UNIVERSTIY OF BRIGHTON WIDENING PARTICIPATION OUTREACH PRIVACY NOTICE
Why the Widening Participation Outreach Team collects your data:
The University of Brighton undertakes outreach activities with schools, colleges and communities across Sussex and beyond to support young people and adults to make informed choices around progression into higher education. The University of Brighton is committed to this work as a good neighbour in the community and as part of the government policy to widen participation in higher education. We collect details of individuals taking part in our activities for the following reasons:
- To plan and manage activities;
- To monitor participation in activities;
- To evaluate and report on the effectiveness and impact of activities;
- The university has a statutory obligation to evidence the effectiveness of its widening participation programme, projects and events (forthwith to be referred to only as ‘programme’) to funders, education regulators such as (but not limited to) the Office for Students and central Government.
We use the contact details of students at sixth form/college who sign up to our widening participation programme to inform them by email of events that they are able to attend and to offer information, advice and guidance on progression to HE.
We collect contact details for the parents/carers of students (under 18) at sixth form/college who sign up to our widening participation programme so that we can inform them by email of events that they/their child are able to attend and to offer information, advice and guidance on progression to HE.
We also collect contact details for the parents/carers of students attending our events which are outside of the school/college – for example Saturday clubs, Summer Schools, for the purposes of ensuring the student’s safety and welfare.
At no time is personal information passed to organisations outside of the University of Brighton for marketing or sales purposes. However, we may contact you about events which support progression to Higher Education at the University of Brighton and may liaise with other departments within the University of Brighton about any future application you make.
If you have additionally indicated that you would like to receive communications from the University of Brighton, we will use your name and email to send you communications.
What is the University of Brighton’s lawful basis for collecting your data for its Widening Participation programme?
Article 6 of the General Data Protection Regulations (GDPR) requires Data Controllers to have a lawful basis in order to hold and process personal data.
In line with the GDPR, universities are classified as Public Authorities in the fullest sense of the term. Although the overarching function is primarily to educate, universities are also statutorily required to demonstrate financial integrity and performance accountability, particularly relating to educational outcomes, therefore certain university activities are deemed to be tasks necessarily carried out ‘in the public interest’.
The university of Brighton’s Widening Participation Outreach Team collects data to monitor and evaluate its widening participation and outreach programme; tracking the progression of participating students to investigate the impact of widening participation and outreach on their attainment, progression, social mobility, graduate outcomes and eventual employment. Therefore, the lawful basis of a task carried out in the public interest is applicable to data collected and processed by the University of Brighton’s Widening Participation Outreach Team.
What information we collect:
We collect the name, date of birth, postcode, school/college and email address of participants in our activities. We also collect data that the government requires us to report on to support the widening participation agenda, such as looked after child status, young carer status, estranged status, first generation of family into HE, pupil premium, in receipt of free school meals, gender, disability and ethnicity. We collect this data either directly or via schools and colleges.
In the case of general communications we take your name, email address and (if provided) your course/subject of interest so that we can tailor our communications to you.
Where we collect date via schools and colleges we will ensure that a data sharing agreement is in place.
How the University protects your data:
The university takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by our employees in the proper performance of their duties.
How we store your data:
The University of Brighton’s Widening Participation Outreach Team uses the HEAT (Higher Education Access Tracker) Service – a national database – to store the information it collects on those participating in its widening participation and outreach programme. Using HEAT we have access to the following information; activities participated in, university enrolments, attainment, university applications, interactions with other universities and future careers.
Data is stored on HEAT in accordance with the Data Protection Act (2018) and used to administer participation in our widening participation and outreach programme. For research and monitoring purposes only, this data may also be shared with the Office for Students (OfS), Higher Education Statistics Agency (HESA) or the University and Colleges Admissions Service (UCAS) and our partners including colleges and universities, HEAT service subscribers and the national Data Service to help evaluate the effectiveness of this activity as part of the government policy to widen participation in higher education and to develop future policy.
We will not release data to anyone who is unauthorised.
We also use the following media to store information to administer, plan and manage our programme:
- Microsoft Outlook inboxes (for the purpose of communicating information about our programme and dealing with enquiries)
- Edublogs (to collect programme applications and bookings)
- Microsoft Sharepoint (for the purposes of programme administration)
- StudentCRM – our CRM that we use for event booking and management and sending out general communications by email and SMS
- Dotmailer – an email communication system
- Paper forms (for the purposes of programme applications, attendance records and evaluation).
This data will be stored securely according to University of Brighton Data Protection Policy. All data is held within the EEA and will not be transferred outside of the EEA.
How long we keep your data:
We will retain electronic and paper records such as (but not limited to) application forms, registers, booking forms and evaluation forms for the current academic year and the previous academic year at most. Data recorded in HEAT will be held securely for the duration of the longitudinal programme and anonymised according to anonymisation protocols as appropriate by the HEAT Service. The HEAT Data Retention Schedule has been scrutinised by the ICO and will be subject to a regular schedule of review so as to ensure it remains fit for purpose and compliant with relevant legislation. Parent/carer details are securely destroyed within 3 months of their child completing their sixth form/college studies.
Who has Access to your data:
- University of Brighton Widening Participation Outreach Team and Evaluation and Policy Department staff
- HEAT Service staff
- Staff with the Marketing and Communications team (in the case of general communications the Marketing and Communications team only have access to the data required to send you communications about the university: name, email, events booked onto and course/subject of interest).
How you can Access your data:
The University of Brighton allows data subjects to exercise their rights under the Data Protection Act (2018), this includes the right to request a copy of the personal information we hold about your child/you (called a subject access request). Please contact: email@example.com if you wish to exercise this right.
Further information about your access rights; access, rectification, erasure, restriction of processing, objection to processing, right to data portability can be found in the University’s Data Protection Policy. If you would like to exercise any of these rights, please contact Rachel Page, Head of Data Compliance and Records Management, 01273 642010, firstname.lastname@example.org.
In the case of opted into communications, you can access and manager your preferences at any time through your privacy centre – links to your privacy centre are included in all of our general communications to you.
If you are unsatisfied with the way the University has processed your personal data, or have any questions or concerns about your data please contact email@example.com, if we are not able to resolve the issue to your satisfaction, you have the right to apply to the Information Commissioner’s Office (ICO). They can be contacted at https://ico.org.uk
Changes to this notice:
We keep our privacy notices under regular review. This privacy notice was last updated in January 2019.
Other privacy notices:
We do our utmost to protect your privacy. Please be aware that other privacy notices exist within the university in respect of data held, including but not limited, to activities in relation to enquiries, applications, current students, alumni and use of our website.