How Will We Use Your Data?
South West Wales Reaching Wider Partnership Privacy Notice
The South West Wales Reaching Wider Partnership is funded by the Higher Education Funding Council for Wales Reaching Wider Programme and our partners are Swansea University, University of Wales Trinity Saint David, The Open University in Wales, Coleg Sir Gâr, Gower College Swansea, Neath Port-Talbot College Group, Pembrokeshire College, Careers Wales, local authorities and schools in South West Wales.
Swansea University is the lead partner and is responsible for the collection and processing of personal data including data defined as sensitive. As such, Swansea University is the data controller and is committed to protecting the rights of participants in line with the UK Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR). Swansea University has a Data Protection Officer who can be contacted through firstname.lastname@example.org
We take the collection, storage and use of personal data very seriously. In this document, you will find an explanation of why we collect individual data as part of the Reaching Wider programme, how we process it and the steps we take to ensure data security at all stages.
All data collected through Reaching Wider initiatives is processed and stored in accordance with the Data Protection Act 1998 and the new General Data Protection Regulation (GDPR).
What kind of information do we collect?
We collect the following pieces of information for students who participate in our activities to help us confirm that our activities are reaching young people from backgrounds that are currently under-represented in Higher Education:
- Contact details
- Date of birth
- Home postcode
- Free school meals or Educational Maintenance Allowance eligibility
- Whether the student is living in care or has in the past
- Photographs and films- During events we may take photos and films which we use for marketing purposes such as on our website or in our newsletter.
Where possible we also collect the following pieces of information:
- Whether the student’s parent(s) went to university
- The occupation of the student’s parent(s)
- Whether the student is a carer of a family member or dependent
- Contact details
- Prior Educational Achievement
For residential and out of school hours activities we also collect details of medical and special requirements for the purpose of providing support and ensuring the health and safety of participants and staff. These include:
- Dietary requirements
- Cultural requirements
- Emergency contact details
- Medical arrangements
- Medication taken
We do not process any data without explicit consent. For children aged 15 or under, we collect this data via a parent/carer. For those aged 16 or older, we collect directly from the individual.
The legal basis for processing personal and special category data is covered by consent.
Why we collect individual data and how we use it
We collect data on individuals for the following four main reasons.
- For the purposes of monitoring which allows us to fulfil compulsory external reporting requirements to regulatory bodies such as the Higher Education funding Council for Wales (HEFCW), as well as giving us a clear picture of the activities we deliver and the people we work with to help us make sure we’re reaching those could benefit most from outreach activities.
- For the purposes of evaluation which helps us to assess the effectiveness of different initiatives on widening participation to HE. This includes the long-term tracking of participants’ education journeys, which lets us see how many of the students who participate in our activities go on to university.
- To help us identify people who belong to groups that are under-represented in Higher Education and to and ensure that people from these groups are given priority access to our activities. For further information on this please see www.hefcw.ac.uk/policy_areas/widening_access/reaching_wider_initiative.aspx
- To ensure the health and safety of all participants in our programmes and assist with pastoral and welfare needs eg ensuring that we are aware of medical conditions.
How data is processed
- In initiatives that involve Reaching Wider working directly with a school, a form and explanatory letter is sent home to parents of participating children via the school asking for some pieces of information about the student and consent to use this for the purposes outlined above. This form is then returned to Reaching Wider via the school, and the data is typed-up into a secure spreadsheet.
- In initiatives that involve students applying directly to Reaching Wider (eg Summer University), data is supplied in an online application form over a secure URL or via paper form which is returned directly to the RW team. This data can only be accessed and downloaded/read by one of our central RW team members.
- Password protected spreadsheets containing individual student information are stored in the RW file area. Access to these spreadsheets is restricted to members of the RW team and, on occasion, designated student leaders working for Reaching Wider.
- Student information is visually checked and inputted to our secure online database, Upshot by a member of the Reaching Wider team.
- Information in the database can only be accessed by designated members of the Reaching Wider team and the central team that manages the Upshot service. For the purposes of monitoring and research only, data is shared with specific external bodies such as the University and College Admissions Service (UCAS). This allows us to see the Higher Education destination of students who have taken part in our activities. Any internal or external reporting that utilises collected data does so in an aggregate fashion, meaning that only totals are shown so data on individuals is never disclosed.
How long will your information be held?
Reaching Wider will retain your personal information in line with our Records Management 2017 policy.
Security of your information
Data Protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access.
Some processing may be undertaken on the University’s behalf by an organisation contracted for that purpose. Organisations processing personal data on the University’s behalf will be bound by an obligation to process personal data in accordance with Data Protection legislation.
What are your rights?
You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. If you have any concerns about the use of data for these purposes or would like a copy of the data we hold about you, requests should be made in writing to the University Data Protection Officer:
Mrs Bev Buckley
University Compliance Officer (FOI/DP)
If you have further questions about how we process individual monitoring data, please feel free to get in touch with Martyn Sullivan, Reaching Wider Data and Communications Coordinator, at email@example.com or 01792 602 126.
How to make a complaint
If you are unhappy with the way in which your personal information has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.
If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner’s Office,
Reviewed and Updated: July 2017