Privacy and Cookie Policy

We comply with the EU's General Data Protection Regulation (GDPR) and The Data Protection Act 2018 from 25 May 2018.

 

Personal data

What type of information we have:

How we get the information and why we have it:

Most of the personal data we process has been and is provided to us directly by students interested in, accessing and taking part in services provided by the University or various parts of the University (including but not limited to for example the University’s Careers’ Service, Graduation Ceremonies, extra-curricular activities for students, and a variety of services offered by Student Services within the University).

We also collect some personal data from staff members and potential staff members (applicants).
We also collect some personal data from alumni of the University.
We may also collect some personal data from individuals who are external to the University
and who are for example members of the local community involved in The Music Centre.

We need this data from students, staff members (including applicants), alumni and individuals external to the University, to (in terms of the ‘purposes of the processing’/’processing purposes’):  

 

A. In terms of for example the Careers Service

  • share general updates and news about the University and opportunities for involvement (such as for example workshops or leadership courses),
  • opportunities to attend career events,
  • to processing applications for employability funding through the Winchester Employability Fund,
  • staff administration,
  • top level impact evaluation of student numbers and engagement in initiatives to assess inclusivity of activities,
  • to staff administration, to complying with legal obligations where the University is required to provide personal data under for example a subject access request or
  • in reports to The Office for Students (the independent regulator of Higher Education in England) and the Quality Assurance Agency for Higher Education.

B. In terms of for example students engaged in extra-curricular activities

  • share general updates and news about the University and opportunities for involvement (such as for example informing students of development opportunities like the Higher Education Achievement Record (HEAR) annually),
  • opportunities to attend events,
  • to engage with on campus activities,
  • staff administration,
  • top level impact evaluation of student numbers for internal University purposes relating to impact and take up of such opportunities for students,
  • engagement in initiatives to assess inclusivity of activities, and
  • to comply with legal obligations where the University is required to provide personal data under for example a subject access request, or
  • in reports to The Office for Students (the independent regulator of Higher Education in England) and the Quality Assurance Agency for Higher Education.

C. In terms of for example Student Services

  • to provide a range of support and advice services for students, to help students to succeed during their time at Winchester
  • to work with other areas of the University, such as Faculties and Housing, so that the University can support students effectively and holistically
  • In addition, students may grant consent for Student Services as part of online registration, re-enrolment or at other times to share their personal data and sensitive personal data (‘special category data’) with any or all of the following: Emergency Contact/Trusted Adult, a GP Practice, a professional working with the student e.g. a Social Worker.
  • Students will be able to withdraw or manage these consents by contacting Student Services with their requirements. Student Services will advise students of this process via the intranet.

D. In terms of HESA

  • Articles 13 and 14 of the GDPR (General Data Protection Regulation) require organisations such as the University who are acting as what are called ‘data controllers’ and collecting personal data to provide information to data subjects that identifies them and describes for example their purposes for processing personal data, including transfers and disclosures to other such ‘data controllers’. HESA’s Collection Notices provide this information for students, staff and graduates on behalf of HESA, HESA Services Limited, and the other organisations who are Controllers of HESA datasets. The Collection Notices are published at www.hesa.ac.uk/about/regulation/data-protection/notices. As a HE (higher education) provider, the University of Winchester must inform students and staff that their personal data will be submitted to HESA and must make the HESA Collection Notices available to all relevant data subjects. HESA recommend that HE providers include a link from their own privacy notices to the HESA Collection Notices, as we are doing here in this privacy notice to the above HESA website. 

E. For the purposes of the Graduation Ceremonies

Most of the personal data we process has been and is provided to us directly by the graduating students. The information is taken from the University’s students’ records system and/or provided directly to the graduation team through registration or email/phone contact. We need this data to:

  • Share general updates about the University’s Graduation ceremonies and practical information about the events themselves
  • Process student awards and produce degree certificates and transcripts
  • Confirm attendance at graduation and release tickets
  • Create and print the graduation programme for students and guests to use at graduation
  • Enable the smooth running of the graduation ceremonies
  • Celebrate the success of our students by printing names of graduates in the local newspaper (only for students who consent to this)
  • Broadcast the ceremonies live on our website and to live-screening venues in Winchester Guildhall (or at other venues potentially) for students and guests who couldn’t attend
  • Promote the university using publicity photographs (consent will be requested for individual or small group shots)
  • Ensuring the graduation ceremonies are accessible for all students/guests who wish to attend
  • Support students and guests who require a visa to attend graduation
  • Keep a record of all students awarded in an academic year for records
  • Complying with ‘legal obligations’ where the University is required to provide personal data under for example a subject access request (under The General Data Protection Regulation from 25 May 2018).

