Data Controller: Liverpool University Press, 4 Cambridge Street, Liverpool, L69 7ZU
Data Protection Officer: Jennifer Collinson firstname.lastname@example.org
Data Protection representative in the EEAA: Patrick Brereton email@example.com
This policy was developed in accordance with the General Data Protection Regulation that came in to effect in the UK (replacing the Data Protection Act of 1998) on 25th May 2018. Following the UK's departure from the EU, the GDPR will be retained in domestic law at the end of the transition period but the UK will have the independence to keep the framework under review.
Liverpool University Press is committed to operating within the parameters of the law and protecting the personal information supplied to us by individuals.
|Glossary of terms||
|Consent||‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.|
|Data Protection Officer||A ‘Data Protection Officer’ (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). DPOs are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.|
|Data Controller||‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.|
|Data Processor(s)||‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.|
|General Data Protection Regulation (GDPR)||This Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
It protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data. The free movement of personal data within the Union shall be neither restricted nor prohibited for reasons connected with the protection of natural persons with regard to the processing of personal data.
|Personal data||‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.|
|Processing||‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
What personal information is being collected?
Below is a summary of all of the different kinds of personal information we can collect about an individual. We do not hold this information for every contact in our database - the type of personal information collected depends upon the relationship that LUP has with the individual – please see the sections ‘Who is collecting the personal data?’ and ‘Why is it being collected?’ for further information.
We will never collect unnecessary personal information about an individual.
- Bank account number and sort code
- Bank account SWIFT code
- Credit or debit card expiry date
- Credit or debit card number
- Credit or debit card three digit security code
- Full home address: house number/name, street address, town, city, state/county and postcode, country
- Full name
- Full work address: building name/number, street address, town, city, state/county and postcode, country
- Institutional IP range
- Job title
- Personal and/or work email address
- Personal and/or work telephone number
- Place of work and/or affiliation
How long is personal data kept for?
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We are committed to:
- Annually reviewing stored data
- Considering the purpose we hold the information for in deciding whether (and for how long) to retain it
- Securely deleting information that is no longer needed
How do I request to see my personal data?
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Our Data Protection Officer is Jennifer Collinson and you can contact her at firstname.lastname@example.org. The Data Protection Officer will verify the identity of the requestor and then arrange a prompt meeting with the Managing Director. LUP will issue a response to requests within 40 days and without cost to the requestor, and will adhere to ICO guidelines on the handling of requests.
Record of Processing Activities
The Record of Processing Activities answers the following questions:
- Who is collecting personal information and how is it collected?
- How is the personal information stored?
- How do they use the personal information/where do they send it?
LUP collects personal information directly supplied by individuals via our website, by email, by telephone, and in person at events using an order form. We store this data on our secure servers hosted at the University of Liverpool.
Personal information is also collected by third party data processors on our behalf.