General Privacy Notice

 

  1. Introduction 

The University of Technology, Jamaica (hereinafter referred to as “the University”) takes the security and privacy of the personal data it collects and manages very seriously. Under the Jamaican Data Protection Act 2020 (DPA, 2020) individuals have a right to be informed about how the University uses personal information it collects about them. While specific privacy notices exist for students, staff, alumni and children, this document provides a consolidated view of how personal information is managed within the University for the general public to include but not limited to the following who provide services to the University: 

 

  • Visitors; 

  • Casual workers; 

  • Volunteers; 

  • Contractors; 

  • Suppliers; 

  • Council members and other members of the University community; and 

  • Other individuals who participate in university activities or events which may be provided by the individuals themselves or other third parties. 

 

It explains the commitment to protecting privacy in accordance with the  DPA, 2020 ensuring all community members are informed about their data rights and the University's responsibilities. 

 

  1. What is Personal Data (Personal Information)? 

 

Personal information is any information (however stored) which relates to you or identifies you directly or indirectly as an individual. This also applies to persons who are deceased for at least thirty years and includes information that can be used to form an expression of opinion about you.   

 

  1. What are the types of personal information the University collects? 

 

The University holds a range of personal data about you, some of which you provide to us directly and some of which we receive from third parties such as agents or third-party companies. 

 

  1. Personal details such as your name, personal email address, phone number, mailing address provided by you when initiating contact with the University or requesting information via the website. 

 

  1. Personal details such as name, job title, business information (name of business, addresses, contact number and email addresses) for our suppliers and their representatives. 

 

  1. Recruitment information such as work experience, educational experience, other information included in a curriculum vitae, application and references. 

 

  1. Financial Information: bank account details, salary, payroll records, tax information etc. 

 

  1. Responses to surveys that you may have completed for research purposes  

 

  1. Any other personal information that you may email or send to us 

 

  1. CCTV footage from surveillance cameras, photographs, information in reports submitted by you regarding security incidents on the campus or university property. 

 

  1. Other Details: images, recordings, attendance at university events, meetings, communications sent to you or received from you, your interests, and activities. 

 

  1. Information Systems Usage Data: information regarding the use of the university IT systems and resources including IP address and browser information. 

 

  1. Are there any other types of personal information that the University gathers? 

 

In addition, the university may also process a special category of data about you called ‘sensitive personal data.  Examples include: 

  

  1. Information relating to your ethnicity, religious denomination. 

  1. Trade Union or Staff Association membership 

  1. Information relating to your health conditions, disability status, medical records. 

  1. Information pertaining to any criminal convictions or offences. 

 

  1. What are the Legal Bases for processing my personal information? 

 

The DPA, 2020 dictates that the university must have a legal bases for the collection, use and general processing of your personal informationDepending on the personal data, the processing may be based on one or more of the following bases: 

 

  1. Performance of a Contract:  For staff and students, the University needs to process your data as a first step into potentially entering an employment contract or enrolling to a course of studyOnce you are recruited and/or enrolled your personal information will be required. 

 

  1. Legal obligation: Where the university needs to comply with legal obligations such as statutory requirements or other regulations, the university is legally obligated to process your personal data. 

 

  1. Public Interest or Official Purposes: Personal data will need to be processed for  educational or research purposes. We may also disclose your information as required by law, such as in response to a subpoena or court order. 

 

  1. Legitimate Interests: Situations where the university will process your data for promoting the legitimate interest of the University or a third party and your fundamental rights do not override those interests. 

 

  1. Vital Interest: Where grave concerns exist and for the purpose of protecting your vital interest or that of others – sometimes, the university will have to release personal information such as for an urgent medical necessity. 

 

  1. Consent: Where you have given the university consent to process your personal information.  

 

  1. How does the University use my personal information? 

 

The University will collect and process your personal information upon your consent or only as needed to support its legitimate interests; legal obligations; contractual obligations; and in performance of a public task or responsibilities as an institution of higher educationWhen this is done you will be informed at the time of collection or shortly thereafterThe use of personal information for selected groups such as staff, students and alumni may be found in the respective privacy notices, for all other groups, this general privacy notice applies.  Some uses of your personal information may include but not limited to: 

  

  1. Assistance in responding to your enquiries or processing your requests 

  1. Management of business relationships with suppliers or products and services to the university 

  1. To address and take appropriate actions in relations to reported incidents and/or accidents which have taken place on the university campus  

  1. To manage and improve the university’s website 

  1. Improvement of university’s services 

  1. Advertising and promoting the university’s services and products 

  1. To be able to provide you with a service or product that the university offers 

  1. Recovery of sums owing to the university 

  1. Management of the university’s accounting and records 

  1. To comply with legal and statutory obligations 

  1. Research activities 

  1. Promotion of health and safety 

 

 

  1. Who will my personal information be shared with? 

 

We will not disclose your personal information to third parties (individuals, organizations or other entities outside the University) other than those who are acting as agents and data processors and/or data controllers working on our behalf unless you have requested or given your consent, or we have a legal bases to do so. 