F. For HR (staff members and former staff members)

  • We may collect, store, and use the following categories of personal information about you: (see APPENDIX A later).
  • We may also collect, store and use the following "special categories" of more sensitive personal information: (see APPENDIX B later).
  • The ‘purposes of the processing’ include: (see APPENDIX C later).
  • In certain specific circumstances and linked also to its above mentioned ‘processing purposes’ and where there is also an additional ‘lawful basis’ for this further processing, the University may process a specific amount of sensitive personal data (or ‘special category data’ as its more formally known under GDPR). This is done in line with ICO guidance. We will use your particularly sensitive personal information in the following ways:
    • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
    • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
    • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • Where we have a legal obligation to do so in relation to the role you are undertaking, we may require a criminal records check (Disclosure and Barring Service check) as part of our pre-employment checks. We process criminal offence data in line with the GDPR Article 10. We process criminal offence data in our official capacity as a higher education institution and meet the condition set out in Schedule 1 Part 1 of the Data Protection Act 2018 (that the processing is necessary for performing obligations or rights of under employment law, social security law or the law relating to social protection).

G. For HR (applicants)

The ‘purposes of the processing’ include:

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Equal opportunities monitoring.

We will use your particularly sensitive personal information (or ‘special category data’ under GDPR) in the following ways:

  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Where we have a legal obligation to do so in relation to the role you are undertaking, we may require a criminal records check (Disclosure and Barring Service check) as part of our pre-employment checks. We process criminal offence data in line with the GDPR Article 10. We process criminal offence data in our official capacity as a higher education institution and meet the condition set out in Schedule 1 Part 1 of the Data Protection Act 2018 (that the processing is necessary for performing obligations or rights of under employment law, social security law or the law relating to social protection).

H. For alumni of the University

We also collect some personal data from alumni of the University, where the ‘purposes of the processing’ range from:

  • sharing general updates and news about the University and opportunities for involvement (such as for example as a Former Student Governor in May 2018)
  • opportunities to attend events
  • informing alumni of a Postgraduate Open Evening
  • complying with legal obligations where the University is required to provide personal data
  • fundraising purposes, with the prior consent from the alumnus

In order to complete these fundraising purposes and activities, the University may gather information about alumni from publicly available sources – for example, Companies House, the Electoral Register, and other online resources – to help it understand more about them as individuals and their ability to support the University, including financially.  The intention is to always ensure we use our resources as effectively as possible to help us engage appropriately with our community of alumni. In order to achieve this we may undertake wealth screening of our database.

Wealth screening (sometimes referred to as data enrichment and screening), is a process used by fundraising organisations to learn more about their constituents using trusted third party providers, who will assimilate publicly available sources to provide information back to the University. It supports planning for our fundraising and engagement campaigns – allowing us to prioritise the portfolio for fundraisers and senior leadership. Wealth screening enables us to better target our conversations about fundraising and therefore generate funds cost-effectively.

When conducting screening, the University  only uses vetted suppliers with the appropriate contracts in place. For the University of Winchester, the third party company employed to carry out the screening are Factary

If you would prefer the University to not use your data in this way, please email alumni@winchester.ac.uk or call the Head of Development on 01962 827426.

I. For the work of The Music Centre (including for individuals who may be external to the University and for example may be members of the local community etc.)

The ‘purposes of the processing’ range from:

  • sharing general updates, operational information and news about opportunities for involvement (such as for example music ensembles and community engagement projects)
  • to opportunities to attend events and concerts,
  • staff administration, and
  • to complying with legal obligations where the University is required to provide personal data under for example a subject access request under The General Data Protection Regulation from 25 May 2018.

J. For the purposes of Enrolment and (Re)Enrolment

The ‘purposes of the processing’ range from: compliance with external statutory reporting, data collection for educational and administrative purposes, institutional research for improvement of services for the student experience, and compliance with legal obligations where the University is required to provide personal data.

Categories of Personal and Special Category Data Collected at Enrolment and Re-Enrolment:

  • Personal Details, including contact information and addresses
  • Photo ID
  • Emergency Contact Information
  • GP information
  • Nationality
  • Course Study details
  • Finance information
  • Consent to Share information
  • Disability information
  • Statutory information
  • Widening Participation information

Read the Enrolment and Re-enrolment Privacy Notice in full on our Policies and Procedures page.

K. For the use of AskAlf

Ask Alf is told your username and your staff or student status to contextualise your experience.

It may also draw on your faculty or course but only if the answers are specific to those elements (e.g. how do I get my placement expenses reimbursed).

The University does not collect the questions users ask Alf but anonymised comments and analytics will be used to improve the service.

All data is stored on the University Microsoft Azure platform. The data is stored in the UK under full adherence to all UK GDPR requirements.

Under the General Data Protection Regulation (GDPR), the ‘lawful bases’ we rely on for processing the personal data are:

(a) Your ‘Consent’ - you are able to withdraw your consent at any time where your personal data is processed for a processing purpose related to this lawful basis.

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We (the University) need it to perform a ‘Public task’ (as the University is designated as a ‘public authority’ in law) - including for example in relation to the collection and processing of student ID numbers.

(f) We have a legitimate interest.

