Privacy and Data Protection Policy
This page sets out how the Leicester Stories uses and protects any personal information and how you can expect us to use your information when you use and access this website. Leicester Stories is committed to ensuring that your privacy is protected. References to “we” in this Privacy Notice means the co-founders of the Leicester Stories (who are employees and associates of De Montfort University Leicester) and De Montfort University Leicester in its capacity as a higher education provider, as the joint rights holders. This policy will be applied in conjunction with the De Montfort University Data Protection policies and guidance: https://www.dmu.ac.uk/policies/data-protection/data-protection.aspx
Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. This Privacy Notice will be reviewed at least annually, taking into account feedback from interested parties. You should check the Privacy Notice each time you use and visit our website in case there has been an update to the Privacy Notice.
What Data We Collect and Retain and Why
We will collect and retain the following personal data of you when you use or visit this website:
- Your first name and surname
- Your email address, which may include IP addresses
- Details of when you visited the website including automatically collected data as outlined in Visitor Tracking Section below
The reasons that we collect and retain your information is so that we can contact you regarding your experience of the Leicester Stories knowledge exchange resource and website, and to send you updates and supplementary information about the project. We will also use your above personal data to inform our further academic and public policy research work, in order to continue to develop additional interactive educational resources. However, we will anonymise your data for the purposes of such research and in any published public policy or academic research.
Our legal justification for collecting your personal information is that of a public task, which means there is a substantial public interest on the basis of education practice, and therefore a legitimate public interest. It is in the public interest for us (as academics and an education provider) to gain your views about your experience of the Leicester Stories resource for further research. This is because we can use that information to make improvements to the resource to encourage more people to engage in effective community media and community reporting practice. Engaging discussion about issues related to public policy, professional practice, and the lived experience of those affected by community media and community reporting, is key to improving public deliberation and wellbeing in the future, and is therefore clearly in the public interest.
It is in our interests (for research and academic purposes) to use your personal information to contact you and obtain your feedback about your experience of the Leicester Stories educational resources. If improvements to these resources can be made, and further research can be borne out of us using your personal information to contact you, society will benefit. Informed understanding of the causes and impact of community media and community reporting are necessary for the shaping of policies and practices that shape how community representation and interaction is administered.
When you use and visit the website, and/or use any of the Leicester Stories content shared on our website, and through our social media platforms, there is a contacts page for you to feed back if necessary. We do not intend to collect further personal information from you than that identified above, however we acknowledge that you may give additional data in the free text box, which could identify you or your place of work, study or community location. If you do provide such identifiable information, we will not use or retain that personal data and will delete and destroy it right away. Furthermore, we will not pass any such additional personal data onto a third party.
In the interests of transparency, we also collect and retain the following unidentifiable data, which is as follows:
- The number of people you (as a user/visitor of the website) intend to use the resource
Even though this information does not identify you, we will not pass this information to a third party.
Data protection and privacy laws
The main laws are the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We also adhere to the duty of confidence and the Human Rights Act (Article 8). For electronic communications, including email and cookies, we comply with the Privacy and Electronic Communications Regulations (PECR).
How We Store Your Information
We are committed to ensuring that the personal information that you provide to us, and retained by us, is securely stored on secure and password-protected computers. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the confidentiality, integrity of your information. Any personal data that you provide, and we retain will be stored in a password-protected repository programme. Your personal data will only be accessible to our administration and research project team. We review our information security measures on a regular basis to assess and mitigate against the risks of accidental or unlawful destruction and unauthorised access to your personal data.
Retention of Your Information
We will retain your personal data for no longer than necessary to fulfil the purpose for which it was collected unless you request for it to be removed, The Leicester Stories resources are an on-going project which will continue for the foreseeable future because it is a professional development and research project. However, we intend to keep your personal data for no more than five years after which time it will be anonymised by us and your personal data deleted and disposed of in accordance with our internal policies and procedures. We review collected personal data annually to establish whether we are still legally entitled to process and retain it. We will notify you promptly in the event of any breach of your personal data. Please be aware that we cannot guarantee that transferring information over the internet will always be 100% secure.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website and educational resources in order to tailor them accordingly. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. You may wish to use a browser that has additional privacy safeguards built in, such as Mozilla Firefox.
External Websites and Social Networks
Our website contains links to other websites of interest, including social networking websites which are not affiliated or controlled by us. Once you have used these links to leave our site, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
The GDPR gives you rights over how your personal information is used:
- The right to be informed – we must tell you how we process your personal information.
- The right of access – you can ask to see what personal information we hold about you. This is called a Subject Access Request (SAR).
- The right of rectification – where information about you is inaccurate, you can ask us to correct it.
- The right to erasure – in some circumstances, or where we have no compelling reason to retain your personal information, you can request deletion of that information.
- The right to restrict processing – in some circumstances, you can ask us to restrict the processing of your personal data. This right, where it applies, also allows you to ask us to retain your personal information but not to use it.
- The right to data portability – in some circumstances, you can request a copy of the personal data you have provided to us in a machine-readable form, so you can transfer it to another organisation for a similar purpose.
- Right to object – where there is no legal obligation for DMU to process your data, you can object to us processing your personal information.
- Rights in relation to automated decisions and profiling – where computers make decisions about you, including automated profiling, you have a right to challenge the decision or ask for a human to check an automated decision.
To discuss any of these rights, please contact us at firstname.lastname@example.org and let us know how we can help.
DMU Is the Data Controller
De Montfort University is the data controller, which means that DMU determines the purpose the purpose of the processing and are responsible for the adequate protection of personal information. All our staff are appropriately trained and understand their responsibilities for protecting personal data.
How to Make a Subject Access Request
You can make a Subject Access Request (SAR) to find out what information we hold about you. We will respond to your request within one calendar month. To make a SAR, please email us at email@example.com. There is not normally a fee for a SAR, but where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the actions requested; or (b) refuse to act on the request.
To help us locate your information, please include with your request your name (and any other names you have been known by, if relevant), the period for which the information relates (the calendar year(s), your email address and a comprehensive list of what personal data you want to access, based on what you need, it is helpful if you can identify individuals or business areas you believe may hold the specified data. Before we can disclose any information to you, we will need to see evidence of your identity. We ask for photo ID if possible. Please include either a copy of your passport (showing your photo, name, date of birth and signature), or a copy of your driving licence (UK or EEA photo card driving licence).
If you do not have either of the above, please send us a copy of your original birth certificate. If you don’t have any of the above documents, please send us two documents from the below list. These must be addressed to you and cannot both be bank statements or from the same utility company.
- Utility bill
- Council tax bill
- Bank statement
- Old style driving licence
- Official notification letter from either the DWP or HMRC
You can ask someone else to make a SAR on your behalf. We will need to see evidence that the person making the request is entitled to act on your behalf and they will also need to provide us with evidence of your identity. Please note we will not retain copies of your identification documents.
How to Complain
If you have any concerns or wish to complain about a data protection issue, please contact us at firstname.lastname@example.org. If you are dissatisfied with the way we have handled your complaint, you have a right to complain to the Information Commissioner’s Office at ICO.org.uk.