You are here

Student Services Privacy Notice

Please read our privacy notice, which outlines how we collect and use your information.

Introduction

The purpose of this notice is to explain how we collect and use your personal data. Throughout this Notice, "we", "our" and "us" refers to the services within the Student Services Department, Ipswich. "you" and “your” refers to those expressing an interest in accessing these services and those accessing and using services.

Who we are

Student Services include information, advice and guidance services as well as therapeutic support such as counselling, and practical assistance such as non-medical help (NMH).

The service areas include:

  • Reception support and information
  • General information, advice and guidance about courses, events, policies, procedures, services and facilities
  • Finance advice and guidance
  • Pastoral support and peer mentoring
  • International exchange programmes
  • International pastoral support, advice and guidance
  • Disability and wellbeing services  
  • Non-Medical Help (NMH), for example specialist mental health mentoring or note-taking
  • Learning Difficulties diagnostic assessment
  • Counselling
  • Safeguarding
  • Careers and employability services
  • Liaison with employers and external agencies

The University processes personal data in accordance with our obligations under the EU wide General Data Protection Regulations (‘GDPR’). This notice is written to comply with requirements under GDPR (as they are known). We will review and update this notice annually and publish any revisions via the website.

Collection and use of information

1. Applicants, students and alumni
All teams within Student Services obtain and process data about service users. Where possible data is obtained from the central student information system, to avoid requesting information that may have been already provided. We will only use your personal information for the purposes we collect it. The purposes for processing data are for example:

  • to provide you with services that are part of our educational mission;
  • to enable users to access a particular service;
  • to process event and career fair bookings;
  • to share information about upcoming events and new initiatives that we believe are relevant to you, based upon your prior engagement with us e.g. a Film student receiving information about an upcoming event related to careers in the creative industry;
  • to promote equality and diversity across the institution;
  • to enable any preparation to be undertaken in connection with an enquiry prior to an appointment;
  • to keep a record of user contact with a service to enable continuing work with users;
  • to provide advice and guidance based on accurate information;
  • to enable staff to communicate and inform you of services, activities and events organised for students, employers and agencies;  
  • to enable us to monitor and evaluate service usage and make improvements;
  • to enable us to liaise with external agencies as appropriate to the service provision, either with the users permission or protect the vital interests of the user or others;
  • to enable us to provide anonymous data required by statutory bodies such as the Higher Education Funding Council for England (HEFCE);
  • to enable us to provide data required by professional bodies such as Disabled Students Allowances - Quality Assurance Group etc.;
  • for the prevention and detection of crime.

2. Research
On occasion we carry out research on students and alumni in key industries or roles to gain a greater understanding of them and their interests to request for support to the University in the form of case studies, visits and talks to current students or departments. This enables us to make our communications to them more relevant, and to offer a more tailored package of engagement or support. This research only ever uses information freely available in the public domain and is carried out internally by University employees. In rare and exceptional circumstances we may employ another company to undertake this research for us (see below, Sharing your Information). If, on the basis of this research, we believe there to be genuine and legitimate mutual interest in discussing a particular development or area of work at the University, then we may attempt to contact you regarding it, whether or not you have consented to receiving communications from us. You will always have the opportunity to decline further contact. We may anonymise some personal data, for example survey results.  In this case, it can no longer be associated with, or used to identify, an individual.

3. Employers and External Parties
Data is obtained as a result of the personal relationship you have with Student Services teams, and includes business cards, emails, telephone correspondence, event booking or attendance, collaborative working with other teams within the University, or web based queries received (including via social media).

  • We may also obtain information from third parties such as one of your colleagues, from your organisation or from publicly available information on your organisations website or professional profile.
  • Registration on the Ab Integro career development platform relating to administration of job opportunities (including opportunities such as internships, placements, graduate roles and volunteering), employability, one to one interactions and career development learning activities
  • Administration of employer/student engagement activities on and off campus e.g. administration and registration at Student Services events, careers fairs and or recruitment activities (including skills based and conference workshops), and the subsequent collection of feedback on impact of participation.
  • Administration of applications to specific roles, whereby the University is the working with you, the employer, to promote specific opportunities and receive job applications from students on your behalf.
  • Promotion of your employment and other opportunities to students and staff of the University.
  • Research and analysis relating to recruitment of students and graduates for management reporting and strategic planning of employer engagement purposes.
  • Processing and recovery of accounts and payments, e.g. sponsorship and attendance of events and fairs.
  • Building strategic, cross University of Suffolk partnerships and relationships, making connections between parties and communities interested in advancing or investigating areas of mutual Interest e.g. exploring funding opportunities with the University Research and Enterprise Team, and connecting you to key academics relevant to the services we provide.
  • To share with you information about upcoming events that we believe are relevant to your needs, business sector or areas of interest based upon our prior engagements, for example, sending a mental health charity information about an event relating to student mental health.

