University of Birmingham Guild of Students Student Privacy Notice
-
Statement of Policy
The University of Birmingham Guild of Students (‘the Guild’) is fully committed to compliance with the requirements of the Data Protection Act 2018 (DPA) and the UK General Data Protection Regulation (GDPR).
The Guild will therefore follow procedures which aim to ensure that all members, elected officers, employees, contractors, agents, consultants, volunteers and other partners of the Guild who have access to any personal data held by or on behalf of the Guild, are fully aware of and abide by their duties under the DPA and the GDPR.
In order to operate efficiently, the Guild has to collect and use information about people to whom it delivers services and with whom it works. These may include members of the Guild, current, past and prospective employees, workers, consultants, volunteers, clients and customers, and suppliers. In addition it may be required by law to collect and use information in order to comply with the requirements of central government.
This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.
The Guild regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Guild and those with whom it carries out business. The Guild will ensure that it treats personal information lawfully and correctly.
To this end the Guild fully endorses and adheres to the principles of Data Protection as set out in the DPA.
The Principles of Data Protection
- The DPA states that data must be processed in accordance with six ‘Data Protection Principles.’ Data will:
- be processed fairly, lawfully and transparently;
- be collected and processed only for specified, explicit and legitimate purposes;
- be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
- not be kept for longer than is necessary for the purposes for which it is processed; and
- be processed securely.
We are accountable for these principles and must be able to show that we are compliant.
The DPA makes a distinction between personal data and “special” personal data.
‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.
- ‘Special categories of personal data’ are types of personal data consisting of information as to:
- your racial or ethnic origin;
- your religious or philosophical beliefs;
- your trade union membership;
- your genetic or biometric data;
- your sex life and sexual orientation.
The DPA is about processing personal data. ‘Processing’ means any operation which is performed on personal data such as:
- collection, recording, organisation, structuring or storage;
- retrieval, consultation or use;
- disclosure by transmission, dissemination, sharing or otherwise making available;
- alignment or combination; and
- restriction, destruction or erasure.
Handling of Personal/Special Information
The Guild will, through appropriate management and the use of strict criteria and controls, comply fully with the Data Protection Principles in processing all personal and special information.
Individuals will have the rights:
- to be informed that processing is being undertaken;
- to access their personal information within 30 days;
- to prevent processing or erase information in certain circumstances; and
- to correct or rectify information regarded as wrong information.
Lawful Bases for Processing Personal Data
If we process your personal data, we must have one of the following “lawful bases” for processing:
- Your consent;
- Processing is necessary for the performance of a contract with you or to take steps to enter into a contract;
- Processing is necessary for compliance with a legal obligation;
- Processing is necessary to protect your vital interests or those of another person;
- Processing is necessary in the public interest or in the Data Controller’s official authority; or
- Processing is necessary because it is in our legitimate interests, or those of a third party, unless these interests are overridden by yours.
Lawful Bases for Processing Special Data
We are also required by law to tell you if we want to process your special personal data (see list above), and we need to have one of the following lawful bases for processing special data:
- Your explicit consent;
- Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement;
- Processing is necessary to protect your vital interests or those of another individual if you are physically or legally incapable of giving consent;
- Processing is carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes) and provided there is no disclosure to a third party without consent;
- Processing relates to personal data which you have manifestly made public;
- Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity;
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional;
- Processing is necessary for reasons of substantial public interest on the basis of UK law which is proportionate and contains appropriate safeguards;
- Processing is necessary for the public interest in the area of public health; and
Processing is necessary for archiving in the public interest, or scientific and historical research purposes or statistical purposes.
-
How the Guild uses your personal information
The Guild processes personal information to enable us to provide a range of services to our members (students) at the University of Birmingham (UoB) which may include: administering membership records; providing and organising activities for Guild members; promoting our services; maintaining accounts and records; and supporting and managing our employees and volunteers.
This privacy notice explains how and when Guild processes personal information. It applies to information we collect and process about:
- Members (students)
- Enquirers, complainants
- Volunteers
- Trustees
- Survey respondents
- Suppliers and service providers
- Individuals captured by CCTV images
-
Who will my personal information & data be shared with?
