Data Privacy Notice
THE UWI AUDIT AND ADVISORY SERVICES (UWI Audit)
Privacy Statement
Introduction |
This privacy statement is specific to the work undertaken by the UWI Audit and Advisory Services (UWI Audit) and addresses the personal data it manages. Although General and Staff privacy statements already exist, this statement outlines UWI Audit’s rationale for collecting personal data when it undertakes work on behalf of the University and your rights and obligations. This statement is guided by the University’s Data protection policy (https://www.uwi.edu/data-protection/) and the General and Staff privacy statements (https://uwi.edu/data-protection/privacy-statements). |
Definitions |
The following terms, used within this statement, retain the definition found in section 1.5 of the University’s Data Protection Policy: Data Controller – the ‘person’ who (either alone or with others) controls the contents and use of Personal Data. The UWI as a ‘legal person’ is a Data Controller. Data Processor - the ‘person’ who processes personal information (data) on behalf of a Data Controller but does not include an employee of a Data Controller who processes such data in the course of his/her employment. Data Subject – the individual who is the subject of Personal Data. Personal Data - data relating to a living individual, or to an individual who has been deceased for less than 30 years, who is or can be identified, either from the data or from the data in conjunction with other information, which is in, or is likely to come into the possession of the Data Controller. It includes information in the form of photographs, audio and video recordings, and text messages. |
Who we are |
UWI Audit provides independent and objective audit, advisory and investigative services to the Campus and University Council on the University’s Governance, Risk Management and Control processes. To find out more about who we are and the services we provide please click on the link below that will take you to our website (https://uwi.edu/audit ) |
Where does UWI Audit get its Authority from? |
Chapter 14, section 07 of the University’s Financial Code outlines the following: “The extent, scope, cycle, and dates of the audits shall be prepared by the University Management Auditor for approval by the Vice Chancellor and the Audit Committees. The University Management Auditor and his staff shall have access to all persons, including specialized resources, records, systems and facilities of the University, in the performance and discharge of that officer’s his duties.” |
What type of personal data will Audit Access for its work? |
Depending on the nature and scope of our engagements, UWI Audit may from time-to-time request access to personal data that is collected by the University in its engagement with you. UWI Audit will handle personal data as outlined in the University Data Protection Policy and as a general principle, information will not be utilised for any other purpose than which it is collected. |
How do we use your information? |
Personal data are requested only for use within our engagements. The scope of each engagement is agreed with heads of departments at the onset. Personal data can be shared with 3rd parties such as external professional services firms that we contract to co-source work. Agreements with these 3rd parties include clauses on confidentiality and data privacy to ensure that data is used only as agreed and is not retained after the services are completed. |
Will your personal data be shared externally? |
UWI Audit may as required contract out services to external professional services firms to whom your personal data may be shared where needed for the execution of their contracted work. UWI Audit will also share data where directed to do so by law in the territories in which the University operates. |
How do we keep your information secure? |
The security of your personal data is important to us. The records that are kept by the University are confidential and used only for authorised purposes by the Audit department. The University has established policies, procedures and systems to ensure that access to your data is effectively controlled. UWI Audit abides by these policies and procedures in the processing of personal data, in addition, we are guided by the University’s Code of ethics and codes of ethics from the Institute of Internal Auditors (The IIA), the Information Systems Audit and Control Association (ISACA), Association of Certified Fraud Examiners (ACFE) and the Association of Chartered Certified Accountants (ACCA). |
How long will we retain your information |
Personal data are retained and disposed of in accordance with the University /Campus Archives & Records Management Policy and the governing laws of the country in which your information is stored. |
What are your rights? |
You have the following rights under the University’s Data Protection Policy:
Not to be subject to automated decision-making including profiling |
What are your responsibilities |
To ensure that information provided is accurate and up to date at the time it is provided to UWI Audit. |
Contact for queries |
For queries related to Data Privacy please contact the University Data Protection Office: Telephone: (876) 977-3015 (ext.) 8789, 8929 Email: dpo@uwi.edu |
|
|||||||||||