Privacy Policy





Privacy Notice – GCU Law Clinic

This Privacy Notice is designed to explain how and why information about all service users of the GCU Law Clinic is used and managed. All of the personal information will be treated in accordance with the terms of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).  This means that confidentiality will be respected and that appropriate security measures will be taken to prevent unauthorised disclosure.  This notice is intended to meet the transparency requirement of the legislation and to ensure that all individuals in the categories above know how their data will be processed.


Using your personal information


Who will process my information?

Under Data Protection law the University is the “data controller”.  This means that the University is responsible for how it uses and processes your information and complying with requests relating to your personal data.


Why do we collect and use your personal information?

GCU Law Clinic holds and uses information about you for the following reasons:

·        Assessing whether we are able to provide any support, guidance or advice in relation to your legal case.

·        Advising on the legal basis of your case and the potential pursuit or defence of any legal claims.

·        Gathering information about your case.

·        Managing and assisting with the progress of your case.

·        Managing all relevant incidental issues e.g. conflict of interest assessment.

·        Organising, managing and providing Street Law sessions to service users and in conjunction with any Law Clinic projects and/or events.


Keeping information updated

The University strives to ensure that all personal information is accurate and up to date. You are asked to keep us informed of any changes, for example, a change of address or contact details. You can do this by contacting the Law Clinic at:


How long is the information kept?

The University will retain your information only for as long as necessary for the purposes described.


Further information is available in the University Records Retention Schedules:    


Where do we obtain information from?

·        We obtain information directly from the you (the data subject) through your enquiry to GCU Law Clinic.

·        From outside sources (e.g. opponent in legal case) and in pursuit of gathering relevant information relating to your legal case.


What information is being collected and used?

Data will consist of the information provided by you or a company acting on behalf of the University.  Information may be in hard copy or electronic format.  This information will include your name and contact details together with information in relation to your legal issue or Street Law enquiry.


Special category personal information is also processed where it is necessary and lawful for us to do so.  In most cases you have the option whether to provide this information or not.  This refers to data revealing:

·        Racial or ethnic origin

·        Political opinion

·        Religious or philosophical beliefs

·        Trade Union membership

·        Physical or mental health

·        Sex life or sexual orientation


Data relating to criminal convictions and offences is also subject to additional protection.

In most circumstances your consent will be sought in relation to processing special category personal information.


Who is the information shared with?

Your information will be shared internally only with those individuals who require it in the course of their duties.


The University may be required to share your personal information with external organisations. This may happen due to a statutory or legal obligation or as part of our risk assessment requirements.


In addition, we may also share your information with the following if requested or required to do so.

·        Relevant UK government departments.

·        Professional, statutory and regulatory bodies e.g. Scottish Public Services Ombudsman, Office of Scottish Information Commissioner, Information Commissioner’s Office, Health & Safety Executive.

·        Law enforcement agencies.

·        External providers of services you have chosen to use.

·        Any other authorised third party to whom the University has a legal/contractual obligation to share data with.


How is the information kept securely?

Information is kept securely on University equipment in line with University Information Security and Data Protection Policies.  Access is restricted to only those staff or authorised agents who require it and on a “need to know” basis.


Will the information be used for automated decision-making?



Is the information transferred outside the European Union?

·        If the information appears on the website personal information may be transferred internationally, as information published on the website can be accessed internationally.


Your rights

You have the right to:

·        Find out what personal data we process about you and to request a copy of the data

·        Ask us to correct inaccurate or incomplete data

·        Withdraw consent to process your personal data, if you were asked for and provided consent


If you think we are acting unfairly or unlawfully you can:

·        Object to the way we are using your data

·        Complain to the UK Information Commissioner’s Office


Under certain conditions you also have the right to ask us to:

·        Restrict the use of your data

·        Erase your information or tell us to stop using it to make decisions about you

·        Provide you with a portable electronic copy of data you’ve given us


Please contact us if you wish to exercise/enquire about any of these rights.


Contact Details

Data Protection Officer (DPO), Department of Governance, Britannia Building, Glasgow Caledonian University, Cowcaddens Road, Glasgow G4 0BA         Email:


Legal basis for using your information

The legal condition which enables the University to process personal information is found in Article 6 of the General Data Protection Regulation (GDPR).  In particular we rely on:

·        Article 6(1)(a) consent

·        Article 6(1)(b) performance of a contract

·        Article 6(1)(c) compliance with a legal obligation


Where special categories of data are processed we will have your explicit consent or another legal reason within Article 9(2) of GDPR will apply.


Further information

The Information Commissioner’s Office website:

The University’s Data Protection webpages:

Further information is available in the Student Privacy Notice and Staff Privacy Notice: