Privacy and cookie policy

We comply with the EU's General Data Protection Regulation (GDPR) and The Data Protection Act 2018 from 25 May 2018, full details can be found on our Policies and Procedures pages.

Personal data

What type of information we have:

  • We currently collect and process the following information:
    Personal identifiers, contacts and characteristics (for example name, student ID number and contact details of students); and
  • In limited circumstances, the University may also process a limited amount of sensitive personal data (‘special category data’). This is done in line with ICO guidance, and may include information about an individuals’ health for example, wellbeing case notes, in residential excursions or physical activities such as sport.
  • For the purposes of the Graduation Ceremonies, the University collects and processes a limited amount of personal data on both:
    • (a) Graduating students - most (if not all) of which the University may already have (but some personal data may have changed and be updated etc); and
    • (b) Your guests (as applicable) who are attending the Graduation Ceremony with you.
      In addition, if students and/or their guests have an additional need (usually health related for
      example a wheelchair user), we collect and process information provided about that need to
      enable us to provide the best service. This information is volunteered by the student/guest
      either at registration or via direct contact with the graduation team.

How we get the information and why we have it:

Most of the personal data we process has been and is provided to us directly by students interested in, accessing and taking part in services provided by the University or various parts of the University (including but not limited to for example the University’s Careers’ Service, Graduation Ceremonies, extra-curricular activities for students, and a variety of services offered by Student Services within the University).

We also collect some personal data from staff members and potential staff members (applicants).
We also collect some personal data from alumni of the University.
We may also collect some personal data from individuals who are external to the University
and who are for example members of the local community involved in The Music Centre.

We need this data from students, staff members (including applicants), alumni and individuals external to the University, to (in terms of the ‘purposes of the processing’/’processing purposes’):  

A. In terms of for example the Careers Service

  • share general updates and news about the University and opportunities for involvement (such as for example workshops or leadership courses),
  • opportunities to attend career events,
  • to processing applications for employability funding through the Winchester Employability Fund,
  • staff administration,
  • top level impact evaluation of student numbers and engagement in initiatives to assess inclusivity of activities,
  • to staff administration, to complying with legal obligations where the University is required to provide personal data under for example a subject access request or
  • in reports to The Office for Students (the independent regulator of Higher Education in England) and the Quality Assurance Agency for Higher Education.

B. In terms of for example students engaged in extra-curricular activities

  • share general updates and news about the University and opportunities for involvement (such as for example informing students of development opportunities like the Higher Education Achievement Record (HEAR) annually),
  • opportunities to attend events,
  • to engage with on campus activities,
  • staff administration,
  • top level impact evaluation of student numbers for internal University purposes relating to impact and take up of such opportunities for students,
  • engagement in initiatives to assess inclusivity of activities, and
  • to comply with legal obligations where the University is required to provide personal data under for example a subject access request, or
  • in reports to The Office for Students (the independent regulator of Higher Education in England) and the Quality Assurance Agency for Higher Education.

C. In terms of for example Student Services

  • to provide a range of support and advice services for students, to help students to succeed during their time at Winchester
  • to work with other areas of the University, such as Faculties and Housing, so that the University can support students effectively and holistically
  • In addition, students may grant consent for Student Services as part of online registration, re-enrolment or at other times to share their personal data and sensitive personal data (‘special category data’) with any or all of the following: Emergency Contact/Trusted Adult, a GP Practice, a professional working with the student e.g. a Social Worker.
  • Students will be able to withdraw or manage these consents by contacting Student Services with their requirements. Student Services will advise students of this process via the intranet.

D. In terms of HESA

  • Articles 13 and 14 of the GDPR (General Data Protection Regulation) require organisations such as the University who are acting as what are called ‘data controllers’ and collecting personal data to provide information to data subjects that identifies them and describes for example their purposes for processing personal data, including transfers and disclosures to other such ‘data controllers’. HESA’s Collection Notices provide this information for students, staff and graduates on behalf of HESA, HESA Services Limited, and the other organisations who are Controllers of HESA datasets. The Collection Notices are published at www.hesa.ac.uk/about/regulation/data-protection/notices. As a HE (higher education) provider, the University of Winchester must inform students and staff that their personal data will be submitted to HESA and must make the HESA Collection Notices available to all relevant data subjects. HESA recommend that HE providers include a link from their own privacy notices to the HESA Collection Notices, as we are doing here in this privacy notice to the above HESA website. 

E. For the purposes of the Graduation Ceremonies

Most of the personal data we process has been and is provided to us directly by the graduating students. The information is taken from the University’s students’ records system and/or provided directly to the graduation team through registration or email/phone contact. We need this data to:

  • Share general updates about the University’s Graduation ceremonies and practical information about the events themselves
  • Process student awards and produce degree certificates and transcripts
  • Confirm attendance at graduation and release tickets
  • Create and print the graduation programme for students and guests to use at graduation
  • Enable the smooth running of the graduation ceremonies
  • Celebrate the success of our students by printing names of graduates in the local newspaper (only for students who consent to this)
  • Broadcast the ceremonies live on our website and to live-screening venues in Winchester Guildhall (or at other venues potentially) for students and guests who couldn’t attend
  • Promote the university using publicity photographs (consent will be requested for individual or small group shots)
  • Ensuring the graduation ceremonies are accessible for all students/guests who wish to attend
  • Support students and guests who require a visa to attend graduation
  • Keep a record of all students awarded in an academic year for records
  • Complying with ‘legal obligations’ where the University is required to provide personal data under for example a subject access request (under The General Data Protection Regulation from 25 May 2018).

F. For HR (staff members and former staff members)

  • We may collect, store, and use the following categories of personal information about you: (see APPENDIX A later).
  • We may also collect, store and use the following "special categories" of more sensitive personal information: (see APPENDIX B later).
  • The ‘purposes of the processing’ include: (see APPENDIX C later).
  • In certain specific circumstances and linked also to its above mentioned ‘processing purposes’ and where there is also an additional ‘lawful basis’ for this further processing, the University may process a specific amount of sensitive personal data (or ‘special category data’ as its more formally known under GDPR). This is done in line with ICO guidance. We will use your particularly sensitive personal information in the following ways:
    • We will use information relating to leaves of absence, which may include sickness absence or family related leaves, to comply with employment and other laws.
    • We will use information about your physical or mental health, or disability status, to ensure your health and safety in the workplace and to assess your fitness to work, to provide appropriate workplace adjustments, to monitor and manage sickness absence and to administer benefits.
    • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.
  • Where we have a legal obligation to do so in relation to the role you are undertaking, we may require a criminal records check (Disclosure and Barring Service check) as part of our pre-employment checks. We process criminal offence data in line with the GDPR Article 10. We process criminal offence data in our official capacity as a higher education institution and meet the condition set out in Schedule 1 Part 1 of the Data Protection Act 2018 (that the processing is necessary for performing obligations or rights of under employment law, social security law or the law relating to social protection).

G. For HR (applicants)

The ‘purposes of the processing’ include:

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Equal opportunities monitoring.

We will use your particularly sensitive personal information (or ‘special category data’ under GDPR) in the following ways:

  • We will use information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Where we have a legal obligation to do so in relation to the role you are undertaking, we may require a criminal records check (Disclosure and Barring Service check) as part of our pre-employment checks. We process criminal offence data in line with the GDPR Article 10. We process criminal offence data in our official capacity as a higher education institution and meet the condition set out in Schedule 1 Part 1 of the Data Protection Act 2018 (that the processing is necessary for performing obligations or rights of under employment law, social security law or the law relating to social protection).

H. For alumni of the University

We also collect some personal data from alumni of the University, where the ‘purposes of the processing’ range from:

  • sharing general updates and news about the University and opportunities for involvement (such as for example as a Former Student Governor in May 2018)
  • to opportunities to attend events,
  • to informing alumni of a Postgraduate Open Evening; and
  • to complying with legal obligations where the University is required to provide personal data under for example a subject access request.

I. For the work of The Music Centre (including for individuals who may be external to the University and for example may be members of the local community etc.)

The ‘purposes of the processing’ range from:

  • sharing general updates, operational information and news about opportunities for involvement (such as for example music ensembles and community engagement projects)
  • to opportunities to attend events and concerts,
  • staff administration, and
  • to complying with legal obligations where the University is required to provide personal data under for example a subject access request under The General Data Protection Regulation from 25 May 2018.

Under the General Data Protection Regulation (GDPR), the ‘lawful bases’ we rely on for processing the personal data are:

(a) Your ‘Consent’ - you are able to withdraw your consent at any time where your personal data is processed for a processing purpose related to this lawful basis.

(b) We have a contractual obligation.

(c) We have a legal obligation.

(d) We have a vital interest.

(e) We (the University) need it to perform a ‘Public task’ (as the University is designated as a ‘public authority’ in law) - including for example in relation to the collection and processing of student ID numbers.

(f) We have a legitimate interest.

In relation to the processing of personal data where the University has a ‘legitimate interest’ (as noted above), when communicating with key audiences such as current students, prospective students and alumni, ‘Legitimate interests’ is a lawful basis used by the University for specific processing purposes in line with ICO guidance.

