Beechcroft Drive privacy notice
The University of Surrey is the “Data Controller” of your personal data. We are registered with the Information Commissioner’s Office (our notification number is Z6346945) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation.
Estates, Facilities and Commercial Services (EFCS) is part of the University of Surrey. We have a named Data Protection Officer, Suzie Mereweather, who can be contacted via email@example.com.
One of our responsibilities is to tell you about the different ways we collect and use your personal data. This statement provides details about these uses. In addition to this statement, you may be given further information about the uses of your personal data when you use certain services offered by the University of Surrey.
When you apply for access to your residence via the Manor Park campus gate, we will need to process the following personal data about you:
- Full name
- Contact details, such as email address and telephone number
- Vehicle registration number (VRN)
- CCTV recordings that may capture your image and/or your VRN.
We receive this data from you when you apply for a key to access the Manor Park campus gate or when you update your details with us.
We may capture CCTV footage of you and your vehicle when you approach Manor Park campus gate.
We will also request sight of proof of your identity, usually in the form of a valid driving licence. However, this information will not be collected or stored by the University.
The University collects only the data we need and we keep the data up to date and only for as long as it is needed.
We collect your personal data in order to process your application and grant you access through Manor Park campus gate. If your application is successful, you will need to sign a contract agreeing to the terms and conditions of access. Once you have agreed to these terms, you will be given a key to access the gate.
There may be circumstances, such as to ensure authorised access and to manage the security of our premises, where we may need to erect CCTV cameras at the gate. This CCTV footage may capture footage of you and your VRN as your approach the gate.
It is important for you to know the lawful basis for us processing your information:
- We process data to meet our contractual duties and provide you with gate access via Manor Park campus, as set out in our contract with you.
- We also process data in our legitimate interests where we may capture any CCTV footage of you to ensure the security of university premises.
These legitimate interests are determined through an assessment made by weighing our requirements against the impact of the processing on you. Our legitimate interests will never override your right to privacy and the freedoms that require the protection of your personal data.
If you are interested in learning more about this legitimate interest assessment, please contact firstname.lastname@example.org.
The University processes personal data in accordance with data protection legislation and its own Data Protection Policy (PDF).
When you make a request to have access to the University’s Manor Park campus, we will use your details to send you an application form so that you can apply. We use the data that you submit to us to process your application and to determine your eligibility to access your residence via Manor Park campus and to enter into an agreement with you.
We will also use your personal data to contact you in relation to updates regarding access, including in the event that we need to close the road or temporarily restrict access.
If we need to erect CCTV by Manor Park campus gate, we will use the CCTV footage to identify individuals who may be using the gate in an unauthorised manner.
We hold your data for as long as you require access to your residence via Manor Park campus gate. Should you no longer require access or where access has been prohibited, your data will be securely destroyed once you have returned your key.
In the case of CCTV footage, the data will be kept by the University for 7 days at which point it will be securely destroyed. Where we have identified an individual using the gate in an unauthorised manner, data may be kept for up to 21 days in accordance with the University’s surveillance camera system policy and procedure (PDF).
We take the security of the personal data we hold seriously. Details on university wide measures surrounding IT security can be found in the principal IT Security Policy (PDF) which sets out the definition of, commitment to and requirements of information technology and security.
We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Your personal data captured via CCTV is shared with the University’s Security team for the purpose of viewing the footage and ensuring that the CCTV is managed in line with the University’s surveillance camera system policy (PDF). No other data we hold about you is shared internally or externally.
As an individual whose data we process (a data subject), you have certain rights in relation to the processing. Find detailed information about your rights as a data subject.
You have the right to:
- Withdraw your consent for us to process your personal data where we have relied on that consent as our basis for processing your data.
- Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing.
- Ask us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the University’s legitimate grounds for processing data
- Request that we rectify any inaccuracies where the data we hold on you is inaccurate or incomplete.
- Have your data erased by us, although in certain circumstances we may not be able to do this. The circumstances where this applies can be found in the guide to data subject rights information.
- Restrict the processing of your personal data in certain ways.
- Obtain your personal data for reuse.
- Object to certain processing of your personal data.
If you would like to exercise any of your rights please visit our make a privacy request section.
Make a complaint
If you have any concerns about the way that we have handled your personal data please email the Data Protection team as we would like to have the opportunity to resolve your concerns.
If you’re still unhappy, you have the right to complain to the Information Commissioner’s Office (an independent body set up to advise on information rights for the UK) about the way in which we process your personal data.