Under Data Protection law the University is the “data controller”.  This means that the University is responsible for how it uses and processes your information and complying with requests relating to your personal data.

GCU Law Clinic holds and uses information about you for the following reasons:

·        Assessing whether we are able to provide any support, guidance or advice in relation to your legal case.

·        Advising on the legal basis of your case and the potential pursuit or defence of any legal claims.

·        Gathering information about your case.

·        Managing and assisting with the progress of your case.

·        Managing all relevant incidental issues e.g. conflict of interest assessment.

·        Organising, managing and providing Street Law sessions to service users and in conjunction with any Law Clinic projects and/or events.

The University strives to ensure that all personal information is accurate and up to date. You are asked to keep us informed of any changes, for example, a change of address or contact details. You can do this by contacting the Law Clinic at: lawclinic@gcu.ac.uk

The University will retain your information only for as long as necessary for the purposes described.

Further information is available in the University Records Retention Schedules:

https://www.gcu.ac.uk/recordsmgt/    

·        We obtain information directly from the you (the data subject) through your enquiry to GCU Law Clinic.

·        From outside sources (e.g. opponent in legal case) and in pursuit of gathering relevant information relating to your legal case.

Data will consist of the information provided by you or a company acting on behalf of the University.  Information may be in hard copy or electronic format.  This information will include your name and contact details together with information in relation to your legal issue or Street Law enquiry.

Special category personal information is also processed where it is necessary and lawful for us to do so.  In most cases you have the option whether to provide this information or not.  This refers to data revealing:

·        Racial or ethnic origin

·        Political opinion

·        Religious or philosophical beliefs

·        Trade Union membership

·        Physical or mental health

·        Sex life or sexual orientation

Data relating to criminal convictions and offences is also subject to additional protection.

In most circumstances your consent will be sought in relation to processing special category personal information.

Your information will be shared internally only with those individuals who require it in the course of their duties.

The University may be required to share your personal information with external organisations. This may happen due to a statutory or legal obligation or as part of our risk assessment requirements.

In addition, we may also share your information with the following if requested or required to do so.

·        Relevant UK government departments.

·        Professional, statutory and regulatory bodies e.g. Scottish Public Services Ombudsman, Office of Scottish Information Commissioner, Information Commissioner’s Office, Health & Safety Executive.

·        Law enforcement agencies.

·        External providers of services you have chosen to use.

·        Any other authorised third party to whom the University has a legal/contractual obligation to share data with.

Information is kept securely on University equipment in line with University Information Security and Data Protection Policies.  Access is restricted to only those staff or authorised agents who require it and on a “need to know” basis.

No

·        If the information appears on the website personal information may be transferred internationally, as information published on the website can be accessed internationally.

You have the right to:

·        Find out what personal data we process about you and to request a copy of the data

·        Ask us to correct inaccurate or incomplete data

·        Withdraw consent to process your personal data, if you were asked for and provided consent

If you think we are acting unfairly or unlawfully you can:

·        Object to the way we are using your data

·        Complain to the UK Information Commissioner’s Office

Under certain conditions you also have the right to ask us to:

·        Restrict the use of your data

·        Erase your information or tell us to stop using it to make decisions about you

·        Provide you with a portable electronic copy of data you’ve given us

Please contact us if you wish to exercise/enquire about any of these rights.

Data Protection Officer (DPO), Department of Governance, Britannia Building, Glasgow Caledonian University, Cowcaddens Road, Glasgow G4 0BA         Email:  dataprotection@gcu.ac.uk

The legal condition which enables the University to process personal information is found in Article 6 of the General Data Protection Regulation (GDPR).  In particular we rely on:

·        Article 6(1)(a) consent

·        Article 6(1)(b) performance of a contract

·        Article 6(1)(c) compliance with a legal obligation

Where special categories of data are processed we will have your explicit consent or another legal reason within Article 9(2) of GDPR will apply.

The Information Commissioner’s Office website:  http://www.ico.org.uk

The University’s Data Protection webpages:  https://www.gcu.ac.uk/dataprotection/

Further information is available in the Student Privacy Notice and Staff Privacy Notice:

https://www.gcu.ac.uk/dataprotection/