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we will always comply with all aspects of the DPA and where necessary we will ask for your consent. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
We may share information with:
- Current, past or prospective employers
- UoB (see 6 below)
- Suppliers and service providers
- Employment and recruitment agencies
- Family, associates and representatives of the person whose personal data we are processing
- Educators and examining bodies
- Financial organisations
- Survey or research organisations
- Business associates and professional advisors
- Other voluntary and charitable organisations
- Healthcare, social and welfare organisations
- Pension providers
- Law enforcement officials
- Credit reference agencies
- Debt collection agencies
- Trade union and employer associations
- Professional bodies
- Data processors
- Central government
-
Types of personal information collected by the Guild
If you are a student at the UoB, when you register as a student (on completion of the University Registration process which includes giving data processing consent including sharing data with the Guild), you will automatically become a member of the Guild. You can view the Code of Practice pursuant to the requirements of the Education Act 1994 for more information about the University’s relationship with the Guild. The University then provides the Guild with your name, gender, date of birth, nationality, residency for fees (home or overseas), student ID number, term-time addresses, home addresses, programme title and whether undergraduate or postgraduate, mode of study (full-time, part-time, distance learning etc), School, year, University email contact details and whether you have dependents.
When you register with the University, the personal information above is automatically shared with the Guild and your data is registered with the Guild. The Guild will use this information to contact you and so that you can participate in a range of activities as a member of the Guild including: voting in elections and referenda, attending Guild meetings, joining student groups and societies and purchasing Guild products such as event tickets.
The Guild would also like to use your personal data to send you information about activities and events that may be of interest to you. The Guild will contact you separately to ask for your consent in relation to this and to enable you to update your communication preferences.
If you do not wish to be a member of the Guild, you should contact the President of the Guild via (president@guild.bham.ac.uk), in which case your data will be removed and you will cease to be a member of the Guild. This means that you will no longer be able to participate in activities associated with your membership such as those outlined above.
Your details will be held by the Guild in its membership database/data management system, unless you have opted out of Guild membership (via the process outlined above). The details held are the details provided to the UoB within the registration process.
The Guild cannot be held responsible for any inaccurate personal details provided to the UoB. Please let the UoB and the Guild know if your personal details change and these will be updated within our systems.
As you then interact and take part in activities associated with your membership with the Guild, for example, by attending events, buying tickets, voting in elections and joining student groups, a record of your activity is held within the membership management database (www.guildofstudents.com).
Some Guild services and activities collect personal information about you in other ways and require your consent to do so, and these are also outlined within this privacy notice.
The Guild may need to process some special data about you. We will generally ask you for consent to do this unless the law allows us to process this data without your consent, (for example if the processing is necessary to protect your vital interests and you are incapable of giving consent, or if the processing is necessary for us to defend a legal claim). This special data includes data about your ethnicity, sexual orientation, religious beliefs or health/disability data. We use special data to allow participation in elections, where self-definition is required (e.g. to vote in the Women’s Officer election, we would ask for you to self-define within this category), to deliver support services to you, to ensure safety taking part in some Student Group activities and to provide help or put in place reasonable adjustments.
Your personal data is created, stored and transmitted securely in a variety of paper and electronic formats, including databases. Only those Guild staff who need access for the purpose of delivering the relevant services will be able to access your personal data. Our use of your personal data will not be excessive.
-
How does the Guild use your personal information?
a. Guildofstudents.com
Guildofstudents.com also acts as a data management system to allow students (members) to participate in a range of activities associated with your Guild membership – such as voting in elections and referenda, joining student groups and societies, purchasing Guild products such as event tickets, and attending Guild meetings.
Our Privacy Statement sets out the information practices for the Guild website (guildofstudents.com), including the type of information gathered, how the information is used, and our policy regarding sharing information with others/organisations.
By using guildofstudents.com, you agree to these information practices as set out in the Privacy Statement. A copy of the Cookie Policy for guildofstudents.com can be found here.
We gather both Personal Information and Anonymous Information from you when you visit guildofstudents.com. "Personal Information" means any information that may be used to identify you as an individual, and includes, from the personal information above: name (first and last); email address, and address. "Anonymous Information" means information that is not associated with or linked to your Personal Information; and does not permit or allow the identification of individual persons.
If you are not a UoB student, or if you are a UoB student but have not completed the University Registration process or have chosen not to join the Guild, then if you purchase goods and services from us we shall process your personal information on the basis of the contract that you form with us through such purchase, rather than your consent to data processing.
The Guild, via the site, collects Personal Information and Anonymous Information, as described below.
