Skip to content

GDPR Statement

The University of Lincoln is committed to complying with data protection legislation, including the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, any other associated legislation and the Data Protection Principles.

The Data Protection Principles set out the main responsibilities for organisations in relation to the processing of personal data. The Principles ensure personal information is:

-Processed lawfully, fairly and in a transparent manner;
-Processed for specified, explicit and legitimate purposes, and not processed for incompatible purposes;
-Adequate, relevant and limited in relation to the purposes of processing;
-Accurate and, where necessary, kept up-to-date;
-Not kept for longer than is necessary, in a form which permits identification;
-Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, against accidental loss, destruction or damage.

The University is responsible for, and must be able to demonstrate, compliance with the above principles.

Roles and Responsibilities

The University of Lincoln is a ‘Controller’ (also known as a ‘data controller’) under relevant data protection legislation. The Board of Governors is ultimately responsible for implementing the relevant data protection legislation. Responsibility for the overall management of the implementation of the legislation rests with the University Registrar who is the University’s nominated Senior Information Risk Owner (SIRO).

Day-to-day responsibility for implementation of the legislation is delegated to the Information Compliance Team, with the Information Compliance Manager nominated as the University’s Data Protection Officer, in accordance with the UK GDPR. They are assisted by the Information Security Manager in relation to the security of personal data.

All staff are required to adhere to the requirements of current data protection legislation and the University’s Data Protection Policy.

Registration to the Information Commissioner’s Office

The University’s registration of its processing of personal information is available for inspection as part of the Public Register of Data Controllers maintained by the Information Commissioner’s Office (ICO). The University’s registration number is Z7846984.

Subject Access Requests, and Other Rights

Data protection legislation provides individuals (data subjects) with important rights, including the right of access, which allows them to find out what personal information is held on computer and most paper records by the University. To exercise the right of access, individuals should make a Subject Access Request by contacting the Information Compliance Team at the address below. In addition to the right of access, individuals also have the following rights;

  • The right to be informed
  • The right to rectification
  • The right to erasure (or known as the right to be forgotten)
  • The right to restrict processing
  • The right to data portability
  • Rights in relation to automated decision making and profiling

Enquiries and Complaints

Enquiries or complaints about data protection issues should be made in writing to:

Information Compliance
Secretariat Office
University of Lincoln
Brayford Pool
Lincoln
LN6 7TS

Email: compliance@lincoln.ac.uk

If individuals feel they are being denied access to personal data they are entitled to, or feel their data is not being handled in accordance with the principles, they should initially contact the Information Compliance Team outlining their concerns. If they are still unhappy with the response from the University, they can contact the Information Commissioner’s Office (ICO) for advice, the ICO’s details are;

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone – 0303 123 1113 (local rate) or 01625 545 745 (national rate)