Anglia Ruskin University Higher Education Corporation (ARU) is committed to protecting your personal information when you use our services.
When saying “we”, “our” or “ARU”, we’re referring to Anglia Ruskin University where we are the employer or prospective employer, including where a role is delivered at a relevant subsidiary of ARU.
Please read the following privacy policy to understand how we use and protect the information obtained via the following online services:
It also relates to us using any personal information that you provide by phone, SMS, email, in letters and other correspondence, and in person.
This Privacy Policy explains the following:
By providing us with your personal data and using our services, you agree to the collection and use of this information in accordance with the purposes described above in this privacy notice or as otherwise explained to you.
If you have any requests concerning this Privacy Policy, your personal information, or any queries with regard to our processing please contact [email protected].
Whenever we ask for your personal data we will always make sure that it is necessary to identify you from the data we collect. If we do need to identify you we will make sure that we only collect and use the minimum details we need for the specific purpose.
We may receive your personal information when you: participate in, access or sign up to any of our services, activities or online content, phone or email us, apply for one of our jobs or create an account on our website.
We will collect the following about applicants for employment:
Once you become a member of staff we will also collect (at different times) some or all of the following:
ARU also collects data about how you use ARU mobile apps, websites or other university-related online content, and the device(s) you use to access these services. This includes collecting unique online identifiers such as IP addresses, which are numbers that can uniquely identify a specific computer or other network device on the web. For more information, please see the section on cookies within this privacy notice.
In all cases your personal data will be processed confidentially and securely.
Known as ‘Special Category Data’, this includes information relating to racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation and criminal convictions and offences.
We may process special categories of personal data in the following circumstances where:
We will use personal data:
We will only collect and use information relating to criminal convictions where:
You can see your employee information we hold by logging into Business World. It is important that the personal data we hold about you is accurate and current so please keep us informed if your data changes during your relationship with us. You can do this by contacting Human Resources.
We may contact you by post, telephone or fax as well as by email, SMS and MMS. If you change your mind about being contacted in the future by any of these means you will be given the option to change your preferences.
Anyone taking part in university activities where they may be photographed, filmed, videoed or otherwise captured in image form: Where possible and practical to do so, we will seek written agreement for image capture and explain any intended use. Where this is not possible for practical reasons, unless express objections are received following our raising awareness that image capture will be taking place, individuals attending an event at ARU are deemed to have given their agreement by attending or remaining at the event. Any queries should be raised with the event host in the first instance.
Where the University publishes personal data on its website (such as name, contact details or image) and on Social Media tools (such as Twitter or Facebook) it will be accessible to users from all over the world. Your information can also be searched for using an identifier such as your name, and may be copied and used by any other person using the Internet. Most importantly, once your personal information has been published on the Internet, ARU has limited or no control over its subsequent use and disclosure, and cannot guarantee it has the technical control to remove it from publication. Please consider this for activities where we may ask for your consent to use your data in this way.
ARU will maintain a permanent record of its activities; particularly of key initiatives, major milestones in our history and of the work of key individuals associated with us. Where this archive collection may include personal data we will comply with the law by having appropriate safeguards in place to ensure our use of the data does not affect your rights, including where we may display, publish or provide researcher access to our collections. We do this under our legitimate interests’ and hold ‘special category data’ for archival purposes as the law allows.
We set out in the legal basis section of this policy all the purposes for which we may process your personal data, identifying the legal basis and those external parties to whom we may disclose that personal information
We may contact you by post, telephone or fax as well as by email, SMS and MMS. If you change your mind about being contacted in the future by any of these means then please contact [email protected].
Some of ARU's positions have specific qualification requirements and automated processing will be applied at application stage through our e-recruitment system to confirm these are met. All applicants will be asked to confirm whether they meet the specific criteria for the post they are applying for by selecting a Yes/ No answer. They will be allowed to proceed with an application where they confirm the requirement is met. If the applicant disagrees with the decision they have 21 days to request a reconsideration.