- Personal Information (collected from guildofstudents.com)
Personal Information is collected whilst using the site from you at the following points:
- If you are not a UoB student and register to the Site as a ‘guest’ to purchase goods or services, we will record your contact information, username and password.
- If you are a registered student at the UoB, you will use your University log credentials to access the site. Your password is not stored on the site/guildofstudents.com or by Guild in any form.
- If you are due to become a registered University Student in 2021, but have not completed the University Registration process, you can register to the site as a ‘Guest’ to purchase goods and services, we will record your contact details and some personal information, your username and password. When you officially become a UoB student and complete the registration process, your Guest account will cease to exist, and your purchasing history data will be migrated to your registered student account. Your temporary password and username will be removed at this point and you will use your University log credentials to access the site.
- If you make any purchases through the Site, the site will record your billing address,
- However, it will not record your payment card details. This information is collected through Stripe, our online payment provider. No card payment details are stored through or on the Site directly.
- Information (collected automatically via guildofstudents.com)
As you navigate the site, certain information will be collected automatically. This data helps us to improve the content of the Site and to customise the content or layout of the Site for you.
A cookie is an element of data that a website sends to your computer's hard drive while you are viewing a website. The Guild uses session cookies (which expire once you close your web browser). You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies. If you do so, however, some areas of the site may not function properly. For further information on our use of cookies please see our Cookie Policy.
- How else we might use your personal information (via guildofstudents.com)
We collect personal information from you in order to fulfil your requests. For example, we may use your personal information to process an online purchase or interact with a service or feature on the site. We may also use your personal information to send you information that you requested, or to confirm registrations, purchases, or to respond to your feedback.
We may use your email address to notify you of products or services that may interest you, such as events or activities - subject to your communications opt-in preferences. In addition, we may notify you of recent updates to the site, or to provide you with latest news on the Guild.
We may create Anonymous Information records from guildofstudents.com activity and personal Information by excluding information (such as your name) that makes the information personally identifiable to you. We use this anonymous information to perform statistical analyses of users' aggregated behaviour so that we may enhance the content of our services and improve site navigation.
- Internet traffic/monitoring
When someone visits guildofstudents.com, we collect standard internet log information and details of visitor behaviour patterns. We do this to measure data such as the number of visitors to the various parts of our Site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website. We also use Google analytics, which provides anonymous information such as the type of device you are using to access the site, and other information such as age range and interests, which Google collects from your internet activity. We use this information to improve the user experience, and to gather general statistics about the users of our services (not user specific).
- Disclosure of Personal Information (from guildofstudents.com)
Your Personal Information will not be sold, traded, or rented to individuals or other entities. However, we may need to share your Personal Information with third parties to charge your credit card or deliver specific services to you such as support services. These third parties are required not to use your Personal Information other than to provide the services requested by the Guild.
We may disclose your Personal Information if we believe in good faith that such disclosure is necessary to:
- comply with any relevant legal obligations or;
- protect and defend the rights or property of the Guild or users of the site;
but only where this complies with the six Data Protection Principles and the rules of the DPA.
Guildofstudents.com contains links to other websites. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored or checked for accuracy or completeness by the Guild.
Inclusion of any linked website on or through guildofstudents.com or other Guild services does not imply approval or endorsement of the linked website by us. If you decide to leave the Guild website and access these third-party websites, you do so at your own risk.
b. Support Services
The Guild delivers a number of support services (Guild Advice, Student Mentors, Community Wardens) where your consent or if you have one, then your contract with us or the UoB, is the lawful basis for the Guild to process your personal data. A summary of how each of these services use and process your personal data is provided below. Further details and information is available from the services directly.
i. Student Mentor Scheme
If you live in University Student Accommodation you agree to share your data with the Student Mentor Scheme and UoB’s Accommodation Services when you sign your accommodation contract with the UoB. The Student Mentor Scheme is delivered by the Guild under a service level agreement with UoB Campus Services (CS). For more information on the Student Mentor Scheme click here.
When you use the Student Mentor Scheme (either directly or if you are referred from another service) and meet with an advisor for the first time you will be asked for consent to process your personal and in some cases special data. Notes will be taken from your meeting, and a ‘case’ created. The case notes are then uploaded onto our case management software, ‘Advice Pro’ and the hard copy destroyed.
