Student Data Privacy Statement
Last Revised: 23rd February 2018
University of Exeter Students’ Guild promises to respect any personal data you share with us and keep it safe. We feel that the right thing to do when we collect your data is to be clear what we are going to do with it and not do anything you wouldn’t reasonably expect.
Developing a better understanding of our members through your personal data allows us to make better decisions, communicate more efficiently and ultimately help us to reach our goal of having a positive impact with every University of Exeter student.
Where we collect information about you
We collect information in the following ways:
When you become a member
Each year that you enroll on a University of Exeter accredited course you automatically become a member of the University of Exeter Students’ Guild, unless you opt out during enrollment. The University of Exeter annually shares a register of members with us which includes information about you and your course. When the University gives us this data, which is updated weekly, we become responsible for it and will use this as our core central record of your membership.
When you give it to us directly
You may give us your information to sign up to a society, for one of our events, use our advice service, purchase our products or communicate with us. When you give us this information we take responsibility for looking after it and we will cross reference this data against our register of members.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When we collect it as you use our websites
Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They’re small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookies Statement.
In addition, the type of device you’re using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have and what operating system you’re using. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
If you are one of our members, the University, in response to their obligations to you, provide the Students’ Guild with the following Personal Data for enrolled students. In order for the Students’ Guild to fulfil its statutory obligations, Personal Data for students changing enrolment status part way during an academic year will continue to be shared with the Students’ Guild until conclusion of the academic year. Such sharing excludes any students who have opted out of this agreement.
- Card number
- Card swipe number
- University user id
- First name
- Middle names
- Last name
- Date of Birth
- Email address
- Year of study
- Mode of study
- Student type
- Course code
- Course name
- Department name
- Faculty name
- Expected course end date
- Fees status
- Mobile and landline telephone numbers
The following sensitive personal data shall only be shared with the explicit consent of students or in exceptional circumstances.
- Disability status
In addition, when you attend an event, join a student group or use one of our services we may ask for additional information such as:
- Your bank details to facilitate payments
- Information relating to your health if you are taking part in a high-risk activity
We will mainly use your data to:
- Provide you with the services, products or information you asked for
- Administer your membership
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Understand how we can improve our services, products or information
Disclosure and Barring Service
You may wish to volunteer in a role that requires you to undertake a DBS check. If so then we have a strict process in place that ensures we process your personal data in accordance with the General Data Protection Regulation and the DBS’s code of practice. We are required to keep a record of your Name and DBS application reference number until the end of the academic year. To see how the DBS handle your data safely, please click here
Who we share your personal data with
We disclose your information to key suppliers who enable us to provide services to you.
These suppliers are named below:
Supplier: Membership Services Limited
Purpose: Student Engagement Solutions
Address: Membership Solutions Ltd
University of Warwick
Gibbet Hill Road
Coventry CV4 7AL, UK
To see how they handle your data safely, please click here
Bath Innovation Centre
Purpose: Supply a managed suite of on-site servers and cloud backup solution
Bath BA1 1UD, UK
To see how they handle your data safely, please click her
Purpose: All Office 365 products that could be used for storage purposes. This includes but is not limited to Email, OneDrive, SharePoint.
To see how they handle your data safely, please click here
We undertake an annual review of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors. This is because we have a legal obligation to, from time to time share information with organisation which have a statutory or regulatory obligation to process personal data under the lawful basis of public interest. This may include but not limited to University of Exeter Estate Patrol, Law enforcement, healthcare etc.
Who you engage with directly to utilise Guild services:
Wi5 – Provider of the site - Order to Table / Click & Collect
Details of Wi5 are here - https://wi5.io/
Checkout.com – Provider of the payment process.
These services allow the Students’ Guild to offer a safe and secure method for purchasing food and beverages from both our Comida and Ram outlets.
Wi5 collect the following information:
First Name, Email, Mobile Number
This data is used to send email receipts and SMS notifications about their transactions to the customer. This data is only stored on Wi5's infrastructure and encrypted in-flight and at-rest.
Checkout.com to process card payments and refunds.
Checkout.com collect your card details to enable the processing of your transaction and refunds.
Marketing & Communications Preferences
As a member, we believe you have a legitimate interest in hearing from us about the products and services we offer, what we’re doing to represent you and opportunities that might be of interest to you. Occasionally, we may include information from partner organisations, our own social enterprises or organisations who support us in these communications.
As a charity, we need to fundraise to provide the services we offer to University of Exeter students. We send marketing material to our members where you have told us that we can. We do not sell or share personal details to third parties for the purposes of marketing.
Controlling what you want to hear about
We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us at email@example.com.
Keeping your information up to date
We mostly use the record of members provided by the University of Exeter to maintain accurate data about you as described above. We really appreciate it if you let us know if your contact details change.
Understanding the detail of our data security measures
When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.
The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our employees, permanent and casual. All employees and casual staff handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.
The Students’ Guild does not store any sensitive card data on our systems during or following online transactions. The Guild utilises payment processor Payware Ocius Sentinel and ecommerce Sagepay to handle these matters. All our trading outlets are PCI compliant. Please refer to our Data Protection Policy for more information.
Your right to know what data we hold about you, make changes or ask us to stop using your data
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us (e.g. processing your membership or registering you for an event) we will do so. Contact us at firstname.lastname@example.org if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, you should complete the Subject Access Request Form with a detailed description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter.
Our assurance to data privacy principles
In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data please contact:
Data Protection officer
Data Privacy Advisory Service
10 Oaktree Place
If you have any questions please send these to email@example.com. For further information see the Information Commissioner’s guidance here.