Data Protection – overview

Published: 4th September 2017

Overview

Data protection is of paramount importance to all colleagues within the DDAR.  If you have any queries whatsoever about Data Protection then please contact either Alex Hyde-Parker or Tom Jirat.

The University does not sell to or share any data with third party organisations and all data are held securely and in accordance with the (UK) Data Protection Act 1998.  DDAR’s Privacy Statement is available here:  http://your.manchester.ac.uk/privacy/

Failure to treat data held by the DDAR in the correct and appropriate manner could have severe ramifications on yourself, the directorate, the University, and those who trust us with their information. Access to the DDAR systems comes with responsibilities, and you are a steward of our alumni and supporter data. You must safeguard the confidentiality of our alumni and supporters as well as record your activities for the benefit of other current and future systems users.

 

‘DDAR Systems’ refers to one or more of:

  • The Raiser’s Edge;
  • Online Express;
  • The Manchester Network;
  • Smarteezie;
  • JustGiving;
  • Hubbub;
  • MailChimp;
  • Your Manchester Online.

 

Systems access is arranged by the Development Services team; line managers should speak to Tom or Barry in advance of any new colleague starting to ensure the appropriate authorisation can be put in place.

All colleagues must do the following upon starting with the Division:

  • Complete the University’s Protecting Information online training kit;
  • Complete the University’s Data Protection online training kit;
  • Read and understand the University’s Data Protection factsheet, available here, and understand how it applies to their role.
  • Sign a DDAR Systems Access Agreement;
  • Receive basic systems training from a member of the Development Services team (usually Barry);
  • Receive role-specific systems training from a member of the Development Services team (usually Barry).

Colleagues must also complete any other additional training when requested by the Divisional Data Protection Guardian or a member of the Development Services team.

 

The information we hold

The DDAR systems hold confidential information about University alumni and supporters.  This may include the following information on individuals:

  • name, title, gender and date of birth;
  • contact details including postal address, email address, phone number and links to social media accounts;
  • information about their time at the University and other academic institutions;
  • their occupation and  professional activities;
  • their recreations and interests;
  • family and spouse/partner details and their relationships to other alumni, supporters and friends;
  • records of donations and Gift Aid status, where applicable (as required by HMRC);
  • records of communications sent to individuals by the DDAR or received from them;
  • volunteering by them on behalf of the University;
  • information about their wealth;
  • media articles about them;
  • information on their engagement in University meetings, events, groups or networks;
  • information about their use of University resources or facilities (for example the Library);
  • information about their use of manchester.ac.ukand www.manchester.ac.uk including their IP address, location, browser type, referral source, length of visit, number of page views and navigation around our website.

This information is only to be used to conduct duties relevant to the role the University of Manchester employs you in.

 

Sharing or disclosing information

You must not share any information you see on the DDAR systems with anyone without first putting the appropriate safeguards in place. 

Should you believe you need to share information stored on the DDAR systems, the DDAR has a Confidentiality and Non-Disclosure Agreement policy.  This process is outlined here.

Sharing confidential information with others without the proper safeguards in place and an appropriate business reason would breach the Data Protection Act, and in such cases senior members of staff will be informed and appropriate action taken.  Where appropriate the person may be subject to disciplinary proceedings.

 

Information security

Please ensure that all documents containing confidential or personal information are stored securely and locked away if pending action.  As soon as systems have been updated, please shred any documents containing personal, sensitive or confidential information.

If you are away from your desk, please also always ensure that your PC is locked.

 

Systems access

Your user ID and password for the DDAR systems are unique to you.  You must change your password whenever prompted, and the first time you log in to Raiser’s Edge.  You are responsible for any actions on the database attributed to your log in details on any DDAR system.  Under no circumstances must you ever share your user IDs or passwords with anyone. 

The areas of the systems you can access are based on your job role.  You must only access records and areas of the systems necessary to fulfil your official duties and functions as an authorised user.

When you are logged into the Raiser’s Edge you may be preventing another user from logging in, and when you have a record open you may be preventing another user from working with that record.  Please log out of the system when you aren’t actively using it, and close records when you don’t need to have them open.

 

Data integrity

Do your part to maintain the integrity of our data by updating records with new information as you become aware of it, and updating information appropriately and promptly.

If it isn’t in the database, it didn’t happen.

If you are ever unsure on what you are doing, please contact Barry – guessing has the potential to be extremely damaging!