This Privacy Notice explains the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe. We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how University for the Creative Arts Students’ Union (‘UCA SU’ or ‘UCASU’) uses your data.
It applies to information we collect about:
> Our members, officers, volunteers, councillors, committees and trustees
> Users of our websites
> People who use our services
> People who give us feedback, make suggestions, complete questionnaires, polls or make complaints
> Suppliers and agents
> Donors and supporters
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
Click on one of the headings, below, to learn more:.
This privacy notice was drafted with clarity in mind. It does not provide exhaustive detail of all aspects of UCA SU’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you need to contact us to discuss any aspect of data protection please email us using: email@example.com or write to us at:
UCASU Data Protection Officer
Chief Executive’s Office
UCA Students’ Union
UCA SU processes personal data for a variety of reasons. The reasons for our processing of your data fall into two categories.
Firstly, we process data so that we can effectively administer student memberships of UCASU in order to represent students and provide services, activities and opportunities for involvement and development.
UCASU has a data sharing agreement with the University of Sheffield. All students who study at the University of Sheffield automatically become members of the Students’ Union and the University will share students’ data with UCASU for the purpose of administering the student’s membership of UCASU. Examples of this activity include:
- Administration of Student Groups, Committees, Volunteering, HEAR and related activities
- Administration of Officer and SU Council Elections and Referendum
- Managing Society and Committee Accounts and Records
- Provision of Consultancy and Advisory Services
- Employment Administration
- Research and planning
The University of Sheffield is subject to the 1994 Education Act and it can only meet certain of its obligations under the Act if UCASU is told who its students are (and who they are not if they are excluded, drop out etc).
Secondly, we use data to let our members, volunteers, partners and customers know about things happening at UCASU that we think will interest them. This could include topics such as:
- Advertising, Marketing and Public Relations
- Events and Activities taking place at UCASU
- Opportunities for students
The law on data protection sets out a number of different reasons for which an organisation may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you tick a box to receive email marketing.
In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from Sheffield Store for home delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity affecting UCASU to law enforcement .
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running UCASU and which does not materially impact your rights, freedom or interests. For example, we will use your @uca.ac.uk email address to send you information SU elections.
UCASU may collect personal data at a number of points. These include:
- When you visit any of our websites to use our services or buy products in a shop or online.
- When you engage with us on social media.
- When you download or install one of our apps.
- When you join a UCASU loyalty programme.
- When you join a society.
- When you choose to run for an elected leadership position within the Students’ Union.
- When you contact us by any means with queries, complaints etc.
- When you book any kind of appointment with us or book to attend an event.
- When you choose to complete any surveys we send you.
- When you comment on or review our services.
- When you’ve given a third party permission to share with us the information they hold about you.
- When you use our buildings and venues which usually have CCTV systems operated for the security of our members and customers. These systems may record your image during your visit.
- University for the Creative Arts shares your enrolment data with us, as described in Section 2.
- If you have a web account with us we may collect your name, gender, date of birth, billing/delivery address, orders and receipts, email and telephone number.
- Details of your interactions with us in shops, bars, venues, online or by using one of our apps.
- Copies of documents you provide to prove your age or identity, for example when entering one of our club nights.
- Details of your visits to our websites or apps, and which site you came from to ours.
- Payment card information.
- Your image may be recorded on CCTV when you visit our buildings.
- To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
We want to bring you offers and promotions that are most relevant to your interests at particular times. To help us form a better, overall understanding of our members and customers, we may combine your personal data gathered across the organisation. We may also combine the shopping history of many members and/or customers to identify trends and ensure we can keep up with demand, or develop new products/services.
We know how much data security matters to all our members and customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
We secure access to all transactional areas of our websites and apps using ‘https’ technology.
Access to your personal data is password-protected, and sensitive data such as payment card information) is secured and tokenised to ensure it is protected.
We sometimes share your personal data with trusted third parties. Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- We work closely with them to ensure that your privacy is respected and protected at all times.
- If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems.
- Operational companies such as delivery couriers.
Google/Facebook to show you products that might interest you while you’re browsing the internet. This is based on either your marketing consent or your acceptance of cookies on our websites. See our Cookies Notice for details.
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA), such as Australia or the USA.
If you are based outside the UK and place an order with us, we will transfer the personal data that we collect from you to the UK.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. For example, this might be required in order to fulfil your order, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our Data Protection Officer.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. The retention periods varies depending on the type of data in question.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
If you have questions about specific retention periods please email us using: firstname.lastname@example.org
This section is provided to give you an overview of your different rights. You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- For example, when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end (such as the end of a warranty).
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
You have the right to request a copy of any information about you that UCASU holds at any time, and also to have that information corrected if it is inaccurate.
To ask for your information or to ask for it to be amended, please contact the UCASU data protection officer using email@example.com
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
As explained at Section 2 all students at the University of Sheffield automatically become members of Sheffield Students’ Union. However, you do have the right to request not to be a member. You will not be unfairly disadvantaged by doing so, but you will lose the right to vote on SU decisions, hold elected positions in the SU including those in the Officer team, committees, societies, and benefit from our student pricing for entertainment and events. Any student who wishes not to be a member of the Students’ Union, should inform the President of the Students’ Union and the University Secretary in writing.
You can stop direct marketing communications from UCASU by clicking the ‘unsubscribe’ link in any email communication that we send you. We will then stop any further emails on that particular category of marketing.
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.
If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you. Please email us using: firstname.lastname@example.org or write to us at:
UCASU Data Protection Officer
Chief Executive’s Office
UCA Students’ Union
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.