Skip to content

Our Privacy Policy

Introduction 

Nottingham Trent University is committed to protecting the privacy and security of your personal information. This Privacy Notice provides important information about how Nottingham Trent University and its associated entities (“NTU,” “we,” or “us”) identifies and manages its data protection responsibilities in accordance with its legal and regulatory obligations. 

NTU encourages you to review the privacy statements of any websites you choose to navigate to from our website (or navigate from to our website) or digital services that we provide links to so that you can understand how those websites collect, use and share your information as well. Any third-party sites that you can access through the website are not covered by this Privacy Notice and we accept no responsibility or liability for these sites. 

Who we are 

NTU is a data controller which means we are responsible for deciding how we hold and use personal information about you. 

This Privacy Notice is specific to the Blue Zone Consortium which is a programme funded by the Biotechnology and Biological Sciences Research Council (the “BBSRC”) to encourage cross-sector and interdisciplinary knowledge exchange between bioscience research staff by providing opportunities for training, networking, placements and exchanges (the “Programme”). The Programme is led by three universities (Nottingham Trent University, University of Leicester and Northumbria University), however NTU is the controller of your data.  

Please read this Privacy Notice carefully and contact us if you have any questions about our privacy practices or your personal information, using the contact details provided at the bottom of this Privacy Notice. 

Personal information 

NTU is committed to the responsible handling and protection of personal information. 

Personal Data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data).The information will be Personal Data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations. 

Why we process your data 

We collect, use, disclose, transfer, and store personal information for the purposes of the Programme and for our operational and business purposes as described in this Privacy Notice.  

We want to be clear about our privacy practices so that you are fully informed about the use of your information, and we encourage you to contact us at any time with questions or concerns: [email protected]  

The types of personal information we collect 

The categories of personal information that we may collect, store and use about you include (but are not limited to):  

  • Your name, title and contact details 
  • Whether you are joining the consortium as an individual or as a representative of an organisation? 
  • Gender identity 
  • Disability 
  • Which ethnic group do you identify with  
  • Data related to event attendance (which may include photographs taken at those events) 
  • Records of all contact we have with you 
  • Any other data you provide to us in connection with Programme activities 

You may be required to, or you may choose to, share additional personal information with us if you apply for FTMA funding to support a placement or exchange, [including your CV, academic or technical background]. 

We collect information about gender identity, disability and ethnicity (which is data that is subject to an extra level of protection under the UK GDPR) because we are committed to ensuring that equality, diversity and inclusion (EDI) is considered at every stage of delivery of the Programme and because we are required by the BBSRC to report on EDI statistics. However we will only ever share anonymised and aggregated statistical data with the BBSRC from which no individuals will be identifiable. 

How we collect your data 

We obtain data about you when you use our website, for example, when you complete the join us form, or when you complete the application forms. 

We also collect personal data included in applications for FTMA funding that are submitted to us. 

How we use data about you 

When processing personal data, we rely on a combination of the grounds permitted by data protection law.  

Processing Activity Legal Basis 
Carry out our obligations arising from any contracts entered into by you and us; Legitimate Interest to process any queries or questions regarding funding, networking or training opportunities.  
Contact you regarding queries raised in the contact form Legitimate Interest to respond to any queries or questions regarding funding, networking or training opportunities. 
Seek your views or comments on the services we provide Public Task – reporting back to the funder (BBSRC, UKRI) on the accessibility and inclusivity of the funding, networking and training opportunities  
Notify you of changes to our services Legitimate process – notify of any changes to funding, training or networking events.  
Send you communications that you have requested and that may be of interest to you, which may include our monthly newsletter, information about campaigns, funding opportunities, events and workshops, partner searches, and other activities relevant to the Blue Zone Consortium’s mission Legitimate process – notify of any changes to funding, training or networking events. 
Reviewing and assessing applications that we receive for FTMA funding  Public Task – obligation to report back to the funder (BBSRC, UKRI) on accessibility and inclusivity of funded applications.  
  

