The University of South Wales is the data controller with regard to information held and is committed to protecting the rights of individuals in line with the Data Protection Act 2018 (DPA) and the new General Data Protection Regulation (GDPR). The University of South Wales has a Data Protection Officer who can be contacted through firstname.lastname@example.org.
What information do we collect?
The University collects the following information:
• USW Student Number
• Name and date of birth
• University and personal email address
• Term time and home contact details
• Course details
• Questions asked by the students within the Advice Zone
• Case notes and issues raised in general appointments
• Information provided during online chat
• Student casework
• Record of appointments
Questions raised by the student are held within the system for staff to view and respond. A history of all questions raised are visible to staff in a student support role.
Information relating to student casework are only accessible to the appropriate teams.
Health, counselling and mental health case notes will only be visible to staff within those services.
The system utilises free text boxes which allow the student to enter any information they choose. The student can choose how much detail they wish to provide within the system, but when inputting their personal data they should be mindful that this information will be accessible to authorised University staff.
Why we collect this information?
USW has to collect personal data to satisfy a number of requirements:
• administering finance (e.g. fees, scholarships and bursaries)
• providing student support services
• safeguarding and promoting the welfare of students
• the administration of student casework
What is our legal basis for processing?
In processing data for the purposes listed above the University relies upon the following legal basis as appropriate:
Processing is necessary for the performance of a contract with the individual.
Processing is necessary for the performance of a task carried out in the public interest.
Processing may also be necessary to protect the vital interests of the individual or another person.
Special category personal data is processed with the explicit consent of the individual.
Who are the recipients or categories of recipients?
Where necessary personal information will be shared internally within the faculties and departments across the University. Such sharing will be subject to confidentiality protocols and access restrictions(e.g. Health, counselling and mental health case notes will only be visible to staff within those services)
Where consent (and where appropriate explicit consent) has been obtained, personal data may be shared with those individuals specified within any agreement.
In certain circumstances personal information may be disclosed without consent under the following circumstances:
a)If the University has good reason to believe that someone may be at serious risk of harm. Unless the situation is an emergency, or it is considered otherwise inappropriate, efforts will always be made to discuss the matter with the individual beforehand.
b)The University may be legally bound to disclose personal information on certain occasions e.g. under a Court Order, as part of safeguarding responsibilities and prevention of terrorism.
Transfers to third countries and the safeguards in place
All personal data is processed within the EU.
Retention of data
All data held about USW activities and all personal data will be stored securely and appropriately in line with the University’s Retention Schedule
This Schedule is reviewed periodically and it serves to determine how long certain information will be retained.
Security of data
Data Protection legislation requires us to keep information secure. This means that confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to information will be authorised to do so.
Student data is held in a secure database hosted by a third party. This data is made available to staff and students using an encrypted connection between web browser and server.
Information held in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access.
Some processing may be undertaken on the University’s behalf by an organisation contracted for that purpose. Organisations processing personal data on the University’s behalf will be bound by an obligation to process personal data in accordance with Data Protection legislation.
Individuals have a right to access their own personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port this data.
Further information relating to individual rights are available on the University Data Protection webpages.
Any requests or objections should be made in writing to the University Data Protection Officer -
University Secretary’s Office,
University of South Wales
Individuals who are unhappy with the way in which their personal data has been processed may in the first instance contact the University Data Protection Officer using the contact details above.
Where individuals remain dissatisfied then they have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:
Information Commissioner’s Office,