Privacy Notice CoSector
This privacy notice contains general information for CoSector and provides links to privacy information specific to the services we provide.
Controller’s contact details
The University of London is the controller for the personal information we process, unless otherwise stated.
Our postal address:
University of London
London WC1E 7HU
For general contact for CoSector please use http://www.cosector.com/contact/
Data Protection Officer's contact details
The University’s Data Protection and Information Compliance Manager is our Data Protection Officer. You can contact the DPO at firstname.lastname@example.org or via our postal address. Please mark the envelope ‘Data Protection Officer’. Further information available at https://london.ac.uk/about-us/how-university-run/policies/data-protection
How do we collect personal data?
Most of the personal information we process is provided to us directly by you for one of the following reasons:
· You are customer of our services
· You have signed up to one of our mailing lists
· You wish to attend, or have attended, an event
· You have applied for a job or internship with us
· You have accessed our website
We also receive personal information indirectly, in the following scenarios:
· We host your data on behalf of another organisation and according to their instructions
· A complainant refers to you in their complaint correspondence.
· Your contact details have been provided by one of our employees as an emergency contact or a referee
If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.
Your data protection rights
You have a number of rights under the General Data Protection Regulation, such as the right of access to your data (the 'Subject Access Right'). For more information please see the University's Data Protection page at the following link:
Special requirements for access to our buildings or services
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act (2010) and according to our Diversity and Inclusion Strategy https://london.ac.uk/about-us/how-university-run/policies/equality-diversity-and-inclusion
We can make arrangements for anyone with a disability who contacts us in any capacity, to help you access our services. Our legal basis for processing your data where it is necessary for a legal obligation to provide this access. Our processing of special category data, such as health information you give us, will be based on article 9 (2) (b), where it is necessary for carrying out our obligations in social protection law, which includes health and safety legislation.
We’ll create a record of your special requirements as appropriate to the nature of your visit or access to our services. This will be viewable by relevant staff and kept for 6 years.
Sharing your information
To fulfil our services we will need, where appropriate, to share relevant data with third parties. This will be outlined in the specific sections of the privacy notices about our services.
The University may use an external contractor or 'data processor' to store or manage its data. It will process this data only for purposes specified by the University and will be bound by contract to meeting the University's obligations under the General Data Protection Regulation. Where data is passed outside the EEA, the University will take the relevant steps to ensure there is adequate protection in place.
Your personal data will not be passed to any other third party without your consent, except where the University is required to do so by law.
Links to other websites
Links to other websites of other organisations are not covered by this Privacy Notice.
CoSector has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts and their relevant privacy policies.
Your right to complain
You have the right to complain about how we process your data. Complaints about data protection should be made to the Data Protection Officer at the following link: email@example.com
If you remain unsatisfied with our response, you can escalate your complaint to the Information Commissioner’s Office at the following link https://ico.org.uk/make-a-complaint/
Changes to this privacy notice
This page will be regularly reviewed and kept up to date.
CoSector does not provide services directly to children or collect their personal data. Where the data of children is collected through the provision of our services, this privacy notice applies to them as well as adults. If they require any assistance with the privacy notice, they can contact: firstname.lastname@example.org
Managing customer contacts
If your interactions with us include any unacceptable behaviour, by phone, online or in person, which puts our staff or other people at risk we will store a record of those interactions and share that information with relevant staff to avoid that risk in future. The legal grounds for this processing is, as we are a public authority, ‘necessary for task in the public interest’.
You have a right to object to us collecting and storing this data under GDPR though the University may refuse your request.
Visitors to our website
For further information on visiting our website please see:
Visitors to the office
When you visit the CoSector premises at the University of London we collect information in order to give you access to the building with a visitors pass and signing in and out where required
CCTV operates in and outside the building and according to the University’s CCTV policy. Images are kept for 30 days.
If you access our Wi-Fi networks we will monitor your usage in accordance with our Acceptable Use policy https://london.ac.uk/about-us/how-university-run/policies/information-security-and-acceptable-use-policy
Our services - IT and Digital
As a commercial customer for hosting your company’s personal data we will act as a data processor for your data with terms established in your contract.
Your records as a customer, most commonly your professional contact details and interactions with us about our services, will be stored by us as a data controller as necessary for the performance of your contract with us as a customer. These records will be kept 6 years following the closure of your contract.
We use ServiceNow and ConnectWise to manage our customer interactions and UNIT4 Business World for financial transactions.
Our services - Recruitment
If you use our recruitment services to find work in a permanent, temporary or internship placement, you can view the privacy notice here
If you use our recruitment services as a company to source staff for permanent, temporary or internship positions, we will collect and store records about you as a customer, most commonly your professional contact details and interactions with us about our services, will be stored by us as a data controller as necessary for the performance of your contract with us as a customer. These records will be kept 6 years following the closure of your contract.
We use UNIT4 Business World for financial transactions.
Our services - Housing
If you use our housing services as a tenant, landlord or obtaining housing advice you can view the relevant privacy notices here and as part of any agreement you sign:
Our services - Fairs and Events
If you use our fairs and events team to produce or stage an event at Senate House or manage a stall at an event we will collect and store records about you as a customer, most commonly your professional contact details and interactions with us about our services, will be stored by us as a data controller as necessary for the performance of your contract with us as a customer. These records will be kept 6 years following the closure of your contract.
If we are hosting your event we will act as a data processor for the personal data of attendees to your event with terms established in your contract.
If you are attending one of the fairs or events at the Senate House, we will process your data according to the privacy notice you signed with the event organiser and according to their instructions.
If you are attending one of the fairs or events we are organising we will process your data as necessary for the performance of your contract with us as attendee. We will keep these records for 6 years. If we collect records in order to assist you in accessing our building or services, these will be kept in accordance with the section on ‘special requirements’ in the section above.
We use UNIT4 Business World for financial transactions.
Subscribing to our mailing lists
When you sign up to our mailing list we will provide an explanation of what service you are signing up for. Our legal basis for processing this information is consent. If you would like to withdraw your consent for direct marketing at any point, please select ‘unsubscribe’ on your email
CoSector uses ConnectWise and MailChimp as a data processor to manage its mailing lists.
Reporting and monitoring our services
CoSector and the University of London will use your personal data with those of others for statistical and reporting purposes to monitor and improve our services. Our legal basis for processing this information will be one of the following grounds
· necessary for legal obligation, where we have a statutory duty to report information
· necessary for a task in the public interest, in our position as a public authority
· necessary for our legitimate interests to monitor and improve our services
Where special category data is involved, such as equality or diversity information, we will store the data for reasons of substantial public interest around meeting our obligations around the Equality Act 2010.
We will use a range of safeguards to protect your personal data in our statistical analysis and reporting, including
· Analysis does not identify individuals, where this does not affect the purposes of the research
· Analysis does not lead to a decision being made that affects that individual
· Data is, where possible, anonymised or pseudonymised
· Data is kept securely to guard against unauthorised access, loss or misuse
· The principle of ‘data minimisation’ is observed