Privacy notice for Procurement - Purchasing Cards

This management includes, but not limited to; training, the opening, closure and maintenance of accounts, reissue cards, and management of statements. The University and Barclaycard will retain your details as long as you have a card account with the University, the personal data will be deleted when the account is closed. It is important that you review the appropriate guidance and policies issued by Procurement before using Purchasing Cards.  

Personal data

In order to create and maintain your Purchasing Card Account updated, the University requires you to provide: your full name,  your professional details (role, department, and directorate), the name of your line manager, your UoD telephone number and email address, User ID (OneUniversity), your UoD correspondence address, and the name of your Senior Management Pool Approver.

In order for the Barclaycard to finalise the opening of your account, they require you to provide: your Nationality, Date of Birth, and whether you have UK residency.

You should refer to Barclaycard’s Privacy Notice for more information on how this service secures your data.

Special categories of personal data

The University does not require any special categories of personal data in the completion of these form.

Data controller

The University of Dundee will be the data controller for the information you provide in the Purchasing Card Forms. By completing the forms, you will note that the University will share your personal data with Barclaycard in order to offer you the service you are completing the form for. Any information supplied to Barclaycard they will became the data processors for.

You should refer to Barclaycards Privacy Notice for more information on how this service secures your data

Lawful processing

The lawful grounds for processing personal data within Finance are normally:

• The data subject has given explicit consent to the processing of those personal data for one or more specified purposes.
• Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Your rights

The University respects your rights and preferences in relation to you. If you wish to update, access, erase, limit the use of your information or if you wish to complain about the University’s use of your information please contact the University’s Data Protection Officer in the first instance by emailing dataprotection@dundee.ac.uk. You may also wish to contact the Information Commissioner’s Office.