Current Students privacy notice

The University, originally a Church of England institution founded in 1839, continues to be guided by Christian values and is justifiably proud of the open, inclusive and supportive environment that characterises the institution. The University welcomes students and staff of all faiths or none and seeks to provide all its students and staff with the education, skills, support and motivation to enable them to develop as confident world citizens and successfully to serve and improve the global communities within which they live and work.

Introduction

The University, a Church of England institution founded in 1839, continues to be guided by Christian values and is justifiably proud of the open, inclusive and supportive environment that characterises the institution. The University welcomes students and staff of all faiths or none and seeks to provide all its students and staff with the education, skills, support and motivation to enable them to develop as confident world citizens and successfully to serve and improve the global communities within which they live and work.

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or hold.  This Data Processing and Privacy Notice describes how and why the University of Chester (“We”, “our”, “us”) collects uses and shares personal information about “you” as a student.  It is issued under your right to be informed about how the University collects, uses and stores your personal data.

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

What Personal Data does the University collect, use and hold?

We may collect, use and hold the following types of personal data:

  • your name, and contact information such as address, email address and telephone number;
  • your date of birth, national insurance (or similar tax) number, your passport details or national identity card details, immigration status and relevant documents including your photo image;
  • contact details (Name & telephone number) of your designated emergency contact;
  • your country of domicile and your nationality;
  • information relating to your education history including the school(s), sixth form college(s) and other colleges or universities you have attended, the modules, courses or programmes you have completed, dates of study and examination and assessment results including your predicted and actual examination grades;
  • records relating to your programme of study, assessments of your work, including learning records, marks, transcript, report logs, placement data, details of assignments and examinations taken, and other information in your student record;
  • work submitted by you for assessment including coursework, examination scripts, projects, placement records, portfolios, dissertation or thesis;
  • your employment history including places where you have worked, and any relevant work, training or volunteer placements undertaken as part of your studies or training;
  • any information arising from your interactions with your tutors, supervisors, programme leaders or personal academic tutors and activities within Student Futures, disability support, wellbeing, careers or counselling, complaints, disciplinary or suitability matters including issues relating to academic integrity, and the associated casework;
  • Information relating to your requests for mitigating or extenuating circumstances to be taken into account in requests for extensions and/or deferrals to submission dates, for requests for consideration by a mitigating circumstances board or academic appeals panel;
  • your attendance, your location at the time of recording attendance, reasons for non-attendance and your engagement with your studies;
  • information about your family or personal circumstances, and both academic and extracurricular interests, for example where this is relevant to the assessment of your suitability to receive a bursary or in order to provide you with appropriate wellbeing and pastoral care;
  • information relating to your use of the available learning resources including borrowing record, use of computer facilities, fines, inter library loans;
  • information about your sponsor or employer if relevant;
  • financial information including monies owed to the University.

Not all of the personal information the University holds about you will come directly from you.  It may, for example, come from other organisations to which you belong or professional service providers.  We also collect personal information from third parties such as collaborative partner organisations, service providers offering services provided by the University, for example student recruitment agents and representatives, your financial sponsor, Student Finance England or some other governmental funding body and UCAS.

What Special Category Data does the University Collect?

Special category data includes information held by the University as to your physical or mental health, sexual life/orientation, your religious or philosophical beliefs, your racial/ethnic origin and information regarding the commission or alleged commission of any offence by you and any proceedings for an offence committed or alleged to have been committed by you (including the outcome or sentence in such proceedings) as required by the relevant programme of study or regulatory body eg Nursing or Teaching.

For some programmes, in order to assess your suitability to work with vulnerable persons and/or your fitness to practise for entry into some professions it is necessary to process special category data about your health and disability. 

The University may also hold data relating to criminal offences and/or convictions if these have been disclosed by you as part of the application process or subsequent annual enrolments or as part of a Disclosure and Barring Service check being necessary due to you engaging in regulated activity as part of your programme or module of study.  Such data will be used:

  • To consider your suitability to undertake regulated activity;
  • To comply with regulatory requirements to decide your suitability to study on a regulated programme or to practise in a regulated profession;
  • To consider as to whether to issue a CAS for the purposes of sponsoring your immigration. 
  • To consider your suitability to become a member of the University or to continue to be a member of the University or to decide if any support or measures need to be put in place;
  • To ensure that we adequately assess any risk posed to the wider University community.

