Student Data Privacy Statement
Last Revised: 08/03/2021
University of Exeter Students’ Guild promises to respect any personal data you share with us and keep it safe. We feel that the right thing to do when we collect your data is to be clear what we are going to do with it and not do anything you wouldn’t reasonably expect.
Developing a better understanding of our members through your personal data allows us to make better decisions, communicate more efficiently and ultimately help us to reach our goal of having a positive impact with every University of Exeter student.
Where we collect information about you
We collect information in the following ways:
When you become a member
Each year that you enroll on a University of Exeter accredited course you automatically become a member of the University of Exeter Students’ Guild, unless you opt out during enrollment. The University of Exeter annually shares a register of members with us which includes information about you and your course. When the University gives us this data, which is updated weekly, we become responsible for it and will use this as our core central record of your membership.
When you give it to us directly
You may give us your information to sign up to a society, for one of our events, use our advice service, purchase our products or communicate with us. When you give us this information we take responsibility for looking after it and we will cross reference this data against our register of members.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When we collect it as you use our websites
Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookies Statement.
In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have and what operating system you’re using. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you are one of our members, the University, in response to their obligations to you, provide us with a set of key information you provided at enrollment. When you use our services, or participate in one of our activities we will use this information to provide the best possible standards of administration and communication. The information provided to the Students’ Guild is your:
- Card number
- Card swipe number
- Issue number
- University user id
- First name
- Middle names
- Last name
- phone number
- Mobile phone number
- Email address
- Country code
- Year of study
- Mode of study
- Student type
- Course code
- Course name
- Department name
- Faculty name
- Home postcode
- Home country
- Home phone number
- Study site
- Expected course end date
- Fees status
- Disability status
- Term-time locality
In addition, when you attend an event, join a student group or use one of our services we may ask for additional information such as:
We will mainly use your data to:
Provide you with the services, products or information you asked for
Administer your membership
Keep a record of your relationship with us
Ensure we know how you prefer to be contacted
Understand how we can improve our services, products or information
Who we share your personal data with?
We disclose your information to key suppliers who enable us to provide services to you.
We operate internationally, and as part of the services offered to you by the Students' Guild, the information, which you provide to us may be transferred to countries outside the European Union (“EU”) and the European Economic Area (EEA).
By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
These suppliers are named below:
Disclosure and Barring Service
You may wish to volunteer in a role that requires you to undertake a DBS check. If so then we have a strict process in place that ensures we process your personal data in accordance with the General Data Protection Regulation and the DBS’s code of practice. We are required to keep a record of your Name and DBS application reference number until the end of the academic year.
Supplier: Membership Services Limited
Purpose: Student Engagement Solutions
Purpose: All Office 365 products that could be used for storage purposes. This includes but is not limited to Email, OneDrive and SharePoint.
We undertake an annual review of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors. This is because we have a legal obligation to, from time to time share information with organisation which have a statutory or regulatory obligation to process personal data under the lawful basis of public interest. This may include but not limited to University of Exeter Estate Patrol, Law enforcement, healthcare etc.
Who you engage with directly to utilise Guild services:
Supplier: Freshworks/Fresh Desk – Ticketing System
Purpose: Providing an online Helpdesk system.
Marketing & Communications Preferences
As a member, we believe you have a legitimate interest in hearing from us about the products and services we offer, what we’re doing to represent you and opportunities that might be of interest to you. Occasionally, we may include information from partner organisations, our own social enterprises or organisations who support us in these communications.
As a charity, we need to fundraise to provide the services we offer to University of Exeter students. We send marketing material to our members where you have told us that we can. We do not sell or share personal details to third parties for the purposes of marketing.
Controlling what you want to hear about
We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us at firstname.lastname@example.org.
Keeping your information up to date
We mostly use the record of members provided by the University of Exeter to maintain accurate data about you as described above. We really appreciate it if you let us know if your contact details change.
Understanding the detail of our data security measures
When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.
The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our employees and volunteers. All employees and volunteers handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.
The Students’ Guild does not store any sensitive card data on our systems during or following online transactions. The Guild utilises payment processors which are PCI compliant P2Pe devices and ecommerce Sagepay to handle these matters.
Your right to know what data we hold about you, make changes or ask us to stop using your data
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us (e.g. processing your membership or registering you for an event) we will do so. Contact us at email@example.com if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, you should complete the Subject Access Request Form with a detailed description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter.
Our assurance to data privacy principles
In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data please contact:
Data Protection officer
Data Privacy Advisory Service
10 Oaktree Place
If you have any questions please send these to firstname.lastname@example.org, and for further information see the Information Commissioner’s guidance here