External Advisors privacy notice

Information you need to know

Liverpool John Moores University is the Data Controller. See further information on the institution.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk

This privacy notice explains how we use your personal information and your rights regarding that information.

For information about how the wider university uses personal data please see the Privacy Notice section of our website.

Information we are collecting

To manage the approval, re‑approval and ongoing monitoring of External Advisors for LJMU dual and joint awards, we collect and process the following categories of personal data.

Personal and contact details

This includes your title, full name, work address, telephone number and email address for correspondence purposes.

We also collect your home address and postcode, including to confirm that you will be carrying out your duties from within the UK for income tax purposes. In addition, we collect bank account and sort code details in order to process fee and expenses payments.

To provide you with access to university systems and facilities, we collect your home address, date of birth, National Insurance number and a passport‑sized photograph. This information is used to create your staff account and staff ID card.

Residency and right to work information

We collect information about your residency and/or citizenship status in order to confirm your right to work in the UK. This will be passport information, or other proof of eligibility to work in the UK.

Where proof of eligibility is provided, this will be checked either in person or electronically. A record of this verification is retained securely by the university in line with its legal obligations. Original documents, where provided, are only held temporarily for the purposes of verification and are returned to you securely.

Professional background information

This includes your curriculum vitae, current place of work, employment history, areas of teaching and/or research expertise, and relevant education and qualifications. This information is used to assess your suitability for the role and to support the university’s compliance with internal and external quality assurance requirements.

Source of the personal data

We collect personal data directly; during the expression of interest process, via your CV and your scanned documents providing proof of eligibility to work in the UK; on appointment, via the details you submit to enable us to give you access to the university’s IT systems and generate a staff IT account; on your first visit to the university; when you present your original documents to verify your eligibility to work in the UK; and when you claim fees/expenses.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

We use your personal data for the following purposes:

  • to consider and assess your expression of interest in acting as an External Advisor
  • to meet legal and regulatory obligations relating to right‑to‑work checks in the UK and to confirm that the UK is your current country of residence
  • to support your appointment, fulfilment of the role and ongoing engagement with the university, including compliance with institutional and national quality assurance requirements such as the Academic Framework Regulations and the requirements of the Office for Students
  • to pay the agreed fee for your work and to reimburse reasonable expenses incurred in connection with your role, in line with the university’s Financial Regulations

The lawful bases for processing your personal data are Article 6(1)(b) of the UK GDPR (performance of a contract) and Article 6(1)(e) (public task). These lawful bases allow the university to consider and appoint you as an External Advisor, to support you in carrying out your role, to meet statutory and quality assurance obligations, and to make payments and reimburse expenses relating to your engagement.

Who has access to this data

Access to your personal data is restricted to authorised members of LJMU staff and service areas where it is necessary for them to carry out their duties. This may include, but is not limited to:

  • Academic Registry
  • Finance
  • IT Services
  • Human Resources

Your personal data may also be shared, where required, with external bodies to meet legal, regulatory and quality assurance obligations. This may include:

  • law enforcement agencies, taxation authorities and UK Visas and Immigration, where required by law
  • Professional, Statutory and Regulatory Bodies (PSRBs), or their representatives, for the purposes of accreditation, validation and ongoing quality assurance of LJMU programmes
  • ·national sector regulators, such as the Office for Students

Where External Advisors are engaged to support the approval or ongoing monitoring of collaborative programmes delivered outside the UK, relevant personal data may be shared with designated contacts at the collaborative partner institution. Any such sharing is carried out in line with contractual arrangements and agreed safeguards for collaborative provision. Further information about this process can be obtained from the Academic Partner Approvals and Contracts Team within LJMU’s Academic Registry.

How the university protects your data

We are committed to keeping your personal data safe in line with data protection legislation and the university’s information security and data protection policies.

Personal data relating to your application, appointment and the administrative management of your engagement is stored securely by Academic Registry in centralised electronic systems.

Information relating to the payment of fees and expenses is processed and stored securely by the university’s Finance Department and Academic Registry.

Where you are provided with access to university systems, your personal data is used to create and manage your staff IT account and staff ID. This information is held securely by the Human Resources department within the university’s secure systems and, where required, in controlled paper records.

Access to all personal data is limited to authorised staff who require it to carry out their roles, and data is only retained and accessed in accordance with the university’s policies and legal obligations.

How long the university keeps your data

The university will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, accounting and reporting requirements. Personal data is retained in line with the university’s Records Retention Schedule.

Unless otherwise explained to you, the following retention periods apply.

Expression of interest, appointment and administrative management

Where an individual is not appointed following an expression of interest, personal data relating to the nomination process is retained securely by Academic Registry for one year following the decision not to appoint. It is then securely deleted.

Where an expression of interest is approved and an appointment is made, personal data relating to the appointment and ongoing administrative management of the role is retained by Academic Registry for the duration of the engagement (normally five years) and for a further five years after the end of the engagement. It is then securely deleted.

Fees and expenses

Personal data contained within fee and expenses claim forms is retained securely by the Finance Department and Academic Registry for seven years from the date of submission. It is then securely deleted.

To support the handling of queries, Academic Registry also retains copies of fee and expenses claim forms with your home address, date of birth and bank details redacted. These copies are stored securely and retained for seven years from the date of submission, after which they are securely deleted.

Staff IT account records

Where a staff IT account is created, the personal data used for this purpose is stored securely by the Human Resources department in both paper form and within the university’s secure Staff Infobase HR system.

This information is retained for the duration of the engagement (normally five years) and for a further seven years after the end of the engagement, after which it is securely deleted.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request - this could be in a portable electronic format
  • request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
  • request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing.

If your personal data has been provided by consent, you have a right to withdraw that consent at any time.

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

We need to collect certain personal data from you in order to meet our legal and regulatory obligations and to support your appointment and engagement in this role.

If you choose not to provide the information requested, the university may be unable to appoint you or enable you to carry out your duties effectively. This could mean that we are unable to proceed with, or continue, your engagement as an External Advisor.

Transfers of data outside the UK

We do not send your personal data outside of the UK.

Automated decision making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
Telephone: 0303 123 1113.
Email: contact can be made by accessing the ICO website.