Privacy Policy - GIFT University

Privacy Policy

This policy explains what types of personal information will be gathered when you visit the GIFT University’s website, and how this information will be used. Please note that this policy applies to the University’s main web pages (i.e. those in All colleges, divisions, faculties, departments, schools, centers, academic services, libraries, museums and collections of the University run and maintain their own websites on the domain (these will be identified or These sites may carry their own privacy policy or provide additional information relating to their activities, which will supersede or supplement this Privacy Policy. If you follow a link to any other website, please check their policies before you submit any personal information to those websites.

Information collected

On some parts of the website, you may be asked to provide some limited personal information in order to enable the provision of certain services (e.g. prospectus ordering, registering with a society, applying for a vacancy etc). The University may store this information manually or electronically. By supplying this information you are consenting to the University holding and using it for the purposes for which it was provided. Information provided will be kept for as long as is necessary to fulfil that purpose. We may also collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our webmasters. This is statistical data about our users’ browsing actions and patterns which does not identify any individual and allows us to ensure that content from our site is presented in the most effective manner for you and for your computer.

How the information collected is used

Personal information provided to the University by you will only be used for the purposes stated when the information is requested. Personal information will not be sold to third parties, or provided to direct marketing companies or other such organizations without your permission. Personal information collected and/or processed by the University is held in accordance with the provisions of the Data Protection Act 1998. Demographical and statistical information about user behavior may be collected and used to analyze the popularity and effectiveness of the University’s website. Any disclosure of this information will be in aggregate form and will not identify individual users.


How we store information collected

Information which you provide to us will ordinarily be stored on our secure servers. However, we do work with third party contractors, some of whom host and operate certain features of the website. Accordingly, information that we collect from you may be collected in or transferred to a destination outside the Pakistan. That information may be processed by staff operating outside the Pakistan who works for us or for one of our contractors. By submitting personal information, you agree to this transfer, storing and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We may disclose your personal information to third parties if we are under a duty to disclose or share such information in order to comply with any legal obligation or to protect the rights, property or safety of the University, its members or others.

How we store information collected

Most of our web pages use “cookies”. A cookie is a small file of letters and numbers that we place on your computer or mobile device if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allow us to improve our website. For more detailed information on the cookies we use on the University’s main web pages (i.e. those in and the purposes for which we use them, please see our Cookie Statement. Please refer to individual web pages for further information about the use of cookies on other web pages on the domain.


Access to information

The Data Protection Act 1998 gives you the right to access information held about you. For further information about this right and how to exercise it, please see the University’s Policy on Data Protection.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.


Any queries or concerns about privacy on this website should be sent by email to or addressed to the Data Protection Office, GIFT University, Near Sialkot Bypass, Gujranwala

University Policy on Data Protection

The primary purpose of current data protection legislation is to protect individuals against possible misuse of information about them held by others. It is the policy of the University to ensure that all members of the University and its staff are aware of the requirements of data protection legislation under their individual responsibilities in this connection. The Act covers personal data, whether held on computer or in certain manual files. The University is obliged to abide by the data protection principles embodied in the Act. These principles require that personal data shall:

  • be processed fairly and lawfully;

  • be held only for specified purposes and not used or disclosed in any way incompatible with those purposes;

  • be adequate, relevant and not excessive;

  • be accurate and kept up-to-date;

  • not be kept for longer than necessary for the particular purpose;

  • be processed in accordance with data subject’s rights;

  • be kept secure;

  • not be transferred outside the Pakistan unless the recipient country ensures an adequate level of protection.

The Act provides individuals with rights in connection with personal data held about them. It provides individuals with the right to access data concerning themselves (subject to the rights of third parties). It also includes the right to seek compensation through the courts for damages and distress suffered by reason of inaccuracy or the unauthorized destruction or wrongful disclosure of data. Information on how to make a request for access to personal data under the Act may be obtained from

Under the terms of the Act, processing of data includes any activity to do with the data involved. All staff or other individuals who have access to, or who use, personal data, have a responsibility to exercise care in the treatment of that data and to ensure that such information is not disclosed to any unauthorized person. Examples of data include address lists and contact details as well as individual files. Any processing of such information must be done in accordance with the principles outlined above. In order to comply with the first principle (fair and lawful processing), at least one of the following conditions must be met:

  • the individual has given his or her consent to the processing;

  • the processing is necessary for the performance of a contract with the individual;

  • processing is required under a legal obligation;

  • processing is necessary to protect the vital interests of the individual;

  • processing is necessary to carry out public functions;

  • Processing is necessary in order to pursue the legitimate interests of the controller or third parties (unless it could prejudice the interests of the individual).

In the case of sensitive personal data, which includes information about racial or ethnic origins; political beliefs; religious or other beliefs; trade union membership; health; sex life; criminal allegations, proceedings or convictions, there are additional restrictions and explicit consent will normally be required. The Data Controller (the University) must take appropriate technical and organizational measures against unauthorized or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data and sets out specific considerations for ensuring security. Staff and other individuals should be aware that guidelines and regulations relating to the security of manual filing systems and the preservation of secure passwords for access to relevant data held on computer should be strictly observed. Staff should also note that personal data should not normally be provided to parties external to the University. Special arrangements apply to the exchange of data between the University and the colleges. For further guidance on this, please contact Principle which restricts the transfer of material outside the Pakistan, personal data about an individual placed on the World Wide Web is likely to breach the provisions of the Act unless the individual whose data is used has given his or her express consent. It is important that all those preparing web pages, address lists and the like, are aware of these provisions, and seek advice from the Data Protection Officer if in doubt. The Act specifies arrangements for the notification of processing undertaken by the Institution. Any members of staff who are uncertain as to whether their activities or proposed activities are included in the University’s notification should contact the Data Protection Officer in the first instance. A failure to comply with the provisions of the Act may render the University, or in certain circumstances the individuals involved, liable to prosecution as well as giving rise to civil liabilities. Individuals are encouraged to familiarize themselves with the general aspects of Data Protection contained in the University’s guidelines to the Act, referred to above and with any specific measurements recommended by the University or their Department relevant to the particular nature of their work. Further information and advice may be obtained from Departmental Data Protection Representatives or from the University’s Data Protection Officer.