If you contact the Student Mentor Scheme via email, your email will be used to create a ’case’ and the correspondence recorded within Advice Pro. If you contact the Student Mentor Scheme by telephone, you will be asked for consent to process data, and notes taken from your conversation, which are then used to create a case. Following your initial interaction with the scheme, every subsequent interaction will be recorded on to the Advice Pro case management software. This allows the Student Mentor Scheme to effectively support you that there is a record of your previous interactions each time you interact with the scheme.
Your data is only accessible by staff members within the Student Mentor Scheme.
Your data may be shared with Campus Services at the UoB under performance of your accommodation contract in order to help progress your case and/or issues you may be experiencing, and if you are deemed to be at risk to yourself or others.
On the rare occasion that a student is unable to provide consent, action may be taken to protect vital interests.
ii. Guild Advice
When you visit, contact or access services provided by Guild Advice, you will be asked to provide consent so that Guild Advice can collect and process your personal and special data in order to provide advice and deliver support services to you. This information will also be used to inform anonymous statistical information for analysis and used to improve the Guild Advice service to students.
In order to provide you with the most comprehensive service and ensure all possible enquiries have been made in order to advise and support you with your case, Guild Advice may request your further consent to share your personal information and information related to your enquiry or case with a third party or parties. For example, it may be relevant to your case that Guild Advice contact a UoB support service or department or an external service or organisation on your behalf to provide you with additional advice, guidance and support. Only on receipt of your express written consent will Guild Advice act on your behalf and discuss any matters related to you or your case with a third party.
Upon receiving your written consent, Guild Advice will record and process your personal (and in some cases special) data in accordance with your consent. All personal data and subsequent enquiry or case notes are recorded in hard copy and then uploaded on to our ‘Advice Pro’, case management software. Any supporting evidence you provide will also be scanned and uploaded on to Advice Pro. Following your initial interaction with Guild Advice, every subsequent interaction will be recorded on to the Advice Pro case management software. Your data is generally only accessible by staff members within Guild Advice. However, on some occasions, your data is accessible to Guild Sabbatical Officers, for example, where representation is required (for example, within a University hearing).
On the rare occasion that a student visiting Guild Advice is unable to provide consent, action may be taken to protect vital interests.
You have the right to withdraw your consent to share your data at any point. Please contact your appointed Advisor or the Guild Advice Manager for further information.
iii. Community Wardens
The Community Warden Scheme is delivered by the Guild in partnership (under a service level agreement) with the UoB. The scheme works within the local community to promote and support community cohesion, improve and deliver environmental and crime prevention initiatives. For more information on the Community Warden Scheme click here.
Students and non-student local residents are able to report community issues to the scheme via phone, email or in person. When you report an issue, you will be asked for consent to process your personal data and the information you provide. When you report an issue a ‘case’ will be created and a summary of the issue recorded and action required; a contact log will also be created and will summarise discussions and issues raised. This allows us to effectively progress your case and means you don’t have to repeat your concerns each time you interact with the scheme. This information may be shared with members of Community Warden Staff, in hard copy or electronic format, with any hard copies destroyed after use.
Community Warden Staff may also record report activity which is identified on visits (following up reported incidents outlined above) and from patrols. This data may include, for example, a street name and house number and a summary of the issue identified – for example, bulky waste; and is recorded as a ‘case’ and shared with Community Warden Staff team members.
Anonymous statistics and monitoring data from the Community Warden scheme will be shared with the University and some other third parties such as the City Council. In some cases specific case information and personal data will be shared with third parties such as the UoB, should further support be required to resolve the case; and West Midlands Police, if, as a complainant, your query needs additional support to resolve or if action is required for law enforcement purposes.
c. Job applicants and current and former Trustees and volunteers of the Guild and Guild Services Limited
When individuals apply to work or be a trustee or volunteer at the Guild, or Guild Services Limited, we will only use the information they supply to us to process their application and to monitor recruitment statistics. We will collect this information because of our legitimate interests and also (if you are applying to be an employee) because if your application is successful we may enter into an employment contract with you. We may also be collecting your special data (for example your health data) if you consent to this and (if you are applying to be an employee) in order to carry out our obligations under employment law.
Where we want to disclose information to a third-party, for example, where we want to take up a reference or carry out a Disclosure and Barring Service Check, we will not do so without informing applicants beforehand.
Personal Information about unsuccessful candidates will be held for 6 months after the recruitment exercise has been completed; it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
We will keep information on volunteers while they are volunteering for us and for a period of 6 months after this ends. A summary of their volunteering will be kept for a period of three years after their volunteering ends in case they ask us to provide a reference for them during this period.
