How We Use Your Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. In order to communicate with you, to provide you with services or information, we may collect, use, store and transfer different kinds of personal data about you.

Depending on your relationship with us, this may include:

  • Personal details (such as your name, contact details and email address) that you provide by contacting us, requesting information or submitting your information via the website.
  • Personal details (such as names, titles and business contact information including addresses, telephone numbers and email addresses) for the employees and representatives of our suppliers and partners.
  • Your responses to surveys which we ask you to complete for research purposes.
  • Any other information you post, email or otherwise send to us.
  • How you use the website and where available, your IP address, operating system and browser type.

In some cases you may choose to provide unsolicited personal information (information we have not asked for) to us such as a CV, or other personal records that you wish to discuss with a member of staff. Where this is the case, personal data will be handled with the same care as any other sensitive data we process and in accordance with data protection legislation as laid out in this notice. We will also collect personal information about website usage through cookies in accordance with our Cookies Policy.

How We Will Use This Information?

We will only use your personal data when the law allows us to do so.
Most commonly, we will use your personal data for the following purposes:

  • To help you with your enquiry or request.
  • To manage the relationship with our suppliers and partners.
  • To comply with a legal or regulatory obligation.
  • To enable us to provide you with a product, facility or service we offer.
  • To process feedback and improve our services.
  • To manage and improve the web system and troubleshoot problems.

Where personal information is collected on GFTU’s website, for instance through a web form or an online payment system, users will be informed as to what information is being captured, why and who (if anyone) it will be shared with, via a Local Privacy Notice

Where you have requested information from the GFTU under freedom of information or data protection legislation, or more generally, we may share your personal data with GFTU colleagues in order to deal with your request more efficiently.

Using your information in accordance with data protection laws

Data protection legislation requires that we meet certain conditions before we are allowed to use your data in the manner described in this notice, including having a "legal basis" for the processing. These bases are explained below.

Consent: You have given us your consent for processing your personal data.
Performance of contract: The processing of your personal data may be necessary in relation to the contract we have entered into with you or an organisation you represent, to provide GFTU's services to you, or because you have asked for something to be done so you can enter into such contract.

Public task: The processing of your personal data may be necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

Legitimate interests:  The processing of your personal data may be necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or by fundamental rights and freedoms which require protection of personal data. It may be necessary for our legitimate interests to collect your personal data to enable us to manage certain operations of the University effectively.

Lawful interests: Processing is necessary for compliance with a legal obligation to which the controller is subject.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Sharing your Personal Information

We may have to share your personal data with the parties set out below for the purposes outlined above:

  • If you decide to make on-line payments to GFTU, some information will be disclosed to GFTU's service provider for validation purposes
  • External third party service providers: there may be times when external organisations use your personal information as part of providing a service to us or as part of checking the quality of our service, such as our auditors;
  • Law enforcement or other government and regulatory agencies: we may be required by law to disclose certain information to the police or another relevant authority in circumstances e.g. where we think you or someone else is at serious risk of harm.

We may also receive requests from third parties with authority to obtain disclosure of personal data. We will only fulfil such requests where we are permitted to do so in accordance with applicable law or regulation.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes – we only permit them to process your personal data for specified purposes and in accordance with our instructions. We may use third party providers to deliver our services, such as externally hosted software or cloud providers, and those providers may involve transfers of personal data outside of the EU. Whenever we do this, to ensure that your personal data is treated by those third parties securely and in a way that is consistent with UK data protection law, we require such third parties to agree to put in place safeguards, such as the EU model clauses or equivalent measures.

How we will protect information about you

We do our utmost to protect your privacy. Data protection legislation obliges us to follow security procedures regarding the storage and disclosure of personal information in order to avoid unauthorised loss or access. As such we have implemented industry-standard security systems and procedures to protect information from unauthorised disclosure, misuse or destruction. We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.