Student Life Privacy Notice

Student Life include information, advice and guidance services as well as therapeutic support such as counselling, and practical assistance such as non-medical help (NMH).

The service areas include:

• Reception support and information
• General information, advice and guidance about courses, events, policies, procedures, services and facilities
• Finance advice and guidance
• Pastoral support and peer mentoring
• International exchange programmes
• International pastoral support, advice and guidance
• Disability and wellbeing services  
• Non-Medical Help (NMH), for example specialist mental health mentoring or note-taking
• Learning Difficulties diagnostic assessment
• Counselling
• Safeguarding
• Liaison with employers and external agencies

The University processes personal data in accordance with our obligations under the UK General Data Protection Regulations (‘GDPR’). This notice is written to comply with requirements under GDPR (as they are known). We will review and update this notice annually and publish any revisions via the website.

1. Applicants, students and alumni

All teams within Student Life obtain and process data about service users. Where possible data is obtained from the central student information system, to avoid requesting information that may have been already provided. We will only use your personal information for the purposes we collect it. The purposes for processing data are for example:

• to provide you with services that are part of our educational mission;
• to enable users to access a particular service;
• to process event bookings;
• to share information about upcoming events and new initiatives that we believe are relevant to you, based upon your prior engagement with us e.g. a receiving information about an upcoming wellbeing event ;
• to promote equality and diversity across the institution;
• to enable any preparation to be undertaken in connection with an enquiry prior to an appointment;
• to keep a record of your contact with a service to enable continuing work with you;
• to provide advice and guidance based on accurate information;
• to enable staff to communicate and inform you of services, activities and events organised for students, organisations and agencies;  
• to enable us to monitor and evaluate service usage and make improvements;
• to enable us to liaise with external agencies as appropriate to the service provision, either with the users permission or protect the vital interests of the user or others;
• to enable us to provide anonymous data required by statutory bodies such as the Office for Students (OfS);
• to enable us to provide data as required by our regulatory and statutory bodies on the quality of services, for example the delivery of Non Medical Help (NMH) via Disabled Students’ Allowances (DSA), Ofsted and Office for Students (OfS).

We may collect use and store the following personal data;

• Contact details, such as name, title, addresses (or approximate location), telephone numbers, fax number, email addresses
• Emergency / wellbeing contact information - this will be provided by you and stored on the understanding that you have informed the individual(s) to whom this data belongs
• Date of birth, age
• Gender
• Photographs
• Voice recordings
• Records of appointments and notes from meetings
• Social media handles
• Job title, employer/organisation, registered business/charity number
• Signature
• Bank details and information about income and outgoings

On occasions and with your consent we may also collect, store and use the following "special categories" of more sensitive personal data, which require a higher level of protection:

• Information about your health, including medical conditions, NHS number
• Criminal convictions and offence

2. Research

On occasion, we carry out research on students and/or alumni in key industries or roles, to gain a greater understanding of you and your interests. This is typically to inform and shape the services we deliver and may include to seek support for the University in the form of case studies, visits and talks to current students or departments. This enables us to make our communications and services more relevant, and to offer a more tailored package of engagement or support. This research only ever uses information freely available in the public domain and is carried out internally by University employees.

In rare and exceptional circumstances we may employ another company to undertake this research for us (see below, Sharing your Information). If, on the basis of this research, we believe there to be genuine and legitimate mutual interest in discussing a particular development or area of work at the University, then we may attempt to contact you regarding it, whether or not you have consented to receiving communications from us. You will always have the opportunity to decline further contact. We may anonymise some personal data, for example survey results.  In this case, it can no longer be associated with, or used to identify, an individual.

3. Organisations and External Parties

Data is obtained as a result of the personal relationship you have with Student Life teams, and includes business cards, emails, telephone correspondence, event booking or attendance, collaborative working with other teams within the University, or web based queries received (including via social media).

• We may also obtain information from third parties such as one of your colleagues, from your organisation or from publicly available information on your organisations website or professional profile.
• Administration of employer/student engagement activities on and off campus e.g. administration and registration at Student Life events (including skills based and conference workshops), and the subsequent collection of feedback on impact of participation.
• Processing and recovery of accounts and payments, e.g. sponsorship and attendance of events and fairs.
• Building strategic, cross University of Suffolk partnerships and relationships, making connections between parties and communities interested in advancing or investigating areas of mutual Interest e.g. exploring funding opportunities with the University Business Engagement and Enterprise Team, and connecting you to key academics relevant to the services we provide.
• To share with you information about upcoming events that we believe are relevant to your needs, sector or areas of interest based upon our prior engagements, for example, sending a mental health charity information about an event relating to student mental health.

We will normally collect or process personal sensitive information only (i) where we need the personal information to perform a contract with you, or (ii) where the processing is in our legitimate interests and not overridden by your rights or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect and process personal information. It is recognised that some of the grounds outlined here will overlap and Student Life could rely on multiple grounds to justify its lawful processing.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information).

Data sharing

Staff within the University

Student Life staff may inform relevant staff as appropriate (e.g. your Tutor / Personal Tutor and/or Course Administrator), that you are accessing services without giving further details of your circumstances. This is to help coordinate with your programme of study and to enhance your overall University experience, but you can ask that this information is not shared.

There may be instances where it could benefit you to share more detailed information with appropriate staff within the University. If this is thought to be necessary, we would discuss with you what was felt appropriate to share and seek your agreement in advance. Information would only ever be shared with legitimate reason and on justifiable grounds.

Staff routinely work with external professionals, such as local NHS healthcare providers and the police. The same general principles of sharing information apply; students will be asked in advance to provide their agreement for us to discuss their situation with external professionals.

