Swansea University is the lead partner and is responsible for the collection and processing of personal data including data defined as special categories of personal. As such, Swansea University is the data controller and is committed to protecting the rights of participants in line with the General Data Protection Regulation (GDPR). Swansea University has a Data Protection Officer who can be contacted through dataprotection@swansea.ac.uk

We take the collection, storage and use of personal data very seriously. In this document, you will find an explanation of why we collect individual data for Inclusive Student Support Services (ISSS), how we process it and the steps we take to ensure data security at all stages.

Inclusive Student Support Services is an overarching service consisting of services provided by the Wellbeing, Disability Service, Assessment Centre and SAILS. These services support students to enable them to have the best experience possible at University. All data collected through ISSS is processed and stored in accordance with data protection legislation.

What kind of information do we collect?

We collect the following pieces of personal information from students who register with ISSS: 

  • Name;
  • Student Number;
  • Date of birth;
  • Contact details;
  • The name and contact details of your General Practitioner (GP);
  • Details of the reasons for you accessing a particular Service(s) within ISSS, and any previous diagnosis relevant to this;
  • Disability, medical evidence, educational psychologist reports;
  • Whether you are in receipt of Disabled Students Allowance, and if so, the reason it was awarded.


We collect data on individuals for the following main reasons:

  1. In order to provide you with appropriate support services. Details you submit and discuss with any staff member will be safely recorded for use in future sessions. The information we collect via this form will enable us to make your College and potentially other services e.g. Residences, Occupational Health within the University aware of any reasonable adjustments that need to be made.
  2. For the purposes of monitoring which allows us to fulfil compulsory external auditing and reporting requirements to regulatory bodies such as DSA-QAG, and HEFCW.
  3. Carrying out research and statistical analysis. The ISSS may be required by the University to produce statistical information which is generated by our computerised records systems. Research may also be carried out on statistics that are created by our work with you. All data and research information presented to anyone outside the ISSS will be anonymous, in order to preserve confidentiality.
  4. Safeguarding and promoting the welfare of students.
  5. Ensuring student’s safety and security.

How data is processed

  • We will hold any information about you in confidence.
  • In registering with any service(s) within ISSS, students are asked to complete and return a registration or questionnaire specific to the service you are accessing either in person, by post, or via email. This form is then stored in a student’s specific folder on a secured shared drive, and the data is typed-up into a secure spreadsheet and notes made on a student-specific Microsoft Dynamics CRM file, which can only be viewed by authorised personnel.
  • Password protected spreadsheets containing individual student information are stored in the relevant Service file area. Access to these spreadsheets is restricted to members of the relevant team and, on occasion, designated staff working within ISSS. Data shared with other outside organisations will only be shared once explicit consent has been provided in writing.
  • We will not respond to requests from tutors/academic or administration staff, family members or friends for information, not even disclosing your attendance at a service appointment (unless you give explicit consent to do so).
  • In extremely rare circumstances we may have to reveal information to others e.g. when you or someone else is at risk of serious physical harm or death, a child is in danger, another student has committed a crime against you or acts of terrorism are being planned. Should such a need arise to disclose information, in the majority of circumstances we would discuss with you when we need to do this.

How long will your information be held?

Inclusive Student Support Services will hold personal information in accordance with the University's records management procedure.

Any information concerning your disability/specific need/medical condition provided to ISSS will be held securely for 7 years and thereafter will be destroyed.

Security of your information

Data Protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password or other security restrictions, while paper files will be stored in secure areas with controlled access.

Some processing and storage may be undertaken on the University’s behalf by an organisation contracted for that purpose. Organisations processing personal data on the University’s behalf will be bound by an obligation to process personal data in accordance with Data Protection legislation.

What are your rights?

You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. If you have any concerns about the use of data for these purposes or would like a copy of the data we hold about you, requests or objections should be made in writing to the University Data Protection Officer:-

University Data Protection Officer
Vice-Chancellor’s Office
Swansea University
Singleton Park
Email: dataprotection@swansea.ac.uk

Visit the University's Data Protection webpage for more information about your individual rights.

Withdrawing Consent

Under the GDPR, individuals have the right to withdraw consent at any time. If for any reason you wish to withdraw your consent, we ask that you submit this request in writing to the relevant service(s) within ISSS. You will be asked to complete a Request to Withdraw Consent form so we can ensure that you have understood what is meant by withdrawing your consent and what will happen next.

Other requests or objections should be made in writing in the first instance and sent to: - University Compliance Officer (FOI / DP), Vice-Chancellor's Office, Swansea University, Singleton Park, Swansea, SA2 8PP E-mail: dataprotection@swansea.ac.uk

Further questions?

If you have further questions about how we process individual monitoring data, please feel free to get in touch with Gareth Evans, Data Information and Insight Officer via email: gareth.evans@swansea.ac.uk

How to make a complaint

If you are unhappy with the way in which your personal information has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.

If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF www.ico.org.uk

Reviewed and Updated: February 2021