Privacy notice for Library, Learning, Culture and Information

How we use your information

Library, Learning, Culture and Information manages significant resources in support of teaching and research (including the University’s cultural collections), develops and deploys solutions for technology-enhanced learning and oversees the University’s information governance.

Personal data is used throughout the work of these teams. For example:

The provision of access to Library resources requires the maintenance of borrower records, log-in and access information to e-resources such as books and journal articles and the management of information concerning vendors, suppliers and other professional contacts.

Technology-enhanced learning includes provision of access to the Virtual Learning Environment and associated log-in information and educational activity with the system and related software, such as online submissions and plagiarism detection, use of discussion boards and completion of tests and assignments.

Research management activity includes the storage of information about researchers themselves and their outputs and information on research participants contained in datasets passed to the custody of the Library. The research management system provides a public profile of University researchers and maintains records of publications, research grants and research datasets.

The cultural collections (Archives and Museums) have extensive sets of personal information within the collections themselves and in administrative activities concerning service users, donors and depositors, supporters and volunteers.

Information Governance process personal data concerning those persons making enquiries under freedom of information or data protection legislation. They also process personal data and special categories of personal data when providing specialist advice and guidance to the University in this domain.

The management of facilities throughout the directorate, including door access, visitor logs for safety and security purposes and CCTV involves the collection and processing of personal data.

Personal data

The categories of personal data normally processed will be dependent on the activity. However, the processing of identifiers such as name, email, address, date of birth, telephone number, gender, ID number will be common through many activities.

Where learning technology is used, assessment information will be processed.

In research management, information concerning role and performance will be held concerning University researchers.

Sensitive (special categories) of personal data

Throughout the activities in this directorate, all special categories of personal data will be processed.

Data controller

The data controller for personal data used in this Directorate is normally the University of Dundee. Data will be processed using the University’s business systems. These include Microsoft 365 which is cloud-based. The University has contracts with these providers for their cloud services  to safeguard your data.

Specialist systems used in this directorate include Blackboard (the University’s VLE), Alma (the Library Management system), AToM and Archivematica (the Archive Management systems), KE_EMu (the Museums system), PURE (research management system),Turnitin (assignment submission and plagiarism detection software), WordPress (learning sites and individual portfolios),QuestionMark (online assessment) and the various electronic journals and other resources available through the Library.

Lawful processing

The lawful grounds for processing personal data within LLC&I are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• where the processing is necessary for the pursuit of our legitimate interests;
• processing is necessary for compliance with a legal obligation to which the University is subject
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University 

The lawful grounds for processing special categories of personal data within LLC&I are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
• processing relates to personal data which are manifestly made public by the data subject
• processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
• processing is necessary for reasons of substantial public interest
• processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the UK GDPR (as supplemented by section 19 of the Data Protection Act 2018) based on domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

Where processing falls out-with the normal course of business the University may, from time to time, seek your consent to process special categories of personal data for one or more specific purposes.

The University may choose to identify one or more bases for lawful processing in relation to specific activities in this domain. Please see data protection University for more information.

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email dataprotection@dundee.ac.uk You may also wish to contact the Information Commissioner’s Office.

Changes to our privacy policy

This Privacy Notice may be updated from time to time. Any updates will appear on this webpage. You should check this notice regularly to keep yourself informed of any changes.

If you have any questions about our privacy notice, please contact the Data Protection Officer on dataprotection@dundee.ac.uk or by post at University of Dundee, Nethergate, Dundee, DD1 4HN.