 

However, with all third parties with whom personal information is shared, we ensure only data necessary to the specific task is shared. Additionally, before any data transfer occurs, we require third parties to sign a contractual agreement that mandates them to keep your information secure and prohibits them from using it for their own purposes. 

 

Some third parties with whom we share data include the following, but not limited to: 

 

  1. Law Enforcement Agencies/Officers: The University has a legal obligation to provide the necessary information, upon request, for the purposes of crime detection and prevention 

  1. Other Universities or external academics/experts in various disciplines 

  1. Financial Institutions: Where appropriate and necessary for the payment to suppliers or processing other financial related services for the university. 

  1. Debt Collection Agencies 

  1. Sponsors 

  1. Recruiters 

  1. Service Providers: Information will be shared with IT suppliers and other service providers in order to provide services. 

  1. Auditors 

  1. Statutory or Regulatory bodies: Personal details may be shared with the Ministry of Education and Youth, Ministry of Finance and Planning, National Housing Trust, Statistical Institute of Jamaica or other government ministries or agencies as required. 

  1. We may share your information with university-affiliated parties, (e.g. franchises and corporate entities) to inform you about goods, services, charitable giving opportunities, or experiences that might interest you. 

 

  1. How will my Personal Information be protected? 

 

The University’s commitment to privacy and security resonates in its implementation of appropriate technical and organizational security measures to safeguard your personal data during transmission and storage on our information technology systems. All university personnel with access to your personal data receive thorough training on the importance of maintaining data security. Access to your data is strictly limited to staff members who require it to perform their duties. Additionally, we ensure that any third parties involved in processing your data adhere to stringent security standards to protect your information. 

 

Despite these precautions, breaches may still occur. Should this happen, we are committed to taking swift action to address the issue and will report any breaches that could pose a risk to you to the Office of the Information Commissioner and to youWe have put in place procedures to address any suspected or known data security breachYou may access our incident report form on our website or report same to our Data Protection Office. 

 

 

  1.   How long will the University store my Personal Data? 

 

The University will not retain your personal data for longer than necessary for the purposes for which we collected it, including for the purposes of satisfying any statutory reporting obligations and retention guidelines.  With the exception of the relevant laws and other circumstances requiring the University to retain your personal information, you may request for your personal information to be destroyed or deleted. Where this request is complied with, the University will destroy your information in a secure manner that ensures the confidentiality of your information, taking into account its sensitivity, value, and importance to the University. 

 

There may be circumstances where your data may become anonymized so that it is no longer associated with you and as such, we may use this information without further notice to you. 

 

 

  1.  What are my rights in relation to my personal information? 

 

You have the right in respect of your personal information, in certain circumstances under the DPA, 2020 to: 

 

  1. Be informed about how the University uses your personal data including a description of the personal data that is being held and with whom it is shared.  The University provides this information in the form of privacy statements. 

 

  1. Request access to your personal data. The request is submitted to the respective department and once a date and time is confirmed, you will be granted access to view their personal files in accordance with relevant rules for viewing. 

 

  1. For Staff - Human Resources Department contact extension 2090 

  1. For Students/Alumni The Office of the Registrar contact utechjamaicaregistrar@utech.edu.jm 

  1. Guests Data Protection Office contact dpo.utech.edu.jm.   

 

  1. Request correction of any inaccuracies or incomplete personal data that we hold about youThis may be done through the Rectification form on our website.   

 

  1. Restrict processing of personal dataThis may be done in situations where you may want to establish the accuracy or reasons for processing your personal data and hence a suspension of the processing activities is requested. 

 

  1. Request erasure of your personal information where there is no good reason for us to continue processing it or where you have exercised your right to object to processing.  

 

  1. Object to the processing of your personal data in situations such as for direct marketing purposes. 

 

  1. Request that your personal data be transferred to a third party. 

 

  1. Request for human intervention or for the decision to be reviewed by a person in situations where the University makes that decision about you solely based on automated means such as using a computer program or system. 

 

  1.  Are changes made to this privacy statement? 

 

This privacy statement was last updated on June 13, 2024, and may be updated from time to time. Changes will be posted on our website.  

 

  1.  Who can I contact if I have questions or complaints? 

 

If you have any questions about how your personal data is processed or if you believe your personal data is being processed in breach of the relevant legislation, you may contact the University’s Data Protection Officer at dpo@utech.edu.jm or the Office of the President at president@utech.edu.jm  

 

See data protection policy for more information. 

 

Created and updated:  May 26, 2024 updated January 13, 2025