NUSU Privacy Policy

This privacy notice tells you what to expect when Newcastle University Students’ Union (referred to as NUSU herein) collects personal information. It applies to information we collect about:

  • Our members, officers and volunteers
  • Users of our websites and app
  • People who use our services
  • People who give us feedback, make suggestions, complete questionnaires, polls or make complaints
  • Suppliers and agents
  • Donors and supporters
  • Job applicants and our current and former employees

This Privacy Policy covers the data processing and information practices for NUSU including the website, associated systems and data used in the delivery of our services and activities. In this policy, we have included the information gathered, how it is used and how it is shared with other organisations, including Newcastle University.

By using this website, you agree to the terms of this privacy policy.

Types of data we collect

Personal Information means any information that could be used to identify you as an individual, including but not limited to: first and/or last name, email address, a postal address, any other contact information e.g. mobile telephone number, student ID number etc.

Anonymous Information means any information that cannot directly identify you, or is not part of your personal information. 

Special Category Data

We may on occasion, ask you for special category data such as health and disability data. This data will be used only for the purposes of providing the appropriate support and services. We hold this data under one of two legal bases, employment or explicit consent.    

Use of data is compliant with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR), specifically:

GDPR:

a) Personal data will be processed lawfully, fairly and in a transparent manner

b) Personal data will be collected for specified, explicitly and legitimate purposes and not further processed in a manner that is incompatible.  Further processing for historical research or statistical purposes shall not be considered incompatible.

c) Personal data shall be adequate, relevant and limited to what is necessary.

d) Personal data shall be accurate and up to date, taking reasonable steps to ensure inaccurate data is removed or updated without delay.

e) Personal data shall be kept in an identifiable form for no longer than is necessary for the relevant purposes, with the exception of archive purposes as mentioned above, providing individual safeguards are in place per application.

f) Personal data shall be processed in a manner that ensures appropriate security of the personal data.

 

Ways we collect data

Data Sharing agreement with Newcastle University

We have a data sharing agreement with Newcastle University.

This agreement permits the transfer of all or part of your personal information from the University to NUSU for the purposes of allowing NUSU to provide you with support services, participate in democratic processes, join societies, buy tickets and communicate with you about Annual Reports and Accounts as well as SU activities and campaigns, elicit your feedback and respond to feedback. It also allows us to monitor the effectiveness of our communications and services, giving scope for communicating with underrepresented groups within the University and to track the effectiveness of our services and activities. We also share data with the University, including details of course reps for the University app and recognition of activities with NUSU to the Higher Education Achievement Record (HEAR).

Occasionally NUSU will share pertinent data with the University. This would be for improving your educational experience, the experience of future students or for academic research purposes.

You can tell the University that you do not wish NUSU to have this data by opting out at enrolment.

Further details on our data sharing agreement with Newcastle University, and the data we share, can be found here www.nusu.co.uk/university-data-agreement

Details you provide at the point of registration with the University can be updated through University data systems.  Further information on this can be found here:  http://www.ncl.ac.uk/students/progress/student-resources/s3p/studentdata.htm  

Newcastle University Students’ Union cannot be held responsible for any inaccurate personal details.

Some details may be recorded or updated through your usage of our website and ecommerce systems.  These can include – preferred names, contact details and memberships.  Your contact details can be updated by you at any time by visiting www.nusu.co.uk/profile

We gather both personal and anonymous information from you when you visit our website. You may also give us information about you by filling in forms at an event or online, or by correspondence with us by email, phone or otherwise.

