Student Privacy

The Privacy Policy for Students who are members of the Students' Guild

The Privacy Policy for Students who are members of the Students' Guild

Student Data Privacy Statement

Last Revised: 23rd February 2018

Introduction

University of Exeter Students’ Guild promises to respect any personal data you share with us and keep it safe.  We feel that the right thing to do when we collect your data is to be clear what we are going to do with it and not do anything you wouldn’t reasonably expect.

Developing a better understanding of our members through your personal data allows us to make better decisions, communicate more efficiently and ultimately help us to reach our goal of having a positive impact with every University of Exeter student.

 

Where we collect information about you

We collect information in the following ways:

When you become a member

Each year that you enroll on a University of Exeter accredited course you automatically become a member of the University of Exeter Students’ Guild, unless you opt out during enrollment. The University of Exeter annually shares a register of members with us which includes information about you and your course. When the University gives us this data, which is updated weekly, we become responsible for it and will use this as our core central record of your membership.

When you give it to us directly

You may give us your information to sign up to a society, for one of our events, use our advice service, purchase our products or communicate with us. When you give us this information we take responsibility for looking after it and we will cross reference this data against our register of members.

Social Media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.

Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.

When we collect it as you use our websites

Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookies Statement.

In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have and what operating system you’re using. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

What personal data we collect and how we use it

The type and quantity of information we collect and how we use it depends on why you are providing it.

Our Members

If you are one of our members, the University, in response to their obligations to you, provide us with a set of key information you provided at enrollment. When you use our services, or participate in one of our activities we will use this information to provide the best possible standards of administration and communication. The information provided to the Students’ Guild is your:

Card number
Card swipe number
Issue number
University user id
First name
Middle names
Last name
Title
DOB
phone number
Mobile phone number
Email address
Country code
Sex
Nationality
Year of study
Mode of study
Student type
Status
Course code
Course name
Department name
Faculty name
Home postcode
Home country
Home phone number
Study site
Placement
Expected course end date
Ethnicity
Residency
Fees status
Disability status
Term-time locality

 

In addition, when you attend an event, join a student group or use one of our services we may ask for additional information such as:

  • Your bank details to facilitate payments
  • Information relating to your health if you are taking part in a high-risk activity

 

We will mainly use your data to:

  • Provide you with the services, products or information you asked for
  • Administer your membership
  • Keep a record of your relationship with us
  • Ensure we know how you prefer to be contacted
  • Understand how we can improve our services, products or information

 

Who we share your personal data with

We disclose your information to key suppliers who enable us to provide services to you.

These suppliers are named below:

Supplier:             Membership Services Limited
Purpose:             Student Engagement Solutions
Address:             Membership Solutions Ltd

Warwick SUHQ
University of Warwick
Gibbet Hill Road
Coventry CV4 7AL, UK

To see how they handle your data safely, please click here

Supplier:     Zynstra
Purpose:     Supply a managed suite of on-site servers and cloud backup solution
Address:      Zynstra 

Bath Innovation Centre
Broad Quay
Bath BA1 1UD, UK

To see how they handle your data safely, please click her                                              

Supplier:                Microsoft
Purpose:                All Office 365 products that could be used for storage purposes. This includes but is not limited to Email, OneDrive, SharePoint.
To see how they handle your data safely, please click here

We undertake an annual review of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors. This is because we have a legal obligation to, from time to time share information with organisation which have a statutory or regulatory obligation to process personal data under the lawful basis of public interest. This may include but not limited to University of Exeter Estate Patrol, Law enforcement, healthcare etc.

 

Marketing & Communications Preferences

Membership Communications

As a member, we believe you have a legitimate interest in hearing from us about the products and services we offer, what we’re doing to represent you and opportunities that might be of interest to you. Occasionally, we may include information from partner organisations, our own social enterprises or organisations who support us in these communications.

Direct Marketing

As a charity, we need to fundraise to provide the services we offer to University of Exeter students. We send marketing material to our members where you have told us that we can. We do not sell or share personal details to third parties for the purposes of marketing.

Controlling what you want to hear about

We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us at data-protection@exeterguild.com.

Keeping your information up to date

We mostly use the record of members provided by the University of Exeter to maintain accurate data about you as described above. We really appreciate it if you let us know if your contact details change.

Understanding the detail of our data security measures

When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.

The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our employees, permanent and casual. All employees and casual staff handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.

The Students’ Guild does not store any sensitive card data on our systems during or following online transactions. The Guild utilises payment processor Payware Ocius Sentinel and ecommerce Sagepay to handle these matters. All our trading outlets are PCI compliant. Please refer to our Data Protection Policy for more information.

Your right to know what data we hold about you, make changes or ask us to stop using your data

You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us (e.g. processing your membership or registering you for an event) we will do so.  Contact us at data-protection@exeterguild.com if you have any concerns.

You have a right to ask for a copy of the information we hold about you.  If there are any discrepancies in the information we provide, please let us know and we will correct them.

If you want to access your information, you should complete the Subject Access Request Form with a detailed description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter.

Our assurance to data privacy principles

In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data please contact:

Data Protection officer
Data Privacy Advisory Service
10 Oaktree Place
Exeter
EX2 8WA
dpas-dpo@protonmail.com
 

If you have any questions please send these to data-protection@exeterguild.com. For further information see the Information Commissioner’s guidance here.


University of Exeter Students' Guild is a Charity and Company Limited by Guarantee. Registered Charity Number: 1136468 Company Number: 07217324; registered in England and Wales Registered office: Devonshire House, Stocker Road, Exeter, EX4 4PZ