Privacy Notice for Staff/Workers at Lancaster University

This Privacy Notice explains how we will collect, use, disclose and protect your personal data.

The notice applies to all staff and workers at Lancaster University including job seekers/applicants, employed full-time, part-time, permanent, fixed term, casual and visiting staff and workers.

The University will process your personal data in accordance with the General Data Protection Regulations (GDPR).


  • What information do we collect from you?

    We collect personal information from you when you make an application through HR or the Employment and Recruitment Service (ERS).  This includes your contact details, date of birth, gender, education and training records and employment information.

    We also collect special category data such as about your ethnic origin, religious beliefs, sexual orientation and disabilities.

  • How is your information collected?

    We routinely collect information about you through the online application form which is accessed through the Job Vacancies section of the Lancaster University website. We may also collect information about you by other means such as through the Employment Recruitment Service.

    When you accept an offer of employment at the University we collect further information from you including banking information and details to enable us to administer your pay and pension.

    In addition in the course of your employment at the University we may collect further information about you including:

    • Absence records;
    • Employee relations records;
    • Performance and development records and reports;
    • Reports from the occupational health service;
    • Contractual changes in your employment.
  • How do we use your information?

    Please read our full list of all the reasons for using your personal information. This shows the legal basis that we use for processing your information. This is typically to enter into a contract or as part of your contract with Lancaster University.

    We are committed, through our equality and diversity plans, to celebrating the diversity of members of the University and maximising their potential, underpinned by an emphasis on equality of opportunity. One of the important ways in which we can judge the effectiveness of our equality and diversity plans is in monitoring applications for vacancies. The monitoring programme has been discussed with, and has the full support of the University's trade unions. The diversity information that you are asked to provide as part of your application for employment will be used for monitoring purposes only; it does not form any part of the selection process. An exception to this is if you declare a disability if you wish to be considered for selection under the Disability Confident scheme.

  • Who do we share your information with?

    The University will share your data with employees of the University on a need-to-know basis in relation to job function.

    The University will share your data with a number of external organisations including:

    • Agents of the University e.g. pension administrator;
    • Relevant UK government departments, e.g. HMRC;
    • Higher Education Statistics Agency (HESA). Please see HESA’s collection notice.
    • Law enforcement agencies;
    • Any other authorised third party with which the University has a legal/contractual obligation to share data.

    The University will ensure that the sharing of data is in line with data protection legislation. In many cases the University does not need to seek your consent to share this information, in particular when there is a legal or statutory obligation to do so.

    In emergency situations the University may share your personal data, including sensitive personal data with organisations/individuals such as a medical professional or the police service.

    Please see our full list of all the different organisations that the University may share your data with.

  • Do we transfer your data to third party countries?

    Sometimes we may need to share your personal data with other organisations based within or outside the European Union (EU).

    When it is necessary to share your data with organisations outside the European Union, we will ensure that there are appropriate safeguards in place, thereby offering a comparable level of protection of your data within the EEA.

  • How do we keep your information secure?

    The University has robust Information Security policies in place to protect your information. All staff in the University have a responsibility to make sure that your data is handled securely.

    For further information please refer to the University’s Information Security Policy and Processes.

  • How long do we keep your information?

    Your application and employment records will be kept for a defined retention period, and only as long as is necessary.

    For further information please refer to the University’s retention schedule.

  • What are your rights?

    You have the following rights regarding your personal data:

    • To have access to your personal data - for further information see the Subject Access webpage;
    • To have inaccurate or incomplete personal data amended;
    • To have your personal data deleted – this will only apply when there is no legitimate reason for the University to continue to use your personal data;
    • To restrict the use of your personal data;
    • To request personal information in a digital form so that you can provide to other organisations;
    • To object to automated decision making and profiling;
    • To withdraw consent when we have used consent as the basis for using your information.

    The University has further information on data subject rights.

    If you wish to exercise your rights you are advised to first read this information as there are some exceptions to using your rights. For example it is a statutory duty for the University to send some of your information to HESA each year.  In this case you could not apply to restrict this use of your information.

    Any requests to use your rights over your personal data should be made to the University’s designated Data Protection Officer.

  • What are your responsibilities?

    You are required to read this Privacy Notice when you make an application and accept a contract of employment with the University. It is important that you do this so you understand how we use your personal information and your rights.

    Please assist the University in keeping your personnel record up to date. The My HR system accessed through Core HR can be used to update some of your personal details such as a change in your address or phone number.

  • Who do I contact for further information or if I have concerns?

    Lancaster University’s designated Data Protection Officer is:

    Mike Abbotts, Information Governance Manager
    Phone: 01524 510841

    Contact Mike if you have any concerns or complaints about this Notice or about the way your personal data is being used.

    Lancaster University is the Data Controller for the personal data that it holds about you. The University’s contact details are:

    Lancaster University
    LA1 4YW
    United Kingdom

    If you are not happy with the way the University has handled your concern or complaint then you may submit a complaint to the Information Commissioner’s Office.

  • Changes to this Notice?

    This Notice has been developed to be compliant with the General Data Protection Regulations (GDPR). This Notice is regularly reviewed and sometimes updated. It is important that you check for updates to this Notice. Updates can be made at any time and the most up to date version will be found on the Lancaster University website. If we make significant changes we will contact you to inform you of this.