Information on Trustees and Directors will be retained for the life of the company, as required by Companies House and Charity Commission records.
d. Communications & Marketing
The Guild will only send you information directly to your UoB email address that is deemed relevant to your membership of the Guild. When first contacted by the Guild (following completion of UoB online registration) you are able to update your communication preferences – which includes additional information you would like to receive about wider events and activities which may be of interest to you – and thereby provide consent to be contacted with relevant promotions, offers or information that you have expressed an interest in (in addition to information directly linked to your membership of the Guild).
If at any point you do not wish to receive further updates and wish to opt out go to guildofstudents.com/profile/ or if you are logged in, go to the ‘Profile’ icon within the left hand menu and modify your preferences or contact details.
You may opt-out from receiving promotional or marketing emails by notifying us at the address specified at the bottom of any unwanted email. Emails may be sent to you from the Guild or from its societies, clubs or other student groups affiliated to the Guild (if you have joined a group and are therefore a member of that group). If you unsubscribe from a Guild email, you may still receive emails from these affiliated groups and vice versa.
In some cases the opt-out facility is not available unless you have opted out of Guild membership completely. These instances include: transactional or relationship messages, such as those that are necessary to provide you with confirmation of a completed transaction (such as a purchase, request, or change in your user profile at guildofstudent.com); emails providing notification of changes of terms of service; or those providing information related to your membership such as notice for General meetings, elections, or referenda.
e. CCTV – Crime Prevention & Guild Venues
CCTV is used in the Guild for maintaining the security of property and premises and for preventing and investigating crime. It is also a condition of the Guild’s license. It is therefore in the Guild’s legitimate interests to operate CCTV on its premises. The information processed may include visual images, personal appearance and behaviours. This information may be about staff, students, customers, and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and other Guild staff, service providers, police forces, security organisations, and persons making an enquiry.
A copy of the Guild CCTV policy can be found here.
If you use the Guild’s venues (for example on a club night such as Fab ‘N’ Fresh), and are involved in an incident or removed from the premises for licencing purposes, an ‘incident form’ will be produced. You may be asked to produce your University ID card, and to provide additional personal data such as your contact details. Data recorded may outline the details of the incident and contain further personal or special data.
Incident forms are processed by the HR & Administration department and only shared with those staff and Guild Officers who need to have access to the information. Incident forms are hard copy documents, which are then scanned into an electronic format and destroyed. This information may then be used to evoke and inform a membership (or student group) disciplinary, and sanctions imposed.
Please note, the Guild is a membership organisation and as such, you can be asked to provide proof of your membership at any point before you enter and during your time within the Guild building. Failure to comply may result in your removal from the building or refusal of entrance.
f. Undertaking Research
Sometimes we may commission a specialist company or consultants to carry out research to help us improve our services to you. In this case we may share your personal data so that the company or consultants can contact you to ask if you wish to take part. If you do not, then your details are deleted from their database. Your personal data is not used by them for any other purpose. We enter into data processor agreements with our data sharing partners (data processors) to make sure that they comply with their data protection obligations to us and to you.
g. Award Schemes
We may also use your personal data to nominate, enrol or enter you in any relevant competitions or award schemes and publicise your name in such scheme. You will always be informed of your nomination or entry and have the right to withdraw and have your name removed from publication.
h. Events
If you attend our events, we may use this information to help us to market and promote our future events and services, unless you opt out of this marketing (see section 5d above).
i. Enhanced Transcripts
We may share your personal information with the University of Birmingham to be included on your University enhanced transcript. This may include activities you have taken part in with the Guild, for example Student Group Committee Membership or Student Staff.
For more information on enhanced transcripts, click here. If you do not want information about your participation in Guild activities shared you will be able to tell us and we will not share this.
j. Attendance at Student Group AGMs/EGMs
If you attend an AGM/EGM of a Guild affiliated Student Group, then your attendance will be recorded at the meeting and may be inputted into the Guild website by a member of the Committee for the purposes of ensuring quoracy. If you are elected as a Committee member at an AGM/EGM, then a member of the Committee will also inform the Guild’s Student Activities Department of your email address so that they can send you relevant communications relevant to your new committee position.
-
Data Sharing with the UoB
The Guild has a data sharing agreement with the UoB.
