Privacy Notice
This privacy notice relates to the provision of Sports and Exercise Science services in the Human Performance Laboratory (the “Services”) by Lancaster University. In order to provide the Service, we will need to collect, process and store your personal data. How we do this is outlined below.
Purpose of Data Processing
As part of the booking process, you will be required to pay for the Service using the Lancaster University online store. This will require you to input bank details, a billing address and email address.
Your email address will also be used by us to contact you in regard to scheduling the Service, general communication and to send you results of any testing we perform.
During delivery of the Service, we will collect further personal data. The exact nature of this information will be dependent on the type of Service being delivered. It will be limited to what is required for the Service to take place.
If the Service is a type of physical test, a Health Screening Form will be completed. This will include questions about past medical history and any current medical conditions as well as medical/health screening measurements such as anthropometric measurements, cardiac screening tools, blood tests and blood pressure. The information gained through the screening process will be used by us to assess your suitability to undergo the proposed test(s).
During physical tests, such as VO2 Max test and Lactate Threshold Tests, further physiological data will be collected. This includes parameters such as oxygen consumption, carbon dioxide production, respiratory exchange ratio (RER), heart rate, breathing rate and in the case of the Lactate Threshold Test, multiple blood samples.
Your Rights on Personal Data
You have certain rights relating to your own personal data. These can include, the right of access, the right to rectification and, the right to erasure, amongst others. For more information about your rights and how to make a rights request, please see The Rights of the Data Subject
Security Applied to Personal Data
The University has robust Information Security policies in place to protect your personal data. All staff at the University have a responsibility to make sure that your personal data is handled securely. For further information please refer to the University’s Information Security Policy and Processes
Lawful Basis for Processing
The lawful basis for processing your personal and special category data (health information) under the UK General Data Protection Regulation (UK GDPR) is, Article 6(1)(b) Contract: the processing is necessary for the performance of a contract with the individual. For special category data the lawful basis for processing is, Article 9(2)(a) Explicit Consent.
Retention of Personal Data
Your personal data will be destroyed 3 years after your last use of the Service.
Sharing of Personal Data
Your data will be stored on the Lancaster University Office 365 tenancy. The University has a GDPR compliant contract with Microsoft and all data is stored in the UK or the EU. The University will not share your personal data with any other third parties unless there is a statutory obligation to do so, or your written consent is gained. Your personal data will only be made available to a small number of appropriate HPL staff that are required for us to deliver the Service.
Contacts
If you have concerns about how your personal data is being used, stored or secured, please contact the University’s Data Protection Officer by emailing: information-governance@lancaster.ac.uk.
You also have the right to raise a complaint with the data protection regulator, the Information Commissioner’s Office. Details of how to raise a complaint to the ICO can be found here."