This privacy notice provides information about how the University of Birmingham | Conferences & events uses the personal data we collect when you visit our website or make an enquiry for one of our services.
Data Protection Law
The EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018 (which supplements the GDPR) came into force on 25 May 2018. We refer to these as “data protection law”.
Once in force, data protection law will regulate the processing of “personal data” relating to individuals by organisations (known as “data controllers”).
On this page, and the pages which it links to, we have used some words and phrases, and these are explained below.
“Personal data” means any information which relates to a living, identifiable person. It can include names, addresses, telephone numbers, email addresses etc but it is wider than that and includes any other information relating to that person or a combination of information which, if put together, means that the person can be identified.
“Special category data” means personal data about a person’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
“Processing” covers all activities relating to the use of personal data by an organisation, from its collection through to its storage and disposal and everything in between.
“Data subject” means the person whose personal data is being processed.
“Data controller” means the organisation which is responsible for processing data and ensuring that personal data is processed in accordance with data protection law.
Personal data must be processed in accordance with specific principles set out in Data Protection Law. These include the principle that personal data should be processed ‘lawfully, fairly and in a transparent manner’. In order to comply with this principle, the University of Birmingham | Conferences & events will advise you on how it will process your information at the time we collect it. This information is normally set out in a “privacy notice” which we publish on our website.
University of Birmingham | Conferences & events as data controller
University of Birmingham | Conferences & events is the data controller for any personal data that we process in relation to you.
Occasionally, University of Birmingham | Conferences & events may be a joint data controller with other organisations, or we may be processing data about you on behalf of another organisation, but when this is the case, we will make you aware of this when the information is collected.
What personal data will be processed?
We collect information about you when you visit our website, and when you interact with our pages.
We also collect information when you voluntarily complete contact forms, provide feedback and submit queries. This may include:
Information that you provide to us: name, contact details, or other fields on our online forms
Information about the venues or services you are interested in
Any page requesting this personal information will provide details of how the information will be used and/or refer you to an appropriate privacy notice.
Cookies are text files containing small amounts of information, which are downloaded to your device when you visit a website – if your browser preferences allow it.
- IP address
- Areas of the site visited and how long you spend on each page
- Areas of the site you click on
- Information about your computer (the make and model), the browser you are using, your network location, time zone, mobile information the type of connection you are using
Like almost all websites, we maintain log files on our web servers, which include your IP address and data relating to the requests you make on our website (for example: request size, date, and referrer). These logs are held for diagnostic purposes and to improve and maintain the security and resilience of the site. These files are only accessed by authorised members of staff, though they may be made available to the police on request.
The University is committed to ensuring the security of our website and any information you provide using the site. The University has procedures in place to help protect against loss, misuse and alteration of information.
What is the purpose of the processing?
University of Birmingham | Conferences & events will process your personal data for a range of purposes. These include the following:
- Improve the site by monitoring how you use it and ensure that we understand who uses our website
- Analyse the popularity, impact and security of our site
- Respond to any feedback you send to us, if you’ve asked us to
- To deliver services and facilities to you
- To administer any billing information
- To support your medical, safety, wellbeing and welfare requirements
- To communicate with you by post, phone, email or other electronic media, in order to provide you with relevant information and updates relating to your booking
- To fulfil and monitor our responsibilities under equalities, immigration and public safety legislation
- With your consent, to communicate with you for marketing and promotional purposes
- To compile statistics for reporting purposes
What is the legal basis of the processing?
If we require your consent for any use of your specific data, we will collect it at the appropriate time, explaining why we are collecting the data and how we will use it, and you can withdraw this consent at any time. In other cases, we consider the processing of your personal data for these purposes to be necessary for:
The performance of our contractual obligations with you (e.g. to manage accommodation, conference and events functions and customer experience whilst visiting the University of Birmingham).
Compliance with a legal obligation.
The pursuit of legitimate interests of the University of Birmingham in managing and developing its business.
We usually process your special category data with your explicit consent.In other cases, we do so because we consider it necessary:
- Very occasionally, for the establishment, exercise or defence of legal claims
- For statistical purposes (but not to take decisions about you)
Who will my personal data be shared with?
Within the University, your data is shared only with those University staff who need access for the processing purposes identified.
Information may be shared with third parties who are under contract to act for us. In those cases, we ensure that those contracts are appropriate.
Sometimes we will embed content in our pages that we don’t control or operate, such as social media with Facebook, Twitter, and YouTube. When you interact with these elements, which are marked clearly, you’ve not interacted with our website but the service embedded.
How long is my personal data kept?
Personal data relating to an accommodation or event booking with us will be kept on our systems for seven years after the stay is completed or the event is held.
Personal data collected as part of a customer enquiry which did not result in a booking will be stored on our systems for a shorter period of time, as permitted by law.
We do this to ensure we can respond to any queries you or any third parties raise regarding current, future or past events or accommodation bookings held with us.
How we protect your personal data
As part of the University, University of Birmingham | Conferences & events handles a substantial amount of information about people. It is important that they have trust and confidence that the University will protect their privacy and the University takes great care to ensure that personal data is handled, stored and disposed of confidentially and securely. Our staff receive regular data protection training, and the University has put in place organisational and technical measures so that personal data is processed in accordance with the 6 data protection principles set out in data protection law.
The University has an Information Security Management System based on ISO27001 with a range of controls covering the protection of personal information. Annual security awareness training is mandatory for staff and the University is accredited under the NHS Information Governance Toolkit, the Payment Card Industry Data Security Standard and is in the process of gaining Cyber Essentials Plus for defined services.
Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data which is processed by the University of Birmingham | Conferences & events:
As a data subject, you have the following rights in relation to your personal data which is processed by the University:
- to access the personal information the University holds about you. This is known as a Subject Access Request. More information about making Subject Access Requests can be found on the University’s main website, and you will find it helpful to read this before making a Subject Access Request
- to correct inaccuracies or, where appropriate and taking into account the purpose for which we process your data, the right to have incomplete data completed
- to have your personal data erased. This is a limited right which applies, among other circumstances, when the data is no longer required or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest (e.g. when the University needs to retain a historical archive)
- to object to the processing of your personal data for marketing purposes. If you ask us to delete your personal data, we will continue to maintain a core set of personal data comprising very brief information to ensure that we do not inadvertently contact you in future. We may also need to retain some financial records for statutory purposes
- to object to the processing of your personal data when that processing is based on specific criteria such as the public interest or other legitimate interests, unless we have compelling lawful grounds to continue
- to restrict the processing of your personal data. This is a limited right which will apply in specific circumstances and for a limited period
- to ask for the transfer of your data electronically to a third party
- where the legal basis for us processing your personal data is your consent, to withdraw that consent at any time
Exercising your rights, queries and complaints
- you would like more information on your rights
- you would like to exercise any right
- you have any queries relating to the University of Birmingham | Conferences & events processing of your personal data
The Information Compliance Manager
The University of Birmingham
Telephone: +44 (0)121 414 3916
More information on making a Subject Access Request can be found on the University’s website. Please do read this before making a request.
If you wish to make a complaint about how your data is being or has been processed, please contact our Data Protection Officer:
Mrs Carolyn Pike, OBE
The Data Protection Officer
The University of Birmingham
Telephone: +44 (0)121 414 3916
You also have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint using the ICO’s website.
Are changes made to this webpage?
This webpage is effective from 10th September 2019. It is reviewed when necessary and at least annually. Any changes will be published here and you may also be notified by email.