Data Protection Policy

AIU Policies

Data Protection Policy

Artificial Intelligence University (AIU), based in London, is committed to protecting the privacy and rights of all individuals whose personal data we process, in accordance with the General Data Protection Regulation (GDPR) 2018 and the Data Protection Act 2018. This policy outlines how AIU collects, uses, stores, and protects personal data, and how individuals can exercise their rights regarding their personal data.

1. Scope

This policy applies to all staff, students, contractors, and third parties who process personal data on behalf of AIU. It covers all personal data processed by AIU, including data related to students, staff, research participants, and other stakeholders.

2. Data Protection Principles

AIU processes personal data in compliance with the following GDPR principles:

  1. Lawfulness, Fairness, and Transparency: Personal data shall be processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data Minimization: Data collected shall be adequate, relevant, and limited to what is necessary.
  4. Accuracy: Personal data shall be accurate and kept up to date.
  5. Storage Limitation: Data shall be kept in a form that permits identification of data subjects for no longer than necessary.
  6. Integrity and Confidentiality: Personal data shall be processed in a manner that ensures appropriate security.

3. Lawful Basis for Processing

AIU will only process personal data where there is a lawful basis for doing so, as specified under GDPR. The lawful bases include:

  • Consent: The data subject has given clear consent.
  • Contract: Processing is necessary for a contract AIU has with the individual.
  • Legal Obligation: Processing is necessary to comply with the law.
  • Vital Interests: Processing is necessary to protect someone’s life.
  • Public Task: Processing is necessary to perform a task in the public interest.
  • Legitimate Interests: Processing is necessary for AIU’s legitimate interests, unless these are overridden by the data subject’s interests or rights.

4. Individual Rights

Under GDPR, individuals have the following rights concerning their personal data:

  1. Right to be Informed: Individuals have the right to be informed about the collection and use of their data.
  2. Right of Access: Individuals can request access to their personal data.
  3. Right to Rectification: Individuals can request correction of inaccurate or incomplete data.
  4. Right to Erasure: Individuals can request deletion of their data under certain conditions.
  5. Right to Restrict Processing: Individuals can request to limit the processing of their data.
  6. Right to Data Portability: Individuals can obtain and reuse their data across different services.
  7. Right to Object: Individuals can object to the processing of their data in certain situations.
  8. Rights Related to Automated Decision-Making and Profiling: Individuals have the right not to be subject to a decision based solely on automated processing.

5. Data Security

AIU implements appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage. This includes:

  • Access Controls: Restricting access to personal data to authorized personnel only.
  • Encryption: Encrypting personal data where appropriate.
  • Secure Storage: Storing data securely, both physically and digitally.
  • Regular Audits: Conducting regular security audits to identify and mitigate risks.

6. Data Retention and Disposal

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected. Once the data is no longer required, it will be securely destroyed in accordance with AIU’s data retention schedule. The retention schedule will be reviewed periodically to ensure it meets legal and regulatory requirements.

7. Data Breach Management

In the event of a personal data breach, AIU will promptly assess the situation and, where necessary, report the breach to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of it. Data subjects will also be notified if the breach poses a high risk to their rights and freedoms.

8. Data Protection by Design and Default

AIU ensures that data protection is embedded into the design of systems, processes, and practices. Data protection impact assessments (DPIAs) will be conducted for high-risk processing activities to identify and mitigate risks.

9. Third-Party Data Sharing

Personal data may be shared with third parties when necessary for the provision of services or when required by law. AIU ensures that all third-party processors comply with GDPR requirements and that appropriate data sharing agreements are in place.

10. Data Protection Officer (DPO)

AIU has appointed a Data Protection Officer who is responsible for overseeing AIU’s data protection strategy and implementation. The DPO is the primary contact for data protection inquiries and can be reached at [DPO Contact Information].

11. Training and Awareness

All AIU staff and students are required to complete mandatory data protection training. Regular refresher training will be provided to ensure ongoing compliance with GDPR.

12. Review of the Policy

This policy will be reviewed annually or when necessary to reflect changes in legislation, guidance, or AIU’s practices.

Links to Relevant Resources:

Copyright 2024 © AIU is a recognized learning provider registered with the UK Register of Learning Providers: UKPRN Nr: 10095512, registered in England and Wales in London, UK. Registered No: 14543918 ICO Registration Nr: ZB687489.
All Rights Reserved - Theme by Codetipi