External Examiners Privacy Notice

Introduction

We value the privacy and protection of personal data for all our External Examiners. The University of Derby ("we," "our," or "us") is the data controller responsible for the personal data you provide as an External Examiner. 

This privacy notice outlines how we collect, use, and protect the personal data of External Examiners ("you" or "your"). We are committed to ensuring that your privacy is protected and that we comply with all applicable data protection legislation, including the General Data Protection Regulation (GDPR).

Role of External Examiners

External Examiners are appointed to report on the maintenance of nationally comparable standards across Higher Education institutions. They act as independent and impartial advisors to the University and provide informed comment on the standards set and student achievement in relation to those standards.

Data Collection

We collect the following types of personal data from External Examiners:

• Identity Data: Name, date of birth, sex, nationality
• Contact Data: Address, email, phone number
• Professional Data: Qualifications, employment history, other higher education institutions you work with, professional memberships
• Financial Data: Bank account information, payment details
• Legal Data: Right to work information, HMRC information
• Feedback Data: Annual External Examiner Reports, External Examiner Feedback Form
• Equal Opportunities Data: Information that may be provided throughout your tenure
• Special Category Data: Sensitive information such as racial or ethnic origin, health data, or sexual orientation, collected with your explicit consent

Purpose of Data Collection

The personal data we collect from External Examiners is used for the following purposes:

• Appointment and Verification: To verify your qualifications and suitability for the role of External Examiner
• Communication: To communicate with you regarding your appointment, duties, and other relevant information
• Payment Processing: To process and manage payments for your services
• Compliance: To comply with legal, regulatory, and accreditation requirements.
  Evaluation and Feedback: To facilitate the review and evaluation of student performance and university programmes
• Equal Opportunities Monitoring: To promote equality and diversity.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Lawful Basis from Article 6 of the GDPR: A guide to lawful basis | ICO
  • Contractual Obligations: Using your qualifications, employment history and professional information to verify suitability and formalise your appointment as an External Examiner.
  • Legal Obligations: We process financial information such as bank account details to comply with tax regulations and reporting requirements. We retain your bank account information and payment details for seven years to comply with financial regulations and audit requirements.
  • Legitimate Interests: We process performance evaluations, feedback, and reports produced by you to ensure the quality and integrity of our academic programmes. Your feedback and  annual reports are used for internal reporting and management purposes to review academic standards and advise on good practice, innovation and areas for enhancement.
  • Consent: We collect any additional personal data you voluntarily provide for specific purposes not covered under other legal bases. If you provide special category data voluntarily (e.g., health information) for equal opportunities monitoring, we process this data based on your explicit consent.

• Additional Lawful Basis from Article 9 of the GDPR for Special Category Data:
  • Explicit Consent: Any processing of special category data (e.g., health data, racial or ethnic origin) is based on your explicit consent, collected separately from other consents.
  • Substantial Public Interest: We may process special category data when necessary for reasons of substantial public interest, such as equal opportunities monitoring.
  • Employment, Social Security, and Social Protection Law: We process necessary data under employment law obligations to ensure compliance with legal requirements related to your role.
  • Vital Interests: Processing is necessary to protect your vital interests or those of another person where you are incapable of giving consent.

Data Sharing

We may share your personal data with the following parties:

• Internal Departments: Relevant university departments involved in the administration and coordination of external examining. 
  Accreditation Bodies: To meet accreditation and quality assurance requirements.
• Academic and Industry Partners: Relevant departments involved in the administration and coordination of external examining.
• Governmental and Regulatory Authorities: When required by law or regulation.
  Service Providers: Third-party service providers engaged to assist with administrative and logistical support, subject confidentiality agreements.
• External Bodies: Including tax authorities and regulatory bodies, where required by law.

Data Security  

Data governance - About us - University of Derby

We implemented appropriate technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction.

International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data in compliance with GDPR, such as standard contractual clauses see the Data Protection policy.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. Here are some examples:

• Appointment Records: Retained for 6 years after the end of the appointment period.
• Financial Information: Retained for 7 years to comply with financial regulations and audit requirements.
• Professional Correspondence and Reports: Retained for a period of 6 years following the end of the appointment.
• Legal Documentation: Retained for 2 years following the end of the engagement.
• Equal Opportunities Data: Retained as long as necessary for reporting purposes, typically anonymised and kept longer if required for statistical purposes.

Upon the conclusion of your appointment, your personal data will be securely archived or deleted in accordance with our data retention and data destruction policies.

Retention policy here: UOD - Record of processing activities - University of Derby

Data Retention Guidance for External Examiners

External Examiners are advised to retain any personal data related to their duties for the duration of their appointment and for a reasonable period thereafter (typically up to one year) to address any queries or issues that may arise. However, once their duties are completed and any outstanding matters are resolved, External Examiners should securely delete or destroy any personal data to ensure compliance with data protection principles.

Your Rights

You have the following rights regarding your personal data:

• Access: To request access to the personal data we hold about you.
• Correction: To request correction of any inaccurate or incomplete data.
• Erasure: To request the deletion of your personal data under certain conditions.
• Restriction: To request the restriction of processing of your personal data.
• Portability: To request the transfer of your personal data to another organisation.
• Objection: To object to the processing of your personal data under certain conditions.

To exercise any of these rights, please contact our Assurance Service Team, at GDPR@derby.ac.uk  

This privacy notice helps maintain transparency and protects both the university and the external examiners' data privacy.​

Contact Us

If you have any questions, concerns, or requests regarding your personal data, please contact our Data Protection Officer at GDPR@derby.ac.uk.

Data Controller Information

The University is the data controller. You can contact our Data Protection Officer at: 

DPO: James Fussell, Associate Director, Legal, Governance and Assurance Services

Email: DPO@derby.ac.uk 

Legal, Governance & Assurance Services, University of Derby, Kedleston Road, DE22 1GB

Changes to this Privacy Notice

This privacy notice may be updated periodically to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and where appropriate, notified to you via email.

Effective Date

This privacy notice is effective as of 01/09/2025.