世界杯压球平台收集和处理大量员工的个人数据, 学生, 校友, 承包商, 世界杯压球平台参与者和其他活着的个人,使大学能够承担广泛的活动.

个人资料的处理由 《世界杯投注网站推荐》2018年数据保护法(DPA).

The 世界杯压球平台 takes its responsibilities under these laws very seriously.


《世界杯投注网站推荐》是2018年5月生效的一项欧盟法律,取代了之前的数据保护立法.  尽管世界杯投注网站推荐将在2019年离开欧盟, 英国政府已经明确表示,GDPR在英国脱欧后仍将适用.


The GDPR is based around six data protection principles:


  1. processed lawfully, fairly 和 in a transparent manner
  2. collected for specified, explicit 和 legitimate purposes
  3. adequate, relevant 和 limited to what is necessary
  4. 准确,必要时及时更新
  5. 不要留得太久
  6. 处理安全

Organisations must also be able to demonstrate compliance with these principles.


个人资料指与可辨认身份的自然人(活着的个人)有关的任何资料。. 个人资料的例子包括:

  • 家庭住址;
  • 一个电子邮件地址;
  • 一张照片;
  • 医学信息;
  • 教育记录;
  • 一个饼干ID.


In order to process any personal data, a lawful basis must be satisfied:

  • 同意
  • 合同的履行
  • 义务:遵守法律义务
  • 切身利益
  • 公共利益:公共利益或官方权威
  • 合法利益

同意被定义为自由给予, 具体的, 明确的,明确的通过声明或通过明确的平权行动来表达一个人的意愿, signifying an agreement to the processing of their personal data.


Individuals also have the right to withdraw 同意 easily 和 at any time.

特别类别的个人资料(i.e. 有关种族或民族血统的资料, 政治观点, 宗教或哲学信仰, 或者工会会员资格, 健康, 性生活或性取向, genetic data 和 biometric data) a further set of lawful basis must also be satisfied. These are specified in Article 9 of the GDPR 和 Schedule 1 of the 《世界杯投注网站推荐》.

To process information relating to criminal offences 和 criminal convictions, 必须符合GDPR第10条或《世界杯投注网站推荐》附表1中的条件.




  • Rights of data subjects – these are outlined below;
  • Introduction of data protection by design 和 default;
  • Obligations for arrangements with regard to any subcontracted processing of personal data;
  • 规定须备存处理活动的纪录,列明所有已处理的个人资料;
  • 维持适当的技术和组织措施,以确保与风险相适应的安全水平;
  • To require organisations to report breaches of personal data within 72 hours;
  • 数据保护 Impact Assessments for new or high risk processing;
  • A new role of data protection officer for public bodies 和 other large organisations;
  • Obligations to protect personal data being transferred to countries without personal data.






This means that you can request the information that the University holds about you, 询问这些信息是如何处理的,并检查您的信息是否正在以合法的方式处理.

If you wish to make a request for a copy of the data held about you, you can complete the 受试者查阅要求表格 和 send it to 或向资料保护主任提交, D21a里士满建筑, 世界杯压球平台, 里奇蒙德路, 世界杯投注网站推荐, BD7 1 dp. 或者,你也可以使用相同的联系方式通过电子邮件或信件直接向大学提出申请.


申请通常是免费的, however in certain circumstances a 'reasonable fee' may be charged.  We will always inform you prior to any costs being incurred.

We aim to respond to your request within one calendar month.  We have the right to extend the response date by 2 months depending on circumstances, if this is to happen we will contact you as soon as is practical.


The 《世界杯投注网站推荐》 gives you, 个人, greater control over how your personal data is used.

GDPR为个人提供了除访问权之外的许多权利 访问您的信息 部分:

  • 知情权
    您可以通过阅读世界杯投注网站推荐在收集您的信息时向您提供的隐私通知来了解您的数据将会发生什么. The privacy notice will inform you of the purpose for collection, 托收的法律依据, who we share your information with 和 how long we keep your information for.
  • 整改权 
    如果您认为世界杯投注网站推荐持有的数据有问题,您可以提交整改请求. There are certain circumstances when we can refuse a request.
  • 删除的权利
    This is also known as 'the right to be forgotten'. This means you can withdraw your 同意 和 ask the University to delete information held. This is not an absolute right 和 it will only apply in certain circumstances however.
  • 限制处理的权利
    在调查任何正在进行的问题时,你可以要求学校限制对你的数据的处理. Again this is not an absolute right 和 will only apply in certain circumstances.
  • 数据可移植权
    you can request that data that we hold be easily transferred to another organisation. 携带权只适用于个人提供给大学的信息.
  • 反对的权利
    GDPR赋予您在特定情况下反对处理其个人数据的权利. 它是否适用取决于世界杯投注网站推荐处理的目的和世界杯投注网站推荐处理的合法基础.

If you wish to exercise any of the above rights please write to data-protection@vsraca.com 或向资料保护主任提交, D21a里士满建筑, 世界杯压球平台, 里奇蒙德路, 世界杯投注网站推荐, BD7 1 dp.


个人数据泄露可以广义地定义为影响机密性的安全事件, 个人资料的完整性或可用性. 这是, a breach takes place whenever any personal data is lost, 摧毁了, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable.

The 世界杯压球平台 stores the personal data of thous和s of 学生, 工作人员, 校友, 和 many other individuals who have dealings with the University.

根据新的资料保护法例,大学必须在72小时内通知信息专员办公室(ICO)任何个人资料被侵犯, which will result in a risk to the rights 和 freedoms of natural persons.

If you believe that a personal breach or other data protection incident has occurred, 立即致电01274 233021或01274 233358或通过电子邮件联系数据保护主任(DPO) data-protection@vsraca.com. If you are a member of the University, you can also report a breach via ITServiceNow.



为处理高风险的个人资料而填写DPIA是法律所要求的,但也是强制性的, there are actually real benefits to conducting a DPIA:

  • 它能让机构在项目的早期阶段就发现和处理私隐问题,长远来看可节省时间和金钱;
  • 它可以减少收集的个人数据量,使流程更简单,项目更高效;
  • 它向利益相关者表明,你认真对待隐私问题,并增加了对组织的信任.


这所大学已发展出一套 Procedure for conducting 数据保护 Impact Assessments 和 数据保护影响评估模板表 根据ICO的最佳做法指导


If you need any further information about your rights 和 data protection in general, you may find the following external resources useful.



Intersoft Consulting have created a more useable version:


The DPA can be found on the UK's official 立法 website:


信息专员办公室(ICO)是英国负责维护公众利益的信息权利的独立机构.  该组织涵盖数据保护, 信息自由法, Environmental Information Regulations 和 other regulatory 立法.

The 信息专员办公室 website can be found at http://ico.org.uk/