As indicated in above not all of the personal information the University holds about you will come directly from you.  It may, for example, come from other organisations which we are required to request such data e.g. Disclosure and Barring Service or United Kingdom Visas and Immigration.

Why does the University need this data and how will the University use this data?

The University needs the data for the following purposes:

  • administration of your application and admission to, enrolment on, delivery of and participation on your programme(s) of study, including ensuring your suitability for your chosen programme(s), the administration of assessments and examinations, the issue of results and certificates in connection with the programme(s), awards and (where applicable) the provision to your employer or other sponsor of information about your attendance and performance on a programme;
  • provision of teaching, research, educational and other services, facilities and support to you and the protection of your health, safety and welfare whilst at the University (which may involve the University disclosing your personal data to the Students’ Union, University student health service providers, staff and other third parties);
  • implementation of the University’s Regulations, practices, codes, policies and procedures;
  • the issue and operation of the University's ‘Smart Card’; which will serve as a means of identification and your means of access to University services and facilities, including libraries, computing facilities and car parks and to facilitate purchases, discounts and special offers through the John Smith’s campus bookshop to which personal data may be provided.  The University may also disclose personal data about Smart Card holders to third parties to facilitate the provision of further services and facilities and for research purposes;
  • monitoring your attendance and performance and the provision of targeted learning support;
  • administration of the financial aspects of your relationship with the University, sponsors or funders including collection of fees and any other monies due;
  • equal opportunities monitoring and the provision of reasonable adjustments or other entitlements under equality law;
  • graduation, career follow-up and alumni activities;
  • for statistical and research including student data for the purposes of enhancing the student experience and for internal and statutory reporting purposes e.g. HESA https://www.hesa.ac.uk/about/regulation/data-protection/notices;
  • to enable effective communication with you, including providing you with information relating to University services and products, funding and/or sponsorship opportunities;
  • provision of references about you;
  • to fulfil and monitor our legal responsibilities including, but not limited to, equality, immigration, public safety and other applicable legislation. 
  • for law enforcement, security or safety purposes (for example use of CCTV and video monitoring in areas of the University whereby such use is made apparent).

What is the Legal Basis for processing the data?

The University will process your data predominantly for purposes relating to our contract with you.  We will also process your data on one or more of the following lawful bases:

  • where it is necessary for the performance of a task in the public interest;
  • where it is necessary to comply with a legal or regulatory obligation;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • archiving purposes in the public interest, scientific or historical research or statistical purposes;
  • We may also use your data where this is necessary to protect your vital interests, or someone else’s vital interests, typically in an emergency. 
  • In a small number of cases where other lawful bases do not apply, we will process your data on the basis of your consent, for example, the University passing some of your data to a third party. Should this be the case, you will be advised that your consent is needed. 
  • Some of the above bases for processing will overlap and there may be several grounds which justify our use of your personal information.
  • In the case of Special Category data we may process the data on one or more of the following additional bases where it is necessary:
  • for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of social protection law;
  • to protect the vital interests of you or of another natural person where you are physically or legally incapable of giving consent;
  • for the establishment, exercise or defence of legal claims;
  • for reasons of substantial public interest, on the basis of UK law;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; and/or
  • you have given explicit consent to the processing of those personal data for one or more specified purposes

For how long will the University keep this Data?

The University will only retain your data for as long as necessary to fulfil the purposes for which it was collected and in line with any necessary legal, financial accounting or reporting requirements.  The University will take into account the nature and sensitivity of the data but in most cases the retention will be seven years following the date of your graduation.  Some data may be held for a shorter period of time. 

Data pertaining to the record of your studies and award of your degree will be held indefinitely in order to confirm your attendance and academic attainment as necessary.

Who has access to the data and with whom will the University share this data?

We may share your personal information with third parties where required by any legal or regulatory obligation, where it is necessary to administer the contract with you, to protect the University’s rights, property, or the safety of our employees, students, or others, or where we have any other legitimate interest in doing so.

The University shares data with outside organisations for a variety of legal or statutory reasons; for example, making statements of student status to local authorities, to the Student Loans Company, to the Students Union, to the Office for Students (OfS), to the Office of the Independent Adjudicator (OIA), or to the Higher Education Statistics Agency.

We must report information about students who are subject to visa controls to UK Visas and Immigration and disclose data for certain roles to assess an individual’s suitability to undertake regulated activity. This includes disclosures where a third party is an agent or service provider appointed by the University to enable us to operate effectively. We only do this where we are satisfied that appropriate safeguards are in place to ensure adequate levels of security for your data.

