Privacy notice for Library and Learning and Culture and Information

How we use your information

Library and Learning and Culture and Information manages significant resources in support of teaching and research(including the University’s cultural collections), develops and deploys solutions for technology enhanced learning and oversees the University’s information governance.

Personal data is used throughout the work of these teams. For example:

The provision of access to Library resources requires the maintenance of borrower records, log-in and access information to e-resources such as books and journal articles and the management of information concerning vendors, suppliers and other professional contacts.

Technology enhanced learning includes provision of access to the Virtual Learning Environment and associated log-in information and educational activity with the system and related software, such as online submissions and plagiarism detection, use of discussion boards and completion of tests and assignments.

Research management activity includes the storage of information about researchers themselves and their outputs and information on research participants contained in datasets passed to the custody of the Library. The research management system provides a public profile of University researchers and maintains records of publications, research grants and research data sets.

The cultural collections (Archives and Museums) have extensive sets of personal information within the collections themselves and in administrative activities concerning service users, donors and depositors, supporters and volunteers.

Information governance process personal data concerning those persons making enquiries under freedom of information or data protection legislation. They also process personal data and special categories of personal data when providing specialist advice and guidance to the University in this domain.

The management of facilities throughout the directorate, including door access, visitor logs for safety and security purposes and CCTV involves the collection and processing of personal data.

Personal data

The categories of personal data normally processed will be dependent on the activity. However, name, email, address,date of birth, telephone number, gender, ID number will be common through many activities.

Where learning technology is used, assessment information will be processed.

In research management, information concerning role and performance will be held concerning University researchers.

Sensitive (special categories) of personal data

Throughout the activities in this directorate, all special categories of personal data will be processed.

Data controller

The data controller for personal data used in this Directorate is normally the University of Dundee. Data will be processed using the University’s business systems. These include Microsoft 365 and Box.com, both of which are cloud-based. The University has contracts with these providers for their cloud services to safeguard your data.

Specialist systems used in this directorate include Blackboard (the University’s VLE), Alma (the Library Management system), CALM (the Archive Management system), KE_EMu (the Museums system), PURE (research management system),Turnitin (assignment submission and plagiarism detection software), WordPress (learning sites and individual portfolios),QuestionMark (online assessment) and the various electronic journals and other resources available through the Library.

Lawful processing

The lawful grounds for processing personal data within LLC&CI are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
• processing is necessary for compliance with a legal obligation to which the controller is subject
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

The lawful grounds for processing special categories of personal data within LLC&CI are normally:

• the data subject has given explicit consent to the processing of those personal data for one or more specified purposes
• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law
• processing relates to personal data which are manifestly made public by the data subject
• processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
• processing is necessary for reasons of substantial public interest
• processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1)

Your rights

The University respects your rights and preferences in relation to your data. If you wish to update, access, erase, limit or complain about the use of your information please email dataprotection@dundee.ac.uk You may also wish to contact the Information Commissioner’s Office.