Information Compliance Privacy Notice

Information you need to know

The Information Compliance team is part of the Legal Services department at Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at

LJMU takes your privacy very seriously.  This privacy notice explains how we use your personal information and your rights regarding that information. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.

What information are we collecting?

We collect personal data when people send the university requests information under the provisions of the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the General Data Protection Regulation (GDPR), or if you write to the university’s Data Protection Officer.

When we receive a request, we will record your name and contact information to enable us to respond to you. We may also collect information you provide that allow us to analyse who we are receiving requests from to monitor demand.

If you are asked to verify your identity because you are requesting access to your personal data records, we will store a copy of your identity documentation.

Why are we collecting your data and what is the legal basis for this?

LJMU will collect personal data from you for several reasons, and will at all times do so in compliance with the principles of the GDPR, and for one of the legal basis set out in Article 6 of the Regulation.

We are processing your information in order to comply with our statutory duties under the data protection and information legislation referred to above.  The lawful basis is Article 6 (c) - that is necessary to comply with a legal obligation.

Who has access to this data?

Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role.

Examples of relevant staff may include:

  • The Data Protection Officer and their office
  • Staff in other teams who hold your personal data when this has been requested by you or on your behalf or we are investigating a data breach or carrying out an internal review of a decision.

Examples of external parties we may lawfully share information with include:

  • The Information Commissioner’s Office
  • Student Loan Company
  • Police
  • Providers of software we use

How does the University protect your data?

The University takes Data Protection very seriously and at all times your personal data will be handled in line with the University’s Information Security Policy.

All personal data held by the Information Compliance team is held in secure electronic systems. In very rare occasions paper records may be prepared for internal use and these will be stored in our offices within locked cabinets.

For how long does the University keep your data?

We hold the personal details of information requesters in accordance with our Records Retention Schedule usually for 3 years unless your request relates to a staff grievance and/or disciplinary matter or a student complaint, in which case details will be held for 6 years after the last entry in a file.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request, this could be in a portable electronic format;
  • require the University to change incorrect or incomplete data if you think that it is inaccurate or out of date
  • require the University to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer

What if you do not provide data?

We are unable to respond to your request if you do not provide us with sufficient contact details. If you would like to seek access to your own records then for security reasons we will not be able to disclose this to you without verification of your identity.

Transfers of data outside the UK

Generally, we do not send your personal data outside the UK. However, in some specific cases, we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a university based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection. For example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).

Automated decision making

We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human.

How to complain to the Information Commissioner’s Office?

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations.  The Information Commissioner can be contacted:

By post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.

By phone: 0303 123 1113.

By email: contact can be made by accessing