In relation to the processing of personal data where the University has a ‘legitimate interest’ (as noted above), when communicating with key audiences such as current students, prospective students and alumni, ‘Legitimate interests’ is a lawful basis used by the University for specific processing purposes in line with ICO guidance.

Such ‘Legitimate interests’ for the processing include under the generally accepted three-part test for this ‘lawful basis’ as follows:

Linked to its above mentioned ‘processing purposes’, the University processes a specific amount of personal data, which includes for example the names, student ID number and contact details of current students and alumni. Such processing enables current students and alumni to keep themselves updated on Careers Service news and opportunities for involvement (for example when booking 1:1 appointments with a Faculty Employability Adviser) to opportunities to attend career and employability events such as Winchester Opportunities Week during semester or graduate development workshops in the vacation periods.

In certain specific and limited circumstances and linked also to its above mentioned ‘processing purposes’ and where there is also an additional ‘lawful basis’ for this further processing, the University may process a specific amount of sensitive personal data (‘special category data’). This is done in line with ICO guidance, and may include information about an individuals’ health for example.

Sometimes the University has a requirement to share this information with groups of recipients. They include sharing details within the University, for example telling the Catering team about a student’s dietary requirements when they are attending external events such as a leadership course or guest lecture by an employer. Such sharing may also include for example information about an individuals’ health for example in residential excursions or physical activities such as sport.

What we do with the information we have:

We will share a limited amount of necessary personal data:

How we store your information:

Personal data and sensitive personal data (‘special category data’) will be kept for no longer than necessary, and these decisions will be made in line with legal requirements, the relevant University policies and in light of relevant best practices.

Your data protection rights:

Under data protection law, you have a number of potential rights available, and more information on these can be found at ico.org.uk

These rights though depend on which ‘lawful basis/bases’ your personal data is processed under for a particular ‘processing purpose’:
Under data protection law, you have rights including:

How to complain:

You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House,
Water Lane, Wilmslow. Cheshire. SK9 5AF.
Helpline number: 0303 123 1113.

APPENDIX A

We may collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
  • Start date.
  • Location of employment or workplace.
  • Copy of driving licence – only if a requirement for job role.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships).
  • Performance information.
  • Disciplinary and grievance information.
  • Information about your use of our information and communications systems.
  • Photographs.

APPENDIX B

We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation, gender.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about your trade union membership if you have chosen to pay trade union subscriptions through payroll.

APPENDIX C

The ‘purposes of the processing’ include:

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
  • Providing multiple benefit packages to you as an employee’
  • Liaising with your pension provider.
  • Administering the contract we have entered into with you.
  • Business management and planning, including accounting and auditing.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with customers and other third parties to whom your identity and background information is important. For example if you are to work on their premises or because of a proposed merger, acquisition or joint venture.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • Complying with court orders.
  • To prevent fraud.
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies. This is not routinely done.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.
  • Equal opportunities monitoring.

The data protection officer for the University is:

Stephen Dowell, Data Protection Officer,

The University of Winchester, Sparkford Road
Winchester, Hampshire.
SO22 4NR.

United Kingdom.

 Tel: +44 (0) 1962 841515, Ext. 7217.  

Email: Stephen.Dowell@winchester.ac.uk 

--------------------------------------------------

The name and contact details of our organisation are:

The University of Winchester,
Sparkford Road
Winchester, Hampshire.
SO22 4NR.
United Kingdom.

Tel: +44 (0) 1962 841515 

Fax: +44 (0) 1962 842280

 

Cookie policy

Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How the University of Winchester uses cookies

The university webservers collect anonymous information, like the IP address of your computer, the browser software used, the operating system, access times and pages visited. This information is used to monitor usage and to assess the effectiveness of the university website.

In some sections of the university website anonymous data such as browser type or IP address may be used to customise web page content. This information is used in an anonymous form to ensure appropriate and effective delivery of content.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You should be aware that this may prevent you from taking full advantage of our website. If you are unsure how to do this, use your favourite search engine to look this up using the term 'declining cookies' with your browser name, or contact your local IT support for advice.

Google Analytics

Google Analytics use traffic log cookies to gain information about the use that is made of pages on our website. We use the information from cookies to generate reports on the usage of our website which are used for evaluation and analysis. The purpose is to improve our website by tailoring it to the needs of users. In all cases, no data specific to any identifiable user is retained.

As a user you can opt out of this process of collecting traffic log data. To do so please visit Opt out of Google Analytics Information.

What are your choices regarding cookies?

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

Further Information

We endeavour to keep the information we hold as up-to-date and as accurate as possible. If you wish to see the data the University holds about you please contact the Data Protection Officer.

In line with the new General Data Protection Regulation (GDPR) from 25 May 2018, the University will not charge a fee to deal with a request in most circumstances.

However, the University reserves the right to charge a fee in cases in line with ICO guidance.

Our Data Protection Officer is Stephen Dowell, he can be contacted via email Stephen.Dowell@winchester.ac.uk