We may share personal data if it is required for the performance of a contract; for example, between you and your sponsor or funding body.  This sharing may include your financial sponsor, being either an employer or government agency etc.  This disclosure may require sharing data outside of the EU where necessary.

We may also share data with relatives or guardians where appropriate. However, this will only be with your consent unless it is in your own vital interests or the vital interests of another person for us to do so.

The University releases data about finalists to an agency acting on behalf of the Office for Students (OfS) for the purposes of the National Student Survey (NSS). The NSS is designed to gather feedback on the quality of teaching, and is supported by the National Union of Students. OfS’s appointed agent will make contact directly with finalists.  Any data collected by the University Careers Service as part of HESA’s “Destinations of Leavers from Higher Education” (DLHE) questionnaire will be passed to HESA and will be linked to the record which HESA holds about you.

The University also submits data to JISCs HEDD service for the purpose of degree verification for third parties such as employers, agencies and embassies.

If your course involves a placement in the UK or a period of study or employment overseas the University may transfer personal data to the host institution in order to support the study and/or employment placement.  This may include data required in order to provide any reasonable adjustment as required by the Equality Act. 

The University may be required or decide to report alleged criminal misconduct or other such matters to the police or appropriate authority.  As a UKVI migrant sponsor the University is required to report certain immigration matters to the Home Office. 

We may share your personal data with credit reference agencies or other credit assessment, debt tracing or fraud prevention organisations to support credit scoring, credit assessment, debt tracing or fraud and money laundering prevention.

Where information is shared with third parties, we will seek to share the minimum amount of information necessary to fulfil the purpose.

We do not, and will not, sell your data to third parties.

All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.  We only permit them to process your personal data for specified purposes (as written in the contract between us) and in accordance with our instructions.

How will the University keep this data secure?

The University of Chester operates an Information Security Policy which recognises that with the increasing demands being placed on ICT and Information Systems there is a need to understand and control, in a coherent manner, the associated risks.  The principal objective of the policy is to protect the information, including personal data, held by the University.  In support of this policy the University publishes an Information Security Framework which is based on ISO 27001:2005 and uses ISO/IEC 27002:2005 Information Security Techniques – Code of Practice for Information Security Management.

The University has detailed measures implemented in the areas of Business Continuity Management; Information Handling; User Management; Acceptable Use of Computers, the Network and JANET; System Planning and Operation and Incident Reporting and Handling.

Access to all information services shall use a secure log on process and access to the University’s business systems is also be limited by the location of the initiating terminal.  All access to information services is logged and monitored in order to identify potential misuse of systems or information.

All users of University information systems must manage the creation, storage, amendment, copying, distribution and deletion or destruction of data (in electronic or paper form) in a manner which is consistent with the security policy, and which safeguards and protects the confidentiality, integrity and availability of such data.

The University will ensure that all employees are familiar with the principles set out in this policy and will provide training and guidance where needed on policy interpretation, the information asset security classification scheme and information owner responsibilities.

Your duty to inform us of changes

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. As a student you can do this through Portal

What rights do you have as a Data Subject?

As a data subject of the University, under the data protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data.  As such you have the right to…

  • Withdraw consent - where the University has used consent as the legal basis for processing
  • Be informed – about how the University, collects and uses your data
  • Access your personal data that the University holds and process
  • Rectify or correct any inaccuracies in your personal data that we hold
  • Be forgotten by requesting that your details are removed from the University systems
  • Restrict the processing of your data whilst it is being verified or corrected
  • Port your data in a machine readable and commonly used format 
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics.

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.

The following table details the rights that accompany each lawful basis.

 Table detailing the various rights that accompany each lawful basis; see GDPR chapter III

You may contact the University’s Data Protection Officer as necessary regarding your rights. 

Who is the Data Controller and who is the Data Protection Officer?

The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ.  The Data Controller’s representative is Mrs Laura Gittins, University Secretary and Director of Legal Services, who may be contacted at the University address and on 01244 511000. 

The University’s Data Protection Officer (DPO) is Sarah Pownall, who may also be contacted directly by email to dataprotection@chester.ac.uk for any queries relating to your privacy rights.

How to raise questions, comments, concerns, or complaints.

Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above. 

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.  We may also notify you in other ways from time to time about the processing of your personal information.

Last updated October 2023.

Additional notices and guidance/policies

The University has also published a Data Protection policy and accompanying notes of guidance as relevant.