Advice Zone Online Privacy Notice for Students
This privacy notice tells you what to expect us to do with your personal information within Advice Zone Online.
Purpose and lawful basis for processing
The University of South Wales is the controller of the personal data which is processed within Advice Zone Online in order to satisfy a number of requirements:
• administering finance (e.g. fees, scholarships and bursaries)
• providing student support services
• safeguarding and promoting the welfare of students
• the administration of student casework
When processing data for the purposes listed above the University will rely upon one of the following lawful bases from Article 6 of the UK GDPR:
• Processing is necessary for the performance of a contract with you - Article 6(1)(b)
• Processing is necessary for to perform our public tasks as a higher education provider - Article 6(1)(e)
• Processing is necessary for us to comply with legal obligations (i.e. the Equality Act) Article 6(1)(c)
• Processing is necessary to protect someone’s life – Article 6(1)(d)
• Informed consent has been received for disclosure of personal data to certain external support services – Article 6(1)(a)
If the information we process contains special category data, such as health, sexuality, religious or ethnic information, the lawful bases we use to process it are Article 9(2)(g) of the UK GDPR which relates to our public task, equality of opportunity or treatment, regulatory requirements, support for individuals with a particular disability or medical / mental health condition, counselling and safeguarding. We also rely on Article 9(2)(h) which relates to processing for health or social care purposes.
If the information we process relates to criminal offences we will rely on one of the following conditions from Schedule 1 of the Data Protection Act 2018
• Paragraph 10 – preventing or detecting unlawful acts
• Paragraph 18 – safeguarding of children and individuals at risk
• Paragraph 30 – to protect someone’s life
• Paragraph 33 – legal claims
What we need
The following personal data is pulled from our student record system into the Advice Zone Online platform in order to create an account for every student in readiness for use.
• USW Student Number
• Name and date of birth
• University and personal email address
• Term time and home contact details
• Course details
• Nationality
• Domicile
The following information will be collected during your engagement with the Advice Zone Online platform or during:
• Questions you ask within the Advice Zone and Advice Zone Online including questions submitted through emailing USW departments
• Case notes and issues raised in general appointments
• Student casework records (including information, correspondence and documentation relating to personal characteristics, circumstances, support requirements and support provision. This information may be provided by the student directly or via other parties such as Disability Support Needs Assessors, GPs or previous education providers.
• Record of appointments
Questions raised by students are held within the system for staff to view and respond. A history of all questions raised are visible to staff in a student support role.
Student appointments are held within the system and a history of all appointments is visible to staff in a student support role.
Case notes and information relating to student casework is only accessible to the appropriate teams.
The system utilises free text boxes which allows you to enter any information you choose. This information will be accessible to authorised University staff.
If we did not process this personal data we would be unable to fulfil the contract with you and we would be unable to provide the required support.
Who it might be shared with
Internal Stakeholders:
• Where necessary personal information will be shared internally within the faculties and departments across the University. Such sharing will be subject to confidentiality protocols and access restrictions (e.g. Health, counselling and mental health case notes will only be visible to staff within those services).
• The University may need to share sensitive personal data relating to protected characteristics (i.e. disabilities) with internal faculties and departments and partner organisations in order to meets its legal obligations to provide reasonable adjustments under the Equality Act (2010). Such information will be shared via Individual Support Plans, the content of which will be negotiated and agreed with the individual student.
External Stakeholders:
• It may be necessary to exchange some personal information with appropriate external stakeholders to establish your support requirements, implement reasonable adjustments and co-ordinate your support. This may include consulting with other external professionals involved in providing support services to you (e.g. Diagnostic Assessors, GP, Community Mental Health Practitioners, personal care providers, Non-medical Help providers, DSA Needs Assessors etc).
• The University supports students to access student finance and other external sources of funding and support (e.g. Disabled Students Allowances), to do so it may be necessary to share personal data with external stakeholders (e.g. Student Loans Company). This will be discussed with the student in the first instance and information will only be shared with their agreement.
• The University works with the NHS’s Mental Health University Liaison Service (MHULS) and where necessary students may be referred to their teams. Any referral will be discussed with the student in the first instance and will only be made with their agreement.
Personal information will not be discussed with or disclosed to family members (including next of kin / trusted contacts) without explicit, fully informed consent except in exceptional circumstances as outlined below.
Personal information may be disclosed without consent under the following circumstances:
a) If the University has good reason to believe that someone may be at serious risk of harm. Unless the situation is an emergency, or it is considered otherwise inappropriate, efforts will always be made to discuss the matter with the individual beforehand.
b) The University may be legally bound to disclose personal information on certain occasions e.g. under a Court Order, as part of safeguarding responsibilities and prevention of terrorism.
c) The University may disclose information if it is necessary for criminal, legal, or regulatory proceedings, or any other purposes permitted by Schedule 1 of the Data Protection Act.
Where we store it
All personal data within Advice Zone Online is stored within the UK or EU.
How long we keep it
All data held about USW activities and all personal data will be stored securely and appropriately in line with the University’s Retention Schedule.
Do we use any processors?
Advice Zone Online is hosted and managed by a third party processor called ‘Tribal’. There is a Data Processing Agreement in place with strict Data Protection terms which creates a contractual obligation to process the data on our instructions and according to data protection laws.
We use a text messaging service supplier called Critico to send generic SMS appointment reminders.
Your rights
Individuals have a right to access their own personal information, to object to the processing of their personal information, to rectify, to erase, to restrict and to port this data.
You have a right to withdraw your consent for any processing that is based on consent.
Any requests, withdrawals or objections should be made in writing to the University Data Protection Officer -
University Secretary’s Office,
University of South Wales
Pontypridd,
CF37 1DL
Email: dataprotection@southwales.ac.uk
Individuals who are unhappy with the way in which their personal data has been processed may in the first instance contact the University Data Protection Officer using the contact details above.
Where individuals remain dissatisfied then they have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:
Information Commissioner’s Office,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire,
SK9 5AF
The Advice Zone Online administrators can be contacted via email at:
Advicezoneonline@southwales.ac.uk