Student Privacy Policy

This statement explains how the University of Bedfordshire (the University) handles and uses the data you provide during your time as a time as a student and after you have left the University. The University’s Data Protection Officer can be contacted at DPO@beds.ac.uk

The University's role

The University is the ‘data controller’ as we collect and use information about you to carry out the services the University provides to you. The University is committed to protecting your data and being transparent about how we use your data, in line with the current Data Protection Act (2018), the General Data Protection Regulations (GDPR) and any resulting legislation.

What information does the University collect about you?

The University will collect information about you in the course of its business in providing services to you as a current or former student. This includes details when you apply for a course at the University, when you enrol at the University and as you progress through your course. This will also include data received from external sources such as UCAS and external referees.

These details will include, but are not limited to, the following:

Your contact details and other information submitted during the application and enrolment processes.
Contact details of your next of kin to be used in case of emergency.
Medical info (where applicable)
Details of your modules, courses, timetables, assessment marks and examinations.
Financial and personal information collected for the purposes of administering.
Fees and charges, loans, grants, scholarships and hardship funds.
Photographs and video recordings for the purposes of recording lectures, assessments and examinations.
Information related to the prevention of and detection of crime and the safety and security of staff and students, which includes, but is not limited to, CCTV recordings and data relating to breaches of the University’s regulations Details of your engagement with the University such as attendance information and use of electronic services such as BREO, e-vision, Pebble Pad Information gathered for the purposes of monitoring equal opportunities.
Copies of passports and any identification data to ensure eligibility to receive financial support from the UK government and in compliance with right to study and identification requirements.
Where applicable , this will also include details of visas and any other document s required for compliance with Home Office requirements, as well as biom etric data for attendance purposes.
Information you have directly provided for other services the University provides, such as Student Support (for the provision of advice, support and welfare), the ‘Go Global’ scheme and the University’s career service

How will your information be used?

During the course of its activities, the University will use your data to carry out its functions and to provide services to you as part of your student journey. Due to the vast amount of activities the University undertakes, it is not possible to state every instance where your data will be used, however the University is committed to ensure your data is only used in carrying out the University’s business.

The University relies on different legal bases, as defined in the GDPR, to process your data. These are covered in the table below:

Point	Legal basis for processing your information
1	By commencing or enrolling as a University of Bedfordshire student, the University will be required to collect, store, use, and otherwise process information about you for any purposes connected with teaching, support,research, administration, your health and safety and for other reasons deemed necessary for the performance of your contractual agreement with the University. We will also use your information for certain purposes after you cease to be a student. See GDPR Article 6(1)(b)
2	The University will obtain consent for you in order to assist with your pastoral and welfare needs (e.g. the counselling service and services to students with disabilities). See GDPR Article (6)(1)(a)
3	Processing of your personal data may also be necessary for the pursuit of our legitimate interests or by a third party’s legitimate interests – but only where the processing does not fall within our core public function, is not unwarranted and will not cause a prejudicial effect on the rights on the rights and freedoms, or legitimate interests, of the student. See GDPR Article (6)(1)(f)
4	Processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University (See GDPR Article 6(1)(e)) and for statistical research purposes (See GDPR Article 89)
5	Processing of special categories data is necessary for the statistical and research purposes in accordance with article 89(1) based on the duties in the Equality Act 2010 (see GDPR Article 9(2)(j)).

The below provides examples of how we use your information. Please note the numbers in brackets refers to the legal basis for processing:

To administer your studies and record your academic achievements, which includes your course choices, examinations and assessments, publishing results and graduation programmes. (1)
To assist in pastoral and welfare needs for example the counselling service and services to students with disabilities (2)
To administer financial aspects of your enrolment as a student (such as payment of fees, debt collection) (1)
To provide or offer facilities and services to students (for example sporting facilities, computing facilities and Library services) (1)
To carry out investigations in accordance with academic and misconduct regulations (1)
To operate security , disciplinary, complaint and quality assurance processes and arrangements (1)
To produce management statistics and to conduct research into the effectiveness of our programmes of stud y as well as produce statistics for statutory purposes. (4), (5)
To monitor engagement of students on Tier 4 Visas to ensure compliance with the terms of their sponsorship
To maximise individual’s opportunities to succeed through the use of learning analytics which are used to monitor individual’s engagement with their studies. This will involve the processing of data such as attendance and assessment to develop an overall picture of engagement. Such processing will only take place where it is necessary for the pursuit of the legitimate interests of the University or the student and only where the processing is not unwarranted and will not cause a prejudicial effect on the rights and freedoms, or legitimate interests, of the student. Sensitive/special category personal data will only be processed where the University is looking at trends and patterns analysis to produce management statistical reports. (3), (5)
To monitor our responsibilities under equal opportunities policies (4), (5)
For Higher Education Statis tics Agency (HESA) purposes, the University has a statutory obligation to send some of the information we collect about you to HESA for statistical analysis purposes (4), (5)
For Higher Education Statistics Agen cy (HESA) to conduct the Graduate Outcomes Survey after you graduate (4)
For Council Tax exemption pu rposes where personal information is collated at enrolment and shared with Local Authorities (3)
Where your consent has been provided to the University will register you to vote in the UK and General Elections (2)
To make contact with you after you graduate about Careers Support, Alumni membership and events, new developments at the University and to update your communication preferences to ensure your experience of the University of Bedfordshire Alumni Association is as rewarding as possible. (3)

