Privacy Notice and Cookies

NUSTEM’s privacy and cookie policy is closely based on the University’s policy, which may be found here.

1. Data Controller

Registration Number: Z7674926

University of Northumbria at Newcastle (“we”, “our”, “us”) processes data in accordance with our obligations under the General Data Protection Regulations (‘GDPR’), and is a registered Data Controller with the Information Commissioner’s Office (‘ICO’), which is the supervisory authority responsible for the oversight and enforcement of data protection legislation within the United Kingdom.

2. Overview

We are committed to protecting the privacy of all individuals. For the purposes of this privacy notice, personal data means any information about an identifiable individual. Personal data excludes anonymous or de-identified data that is not associated with a particular individual.

This privacy notice is a statement that describes how and why we process personal data in relation to any individual (“you”, “your”) visiting this website. It does not cover third party websites that you may access from links on this website, so when opening pages that take you away from this site, you should exercise caution.

This notice explains how you might control the use of your personal data in accordance with your rights under the GDPR. You may be given further information about the uses of personal data when accessing specific services and facilities.

3. Where do we get your personal data from and what data is collected?

You may provide us with some of your information directly when you use any of our online forms, for example to subscribe to our email newsletter, sign up for an activity, or nominate a student for an award. Examples of personal data we may process include:

  • Biographical information. For example your name, title, age, gender, interests.
  • Administrative information. Your contact details, event applications, etc.
  • Historical information. Your employment or academic history.

The NUSTEM website will not, at this time, ever request you for payment details, for example credit or debit card information.

Whenever you submit information, a link to this Privacy Notice will be made available to you.

We will only collect personal information (eg name and address) where you knowingly supply the information through online forms or by sending us an email. If you visit protected pages on this site (ie. by logging in, where a user ID and password are required), then we automatically collect the user ID used to access each page.

You may also provide us with data through your use of this website. As with most web servers, our system automatically collects the following information:

  • Requested URL (page Uniform Resource Locator)
  • IP (Internet Protocol) address of the page request, which may or may not identify a specific computer.
  • Domain name from which you access the internet (drawn from your IP address)
  • Referring URL (if you clicked a link to reach our page, the page on which that link was found)
  • Software (browser and operating system) used to access the page, along with technical details like screen size.

4. Activities for which we process your personal data

Data is required for the following activities, which has been identified as “necessary for the purposes of the legitimate interests pursued by the controller or by a third party”:

  • We will use the information collected to monitor traffic, helping us to measure the effectiveness of our website and to plan new developments. This data is processed anonymously.
  • We will only use the personal data which you supply for those purposes described at the point of collection or for those purposes which are legally permitted. We may use this information to contact you, at a later data, with details of news and events relevant to your original request, providing we have your consent. If you choose not to give consent, we will only use your personal information to respond to your enquiry.
  • We will also analyse how you interact with this website, such as the pages you visit and what elements you interact with. This may then be used to provide you with personalised content to enhance your user experience and help us to improve the website. Non-personal information such as your IP address will be used to determine your general location, to provide personalised information.
  • We will only disclose your personal information to third parties (ie. people or organisations outside Northumbria University) in ways which are permitted by this Statement or when required by law, for example to comply with a Court Order.

4a. Cookies

This website uses ‘cookies’, which are small text files placed on your computer when you visit the site which help us understand how you use our websites. Some of our cookies remain on your computer after you leave the website, while others are deleted automatically when you close your browser, and others expire after a given time. The following table provides a list of the cookies used on our website along with information about for how long they will remain active. Please note that we do not control the dissemination of information from third-party cookies, and you should check with the relevant third-party website for relevant information.

In each case, you will be able to disable cookies from within your web browser, or disable or delete individual cookies. Please consult the documentation for your software for assistance.

