Early Recordings Association (ERA) is part of the University of Surrey. We are registered as a controller with the Information Commissioner’s Office (our notification number is Z6346945) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation. We have a named Data Protection Officer, who can be contacted via dataprotection@surrey.ac.uk. One of our responsibilities is to tell you about the different ways we collect and use your personal data. This statement provides details about these uses. In addition to this statement, you may be given further information about the uses of your personal data when you use certain services offered by the University of Surrey.
ERA holds and processes personal data about members:
- Name and surname – contact details
- Email address
- Location
- Institution
- Research interests
We only collect the data we need and keep that data up to date. We receive this data from you when you join ERA.We do not receive data from third parties.
The University collects only the data we need, and we keep the data up to date and only for as long as it is needed. We collect your personal data to have a clear understanding who is joining Early Recordings Association and who is submitting a reference form.
We take our obligations for data handling very seriously and it is therefore important for you to know the lawful basis for us processing your information:
We process data to ensure that we can carry out our public role as an educational and research establishment, meeting legal, moral and contractual obligations as laid out in the University’s Charter.
The University processes personal data and special category data in accordance with data protection legislation and its own Data Protection Policy.
We keep your personal data for as long as it is required to perform its purpose or for as long as is required by law. These periods are defined in the University Record Retention Schedule.
We take the security of your data seriously. Details on university-wide measures surrounding IT security can be found in Our Data Policy Statement (PDF) (incorporating Information Security Policy). This policy specifies the measures that have been implemented to secure information and technology that the University manages and to protect against the consequences of breaches of confidentiality, failures of integrity and interruption of availability. implemented to secure information and technology that the University manages and to protect against the consequences of breaches of confidentiality, failures of integrity and interruption of availability.
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
As an individual whose data we process (a data subject), you have certain rights in relation to the processing. You can find detailed information about your rights as a data subject on the University’s webpage.
You have the right to:
- to ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing.
- request that we rectify any inaccuracies where the data we hold on you is inaccurate or incomplete
- to restrict the processing of your personal data in certain ways
- to obtain your personal data for reuse
- to object to certain processing of your personal data
To exercise any of these rights, please contact dataprotection@surrey.ac.uk.
You also have the right to complain independently to the Information Commissioner’s Office about the way in which we process your personal data if you are not satisfied with our response to your concerns.
If you have any concerns about the way that we have handled your personal data, please email the Data Protection team as we would like to have the opportunity to resolve your concerns.
If you’re still unhappy, you have the right to complain to the Information Commissioner’s Office(an independent body set up to advise on information rights for the UK) about the way in which we process your personal data.
Last updated 12/12/2024