Any personal data is disclosed to ARU staff with a need to know, such as Occupational Health, Employee Assistance Programme provider, Disclosure and Barring Service, HMRC, Payroll and Pensions providers, UKVI, Unions and other organisations acting on behalf of ARU, all under contract or legal agreement in the administration of our employees’ data.
We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you (including benefits) or where we have another legitimate interest in doing so. ”Third parties” includes third-party service providers (including contractors and designated agents).
The following activities are carried out currently by or with the assistance of the following third-party service providers at applicant stage:
And once you are a member of staff we will also carry out:
Where we receive notification, from the Office of the Independent Adjudicator (OIA), of a complaint made by a current or previous student we may be required to disclose relevant personal data to the OIA to assist in their investigation.
In addition, we will share anonymised statistical information with the following third-parties: ONS, UCEA, Xpert HR, HESA, DLA Piper, Equality Challenge Unit - Athena Swan and Inclusive Employers.
All our third-party service providers, including any change in provider, are required, under contract, to take appropriate security measures to protect your personal data in line with our policies.
ARU only permit a third-party service to process your personal data for specified purposes and in accordance with our instructions. We do not allow our third-party service providers to use your personal data for their own purposes.
Under our legitimate interests we permit third parties under contract to hold and provide access to employee data on our systems in secure IT cloud storage facilities, and to securely store hard-copy data in commercial storage facilities.
Please note that countries outside the European Economic Area do not always have the same strong data protection laws. However, we will always take steps to ensure that your information is used by third parties in accordance with the terms of this Privacy Policy.
Unless required or permitted to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your agreement.
Your personal data will be held confidentially for as long as necessary to fulfil the purposes for which it was it collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The personal data you provide as part of the recruitment process will only be shared with those who need to see your application for administrative purposes, selection, statistical analysis and research. The data will be archived on our e-recruitment system after a period of inactivity and anonymised equality data will only be available for statistical returns.
Should you be appointed to a position, the personal data provided on application (including equality monitoring data) will continue to be held by Anglia Ruskin University as part of its employee records.
Personal data held as part of your employee record, unless otherwise deleted in accordance with the retention schedule, will be archived 1 year after the end of employment and kept for a minimum of 6 years after the end of employment.
Data will be retained in accordance with our retention schedule Records Retention Schedule.
If we wish to retain your personal information on file, on the basis that a further opportunity may arise in future and we may wish to consider you for that, we will write to you separately, seeking your explicit consent to retain your personal information for a fixed period on that basis.
The personal data we obtain from you is used to enter into a contract of employment with you or to perform ARU’s obligations under your contract of employment, to comply with a legal obligation imposed on ARU or where it is necessary for ARU's legitimate interests or those of a third party, provided your interests and fundamental rights do not override them.
The situations in which we will process the following categories of personal data are listed below.
Specific Purpose | Legal Basis |
---|---|
1. Informing our decision about employing you and determining the terms on which you will work for us, requiring you to provide:
|
Necessary for the purposes of:
|
2. Checking you are legally entitled to work in the UK, providing copies of ‘Right to Work’ documentation |
|
3. Ascertaining your fitness and suitability to work through:
|
Necessary for the purposes of:
Where we process Special Category data for these purposes, we do so because it is:
|
4. Ensuring ARU complies with its commitment and legal obligation to be an equal opportunities employer, by requesting applicants on a voluntary basis for details of characteristics, including those protected under the Equalities Act (2010) and using this data to monitor fair treatment in the recruitment process |
Necessary for the purposes of:
Where we process special category data for this purpose, we do so because it is necessary:
|
Specific Purpose | Legal Basis |
---|---|
1. Maintaining a record of our employment relationship with you, including:
|
Necessary for the purposes of:
Where we process Special Category data for these purposes, we do so because it is necessary:
|
2. Ensuring the safety of our campuses and verifying authority to represent ARU by use of name and image on Security ID cards. |
|
3. Holding recorded footage of you obtained from CCTV cameras for preventing and detecting crime (1), your health and safety (2) and internal investigations of breaches of policy (3). |
|
4. Where you chose to provide this, use of your image on our IT systems (such as skype, email, Teams etc) to assist in better identifying you to other staff and students. |
