Data Privacy Notice

This privacy statement is specific to the work undertaken by the UWI Audit and Advisory Services (UWI Audit) and addresses the personal data it manages.  Although General and Staff privacy statements already exist, this statement outlines UWI Audit’s rationale for collecting personal data when it undertakes work on behalf of the University and your rights and obligations.

This statement is guided by the University’s Data protection policy (https://www.uwi.edu/data-protection/) and the General and Staff privacy statements (https://uwi.edu/data-protection/privacy-statements).

The following terms, used within this statement, retain the definition found in section 1.5 of the University’s Data Protection Policy:

Data Controller – the ‘person’ who (either alone or with others) controls the contents and use of Personal Data. The UWI as a ‘legal person’ is a Data Controller.  

Data Processor - the ‘person’ who processes personal information (data) on behalf of a Data Controller but does not include an employee of a Data Controller who processes such data in the course of his/her employment.

Data Subject – the individual who is the subject of Personal Data.

Personal Data - data relating to a living individual, or to an individual who has been deceased for less than 30 years, who is or can be identified, either from the data or from the data in conjunction with other information, which is in, or is likely to come into the possession of the Data Controller. It includes information in the form of photographs, audio and video recordings, and text messages.  

UWI Audit provides independent and objective audit, advisory and investigative services to the Campus and University Council on the University’s Governance, Risk Management and Control processes.

To find out more about who we are and the services we provide please click on the link below that will take you to our website (https://uwi.edu/audit )

Chapter 14, section 07 of the University’s Financial Code outlines the following:

“The extent, scope, cycle, and dates of the audits shall be prepared by the University Management Auditor for approval by the Vice Chancellor and the Audit Committees.  The University Management Auditor and his staff shall have access to all persons, including specialized resources, records, systems and facilities of the University, in the performance and discharge of that officer’s his duties.” 

Depending on the nature and scope of our engagements, UWI Audit may from time-to-time request access to personal data that is collected by the University in its engagement with you. UWI Audit will handle personal data as outlined in the University Data Protection Policy and as a general principle, information will not be utilised for any other purpose than which it is collected.

Personal data are requested only for use within our engagements.  The scope of each engagement is agreed with heads of departments at the onset.   Personal data can be shared with 3^rd parties such as external professional services firms that we contract to co-source work. Agreements with these 3^rd parties include clauses on confidentiality and data privacy to ensure that data is used only as agreed and is not retained after the services are completed.  

UWI Audit may as required contract out services to external professional services firms to whom your personal data may be shared where needed for the execution of their contracted work. UWI Audit will also share data where directed to do so by law in the territories in which the University operates. 

The security of your personal data is important to us. The records that are kept by the University are confidential and used only for authorised purposes by the Audit department. The University has established policies, procedures and systems to ensure that access to your data is effectively controlled.

UWI Audit abides by these policies and procedures in the processing of personal data, in addition, we are guided by the University’s Code of ethics and codes of ethics from the Institute of Internal Auditors (The IIA), the Information Systems Audit and Control Association (ISACA), Association of Certified Fraud Examiners (ACFE) and the Association of Chartered Certified Accountants (ACCA).

Personal data are retained and disposed of in accordance with the University /Campus Archives & Records Management Policy and the governing laws of the country in which your information is stored.

You have the following rights under the University’s Data Protection Policy:

1. To be informed about how your personal data will be used by the University
2. To access your personal data on request
3. To have personal data corrected
4. To have sensitive personal data erased under limited circumstances (See Data protection policy for details)
5. To have your personal data in a portable format
6. To object to the processing of your personal data on legitimate grounds.

Not to be subject to automated decision-making including profiling

To ensure that information provided is accurate and up to date at the time it is provided to UWI Audit.

For queries related to Data Privacy please contact the University Data Protection Office:

Telephone: (876) 977-3015 (ext.) 8789, 8929

Email: dpo@uwi.edu