospital and the Kirkcaldy campus.

These activities can and do involve the processing of personal information about staff, students and other stakeholders. The processing of personal data normally follows engagement with an aspect of the Directorate’s work. For example:

Precinct Services manage areas such as campus security, including the deployment of campus-wide CCTV, access controls to buildings, intrusion alert systems and car parking. They also management incidents on the University’s public campuses which includes engagement with the Police and law enforcement agencies and the provision of personal data to such agencies where appropriate.

Estates process the personal data of staff and business contacts and contractors, further to the management and development of the estate, including the negotiation and management of capital projects. They also administer environmental programmes such as the ‘cycle to work’ scheme.

The Botanic Garden process personal data further to the attendance and use of the University’s facilities.

Personal data

Personal data will include identifiers such as name, role, email address, correspondence address and date of birth. Depending on the process it may include data such as professional references or reports on performance.

Information may be provided by individuals, be sourced from University systems such as the OneUniversity system, the student records system or the finance system, or maybe provided by agents or representatives on behalf of data subjects.

CCTV footage records anyone on the University’s campus for safety reasons and the prevention and detection of crime. This is normally retained for 30 days.

Sensitive (special categories) of personal data

Special categories of personal data may be processed in certain circumstances. For example, images captured by CCTV may include special categories of personal data where information can be determined from characteristics captured in those images.

Data controller

The data controller for personal data used in this Directorate is normally the University of Dundee. Data will be processed using the University’s business systems. The University has contracts with providers for their cloud services to safeguard your data.

Data will also be stored in other key University systems such as the OneUniversity system, the finance system and the student records system. Data in the OneUniversity system and the finance system is stored on the University’s servers. The finance system will move to a cloud-based provider (TechnologyOne) during 2018. The University has contractual controls in place to safeguard your data in this system.

Estates and Campus Services use QUEMIS to manage requests for maintenance and alteration to the estate. This includes the details of the person making the request and the nature of the service required. The database is stored on the University’s systems, but copies may be provided securely to the supplier, QUANTARC, for maintenance purposes.

CCTV is provided by Indigo Vision. The installation and support is provided by Scottish Communications.

Information on the identity of car owners can be received from the DVLA database where cars are parked against regulations. Solutions Lab provide DVLA searches for parking management. Debt collection agencies may be retained to recover monies owed per the University’s parking regulations. Those regulations are provided to anyone requesting a parking permit and are displayed on noticeboards at each of the University’s car parking areas. The regulations are also published online on the University’s website.

Lawful processing

The lawful grounds for processing personal data are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
• processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract
• processing is necessary for compliance with a legal obligation to which the controller is subject
• processing is necessary in order to protect the vital interests of the data subject or of another natural person
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The lawful grounds for processing special categories of personal data are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
• processing is necessary in order to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent
• the processing relates to personal data which are manifestly made public by the data subject
• processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
• processing is necessary for reasons of substantial public interest
• processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1)

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email dataprotection@dundee.ac.uk. You may also wish to contact the Information Commissioner’s Office.