|
5. Supporting grant applications or research proposals for evaluation by external research funding bodies or prospective research partners, and evidencing effective progress and outcomes and the appropriate expenditure of awarded funds (including evidence of payments to individuals) where these are conditions of agreements |
|
6. Supporting and promoting University activities by publishing academic and senior role profiles, and publishing profiles of Students including the names of Academics working with them |
|
7. Disclosing information which is held on ARU records which are subject to statutory requests for information (e.g. Subject Access Requests under Data Protection law, Freedom of Information Requests etc) in line with legal requirements whilst fully considering applying exemptions relating to personal data |
|
8. Sharing anonymised (1) or pseudonymised (2) data with third parties who compare data with peer bodies and publish statistical data on such matters as pay and employment conditions etc across the University sector. |
|
Specific Purpose | Legal Basis |
---|---|
1. Monitoring ARU’s compliance with Equality law in employment by analysing information including your gender; nationality, marital status, ethnicity, religion, sexual orientation and disability details to review and better understand and benchmark employee retention, attrition rates and general workforce information within the sector. |
Where we process Special Category data for these purposes, we do so because it is necessary:
|
2. Sharing anonymised data including your gender, nationality, marital status, ethnicity, religion, sexual orientation and disability details with statutory bodies to support public scrutiny over the Higher Education sector’s compliance with Equality law. |
For the purposes of:
Where we process Special Category data for these purposes, we do so because it is necessary:
|
3. Contacting you for your opinions on current and future University initiatives, our policies and facilities |
|
4. Contacting you where you have requested to be kept informed about specific events, initiatives and special interests |
|
We will only use your personal data for the purposes for which we collected it unless we reasonably consider that it is needed for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose we will notify you and explain the legal basis which allows us to do so.
The information you provide will be treated confidentially. If you fail to provide all the information ARU may not be able to fulfil our contractual obligations to you or may be prevented from complying with our legal obligations.
Please read about your rights under Data Protection legislation. It is important to note that the ‘legal basis’ we rely on (above) to process your data determines which of your rights are available. You are not expected to know these details, it is our responsibility to understand how the law applies and to explain it to you when responding to a request from you. Our Rights guidance is an opportunity to provide you with information on how you can expect us to handle your requests.
The law provides for the following rights:
To complain to the Information Commissioner’s Office (ICO): the ICO is the UK supervisory authority for data protection issues. For more information please visit the ICO website.
ARU is committed to holding your data securely and uses information security best practice to transmit personal data. Data is held in accordance with the Corporate Information Security Policy . For example, your personal data is accessible only by those authorised and who have a business need for access. When shared with third parties, your personal data is shared with encryption or in password protected files.
Where we have given you (or where you have chosen) a password that enables you to access our systems, you are responsible for keeping this password confidential. You must not share passwords with anyone.
Although we maintain a number of safeguards, fraudulent email requests are occasionally delivered to staff and students. We will never ask for your username or password by email. Any message that does so should be treated as a potential breach of security, no matter how legitimate it may appear. If you are in any doubt, do nothing until you have spoken to a member of the IT Services Customer Support Team.
ARU have put in place procedures to deal with any suspected data security incident and will notify you and any applicable regulator where we are required to do so. If you have any concerns that personal data has been compromised please contact
The law requires us to let you know if we or our suppliers process your personal data outside the UK and the EEA (The European Union Member States plus Norway, Iceland and Lichtenstein) and what we have in place to make sure your rights in UK Data Protection law remain in place. We do use suppliers such as software providers, IT support providers and online learning module delivery providers as well as ad hoc IT project suppliers who either host our data or access data for support purposes in countries outside the UK and EEA. We will at all times have in place, in our Agreements with these suppliers, features which protect your data rights as required by GDPR. These include: The relevant country has an ‘Adequacy decision’ in place (meaning UK law recognises its Data Protection laws as equivalent to our own), or the contract contains ‘UK Standard Contractual Clauses’ which are an approved mechanism to legally require suppliers to comply with UK law. At present our data processing outside the EEA meets the demands of UK law.