The University of Westminster is the Data Controller for the personal information held in relation to external reviews. This privacy notice is in addition to the University’s privacy notice. The University is committed to protecting your privacy.
How we collect information
We collect information about you when:
- You agree to become an external reviewer
- You conduct external reviews
- We make payment to you
Confidentiality
Information provided on your external reviewer application form and subsequently will only be shared with internal colleagues related to your service to the University in that role.
What information do we collect and hold
Information collected includes:
- Name, contact details and your place of work
- Your expertise and qualifications relevant to the external reviewer role
- Financial information (bank details, tax status, National Insurance Number)
- Documentation required for proof of your Right to Work in the UK
How the personal information we hold is used
Your personal information will be used to:
- Appoint you in the role of external reviewer and to make payment to you
- Ensure review activities are matched to your expertise
- Conduct Right-to-Work Checks: To enable us to confirm that you have the right to work in the UK; the University will need to carry out a right-to-work check before you start work. For UK and Irish passport holders the University has contracted a third party provider to carry out digital checks. We will use the email address you have provided on the nomination form to send you a link to their platform
Our reason for processing your personal data
We process your personal data for the following reason:
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
- Processing is necessary for compliance with a legal obligation to which the controller is subject
How we protect your information
All of the personal information we hold for you will be held securely and used strictly in accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). Your information may be held outside of the UK. Where this is the case, we ensure that additional measures are in place to protect your data.
We use cloud providers and online application providers to help us deliver services. Therefore, the use of some of our systems may include the transfer of your personal data to other countries. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK or where we have put in place additional safeguards to protect your data.
Our data retention policy
We will retain this information only for as long as these purposes remain valid. We may aggregate and anonymise data for wider internal management reporting.
For ID checks, once the checks have been carried out, results are available on the portal for up to seven days before being automatically and permanently deleted, although customers may request a different retention period if required. After seven days, the supplier retains data for reporting purposes but does not retain any information that could identify an individual.
Disclosure of information to third parties
Personal information will not be disclosed to external organisations other than those acting on the instructions of the University. Where this is the case, a written contract will be put in place between the University and the third party to set out the purposes for which the information can be used and the security measures that must be in place.
Your rights
If you wish to request access to the personal information we hold about you, please contact the Information Compliance Team through the University's subject access procedure.
If you have any queries about this privacy notice or about how we hold and use your data, please contact [email protected].
For more information about other data protection rights and how to exercise them, visit our Data subject rights page.
If you have any concerns, please contact our Information Compliance Team at [email protected].
Alternatively, you can contact the Information Commissioner's Office.
We will review and update this privacy notice to reflect changes in our processes and procedures. We will revise the 'last updated' date on this notice when such changes occur. We encourage you to review this notice to remain informed periodically.
Last reviewed and updated January 2025