STUDENT PRIVACY NOTICE
Queen’s University Belfast (“we”, “us” and “our”) is committed to protecting your personal data. The notice is addressed to all students (part time, full time, distance and on campus), (“you” and “your”). This Privacy Notice tells you why we need to collect personal information about you, what we will do with it, and how we will look after it. It also tells you about your legal rights in relation to your Personal Data. If you have any questions about this privacy notice, please contact us. Contact details are provided below.
WHO WE ARE
- We are Queen’s University Belfast, a university with a reputation for excellence in education and research and a member of the Russell Group. Founded in 1845 as Queen's College Belfast, we became an independent university in 1908.
HOW YOUR PERSONAL DATA IS COLLECTED
2. Information you provide: When providing services related to your degree course and student experience we will ask for information about you, such as your name, address, DOB, bank details, etc. This is known as your “Personal Data”. We may also ask you for some special categories of information (for example criminal convictions, health, and religion). This is known as your “Sensitive Personal Data”.
3. Data from other sources: We also collect information about you from other sources and this also forms part of Personal or Sensitive Data. This includes information from:
- Local public authorities, such as councils or local education authorities,
- SLC, UCAS, DFID, the Police, NHS Trusts, UKVI, private landlords, prescribed regulatory statutory bodies (PRSB’s), other higher education providers, placement providers and organisations, for activities such as scholarship programmes, internships, accreditation, student payments and Degree Plus.
- Individuals who have provided academic or personal references.
HOW WE USE YOUR PERSONAL DATA
4. We use your Personal Data and Sensitive Personal Data in the following ways:
- To enrol you as a student and maintain your student record;
- Administer your course and academic progress, as well as for official accreditation and professional registers;
- Administer the financial aspects of your studies, including tuition and accommodation fees, as well as any supporting payments, bursaries and scholarships;
- To provide access to, and ensure the security of, University buildings;
- To provide access to and offer facilities for services available during your studies and thereafter, such as library services, computer access, sports facilities, accommodation services, Students’ Union membership, careers services, alumni and other activities which are supported or run in conjunction with the institution;
- Carry out our legal duties and statutory responsibilities;
- Administer security, disciplinary, complaint, academic appeal and quality assurance processes and arrangements;
- Monitor compliance with UKVI for international students and workers;
- Investigate indications of any breaches of University Regulations;
- Ensure the health, safety and wellbeing of students;
- Contact you, your next of kin or another relevant contact in case of emergency;
- Monitor and evaluate the student experience, at all stages of the student life cycle;
- Monitor the effectiveness and efficiency of University programmes;
- To respond to Subject Access Requests (SAR) under the Data Protection Act 2018;
- For conducting equal opportunities monitoring and equality impact assessments to ensure our policies and practices do not discriminate against individuals;
- For postgraduate research students only, to facilitate inclusion in the University’s research information system and portal, and to facilitate research activities and processes;
- To notify you of other services and events related your studies and student life via electronic and direct postal communications;
- To process, assess and record your Degree Plus, Graduate Plus and Researcher Plus accreditations where appropriate;
- To perform necessary health and safety checks in relation to your chosen field of study (e.g. vaccinations, criminal background checks)
- For recording your career development support and feedback from the Service;
- For the administration of first aid training, with the St John's Ambulance service.
- We use your images for use with CCTV for your security, on occaisions that lectures/seminars are recorded via Canvass or MS Teams and to produce your student cards and;
- For use in debt recovery.
LEGAL BASIS FOR COLLECTING AND USING YOUR PERSONAL DATA
5. We will only use your Personal Data if we have valid reasons for doing so. These reasons are known as our “legal basis for processing”. In certain circumstances we may ask for your consent to process your information. At other times we may be required to process your information to enable us to fulfil our part of the contract we have with you. There are circumstances where we have a legitimate interest to process your personal data, for example to provide you with a service which you have requested. The legal bases for processing your Personal Data are:
- Contractual obligations, owing to the staff/student contract;
- Legal obligations, where we are required to process it under law;
- Through the use of consent, where appropriate;
- Legitimate interests of the data controller, where we are required to process data for business related tasks;
- As a public task, I.E. to perform a specific task in the public interest that is set out in law and;
- To protect your vital interest, where there is a threat to life.