Personal Information Collection

  • If you are a non-student (including Freshers’ before completing university registration) and sign up for an activity or make a purchase on our website, we will record your contact information, login details and transaction history.  You will also have opportunity to update your information at any time whilst you maintain an account with us. 
  • If you are a registered student at Newcastle University, you will login using your University Username and Password through their login platform, and this data will never be stored on Newcastle University Students’ Union servers.  Additionally, for Freshers who register using the previous method, once your University registration is confirmed, the two accounts will be merged and your previous login details will be deleted.
  • If you make any transactions through our website, even those free of charge, we will record your billing address and payment method; however we do not store full payment card details.  These are collected through either Sage Pay or PayPal who are our online payment providers.
  • We will only send information deemed relevant to your membership at Newcastle University Students’ Union, including those on organisational governance, your memberships and services and offers available to you.  You can update your email communications preferences via www.nusu.co.uk/profile We will always respect your privacy within communications between you and the organisation. Updating email marketing preferences can be done from the relevant link within any email received from Newcastle Univeristy Students’ Union.
  • When completing forms for membership of clubs, societies, sign up to volunteering activities, applications for bursaries or any other of our services, we shall use these details to provide you with information on said services and in the delivery of these services and activities. This includes the provision of advice via the Student Advice Centre who have their own Privacy Policy which can be accessed at www.nusu.co.uk/sac-privacy

Newcastle University Students’ Union collects, holds and processes certain information or data about students, staff and other visitors when they use nusu.co.uk or our affiliate websites or engage with our services as a member of the organisation.  We collect information on:

  • Our members – students at Newcastle University and lifetime members
  • Users of our website including staff, alumni and the general public.
  • People who use our services both online and in person.
  • People who interact with us via feedback, suggestions, market research or complaints.
  • Suppliers, agents and third-parties including external auditors.
  • Job applicants and records on our current and former employees.

The vast majority of our data processing is done so on the legal basis of legitimate interest in delivering NUSU’s services and activities, in accordance with our constitution and charitable aims. These can be found on the charity commission’s website at http://apps.charitycommission.gov.uk/Showcharity/RegisterOfCharities/CharityFramework.aspx?RegisteredCharityNumber=1138091&SubsidiaryNumber=0

There may be, on occasion, the processing of data for which you have given consent, particularly for the processing of any special category data. In this case, you have the right to withdraw consent at any time.

Information Collected and Data processed via Technology

Log Files:

As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to analyse trends, administer the Site, track users’ movements around the Site, gather demographic information about our user base as a whole, and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Site or the Services again, it will recognize you and the information could then be used to serve information appropriate to your interests. Except as noted in this Privacy Policy, we do not link this automatically-collected data to Personal Data.

Cookies:

Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs. Please see our Cookie Policy for more information.

Pixel Tags:

In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags are tiny graphic images with a unique identifier, similar in function to Cookies, that are used to track online movements of Web users. In contrast to Cookies, which are stored on a user’s computer hard drive, Pixel Tags are embedded invisibly in Web pages. Pixel Tags also allow us to send e-mail messages in a format users can read, and they tell us whether e-mails have been opened to ensure that we are sending only messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to a user.

Mobile Services:

We may also collect non-personal information from your mobile device if you have downloaded our Application. This information is generally used to help us deliver the most relevant information to you. Examples of information that may be collected and used include your geographic location, how you use the Application, and information about the type of device you use. In addition, in the event our Application crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our Application(s). This information is sent to us as aggregated information and is not traceable to any individual and cannot be used to identify an individual.

Google Analytics:

We use Google Analytics to help analyse how users use the Site. Google Analytics uses Cookies to collect information such as how often users visit the Site, what pages they visit, and what other sites they used prior to coming to the Site. We use the information we get from Google Analytics only to improve our Site and Services. Google Analytics collects only the IP address assigned to you on the date you visit the Site, rather than your name or other personally identifying information. We do not combine the information generated through the use of Google Analytics with your Personal Data. Although Google Analytics plants a persistent Cookie on your web browser to identify you as a unique user the next time you visit the Site, the Cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

Location Information:

If you have downloaded our App and enabled location services on your phone, we collect your location information to make a map available to the recipients of your messages showing your location. If you do not want this information collected by us, you can disable location services on your phone.

