Privacy notice for TRICAP
Your personal data
The University of Glasgow will be what's known as the 'Data Controller' of your personal data processed in relation to arranging travel insurance for trips undertaken on the business on the University of Glasgow. This privacy notice will explain how the University of Glasgow will process your personal data.
Why we need it
- Insurance/security purposes
We are collecting your basic personal data, such as name, email address/contact details and, where relevant, limited special categories data (e.g. family members), in order to ensure that the necessary travel insurance can be arranged and that the University can contact you in the event of an emergency (e.g. a natural disaster in the territory that you are visiting). We will only collect data that we need in order to provide and oversee this service to you.
- HR/Tax/Payroll purposes
Where staff trips are over 60 days, HR, payroll and tax will also review the data collected. This is to take action where necessary to comply with immigration, tax and other local regulatory requirements – for example, where employment tax or national insurance must be paid in another country by the University.
- Cyber Security
We may share your travel data with our security application. The primary reasons for this data sharing is threat Detection and Prevention. By analysing travel patterms and data, this security application can identify potential threats and unusual activities, allowing for proactive measures to prevent security incidents.
Legal basis for processing your data
We must have a legal basis for processing all personal data. In this instance, the legal basis is -
- Legitimate interests:
- To enable travel insurance to be arranged and to allow the University to provide a duty of care to the employee/student whilst he/she is travelling on University business.
- Where staff trips are over 60 days, this may also include paying tax and national insurance overseas in order to comply with local tax regulations.
- We have a legitimate interest in ensurug the safety and security of our services and users. Sharing your travel data with our security application helps us fulfil this responsibility.
- Explicit content: By volunteering information on your marital status/spouse/child, you have explicitly consented to the collection and use of this special category of personal data
What we do with it and who we share it with
- Insurance Purposes All the personal data you submit is processed by staff at the University of Glasgow in the United Kingdom. This data may also be shared with the University’s appointed broker (Aon UK Limited), travel insurer (AIG Europe Limited UK) and employer liability insurer (RSA) when it is required in order to secure the appropriate cover (e.g. trip involves travelling to an area that the Foreign & Commonwealth Office have advised against all travel to that particular region).
- HR/Tax/Payroll
All the personal data you submit is processed by staff at the University of Glasgow in the United Kingdom. This data may also be shared with the University’s tax advisers (KPMG, PWC or other designated advisers or payroll bureaus in certain countries).
- Cyber Security
All the personal data you submit is processed by staff at the University of Glasgow in the United Kingdom.
In addition,
- All information is held on a database where access is restricted to only staff with a legitimate reason through the nature of their role in the University. Any paper records are stored in a locked cabinet with access restricted to staff within the University’s Insurance Section, HR or Payroll Sections
How long do we keep it for?
Your data will be retained by the University for 3 years after the financial year in which the trip ended. After this time, data will be securely deleted.
What are your rights?**
You can request access to the information we process about you at any time. If at any point you believe the information we process relating to you is incorrect, you can request to see this information and may in some instances request to have it restricted, corrected or, erased. You may also have the right to object to the processing of data and the right to data portability.
If you wish to exercise any of these rights, please contact dp@gla.ac.uk
** Please note that the ability to exercise these rights will vary and depend on the legal basis on which the process is being carried out.
Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.
Our Data Protection Officer can be contacted at dataprotectionofficer@glasgow.ac.uk
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner's Office (ICO) https://ico.org.uk