Such ‘Legitimate interests’ for the processing include under the generally accepted three-part test for this ‘lawful basis’ as follows:

  • 1. Purpose test: are you pursuing a legitimate interest? - The University has a legitimate interest in processing via the respective ‘processing purposes’ here the opportunities for prospective and current students to study at The University of Winchester, which includes the gaining of educational qualifications. In a wider sense, the University also has a legitimate interest in processing via the ‘processing purposes’ to achieve social bettering and transformation through education, and enable individuals to achieve their potential; and finally to increase applications and enrolments to the University of Winchester by communicating via direct marketing (email, SMS, postal, telephone) to current students and alumni considering studying again or taking up a graduate internship or postgraduate study at the University of Winchester, and for the purpose of carrying out graduate destination surveys.
  • 2. Necessity test: is the processing necessary for that purpose? - It is necessary for the University to process data for the purpose of:
    • (a) increasing applications and enrolments to the University of Winchester’s courses and internships by communicating via direct marketing (email, SMS, postal, telephone) to prospective and current students and to alumni considering studying again at the University of Winchester or taking up an internship, and there is no other realistic alternative which is as effective; and
    • (b) communicating with individuals, including alumni and ex staff. We believe that there is no other realistic alternative which is as effective for interests including fundraising and general updates on developments with the University, which either as alumni (former students) and/or as ex staff members they were previously associated with.
  • 3. Balancing test: do the individual’s interests override the legitimate interest?” - The University believes that prospective and current students and alumni would reasonably expect the University to use their personal data in these ways, as summarised in the respective processing purposes. In addition, we do not believe that it would cause prospective and current students and alumni unwarranted harm for the University to use their personal data in these ways, as summarised in the processing purposes. 

Linked to its above mentioned ‘processing purposes’, the University processes a specific amount of personal data, which includes for example the names, student ID number and contact details of current students and alumni. Such processing enables current students and alumni to keep themselves updated on Careers Service news and opportunities for involvement (for example when booking 1:1 appointments with a Faculty Employability Adviser) to opportunities to attend career and employability events such as Winchester Opportunities Week during semester or graduate development workshops in the vacation periods.

In certain specific and limited circumstances and linked also to its above mentioned ‘processing purposes’ and where there is also an additional ‘lawful basis’ for this further processing, the University may process a specific amount of sensitive personal data (‘special category data’). This is done in line with ICO guidance, and may include information about an individuals’ health for example.

Sometimes the University has a requirement to share this information with groups of recipients. They include sharing details within the University, for example telling the Catering team about a student’s dietary requirements when they are attending external events such as a leadership course or guest lecture by an employer. Such sharing may also include for example information about an individuals’ health for example in residential excursions or physical activities such as sport.

What we do with the information we have:

We will share a limited amount of necessary personal data:

  • Internally (within the University); and
  • Externally - for example for students engaged in extra-curricular activities and/or students accessing and taking part in services provided by the University’s Careers’ Service, in high level reports to The Office for Students (the independent regulator of Higher Education in England) and the Quality Assurance Agency for Higher Education. The information shared will not be personal data as such, but rather aggregate numbers and percentages of the overall student population. The University will also share a limited amount of personal data with HESA (as noted above).
  • In terms of for example Student Services:
    • In addition, students may grant consent for Student Services as part of online registration, re-enrolment or at other times to share their personal data and sensitive personal data (‘special category data’) with any or all of the following: Emergency Contact/trusted Adult, a GP Practice, and a professional working with the student e.g. a Social Worker.
    • Students will be able to withdraw or manage their consent by contacting Student Services with their requirements. Student Services will advise students of this process via the intranet.
  • For the purposes of the Graduation Ceremonies - we use the information that you have given us in order to organise and deliver Graduation Ceremonies. We will share a limited amount of necessary personal data with external (to the University) printers (two firms of printers) for the graduation programme and award certificates respectively to be produced. We will also share (by them filming it at the University’s request) a limited amount of personal data with the (external) film company, who are filming the Graduation Ceremony 2019 and producing DVDs.
  • Externally also for HR (staff members and former staff members) - sometimes the University has a requirement to share this information with groups of recipients. We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where it is necessary to perform our public task as a higher education institution. Recipients may include your pension provider, HMRC, HESA, our occupational health provider. 

How we store your information:

Personal data and sensitive personal data (‘special category data’) will be kept for no longer than necessary, and these decisions will be made in line with legal requirements, the relevant University policies and in light of relevant best practices.

Your data protection rights:

Under data protection law, you have a number of potential rights available, and more information on these can be found at ico.org.uk

These rights though depend on which ‘lawful basis/bases’ your personal data is processed under for a particular ‘processing purpose’:
Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
  • Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at the email address or postal address at the top of this notice if you wish to make a request.

How to complain:

You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House,
Water Lane, Wilmslow. Cheshire. SK9 5AF.
Helpline number: 0303 123 1113.

APPENDIX A

We may collect, store, and use the following categories of personal information about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
  • Date of birth.
  • Marital status and dependants.
  • Next of kin and emergency contact information.
  • National Insurance number.
  • Bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information.
  • Start date.
  • Location of employment or workplace.
  • Copy of driving licence – only if a requirement for job role.
  • Recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process).
  • Employment records (including job titles, work history, working hours, training records and professional memberships).
  • Performance information.
  • Disciplinary and grievance information.
  • Information about your use of our information and communications systems.
  • Photographs.

APPENDIX B

We may also collect, store and use the following "special categories" of more sensitive personal information:

  • Information about your race or ethnicity, religious beliefs, sexual orientation, gender.
  • Information about your health, including any medical condition, health and sickness records.
  • Information about your trade union membership if you have chosen to pay trade union subscriptions through payroll.

APPENDIX C

The ‘purposes of the processing’ include:

  • Making a decision about your recruitment or appointment.
  • Determining the terms on which you work for us.
  • Checking you are legally entitled to work in the UK.
  • Paying you and, if you are an employee, deducting tax and National Insurance contributions.
  • Providing the following benefits to you: Employee Assistance programme, Enhanced maternity benefits, defined benefits pension scheme.
  • Liaising with your pension provider.
  • Administering the contract we have entered into with you.
  • Business management and planning, including accounting and auditing.
  • Conducting performance reviews, managing performance and determining performance requirements.
  • Making decisions about salary reviews and compensation.
  • Assessing qualifications for a particular job or task, including decisions about promotions.
  • Gathering evidence for possible grievance or disciplinary hearings.
  • Making decisions about your continued employment or engagement.
  • Making arrangements for the termination of our working relationship.
  • Education, training and development requirements.
  • Dealing with customers and other third parties to whom your identity and background information is important. For example if you are to work on their premises or because of a proposed merger, acquisition or joint venture.
  • Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
  • Ascertaining your fitness to work.
  • Managing sickness absence.
  • Complying with health and safety obligations.
  • Complying with court orders.
  • To prevent fraud.
  • To monitor your use of our information and communication systems to ensure compliance with our IT policies. This is not routinely done.
  • To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • To conduct data analytics studies to review and better understand employee retention and attrition rates.
  • Equal opportunities monitoring.

The data protection officer for the University is:

Joe Dilger, Data Protection Officer,

The University of Winchester, Sparkford Road
Winchester, Hampshire.
SO22 4NR.

United Kingdom.

 Tel: +44 (0) 1962 841515, Ext. 7306.  

Email: Joseph.Dilger@winchester.ac.uk 

--------------------------------------------------

The name and contact details of our organisation are:

The University of Winchester,
Sparkford Road
Winchester, Hampshire.
SO22 4NR.
United Kingdom.

Tel: +44 (0) 1962 841515 

Fax: +44 (0) 1962 842280

 

Cookie policy

Our Cookies Policy explains what cookies are, how we use cookies, how third-parties we may partner with may use cookies on the Service, your choices regarding cookies and further information about cookies.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How the University of Winchester uses cookies

The university webservers collect anonymous information, like the IP address of your computer, the browser software used, the operating system, access times and pages visited. This information is used to monitor usage and to assess the effectiveness of the university website.

In some sections of the university website anonymous data such as browser type or IP address may be used to customise web page content. This information is used in an anonymous form to ensure appropriate and effective delivery of content.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You should be aware that this may prevent you from taking full advantage of our website. If you are unsure how to do this, use your favourite search engine to look this up using the term 'declining cookies' with your browser name, or contact your local IT support for advice.

Google Analytics

Google Analytics use traffic log cookies to gain information about the use that is made of pages on our website. We use the information from cookies to generate reports on the usage of our website which are used for evaluation and analysis. The purpose is to improve our website by tailoring it to the needs of users. In all cases, no data specific to any identifiable user is retained.

As a user you can opt out of this process of collecting traffic log data. To do so please visit Opt out of Google Analytics Information.

What are your choices regarding cookies?

If you'd like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

Further Information

We endeavour to keep the information we hold as up-to-date and as accurate as possible. If you wish to see the data the University holds about you please contact the Data Protection Officer.

In line with the new General Data Protection Regulation (GDPR) from 25 May 2018, the University will not charge a fee to deal with a request in most circumstances.

However, the University reserves the right to charge a fee in cases in line with ICO guidance.

Our Data Protection Officer is Joe Dilger, he can be contacted via email Joseph.Dilger@winchester.ac.uk