Where special categories of personal data (see above) are processed, the permitted legal bases for doing so will include: 

  • Explicit consent of the data subject.  
  • The processing of personal data manifestly made public.  
  • The establishment, exercise or defence of legal claims. 
  • Purposes specified in data protection law as being in the substantial public interest.  
  • The processing is necessary for reasons of public interest in the area of public health. 
  • For archiving, statistical and research purposes.  

We will only process your Data for the specific purpose or purposes that we tell you about, in compliance with the GDPR, and will only process your data to the extent necessary for that specific purpose or purposes. 

Who we share your data with 

When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised or pseudonymised, and statistical data with third parties.  

We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legal requirement or legitimate interest in doing so.  

Below are the parties with whom we may share personal information and why;  

  • We may share your name and email address with the University of Leicester and Northumbria University, if they need that information in order to help us deliver the Blue Zone Consortium’s activities;  
  • We may share your name and email address with external providers of training courses, workshops, networking events and similar that you have signed up for, so that those providers can provide those benefits to you; 
  • [If you apply for FTMA funding, any personal data included in your application will need to be shared with the members of the panel assessing those applications, who will be subject to confidentiality obligations];  

How long we keep your data for 

We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Notice will delete your personal information when they no longer require it. 

How we secure your data 

We have appropriate security measures in place to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know. 

NTU takes data security seriously, and we use appropriate technologies and procedures to protect personal information. 

For example: 

  • Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data. 
  • Business Continuity and Disaster Recovery strategies that are designed to safeguard the continuity of our service and to protect our people and assets. 
  • Appropriate restrictions on access to personal information. 
  • Monitoring and physical measures, to store and transfer data securely. 
  • Data Protection Impact Assessments (DPIA) in accordance with legal requirements and our business policies. 
  • Periodic training on privacy, information security, and other related subjects for employees and contractors.  
  • Vendor risk management. 
  • Contracts and security reviews on third-party vendors and providers of services.  

How we keep your data secure in other countries 

If you sign up to, and are selected to, participate in training provided by our external training provider University Industry Innovation Network (UIIN), we will need to share your name and email address with UIIN. By signing up to the training, you provide your consent to this. UIIN is based in Denmark within the European Economic Area (EEA), which the UK Government recognises as providing an adequate level of protection for your rights and your personal data.  

In the course of the training, you may wish to share additional personal information with UIIN directly. For more information on how UIIN processes your data and keeps it secure, please refer to its privacy policy at: https://www.uiin.org/privacy-statement-eu-2/

We do not have, as at the date that this privacy notice is published (July 2024), any plans to share your personal information with any other organisations based outside the UK, but if that position changes then We we will take appropriate steps to ensure that your personal information is processed, secured, and transferred according to applicable law.  

When we transfer personal information outside of the  UK  to any jurisdiction in which applicable laws do not offer equivalent level of data privacy protection to that in the UK, we are required by law to take measures prior to transfer to ensure that your data and your rights as a data subject are protected by appropriate safeguards. 

In particular, we would assess whether there is any significant risk to your rights that might arise from transferring your data outside the UK, and then enter into a data sharing agreement with any recipient of your data based on the contractual clauses approved by the UK Information Commissioner’s Office (ICO) for international data transfers. These clauses, will require the recipient to protect your personal data and will grant you effective and enforceable rights in respect of your data. If you would like to know more about our data transfer practices, please contact [email protected]  

Your duty to inform us of changes 

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. 

Your rights 

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information. 

Under certain circumstances, by law you have the right to: 

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. 
  • Request correction of personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you. 
  • Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). 
  • Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. 
  • Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. 
  • Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing. 
  • Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you. 
  • Request the transfer of your personal information to another party.

How to contact us 

Please contact us at [email protected] in the first instance if you have any queries about the content of this Privacy Notice or how we use your data. 

If you are not satisfied with how NTU manages your personal data please contact our Data Protection Officer (details below). In addition you have the right to make a complaint to a data protection regulator. The ICO contact details are: https://ico.org.uk/global/contact-us/

Data Protection Officer  

Nottingham Trent University 
Address: 50 Shakespeare Street, Nottingham, NG1 4FQ 

Email: [email protected]