On some parts of the website, you may be asked to provide some limited personal information in order to enable the provision of certain services (e.g. prospectus ordering, registering with a society, applying for a vacancy etc). The University may store this information manually or electronically. By supplying this information you are consenting to the University holding and using it for the purposes for which it was provided. Information provided will be kept for as long as is necessary to fulfil that purpose. We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our webmasters. This is statistical data about our users’ browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.
Personal information provided to the University by you will only be used for the purposes stated when the information is requested. Personal information will not be sold to third parties, or provided to direct marketing companies or other such organizations without your permission. Personal information collected and/or processed by the University is held in accordance with the provisions of the Data Protection Act 1998. Demographical and statistical information about user behavior may be collected and used to analyze the popularity and effectiveness of the University’s website. Any disclosure of this information will be in aggregate form and will not identify individual users.
The Data Protection Act 1998 gives you the right to access information held about you. For further information about this right and how to exercise it, please see the University’s Policy on Data Protection.
Any queries or concerns about privacy on this website should be sent by email to email@example.com or addressed to the Data Protection Office, GIFT University, Near Sialkot Bypass, Gujranwala
The primary purpose of current data protection legislation is to protect individuals against possible misuse of information about them held by others. It is the policy of the University to ensure that all members of the University and its staff are aware of the requirements of data protection legislation under their individual responsibilities in this connection. The Act covers personal data, whether held on computer or in certain manual files. The University is obliged to abide by the data protection principles embodied in the Act. These principles require that personal data shall:
be processed fairly and lawfully;
be held only for specified purposes and not used or disclosed in any way incompatible with those purposes;
be adequate, relevant and not excessive;
be accurate and kept up-to-date;
not be kept for longer than necessary for the particular purpose;
be processed in accordance with data subject’s rights;
be kept secure;
not be transferred outside the Pakistan unless the recipient country ensures an adequate level of protection.
The Act provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorized destruction or wrongful disclosure of data. Information on how to make a request for access to personal data under the Act may be obtained from firstname.lastname@example.org.
Under the terms of the Act, processing of data includes any activity to do with the data involved. All staff or other individuals who have access to, or who use, personal data, have a responsibility to exercise care in the treatment of that data and to ensure that such information is not disclosed to any unauthorized person. Examples of data include address lists and contact details as well as individual files. Any processing of such information must be done in accordance with the principles outlined above. In order to comply with the first principle (fair and lawful processing), at least one of the following conditions must be met:
the individual has given his or her consent to the processing;
the processing is necessary for the performance of a contract with the individual;
processing is required under a legal obligation;
processing is necessary to protect the vital interests of the individual;
processing is necessary to carry out public functions;
Processing is necessary in order to pursue the legitimate interests of the controller or third parties (unless it could prejudice the interests of the individual).
In the case of sensitive personal data, which includes information about racial or ethnic origins; political beliefs; religious or other beliefs; trade union membership; health; sex life; criminal allegations, proceedings or convictions, there are additional restrictions and explicit consent will normally be required. The Data Controller (the University) must take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data and sets out specific considerations for ensuring security. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed. Staff should also note that personal data should not normally be provided to parties external to the University. Special arrangements apply to the exchange of data between the University and the colleges. For further guidance on this, please contact email@example.com. Principle which restricts the transfer of material outside the Pakistan, personal data about an individual placed on the World Wide Web is likely to breach the provisions of the Act unless the individual whose data is used has given his or her express consent. It is important that all those preparing web pages, address lists and the like, are aware of these provisions, and seek advice from the Data Protection Officer if in doubt. The Act specifies arrangements for the notification of processing undertaken by the Institution. Any members of staff who are uncertain as to whether their activities or proposed activities are included in the University’s notification should contact the Data Protection Officer in the first instance. A failure to comply with the provisions of the Act may render the University, or in certain circumstances the individuals involved, liable to prosecution as well as giving rise to civil liabilities. Individuals are encouraged to familiarize themselves with the general aspects of Data Protection contained in the University’s guidelines to the Act, referred to above and with any specific measurements recommended by the University or their Department relevant to the particular nature of their work. Further information and advice may be obtained from Departmental Data Protection Representatives or from the University’s Data Protection Officer.