Data Portability does not apply to all processing activities. A data subject has the right to receive back from the University the personal data which he or she has provided directly to us where:

• the processing is based on consent or on a contract; and
• the processing is carried out by automated means (i.e. electronically processed only)

 

The definition of “provided directly” includes: 

• Data actively and knowingly provided by the data subject, for example, mailing address, user name, age, etc

• Observed data “provided” by the data subject by virtue of the use of the service or a device. They may for example include a person’s search history, traffic data and location data.
  • It may also include other raw data such as the heartbeat tracked by fitness or health trackers.

The right to data portability does not apply where:

• The processing is based on any legal grounds other than consent or contract.
• Where the personal data is provided via a third party (UCAS, external parties etc)
• Where the personal data was provided in an non electronic format (paper forms) and entered into an automated system
• Where the personal data has been generated by the University from other data held about the data subject
• Where data has been anonymised

 

Without any undue delay and certainly no longer than a month from the date of request.

Can timescale be extended?

 

Yes – if the request is complicated, we can extend for a further two months, but we will let you know if this is the case within the original timescale

Is there a fee?

 

No

If the University fails to provide a response to your satisfaction, you should raise complaint with the University Data Protection Officer dp.officer@northumbria.ac.uk

If you remain dissatisfied, you may request the ICO to undertake the judicial review:

• If the ICO does not agree with the University, this may result in us being instructed to make the rectification as originally requested, either in full or in part. We will do this within one month of the ICO notifying us.
• If the ICO agrees with the University, the note will remain on your account but no further action will be taken and no changes will be made to the data.

You may submit a request for portable data in a number of different ways, including via telephone or in person, but for it to be considered a valid request, it must be clear what data you are requesting

 

We would encourage you to submit a request in writing wherever possible as this will be as much for your own befit as ours, as it will:

 

• Provide a clear audit trail as to when you submitted your request.
• Ensure that both you and the University have a clear record of what you have requested.

Requests should clearly state what data you are requesting along with when and where it was provided by you (i.e. the web form you submitted it through, the activity you were undertaking when you provided it etc). If it is unclear what you are requesting, you will be asked to clarify.

 

Requests can also be submitted to the University Data Protection Officer:

 

T:  +44 (0)191 243 7357

E:   dp.officer@northumbria.ac.uk

P: Vice-Chancellor’s Office, Legal Services Team, Northumbria University,  Ground Floor, Pandon Building, Newcastle upon Tyne, NE1 8ST

To make sure that someone doesn’t request us to erase your data illegally, we will ask for proof of your identity. Acceptable proof of identity shall be any of:

 

• A copy of Photographic ID such as passport, driving licence or Student ID
• Birth Certificate.
• Two utility bills or bank statements (with redacted transactions) containing a full address of less than 3 month sold.

 

Please note that originals are not required, but can be scanned and sent in via email or they will be copied if presented in person. The University will refuse a request if we do not have evidence that the requestor is entitled to access the information