Who is your information shared with?

Where necessary, personal information will be shared internally within and across other departments at the University. Personal information is protected by the University and may be shared with external parties, as required in the course of your studies.

The list below outlines the major organisations and most common circumstances in which the University will disclose your personal information. Where this is outside of the EEA, the University will only transfer information if it meets the conditions under the GDPR.

To sponsors and parents where consent has been provided
Other Higher Education Institutions or organisations involved in the delivery of your course
Where applicable, professional bodies, such as the National Health Service and Law Society, in order to confirm yo ur qualifications and accredit your course
Work placement sites or educational partners involved in joint course provision
The Student Loan Company to confirm enrolment, attendance and identity so students can access financial support (where applicable)
Debt recovery and control companies in order to recover debt on behalf of the University, where internal debt recovery procedures have been unsuccessful
Potential employers or providers of education whom you have approached (for example, where you have listed the University of Bedfordshire as a referee)
Plagiarism detection service providers in accordance with University regulations
Local authorities for purposes of council tax exemption and voting purposes where it is necessary for the pursuit of the legitimate interests of the Local Authorities or the student but only where the processing does not fall within our core public function, is not unwarranted and will not cause a prejudicial effect on the rights and freedoms, or legitimate interests, of the student.
The University of Bedfordshire’s Student Union, Beds SU, in order to provide you with the services offered by Beds SU, including, but not limited to, take part in democratic processes, benefit from representation services, join sports clubs and societies and receive communications. The University may also share sensitive information to monitor and promote equal opportunities.
Organisations the University works alongside to provide graduation ceremony services to students, this includes, but is not limited to sharing details of names, courses and result s in order to provide graduation ceremony programmers, gowns, and video recordings of graduation ceremonies.
Systems used in the course of your studies and during your time as a student, which are not managed directly by the University, for example BREO, E-Vision, Pebble Pad
Any services where you have provided direct consent, for example the University’s careers service and Go Global

How long will your in formation be held?

The University of Bedfordshire will hold your information in line with the University’s Records Management Policy.

After you have graduated, the University is required to retain some of your information to provide statutory analytical data and to verify awards, provide transcripts of marks and to provide academic references for career support.

Keeping your information secure

The University is required under data protection legislation to keep your information secure, and measures are in place to prevent unauthorised access and disclosure of your information. Only relevant members of staff who require access to your records will be authorised to do so. Systems and electronic files are subject to password restrictions and other security measures. Paper files will be stored in secure areas with controlled access.

Some processing of your information may be undertaken on the University’s behalf by third party organisations. Organisations processing personal data on the University’s behalf are also bound by the GDPR and the University has sought assurances from these organisations they ensure they are aware of their obligations under the GDPR and resulting legislation.

Your rights

You have the right to access your personal information, and where you have given direct consent to the University of Bedfordshire the right to object to the processing of your personal information, the right to withdraw that consent and the right to have your information deleted. Any requests or objections should be made in writing to:

Alexandra Pavel
Data Protection Officer
University of Bedfordshire
University Square
Luton
Bedfordshire
LU1 3JU
DPO@beds.ac.uk

Your responsibilities

Throughout the course of your studies, you have a responsibility to keep your personal details up to date. You can update your details via e-vision. During your time as a student, you may have access to other individuals' personal data and you are legally obliged to handle this in a confidential, professional and responsible manner in line with data protection legislation and any other codes of conduct or ethics.

If you are made aware of an individual’s personal information then you are expected to keep this confidential and to not tell anyone without the individual’s prior consent (unless there is an exceptional circumstance). You should also not seek to actively obtain another individual's personal information to which you are not entitled.

In the instance where data protection legislation or a duty of confidence has been breached, disciplinary action will be considered.