We are the EPSRC Centre for Doctoral Training (CDT) in Smart Medical Imaging at King’s College London and Imperial College London. If you need to contact us about this privacy notice, please write to firstname.lastname@example.org.
Why do we process your personal information and what are the ‘legal bases for processing’?
We can only process your personal information if one of the following applies:
- We need your personal information to provide a service as part of a contract (for example, to enable you/us to fulfil your/our obligations under a student contract or employment contract).
- We need to share information with other organisations in order for them to carry out their official functions, in the public interest (for example, taxation, reporting crimes, preventive and occupational medicine).
- We need your personal information to comply with a legal obligation to which we are subject (for example, providing data about our staff and students to our funder, the Engineering and Physical Sciences Research Council (EPSRC).
- We need your personal information for a legitimate interest of the CDT or a third party, provided that interest is not overridden by your interests and rights (for example, we may need to process your information to protect our network and information security). Note this justification cannot be used when we are carrying out our official functions.
- We need your personal information to protect somebody’s life (a vital interest).
- You provide consent for us to process your personal information, based on clear and specific information, with a genuine choice (without any pressure), and the ability to change your mind at any time. You may withdraw your consent at any time by emailing email@example.com.
How will your information be used – what are the purposes of the processing?
We will generally use your personal information to provide you with the services, or information you have requested from us. We may need to share your information with our service providers for these purposes, but we will ensure that appropriate contracts with these parties are in place and they only process your information in accordance with our instructions and data protection legislation. If we need to transfer any information to a country not recognised as providing equivalent protection, we will use additional safeguards approved by UK or EU regulators.
Do you have to provide your personal information and what are the consequences of not doing so?
You must provide the personal information requested by law, or a contract. If you do not, you will not be able to join our programme, or enter a contract of employment with us.
How long do we keep your information for?
We will keep your information until the grant used to fund our CDT is closed in 2023 in order to ensure we can continue our operations and meet our reporting obligations.
Do we share your information with other organisations?
Your personal information may be shared with:
- Eventbrite: Event management activities
- MailChimp: Mailing/Marketing activities
- Office 365: Cloud storage, communications and reporting activities
What are your rights?
You have a right to:
- access your personal information,
- object to the processing of your personal information,
- erase and
- restrict processing your personal information.
If you have any queries in relation to how your rights are upheld, please contact us at firstname.lastname@example.org.
Requests from individuals to access their personal information will be managed in accordance with the Information Commissioner’s Subject Access Code of Practice. To find out more information on how to make a subject access request please visit our webpage here.
Who can you contact if you have a concern?
To find out more about how King’s College London and Imperial College London deal with your personal information, including your rights and who to contact if you have a concern, please see the respective universities’ core privacy notices at:
Will your personal information be transferred overseas?
Your personal information will be transferred to the United States due to the location of MailChimp and Eventbrite servers. When taking personal data from the EU, both companies take legally required steps to make sure that appropriate safeguards are in place to protect this data. This includes the use of Standard Contractual Clauses.