External Third Parties

The UK General Data Protection Regulation (GDPR) and University policy prohibit disclosure of an individual’s information to a third party, unless there is a legal basis to do so. This means that staff members cannot give information about a student currently studying at the University to a third party. This includes parents, other family members and friends, for example.

If a parent, guardian or carer makes contact with any University staff member to enquire about you, staff will not be able to divulge any details concerning you or your engagement at the university, such as your academic progress, wellbeing or attendance, for example. For this reason, we encourage parents and students to keep in regular contact with each other.

In general, students are expected to act on their own behalf when dealing with offices and departments within the University, and when requesting services. Parents, guardians or other individuals will not normally be allowed to make requests, or otherwise act on behalf of the student.

We ask students to opt-in and provide the university with the contact details for a designated, trusted individual in situations where we may have serious or grave concerns about your vital interests, wellbeing or mental health.

The UK General Data Protection Regulation does permit the University to disclose information in certain exceptional circumstances; these are usually life or death situations. The University’s ‘opt-in’ scheme enables you to identify either an ‘emergency’ or ‘wellbeing’ contact when there are serious concerns about your wellbeing. If you are presenting as at grave risk, the routine need to obtain consent before disclosing data may be waived and we will contact your Wellbeing Contact with some caveats:

1. You have provided Wellbeing Contact details, these are assigned by you and are your responsibility to keep up to date;
2. If you are experiencing difficulty but are not at immediate or grave risk, and you or University staff identify that input from the Wellbeing Contact could be helpful; we will seek your permission to make contact. If you agree, the Wellbeing Contact will be contacted, usually with you present.

If you are believed to be in grave danger, missing and/or unresponsive or are believed to lack capacity; we are able to use the Wellbeing Contact even if you are unable to give permission. The decision to contact a Wellbeing Contact will be taken by two managers and will be based on the agreement that communication with the nominated contact is necessary in order to protect yours or others vital interests. These circumstances are very rare, but when they occur the most common causes of this necessary communication are where a student has been reported missing and is believed to be at risk or where a student is unresponsive and has been taken by emergency transportation to hospital.

Information about the opt-in scheme can be found on our website – Student wellbeing and communication with families.

Data Sharing with third party organisations

The University works with third-party services to assist in the delivery of services to you to fulfil our educational mission. We carefully select third parties to work with and undertake due diligence to check that they will process your data for the specified purposes and we expect that they treat it in accordance with UK GDPR and the law.  Examples of third-party services we enlist include:

• Blackbullion - Financial literacy platform and funding tool (Privacy Notice)
• QS Dyslexia Tests - Quickscreen screening tool (Privacy Notice)
• Support Connect - providing non-medical help support.
• Health Assured (Privacy Notice) - providing a 24/7 counselling helpline.

We have no control over, and are not responsible for, the privacy policies and practices of other third parties.  As such, when using these services, you will be prompted to agree to their Privacy Policy and to give consent to share your information. The University will act as a Data Controller for the personal data third-party services share with us.

The 24/7 counselling helpline provided by Health Assured support line is a separate service offered to students of the University of Suffolk. Health Assured provides a confidential service and the information you discuss with their helpline support workers is not routinely provided to the University unless your health, wellbeing or welfare is judged to be at imminent risk. In these circumstances and where the support worker thinks you need additional support, they will seek your consent to share your name and information about their concerns with the Disability and Wellbeing team so that they can provide you with further help. In some circumstances where you are not able to provide consent or where you refuse consent, Health Assured may still decide to share relevant information with the University where it is necessary to protect your or another person’s vital interests. This approach is consistent with the University’s Data Management Policy which you signed up to at registration.

Signposting to other websites and/or services

Whilst we endeavour to ensure the content and relevance of external websites is correct, we cannot be held responsible for the privacy policies of other sites. Please do not assume that external websites follow our Privacy Notice.

Exemptions to GDPR obligations when data sharing

On rare occasions, we may need to share your data without your knowledge or consent, for other reasons that are exempt from the GDPR’s transparency obligations. We will always endeavour to balance respect for your individual rights and take proportionate measures:

• Public and/or national security;
• Prevention investigation, detection or prosecution of criminal offences;
• Statutory or regulatory body assessing the quality of our services
• Breaches of ethics in regulated professions; and
• Protection of the vital interests, rights and freedoms of others, for example.

 

Under UK GDPR, you have the right to:

• withdraw consent where that is the legal basis of our processing
• access your personal data that we process;
• rectify inaccuracies in personal data that we hold about you;
• be removed, that is your details to be removed from systems that we use to process your personal data;
• restrict the processing in certain ways;
• obtain a copy of your data in a commonly used electron form; and
• object to certain processing of your personal data by us.

Further information on the above rights. You may also contact the institutional Data Protection Officer for further information dataprotection@uos.ac.uk

You have the right to complain. A complaint can be raised through the University’s Complaints Procedure, which can be found at ‘Policies and Guides’

Alternatively, you have the right to complain to the Information Commissioner's Officer about the way in which we process your personal data. 

You have the right to privacy of personal and sensitive data. Access to all user data within the University whether on paper, computer files or other storage, is strictly controlled. All staff within Student Life regard personal data as confidential and will only access the data on a need to know basis as required in order to provide a professional service.

Within Student Life access to data is restricted on the basis of an individual member of staff's roles and responsibilities. Ordinarily staff will only be able to access the data within the team(s) they work in and only the data that is necessary for them to fulfil their role effectively.

Information will be treated confidentially, except where there is a legal basis for sharing information.

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.  In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a student we will retain or securely destroy your personal information in accordance with our Data Retention Schedule.