Profiling

Profiling under GDPR is part of an automated decision-making process whereby NUSU will segment students to ensure the most relevant member information and opportunities are provided.

NUSU only collects the minimum amount of data needed and has a clear retention policy for the profiles created. NUSU also carries out a Data Protection Impact Assessment to identify the risks to individuals, show how we are going to deal with them and what measures we have in place to meet GDPR requirements

NUSU does not use special category data in our automated decision-making systems unless we have a lawful basis to do so, and we can demonstrate what that basis is. We delete any special category data accidentally created.

NUSU sends individuals a link to the privacy statement if personal data has been obtained indirectly.

Use of Your Personal Data

 

NUSU uses Personal Data in furtherance of our legitimate interests in operating our Student Membership Services, Opportunities, Website and Applications. More specifically:

General Use

In general, Personal Data you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your Personal Data in the following ways:

  • Membership administration for compliance, funding and accountability purposes.
  • The delivery of services and activities, including:
    • The organisation and delivery of sports clubs and student led societies
    • Competition entry, including entry into British Universities and Colleges Sport (BUCS)
    • The delivery of activities programmes
    • Volunteering projects (including referrals to external organisations as requested by the student)
    • The administration of the NUSU/University academic rep system and associated meetings and committees
    • Providing training and support to NUSU volunteers
    • The provision of entertainments and social programmes
    • The awarding of bursaries
    • Nominations and decisions on reward and recognition for students, staff and volunteers
    • Academic credit and/or recognition through employability programmes
    • The provision of Advice through the Newcastle University Students Union Student Advice Centre (NUSU SAC). Users of the Advice Centre should refer to the specific privacy policy for NUSU SAC
  • facilitate the creation of and secure your Account on our network;
  • identify you as a student in our system;
  • provide improved administration of our Services;
  • provide the Services you request;
  • improve the quality of experience when you interact with our Site and Services;
  • send you administrative e-mail notifications, such as security or support and maintenance advisories;
  • make telephone calls to you, from time to time, to solicit your feedback; and
  • send newsletters, surveys, offers, and other promotional materials related to our Membership Services.
  • Advertising, marketing and public relations.
  • Legal requirements and obligations, including the Education Act, Charities Act, Companies Act etc.
  • Accounts and financial records.
  • Research.

Testimonials and Feedback

We often receive testimonials and comments from students who have had positive experiences with our Services. We occasionally publish such content. When we publish this content, we may identify our students by their first and last name, and may also additional data such as their home city, student experience, and education. We obtain the Students’ consent prior to posting his or her name along with the testimonial. We may post student feedback on the Site from time to time. We will share your feedback with your first name and last initial only. If we choose to post your first and last name along with your feedback, we will obtain your consent prior to posting you name with your feedback. If you make any comments on a blog or forum associated with your Site, you should be aware that any Personal Data you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs and forums.

Creation of Anonymous Data

We may create Anonymous Data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyse request and usage patterns so that we may enhance the content of our Services and improve Site navigation. We reserve the right to use Anonymous Data for any purpose and disclose Anonymous Data to third parties in our sole discretion.

How we use this personal information – specific scenarios

Fulfil requests for products or services, such as purchasing from the online shop, joining a society or booking an advice appointment.  We may also use this information to send you other information you have requested, confirmation emails or to respond to queries. 

We may use your provided details to notify you of similar products or services that may be of interest to you, as well as important information related to NUSU, the University or the local area.

You may opt-out from receiving promotional or marketing emails by notifying us using the unsubscribe link with at the bottom of the relevant email. Emails may be sent from NUSU or from other groups such as clubs, societies, volunteer organisations etc. that you have provided your details to.  If you unsubscribe from central NUSU emails it does not mean you will be removed from all other groups and vice-versa.

We may create anonymous statistics and reports based on your user information, however all personally identifiable information such as your name, contact details etc. will be excluded at this point.  This data is purely used to assess user behaviour as a whole, not as individuals.

