• Home
  • Login
  • Welcome to the Staff Intranet
 

Image of man looking into boxRights and Access to Personal Information

 

Data Protection Legislation gives individuals certain rights over the use/processing of their personal data and a general right of access to their personal data. This is called making a Subject Access Request.

 

For further information about data subject rights please see our guide:

ENU GDPR Rights Guide

and

Data Subject Rights Request Privacy Notice

 

Please note: We will not respond to any requests from third party SAR platforms (ICO guidance April 2019 refers)


Subject Access Request (SAR): For Personal Information

 

Please read these SAR Guidance Notes before you make your SAR. A request must be in writing, preferably on this

   Subject Access Request form​ and submitted with a copy/photo of the required identification documentation to:

 

Information Governance Manager

Governance & Compliance Services

6th Floor Sighthill Campus

Edinburgh

EH11 4BN

or emailed to dataprotection@napier.ac.uk

 

SAR Procedure​

 

Please note that we will not respond to requests from 3rd party online platforms/apps/websites as advised by the ICO Scotland Office.

 

Subject Access Request (SAR): For CCTV Images

 

Please read these Guidance Notes before you make your SAR. A request must be in writing, preferably on this

request form and submitted with the required documentation to:

 

Head, Campus Services

Room 6.B.24

Sighthill Campus

Edinburgh

EH11 4BN 

 

Request for the personal data of a deceased individual

 

We would only deal with requests of this type from the deceased individual's next of kin or their legal representative or Executor. If the request is from the deceased individual's next of kin they must provide proof of ID and proof that they are the next of kin. If the request is from the deceased individual's legal representative or Executor they must put their request in writing on headed paper with proof of their identity and a copy of the HMRC form confirming their status. Requests should be sent to:

 

Information Governance Manager

Governance & Compliance Services

6th Floor Sighthill Campus

Edinburgh

EH11 4BN

 

Request for rectification of personal data


Under Article 16 Of the GDPR, EU Citizens have the right to have inaccurate personal data rectified by Data Controllers (in this case the University). This also includes the right to have incomplete personal data completed where relevant. Students and Staff Members have the ability to update their own personal data by using the portals provided by the University:

  • Students can use: https://evision.napier.ac.uk/si/sits.urd/run/siw_lgn 
  • Staff can use: https://hrconnect.napier.ac.uk/mthrprod_ess/ess/#/​ when logged in to the University network

If you are unable to make the updates yourself then please submit the form below to dataprotection@napier.ac.uk

Data Rectification Form​


 

Request for the erasure of personal data ("Right to be Forgotten")

 

Under Article 17 of the GDPR EU citizens have the right to request the erasure of their personal data. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. The Information Commissioner’s (ICO) guidance refers: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

We ask you to complete the form below to enable us to find the relevant information in order to make a decision about erasure.

Erasure_Request_Form.docxErasure Request Form

 ​ 

Students/Graduates/Previous Students:

In relation to processing done by the University, this right does not apply as student personal data is processed under GDPR Article 6(1)(e): “processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller”, which is the Statutory Instrument 1993 Number 557 (S.76). GDPR Article 17(3)(b) refers.

If the course you studied is regulated there will also requirements under other legislation (e.g. health legislation for student nurses and midwives) for the University to keep certain records relating to students. We are also required to keep records to verify qualifications e.g. for crime and fraud purposes.

Therefore, whilst it is not possible to delete your personal data from the University’s records we can remove you from contact lists .g. the Alumni database, to stop youreceiving communications from the University.

For more information please see the University’s Privacy Notice/s (appropriate to yourself) – they detail the purposes, legal bases, etc. for processing.

Employees:​​​

The University processes your personal data under GDPR Article 6(1)(b): “processing is necessary for the performance of a contract”, etc. which refers to your employment contract. There is also no automatic right under the legislation to have your personal data deleted where this is the legal basis for processing, as the University is required to keep certain records as evidence of your employment.

Requests for deletion will be considered on a case by case basis, dependent on the circumstances, but ‘core’ information is required to be kept permanently, although there may be other information which can be deleted, if requested.

For more information please see the University’s Privacy Notice/s (appropriate to yourself) – they detail the purposes, legal bases, etc. for processing.

Communications:

Please note that where you ask us not to contact you we are required to keep a record of this to ensure that we adhere to your wishes and you are not re-added to our databases by another means and contacted again.                                                                                                             

Rights for Research Participants

Some of the rights under the UK-GDPR contain built-in exceptions for research. If complying with a rights request would prevent or seriously impair the achievement of the purposes of processing for research, then the University may apply an exemption. However, exemptions are not applied in a 'blanket' fashion, and will be decided depenent on the circumstances. 


For further information see the ICO guidance using the following URL: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/the-research-provisions/exemptions/?q=record​ ​



 

 

 

                                                                                                               

​​​​
​​​​​​​