Our Cookies
PHPSESSIDUsed by our web server to keep track of individual browser sessions. No personal information is storied, and the cookie expires when the browsing session ends (ie. when you close the tab or your browser)
Google Analytics cookies
(_ga, _gat_gtag_UA_56849432_1, _gid)
Collects information about how visitors use the website, to be able to compile reports and make improvements to better meet our users’ needs. The cookies collect information in an anonymous form, including the number of visitors to the site, the paths they have taken through the site, and how they reached the site. Individual cookie expiration times are between 10 minutes and 2 years.
Google Analytics data and privacy information
aviaCookieConsent, viewed_cookie_policyThese cookies are related to the way our web publishing system stores information about other cookies (yes, it’s cookies all the way down). No personal information is stored. aviaCookieConsent expires in two months; viewed_cookie_policy in one year.
Third-Party Cookies
Facebook
(fr, …)
Facebook cookies indicate logged-in status information to show relevant and social information for the social plugins and services. We use Facebook on our site to enable visitors to share our content into their Facebook timelines.
Facebook privacy information and opt out options
Twitter
(_ga, ey_cn, gdpr_io, guest_id, personalisation_id, tfw_exp, …)
We use Twitter to display relevant feeds on our site to enhance our content. Twitter widget data such as page visit and browser information is held within the cookie. Twitter also used logged in status information and may tailor content to improve your experience.
Twitter privacy information and preference options

4b. Communications

We will contact you in relation to events and products that we believe are relevant to you based upon their similar nature to your engagement with us, include: events, benefits and opportunities offered by us, or in relation to operational information (eg. building closures, etc).

If, at any stage, you are concerned about the content, frequency or method of these communications, you can unsubscribe or update you preferences using the link which will be provided at the bottom of the relevant correspondence.

5. How personal data is stored securely by Northumbria University

We have implemented appropriate physical, technical, and organisational security measures designed to secure your personal data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties that have a legitimate business need for such access.

All of our employees, contractors and volunteers with access to personal data receive mandatory data protection training and have a contractual responsibility to maintain confidentiality and access to your data is restricted to those members of staff who have a requirement to access it. Your data may be transferred and processed between relevant departments in order to provide you with access to services, to provide you with support or to fulfil the processing activities listed above.

We utilises many different storage solutions and IT systems, some of which are outsourced to third party providers. For example, email accounts are provided by the Microsoft Live@Edu service.

Where processing takes place with an external third party, processing takes place under an appropriate agreement outlining their responsibilities to ensure that processing is compliant with the Data Protection legislation and verified to be secure.

6. Your rights under GDPR

Under the GDPR, you have a number of rights in relation to the processing of your personal information, each of which may apply to differing degrees dependent upon the nature of the processing and the legal basis for it. You have the right to:

  • Be informed as to how we use your data (via this privacy notice).
  • Request access (a copy) of the personal information we hold about you.
  • Correct inaccurate or incomplete data.
  • Request that we stop sending you direct marketing communications.

In certain circumstances, you may have the right to:

  • Have your data erased.
  • Request us to restrict the processing of your personal data.
  • Request that data you provided to us electronically be returned as a data file.
  • Object to certain processing of your personal data by us.

In some cases, there may be specific exemptions as to why we aren’t able to comply with some of the above. Where this is the case, we will explain the reasons why. In order to exercise any of the above rights, please contact the Data Protection Officer (details below).

7. Data Protection Officer

The Data Protection Officer for Northumbria University is Duncan James. Please do not hesitate to email us as dp.officer@northumbria.ac.uk. If your request is urgent, please call +44 (0)191 243 7357.

8. Lodging a Complaint with the Information Commissioners Office (ICO)

If you are dissatisfied with our processing of your data, or a response to a complaint you have made to us about it, you have the right to complain to the ICO.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113 (local rate) or 01625 545 745
Fax: 01625 524 510

For more information see Information Commissioner’s web site.

9.Changes to this privacy notice

We keep this privacy notice under regular review and will communicate any significant updates to you. This privacy notice was last updated in May 2018 and will be reviewed annually.