When signing up to services and activities, we will use your data in the delivery of these services and may make this public, where appropriate. For example, listing course representative details and club and society committee details on the NUSU website.

Retention Periods

We will retain Personal Data for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Disclosure of Personal information

Your personal information will not be sold, traded or rented to individuals or other entities.  However, we may need to share it with third parties to deliver products or services to you, such as with card authorisation services for online transactions, delivery companies to ship products.

Other organisations who we may share data with includes British Universities and Colleges Sport (BUCS) for competition entries; ACM Solutions Limited who provide our online case management system for the Advice Centre; our current insurance provider; Membership Solutions Limited (MSL) who provide our Customer Relationship Management Software (CRM); external volunteering projects where students have signed up to volunteer; and Newcastle University for a number of purposes including the inclusion of extra-curricular achievements on your Higher Education Achievement Record (HEAR). Where we share data, a Data Controller to Data Processor agreement has been signed to ensure security of data and to make it clear that these third parties will be authorised to use your personal information in this necessary capacity only.

We may disclose your Personal information if we believe in good faith that such disclosure is necessary to comply with legal obligations or protect the rights and property of NUSU.

We may disclose your personal data if we believe there is a risk to yourself or others. For example, this could occur when using the Advice Services where a student may be in danger and NUSU would have a legal obligation to disclose such information to the police.

Your Rights and Managing your Data

You can manage information available to groups, organisations and projects you join on nusu.co.uk

via your NUSU Profile – this can be updated at www.nusu.co.uk/profile

Managing your email preferences from central NUSU can be done so through the relevant link of each email.

Emails may be sent from other groups such as clubs, societies, volunteer organisations etc. that you have provided your details to.  If you unsubscribe from central NUSU emails it does not mean you will be removed from all other groups and vice-versa, in which case you will need to contact the organization directly to be removed.

 

Updating University information

Some of your information is provided to us by Newcastle University.  This is synchronised on a daily basis.  This information cannot be updated by our systems and must be updated by the University. 

Subject Access Requests

All individuals have the right to access the personal data that NUSU has in relation to themselves. This can be done so using the online Subject Access Request Form - www.nusu.co.uk/subject-access 

 

If you believe any of your personal details are inaccurate, you also have the right to rectification. Any queries relating to this should be sent to dataprotection.union@ncl.ac.uk

In both access and rectification request, your request will be dealt with within one month and free of charge.

If you object to NUSU continuing to process your personal data, you have the right of erasure or the right to restrict, where we do not have any legal reason to have to keep this data. To exercise this right, please email dataprotection.union@ncl.ac.uk

Security of Your Personal Data

  • For online payments we use the payment services of Paypal and SagePay. We do not process, record or maintain your credit card or bank account information. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev and https://www.sagepay.co.uk/policies/privacy-policy 

  • NUSU is committed to protecting the security of your Personal Data. We use a variety of industry-standard security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. We also require you to enter a password to access your Account information. Please do not disclose your Account password to unauthorized people. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while NUSU uses reasonable efforts to protect your Personal Data, NUSU cannot guarantee its absolute security.

 

Contact details

The NUSU staff contact for Data Protection is the Director of Digital and Communications. Any query relating to this Privacy Policy should be sent to dataprotection.union@ncl.ac.uk

Overall T&C’s

https://www.nusu.co.uk/tac/

Reporting a concern or Breach

If you have any reason to believe that NUSU has not been compliant with the regulations within the Data Protection Act, you have the right to lodge a complaint with the Information Commissioners Officer at www.ico.org.uk

Other Areas and related documentation:

Further information – statement to be reviewed May 2018

Newcastle University Students Union Advice Centre Privacy Policy www.nusu.co.uk/sac-privacy

ICO register https://ico.org.uk/ESDWebPages/Entry/Z2204599