Your Privacy - Students
Student Data Privacy Statement
Last Revised: 05/07/2024
Introduction
The University of Exeter Students’ Guild promises to respect any personal data you share with us and keep it safe. We feel the right thing to do when we collect your data is to be clear about what we are going to do with it and that we won’t do anything you wouldn’t reasonably expect.
Developing a better understanding of our members through your personal data allows us to make better decisions, communicate more efficiently and ultimately help us to reach our goal of having a positive impact with every University of Exeter student.
Where we collect information about you
We collect information in the following ways:
When you become a member
Each year that you enroll on a University of Exeter accredited course you automatically become a member of the University of Exeter Students’ Guild, unless you opt out during enrollment. The University of Exeter annually shares a register of members with us which includes information about you and your course. When the University gives us this data, which is updated weekly, we become responsible for it and will use this as our core central record of your membership.
When you give it to us directly
You may give us your information to sign up to a society, for one of our events, use our advice service, purchase our products, or communicate with us. When you give us this information, we take responsibility for looking after it and we will cross reference this data against our register of members.
Social Media
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When we collect it as you use our websites
Like most websites, we use “cookies” to help us make our site – and the way you use it – better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier – for example by automatically filling your name and address in text fields. There are more details in our Cookies Statement.
In addition, the type of device you are using to access our website and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have and what operating system you’re using. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What personal data we collect and how we use it
The type and quantity of information we collect and how we use it depends on why you are providing it.
Our Members
If you are one of our members, the University, in response to their obligations to you, provide us with a set of key information you provided at enrollment. When you use our services or participate in one of our activities we will use this information to provide the best possible standards of administration and communication. The information provided to the Students’ Guild is your:
• Card number
• Card swipe number
• Issue number
• University user id
• First name
• Middle names
• Last name
• Title
• DOB
• phone number
• Mobile phone number
• Email address
• Country code
• Nationality
• Year of study
• Mode of study
• Student type
• Status
• Course code
• Course name
• Department name
• Faculty name
• Home postcode
• Home country
• Home phone number
• Study site
• Placement
• Expected course end date
• Residency
• Fees status
• Term-time locality
In addition, information relating to the following will be automatically shared:
• Ethnicity
• Sex
• Disability status
These special categories of your personal information are shared in accordance with article 9(2)(d) of the UK-GDPR where we, as a not-for-profit organisation will ensure that you are represented with equality, diversity and inclusivity as our focus.
In addition, when you attend an event, join a student group or use one of our services we may ask for additional information such as:
● Your bank details to facilitate payments
● Information relating to your health if you are taking part in a high-risk activity
We will mainly use your data to:
● Provide you with the services, products or information you asked for
● Administer your membership
● Keep a record of your relationship with us
● Ensure we know how you prefer to be contacted
● Understand how we can improve our services, products or information
Disclosure and Barring Service
You may wish to volunteer in a role that requires you to undertake a DBS check. If so then we have a strict process in place that ensures we process your personal data in accordance with the General Data Protection Regulation and the DBS’s code of practice. We are required to keep a record of your Name and DBS application reference number until the end of the academic year.
To see how they handle your data safely, please click here
Who we share your personal data with:
We disclose your information to key suppliers who enable us to provide services to you.
We operate internationally, and as part of the services offered to you by the Students’ Guild, the information, which you provide to us may be transferred to countries outside the European Union (“EU”) and the European Economic Area (EEA).
By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
These suppliers are named below:
Supplier: StaffSavvy – SmartBlue Limited. HR management system
Purpose: If you chose to work for the Students’ Guild as a student staff member, your employee details will be stored in Staff Savvy’s servers which are located in the UK.
To see how they handle your data safely, please click here
Supplier: MemPlus - Wild Rocket Development Studio LTD
Purpose: Student Engagement Solutions and our Student Database. A system for managing society memberships and administering elections. (UK Data Centre)
Supplier: Microsoft (UK Data Centre)
Purpose: All Office 365 products that could be used for storage purposes. This includes but is not limited to Email, OneDrive and SharePoint. (UK Data Centre)
To see how they handle your data safely, please click here
Supplier: Qualtrics Surveys
Purpose: Aims to allow the Guild to become more insight- and data-driven by using an effective software and method to ensure we understand and are the experts of our members
To see how they handle your data safely, please click here
Supplier: Fixr
Purpose: Event management where societies can use Fixr for their ticketed events.
The Guild is a processor of Fixr and will have access to personal data for finance administration purposes. This will include Name, email & phone number.
To see how they handle your data safely, please click here
If you fill out a Students’ Guild Risk Assessment, that assessment as part of the approval process may be shared with 3rd parties like University of Exeter or the police for example. This ensures we involve all necessary parties to feed into the decision-making process.
We undertake an annual review of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors. This is because we have a legal obligation to, from time-to-time share information with organisation which have a statutory or regulatory obligation to process personal data under the lawful basis of public interest. This may include but not limited to University of Exeter Estate Patrol, Law enforcement, healthcare etc.
Who you engage with directly to utilise Guild services:
Supplier: Freshworks/Fresh Desk – Customer ticketing system (US)
Purpose: Providing an online Helpdesk system. Group emails operate within the Freshdesk system and therefore, if you email ***@exeterguild.com for example, it will redirect from Microsoft 365 to Freshdesk.
To see how they handle your data safely, please click here
Marketing & Communications Preferences
Membership Communications
As a member, we believe you have a legitimate interest in hearing from us about the products and services we offer, what we are doing to represent you and opportunities that might be of interest to you. Occasionally, we may include information from partner organisations, our own social enterprises or organisations who support us in these communications.
Direct Marketing
As a charity, we need to fundraise to provide the services we offer to University of Exeter students. We send marketing material to our members where you have told us that we can. We do not sell or share personal details to third parties for the purposes of marketing.
Controlling what you want to hear about
We make it easy for you to tell us how you want us to communicate, in a way that suits you. Our forms have clear marketing preference questions, and we include information on how to opt out when we send you marketing. If you do not want to hear from us, that is fine. Just let us know when you provide your data or contact us at data-protection@exeterguild.com.
Keeping your information up to date
We mostly use the record of members provided by the University of Exeter to maintain accurate data about you as described above. We really appreciate it if you let us know if your contact details change.
Understanding the detail of our data security measures
When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.
The Students’ Guild operates a Data Protection and Information Security Policy which is supported by a practical handbook for our employees and volunteers. All employees and volunteers handling data are required to undertake general data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.
You have a right to know what data we hold about you, make changes or ask us to stop using your data.
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us (e.g. processing your membership or registering you for an event) we will do so. Contact us at data-protection@exeterguild.com if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, you should complete the Subject Access Request Form with a detailed description of the information you want to see and the required proof of your identity by post to the University of Exeter Students’ Guild, Devonshire House, Stocker Road, Exeter.
Our assurance to data privacy principles
In recognition of our commitment to safeguarding the right of Data objects, we have appointed an independent Data Protection Officer. If you have any concerns over the way we process your data, please contact:
Data Protection officer
Data Privacy Advisory Service
Unit 14, Dunchideock Barton,
Dunchideock,
Exeter,
EX2 9UA.
dpo@dataprivacyadvisory.com
If you have any questions please send these to data-protection@exeterguild.com, and for further information see the Information Commissioner’s guidance here.