Privacy Notice for Purchasing & Corporate Cards
Your Personal Data
The University of Glasgow will be what’s known as the ‘Data Controller’ of your personal data processed in relation to all tender submissions. This privacy notice will explain how The University of Glasgow will process your personal data.
Why We Need It
We are collecting your basic personal data such as name, home address, work address, email address, GUID, date of birth, nationality, telephone numbers in order to administer and report successfully the University’s Purchasing & Corporate card programme. We will only collect data that we need in order to provide and oversee this service to you.
Your work email and/or contact telephone number will be used for you to receive important communication from the bank provider or receive authentication code required to approve certain transactions.
Your personal data may be moved to a new banking supplier as required by the University.
Your home address will be used by the Procurement Office to send out new/replacement cards. The bank may also use your home address to send out cards.
Legal Basis for Processing Your Data
We must have a legal basis for processing all personal data. In this instance, the legal basis is
- Public task/Official authority – this covers activities undertaken as part of the core functions of the University
- Legal obligation: the bank anti-money laundering Regulations
- Legitimate interests – this should only be used for activities which are not part of the University’s core functions and in this case details should be provided of what interests the University or relevant third party has in the data. In order to obtain and use a Purchasing Card or Corporate Card, a bank application is required to be completed which contains personal details (name, home address, work email, date of birth, nationality, telephone numbers).
What We Do With It and Who We Share It With
- All the personal data you submit is processed by staff at the University of Glasgow and the bank in the United Kingdom.
- Your data will be restricted and only shared with authorised Procurement Office team members, the Head of Procurement and the bank.
- It will be used to assess and approve your application; provide the bank with your application in order to obtain the credit card; update the Procurement system (P Card App) with the necessary details (your name, email ID, college/service, card limits); to produce monthly reports shared as per below.
- The Procurement Office downloads reports from the Procurement Supplier Spend Dashboard on QlikView which details all spend/transactions on a monthly basis per College/Schools/Service: total year to date spend. The reports are shared with the Procurement Team, the Heads of Finance, Heads of Schools/Colleges and Heads of University Services.
How Long Do We Keep It For?
Your data will be retained by the University for 6 years. After this time, data will be securely deleted.
What Are Your Rights?*
You can request access to the information we process about you at any time. If at any point you believe that the information we process relating to you is incorrect, you can request to see this information and may in some instances request to have it restricted, corrected or, erased. You may also have the right to object to the processing of data and the right to data portability.
If you wish to exercise any of these rights, please contact dp@gla.ac.uk.
*Please note that the ability to exercise these rights will vary and depend on the legal basis on which the processing is being carried out.
Complaints
If you wish to raise a complaint on how we have handled your personal data, you can contact the University Data Protection Officer who will investigate the matter.
Our Data Protection Officer can be contacted at dataprotectionofficer@glasgow.ac.uk
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO) https://ico.org.uk/