This agreement permits the transfer of your personal information specified in the agreement from the UoB to the Guild and also from the Guild to the UoB. Your personal information may be shared by the Guild to the UoB for the following reasons:
- to facilitate access to University facilities;
- for student wellbeing and security reasons;
- in order to implement procedures, measures and sanctions relating to misconduct proceedings;
- to promote student health and safety;
- to facilitate the Student Mentors, Community Wardens, Student Reps and Hall Reps; and
- in order to enable volunteers to carry out their roles.
-
How long will we keep your personal information for (data retention)?
Where possible we will only keep your information for the period of your membership of the Guild and will then delete it.
a. Membership data/personal information
Membership data/personal information held within the Guild’s data management system (guildofstudents.com) will be held for 8 years from the leaving date of the student.
b. Support Service user data/personal information
Support Service user data will be retained for 6 years from the last time the service was used/accessed or contract ended so that we can deal with any complaints or claims raised.
c. Volunteer & Trustee data information
Personal data on volunteers will be retained for 3 years from when the individual stops volunteering for the Guild. Information on Trustees and Directors will be retained for the life of the company, as required by Companies House and Charity Commission records.
d. CCTV images
CCTV images will be kept for one month, unless a request is made to keep images for longer, with good reason (for example because a crime or complaint is still being investigated), and the DPO and/or the CEO agrees to such request.
-
How do we protect your personal information (data security)?
We safeguard the personal information you send to us with certain physical, electronic, and managerial procedures within the Guild and within our systems. The Guild’s central IT infrastructure is managed by the UoB, and subject to related policies and procedures.
We also store your personal information behind our firewall and utilise appropriate security measures in our physical facilities to prevent loss or unauthorised use of special information. We limit access to personal information in electronic databases to those persons, including Guild employees, in our organisation who have a need for such access.
While we make every effort to protect your personal information when it is in our care, we urge you also to take every precaution to protect your personal information when you are online. We suggest that you change your passwords often, use ‘strong’ passwords that include a combination of letters and numbers, and use a secure browser.
For any students who are committee members, or issued with a Guild email address, you will be subject to the Guild’s Data Security Policy and regularly required to update your password.
Products and services are available which can help give you privacy protection while navigating the internet. While we do not anticipate breaches in security, if one occurs, we will use all reasonable efforts to correct the problems that led to the breach and we will report it to the Information Commissioner as required under data protection law, and those directly affected.
We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.
-
Your rights - access to personal information & subject access requests
You have the right to request:
- Access to the personal data we hold about you, free of charge in the majority of cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we erase your personal data where we were not allowed to process it or it is no longer necessary to process it for the purpose for which it was collected or once the purpose for which we hold the data has come to an end (such as the end of our student data retention period).
- That we stop data processing where we are relying on a legitimate interest and you think that your rights and interests outweigh our own and you wish us to stop.
- For example, when you withdraw consent, or object and we have no legitimate overriding interest, or
- That we stop using your personal data for direct marketing (for example, via email).
- While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You have the right to request a copy of any information about you that the Guild holds at any time, and also to have that information corrected if it is inaccurate.
If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
This information will be provided to you within one month.
To ask for your information and make a subject access request, please contact:
Data Protection Officer, University of Birmingham Guild of Students, Edgbaston Park Road, Edgbaston, Birmingham, B15 2TU;
Or email: dataprotectionofficer@guild.bham.ac.uk.
To ask for your information to be amended, please update your online account via guildofstudents.com, or email: dataprotectionofficer?@guild.bham.ac.uk
If there is a circumstance where we choose not to or are unable to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent:
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
You have the right to stop the use of your personal data for direct marketing activity through all channels. We will always comply with your request.
-
About this Notice
For clarity, this Privacy Notice does not provide exhaustive detail of all aspects of the University of Birmingham Guild of Students’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to: dataprotectionofficer@guild.bham.ac.uk
-
Further Information & Complaints
We are committed to dealing with your data lawfully.
If you have a query, question or would like to speak to our Data Protection Officer, please contact: dataprotectionofficer@guild.bham.ac.uk
If you have any questions or complaints about how we handle your personal data please contact: complaints@guild.bham.ac.uk.
You also have the right to complain to the Information Commissioner if you think there is a problem with how we handle your data. For further guidance on matters relating to Data Protection and Privacy, please refer to Information Commissioner’s Office by calling 0303 123 1113 or online via www.ico.org.uk/concerns.