We may collect use and store the following personal data;

  • Contact details, such as name, title, addresses (or approximate location), telephone numbers, fax number, email addresses
  • Emergency contact information - this will be provided by you and stored on the understanding that you have informed the individual(s) to whom this data belongs
  • Date of birth, age
  • Gender
  • Photographs
  • Voice recordings
  • Records of appointments and notes from meetings
  • Social media handles
  • Job title, employer/organisation, registered business/charity number
  • Signature
  • Bank details and information about income and outgoings

On occasions we may also collect, store and use the following "special categories" of more sensitive personal data which require a higher level of protection:

  • Information about your health, including medical conditions, NHS number
  • Criminal convictions and offences
Legal basis for processing information

We will normally collect or process personal sensitive information only (i) where we need the personal information to perform a contract with you, or (ii) where the processing is in our legitimate interests and not overridden by your rights or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information. It is recognised that some of the grounds outlined here will overlap and Student Services could rely on multiple grounds justifying its lawful processing.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information).

Data Sharing with third parties

Student Services use some third-party services to assist in the delivery of services to you to fulfil our educational mission. We carefully select third parties to work with and undertake due diligence to check that they will process your data for the specified purposes and we expect that they treat it in accordance with GDPR and the law.  Examples of third-party services we enlist include:

  • Blackbullion - Financial literacy platform
  • Abintegro - Career Development Platform and Employer Content Management System

We have no control over, and are not responsible for, the privacy policies and practices of other third parties.  As such, when using these services, you will be prompted to agree to their Privacy Policy and to give consent to share your information. Student Services will act as a Data Controller for the personal data third-party services share with us.

Signposting to other websites and/or services

Whilst we endeavour to ensure the content and relevance of external websites is correct, we cannot be held responsible for the privacy policies of other sites. Please do not assume that external websites follow our Privacy Notice.

Exemptions to GDPR obligations when data sharing

On rare occasions, we may need to share your data without your knowledge or consent, for other reasons that are exempt from the GDPR’s transparency obligations. We will always endeavour to balance respect for your individual rights and proportionate measures to safeguard:

  • Public and/or national security;
  • Prevention investigation, detection or prosecution of criminal offences;
  • Breaches of ethics in regulated professions; and
  • Protection of the vital interests, rights and freedoms of others, for example.
Your rights as a data subject

We thought it would be helpful to set out your rights under GDPR. You have the right to:

  • withdraw consent where that is the legal basis of our processing
  • access your personal data that we process;
  • rectify inaccuracies in personal data that we hold about you;
  • be removed, that is your details to be removed from systems that we use to process your personal data;
  • restrict the processing in certain ways;
  • obtain a copy of your data in a commonly used electron form; and
  • object to certain processing of your personal data by us.

Please see https://ico.org.uk/ for further information on the above rights. You may also contact the institutional Data Protection Officer for further information dataprotection@uos.ac.uk

You have the right to complain. A complaint can be raised through the University’s Complaints Procedure, which can be found at ‘Policies and Guides’ https://mysuffolk.uos.ac.uk/forms-policies-and-guides-students

Alternatively, you have the right to complain to the Information Commissioner's Officer about the way in which we process your personal data. Please see https://ico.org.uk/.

Storage and retention of information

You have the right to privacy of personal and sensitive data. Access to all user data within the University whether on paper, computer files or other storage, is strictly controlled. All staff within Student Services regard personal data as confidential and will only access the data on a need to know basis as required in order to provide a professional service.

Within Student Services access to data is restricted on the basis of an individual member of staff's roles and responsibilities. Ordinarily staff will only be able to access the data within the team(s) they work in and only the data that is necessary for them to fulfil their role effectively.

Information will be treated confidentially, except where there is a legal basis for sharing information.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a student we will retain or securely destroy your personal information in accordance with our Data Retention Schedule.