Student Wellbeing - Privacy Notice

Background

This Privacy Notice is designed to explain how and why information about individuals in the following categories is used and managed:

• Students and applicants using the services of Student Wellbeing

All of the personal information will be treated in accordance with the terms of the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR). This means that confidentiality will be respected and that appropriate security measures will be taken to prevent unauthorised disclosure. This notice is intended to meet the transparency requirement of the legislation and to ensure that all individuals in the categories above know how their data will be processed.

Using your personal information

Who will process my information?

Under Data Protection law the University is the “data controller”. This means that the University is responsible for how it uses and processes your information and complying with requests relating to your personal data.

The Student Wellbeing Team need to use students’ and applicants’ personal information to support students through their time at the University. Information is needed to ensure that reasonable adjustments are put in place for disabled students.

Why do we collect and use your personal information?

The Student Wellbeing Team within the University is required to process and retain certain information relating to students/applicants to ensure that they are supported throughout their time at University. The Student Wellbeing Team also uses this information to monitor and improve services.

If you choose to do so, you can receive communications from the Service after you have left the University and can take part in research.

Keeping information updated

The University strives to ensure that all personal information is accurate and up to date. Students keep their information up to date during the course of their studies.

How long is the information kept?

The University will retain your information only for as long as necessary for the purposes described.

Where do we obtain information from?

We obtain information directly from students and applicants, when they provide information during an enquiry in person, by telephone or by email:

• Information you have provided on your application form (including applications made via a third party such as UCAS and other partner organisations)
• Information you provide to the University during the course of your study; and, the purposes of external study or exchange
• Information provided by partner organisations such as other educational establishments for the purposes of external study or exchange.

What information is being collected and used?

Data will consist of the information provided by the “data subject” or a company acting on behalf of the University. Information is held both in hard copy or electronic format.

The personal information the University holds about you is obtained from a number of sources including information that you provide directly to us:

• Personal information provided by you when enquiring and discussing your disability and/or  wellbeing issue
• Information concerning your medical condition or impairment, which can include your GP details, diagnostic reports or letters confirming diagnosis, confirmation of engagement with community mental health support and/or hospital attendance and so on.
• Details of support provided by previous education providers, for example, school or college.

Special category personal information is also processed where it is necessary and lawful for us to do so. In most cases you have the option whether to provide this information or not. This refers to data revealing:

• Racial or ethnic origin
• Political opinion
• Religious or philosophical beliefs
• Trade union membership
• Physical or mental health
• Sex life or sexual orientation.

Data relating to criminal convictions and offences are also subject to additional protection.

Who is the information shared with?

Your information will be shared internally only with those individuals who require it in the course of their duties.

The University can be required to share your personal information with external organisations. This would only occur due to a statutory or legal obligation.

We record and share data with HESA regarding the nature of your condition or impairment, and whether you are in receipt of DSA.

Information is shared with SAAS in relation to Disabled Students Allowance for some disabled students and with third parties which provide services to the University.

We would not share your personal data without your consent other than in the circumstances noted below:

• If a child’s physical or emotional wellbeing is at risk
• If we believe you are in danger of seriously harming yourself or another person.

We will disclose personal data where we have been given information that would render us liable to civil or criminal court procedures should it not be disclosed.

How is the information kept securely?

Information is kept securely on University equipment in line with University Information Security and Data Protection Policies. Access is restricted to only those staff or authorised agents who require it and on a “need to know” basis.

Will the information be used for automated decision-making?

No.

Is the information transferred outside the European Union?

Where the University transfers information outside of the UK or EEA, we will ensure adequate safeguards are in place to protect the rights and freedoms of data subjects.

Your rights

You have the right to:

• Find out what personal data we process about you and request a copy of the data
• Ask us to correct inaccurate or incomplete data
• Withdraw consent to process your personal data, if you were asked for and provided consent.

If you think we are acting unfairly or unlawfully you can:

• Object to the way we are using your data
• Complain to the UK Information Commissioner’s Office.·

Under certain conditions you also have the right to ask us to:

• Restrict the use of your data
• Erase your information or tell us to stop using it to make decisions about you
• Provide you with a portable electronic copy of the data you’ve given us.

Please contact us if you wish to exercise/enquire about any of these rights.

Contact details

Data Protection Officer (DPO)
Department of Governance
Britannia Building
Glasgow Caledonian University
Cowcaddens Road
Glasgow
G4 0BA

Email: dataprotection@gcu.ac.uk

Legal basis for using your information

The legal condition which enables the University to process personal information is found in Article 6 of the General Data Protection Regulation (GDPR). In particular, we rely on:

• Article 6(1)(a) consent
• Article 6 (1)(c) where there is a legal obligation
• Article 6(1)(d) vital interests
• Article 6(1)(e) public task.

Where special categories of data are processed we rely on:

• Article 9(2)(a) explicit consent
• Article 9(2)(g) substantial public interest, where this is permitted under the Data Protection Act 1998.