When processing your ‘sensitive data’, we will do so in line with Article 9 of the GDPR and will use the appropriate exemption for each instance of sharing and/or processing, which are:
- Processing is necessary for carrying out obligations to employment, social security and social protection law;
- Processing is necessary to protect the vital interests of the data subject;
- Processing is carried out in the course of the legitimate activities with appropriate safeguards;
- For the purposes of public interest in the area of public health, such as cross-border threats and ensuring high standards of quality and health and safety;
- Processing is necessary for occupational health or workplace assessment and diagnosis;
- Processing is carried out with explicit consent of the data subject;
- Processing is necessary for reasons of substantial public interest and;
- Processing is necessary for archiving purposes in the public interest, scientific or historical research or statistical purposes.
WHO WE SHARE YOUR DATA WITH
6. In line with our Data Protection Policy and Procedures we can share your information, including Personal Data and Sensitive Personal Data, with the following parties for the purposes set out above:
UCAS, SLC, HESA, local government agencies and council authorities, community and residential groups, the Police, other Higher Education Providers, schools and colleges, accrediting bodies, INTO, Advance HE, Jisc, registration boards (such as the GMC and ARB) and other Prescribed Regulatory Statutory Bodies (PRSB’s), Research Councils, NHS Trusts, Northern Ireland Medical and Dental Training Agency (NIMDTA), Professional Schools Councils, Medical Schools Council Excluded Student Database, UKVI, local news outlets (for graduation), IT or software companies who process student data to provide university IT services, survey and consultancy services used to evaluate your student experience, funders or other national or foreign government agencies responsible for grants and scholarship, placement providers and organisations, other library services, accommodation providers, university occupational health services, chaplains, disability assessment services and third party service providers, debt recovery services, private landlords and their agents and the St John's Ambulance Service.
DATA PROCESSING OUTSIDE EUROPE
7. We use third party software providers, such as Mail Chimp, for the provision of some services that we offer. Some of these services are based in the United States of America. These services will only be used, outside of the EEA, when there is an Adequacy Decision in place and/or appropriate safeguards to protect any personal or sensitive data.
HOW LONG YOUR INFORMATION WILL BE KEPT
8. We will keep your Personal Data and Sensitive Personal Data for up to 6 years from the date you leave the University. We will only keep your information if we need it for one of the reasons described above. We place great importance on the security of the Personal Data that we hold, including the use of physical, technological and organisational measures to ensure your information is protected from unauthorised access and against unlawful processing, accidental loss, alteration, disclosure, destruction and damage.
9. The Data Protection Act 2018 provides you with a number of legal rights in relation to your Personal Data, including the right:
- to request access to your Personal Data;
- to request correction of your Personal Data that is wrong or incomplete;
- to request erasure or the restriction of processing of your Personal Data;
- to request the transfer of your Personal Data in a structured; commonly used machine-readable format;
- not to be subject to automated decision making; and
- to withdraw your consent
10. If you wish to exercise any of the rights set out above, or require further information about any of the rights, please contact us.
11. Where we need to collect your Personal Data, whether for the purposes of providing a service you have requested or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to provide the service or perform the contract. We may, therefore, have to cancel the contract or the service we provide to you but we will notify you if this is the case at the time.
12. There may also be times where we cannot stop using your Personal Data when you ask us to, but we will tell you about this if you make a request.
13. If you have any questions or comments about this privacy notice, the University’s Data Protection Officer can be contacted at:
Data Protection Officer
Queen’s University Belfast
14. You have the right to complain about how we treat your Personal Data and Sensitive Personal Data to the Information Commissioner’s Office (ICO). The ICO can be contacted at:
Information Commissioner's Office
CHANGES TO THIS NOTICE
15. We may update this Privacy Notice from time to time. We will notify you of the changes where we are required by law to do so.