In This Section

GDPR Notice for University Employees

The European Union’s General Data Protection Regulation (“GDPR”) and other countries’ privacy laws provide certain rights for data subjects concerning the use of personal information.

This page provides a summary concerning the use of personal information you provide to the University of Massachusetts (“University”) while you are in the European Union (“EU”) in connection with your employment by the University.

Question
01. What is ‘personal information’?

‘Personal information’ means any information which relates to or identifies you as an individual.

02. How does this webpage relate to other information about data protection?

When you applied for employment by the University you were told how the University would use your personal information during the hiring process and for related purposes (GDPR Notice for Job Applicants). You were referred to this webpage for a fuller statement of the uses we would make of your personal information if you became an employee of the University. In addition to the information published here, when you use specific services and facilities offered by the University, you may be told about other uses of your personal information. For example, there are separate privacy notices for users of University websites.

03. Who will process my personal information?

The information published here applies to the use, sharing and disclosure of your personal information by the University.  The University is based in the United States and any personal information we collect from you may be transferred out of the European Union and processed and maintained in the United States.

04. What personal information will be processed?

The University will keep a record of the information you provided on your employment application form, any supporting documents requested and additional information provided by any references or during any interview process. We will maintain various administrative and financial records about your employment at the University, and about your use of the academic and non-academic facilities and services that we offer. Where relevant, we may supplement these records with personal data from the public domain (e.g. your publications) or other sources (e.g., where relevant, other state and federal agencies).

Your personal information is created, stored and transmitted securely in a variety of paper and electronic formats, including some databases that are shared between the University’s President’s Office and the individual University campuses. Access to your personal information is limited to University staff who have a legitimate interest in it for the purpose of carrying out their employment duties.

In addition, the University may process some information about you that is classed as ‘sensitive’ or ‘special category’ personal data, and which may require additional protections. This includes information concerning your ethnicity, sexual orientation, union membership, religious beliefs or health/disability.  This information may be collected for planning or reporting purposes, or in order to provide care, help or reasonable accommodations.

05. What is the purpose and legal basis of the processing?

The University will process your personal information for a range of contractual, statutory or public interest purposes, including the following:

  • To assess your suitability for a particular employment position or role.
  • To administer payroll, benefits, retirement plans and other standard employment functions.
  • To administer HR-related processes, including those relating to performance/attendance management, disciplinary issues and complaints/grievances.
  • To conduct security, governance, audit and quality assurance functions.
  • To provide access to facilities (e.g. information technology, libraries), services (e.g. reasonable accommodations, EAP) and employee benefits to you, and where appropriate to monitor your use of those facilities and services in accordance with University policies (e.g. on the acceptable use of information technology).
  • To communicate effectively with you by mail, email and phone, including the distribution of relevant employee newsletters and notices.
  • To support your training, health, safety, welfare and religious requirements.
  • To compile statistics and conduct surveys and research for internal and statutory reporting purposes.
  • To fulfill and monitor our responsibilities under equal opportunity, immigration and public safety legislation.
  • To support you in implementing any health-related reasonable accommodations to allow you to carry out a particular role or task.
  • Where relevant, to monitor, evaluate and support your research activity and commercial ventures.
  • To enable us to contact you or others in the event of an emergency.

We consider the processing of your personal information for these purposes to be either necessary for the performance of our contractual obligations with you (e.g. to manage your employment contract), or necessary for compliance with a legal obligation (e.g. equal opportunity monitoring), or necessary for the performance of tasks we carry out in the public interest (e.g. non-statutory reporting or research). We require you to provide us with any information we reasonably ask for to enable us to administer your employment contract. If we require your consent for any specific use of your personal information, we will collect it at the appropriate time and you can withdraw this at any time. We will not use your personal information to carry out any wholly automated decision-making that affects you.

06. Who will my personal information be shared with?

Your personal information is shared as necessary to maintain your employment and provide you certain benefits, or as required by law,  with a range of external organizations, including the following:

  • Agencies of the Commonwealth of Massachusetts (e.g. Department of Revenue, Group Insurance Commission, Department of Higher Education).
  • Agencies of the United States Government (e.g. Internal Revenue Service, Citizenship and Immigration Services).
  • Prospective and actual research funders or sponsors.
  • The external providers of any staff benefits or retirement plans.
  • If applicable, staff or faculty unions.
  • On occasion and where necessary, the police and other law enforcement agencies.
  • On occasion and where necessary, external auditors.
  • On occasion and where necessary, affiliated entities of the University (e.g. UMass Foundation).
  • Companies or organizations providing specific services to, or on behalf of, the University.

We will provide references about you to external inquirers or organizations when you have requested or indicated that we should do so.

We will include your basic contact details in our internal University online directory, though you can control how much information is accessible within the University. Some information about University Officers and other staff (e.g. appointments or committee memberships) may be published online and in other University publications.

07. How can I access my personal information?

You have the right to access the personal information that is held about you by the University. You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information (subject to certain exceptions), or otherwise limit our processing, or to object to processing or to receive an electronic copy of the personal information you provided to us.

If you have any questions about how your personal information is used, or wish to exercise any of your rights, please consult the University’s GDPR website.

08. How long is my information kept?

We store your personal information as part of your employment record for the duration of your employment (and it may be used as part of our assessment of any future application you make for further employment at the University). After your employment ends, certain records pertaining to your employment are retained indefinitely so that the details of your employment can be confirmed and for statistical or historical research. Information about how long different types of information are retained by the University is found in the Massachusetts Statewide Records Schedule Quick Guide.

09. How do I complain?

If you are not happy with the way your information is being handled, or with a response received from us, please review the European Commission’s redress options.

10. Are changes made to this webpage?

This webpage was last updated in May 2018. It is reviewed when necessary and at least annually. Any changes will be published here and you will be notified via this webpage and/or by email.