Data Protection

Our contact details 

The University of East London is the "Data Controller" for any personal data that we collect, use, store or otherwise process. Any queries relating to Data Protection should be directed to:
The Information Assurance Office
University Way
London 
E16 2RD
Telephone 0208 223 2103
dpo@uel.ac.uk

The type of information we have 

When you apply to study with us, register for one of our events or open days, take part in Outreach and Access activity or sign up to hear more about studying with us, we collect the following data about you: 

• Your contact details including your name, address, email, contact phone number;
• Geographical information;
• Information on your interests that relate to courses and events or recruitment activities on or off campus;
• Additional information from Outreach and Access activity, such as your date of birth, gender/sex, postcode, school/college, year group, disability including a learning difficulty or long-term physical or mental health condition, ethnicity information, if you are In Care, estranged from your family, or from a military family.  

When you apply to study with us, we will collect the following personal data about you as part of your application:

• personal details (name, address, date of birth); 
• phone numbers; 
• email addresses;
• identity documents; 
•  agent information (for those students using an agent)
• gender
• gender identity
• photographs
• financial information
• academic marks
• appraisals
• references
• disciplinary information
• health and disability information
• ethnicity data
• sexual orientation
• religious belief data
• caring responsibilities 
•  personal data that is needed to provide academic and pastoral support.
• Emergency contact details 

Lawful Basis  

All personal data that is collected by us, is done so in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
When the University of East London processes your personal data, we are required to have a lawful basis for doing so. 
As a prospective student when you sign up to hear more about studying with us or attend one of our events or open days, our lawful basis for processing your personal data is Legitimate Interest.

As a prospective student, that is applying to study with us, our lawful basis for processing your personal data is Contractual Obligation. If you accept an offer to study at the University of East London, a contract is entered into between you and the University.

Where we process special category data, such as data relating to ethnicity, religion, or information relating to your health or disability, we are required to rely on a separate lawful basis specifically for that type of personal data. The circumstances for processing will determine the lawful basis chosen. 

Special category data, in relation to an application to study with us, is processed under legal obligations related to employment, social protection or social security law. We have further obligations under equality legislation, and we may therefore process such information because it is substantially in the public interest to promote equality of opportunity and treatment.

How do we get the information and why we do we have it?

We collect personal data about you in the following ways: 

• Web forms on uel.ac.uk including registrations for events or requests for more information;
•  Direct emails to the Student Recruitment mailbox/email addresses; 
•  Registrations for events;
• Via tablets at events in an electronic format; 
•  From Applicants already in our student records system who have applied through UCAS, or directly to the University;
• Via our online application process;
• Via surveys and feedback forms.

We will use the personal data that we collect from you for the following purposes and will not use this data for any other purpose without telling you.

• To record and respond to your enquiry or to register and administer your attendance at a Student Recruitment Event. 
• To provide communications relevant to becoming a University of East London Student. 
• The promotion of our recruitment Open Days and Evenings
• The promotion of other recruitment initiatives either, on campus, online, on location in the UK or abroad;
• Analysis and reporting of prospective student data and statistics
• To process your application to study with us, including adding you to our database.
•  If you are a prospective student in our database and make an application to us, we will use the data you provide to match your prospective student record with your application record to ensure the communications we send about the application process and studying with us are relevant.

Data Protection information specific to Outreach and Access interventions: 
The Outreach and Access team at the University of East London carries out a wide range of outreach interventions that are available to students both locally and across the UK. We also deliver 'in-reach' retention and progression activities for students from underrepresented backgrounds. We ask for specific personal data when participants take part in Outreach and Access interventions, to show we are meeting our aims of improving participation at University level, as well as improving retention and progression whilst at University. We want to ensure that we are giving young people from all backgrounds the information that they need to make an informed choice about university. Collecting personal data allows us to report and monitor this. This is part of government policy to eliminate inequalities in higher education. For further information, please see the Office for Students website. 
We collect details of individuals taking part in our activities for the following reasons:

• To plan interventions
• To monitor participation in interventions
• To evaluate and report on the impact of these interventions
• To understand the student journey through education and progression to higher education /future careers.

The lawful basis to process this data is Public Interest. It is necessary for the Outreach and Access team to process your data in accordance with our obligations in line with the aims of the Office for Students. 
Personal data are we ask you for:  

• Full name
• Date of birth
• Gender / Sex
• School / College name
• Year group
• Postcode
• Email address 
• Ethnicity information
• If you have a disability, learning difficulty or long-term physical or mental health condition
• If you are the first person in your family to go to university 
• If you are In Care (i.e. live with a Carer/s rather than your parent/s for at least three months) 
• If you are estranged from your family (i.e. you are not in contact with and not supported by your family)
• From a military family (i.e. you have a parent/guardian who serves/served in the military). 

How we collect your data: 
Data will be most commonly requested from students aged 13 years or older (from Year 9 upwards).
To process your data we may use Jisc Online Surveys (or another secure, GDPR compliant form). This tool allows us to collect data and produce graphs for analysis of your responses. Your information will be removed from the online survey tool by March in the following academic year. Your personal details (for example, your name) will be transferred from Jisc Online Surveys (or similar) on to an online database called the Higher Education Access Tracker (HEAT). 

Data may be collected via paper form which will be kept securely in a locked cupboard and transferred on to HEAT within two weeks upon completion of an intervention. Paper copies are then destroyed using confidential waste bags. 
Data may be collected via your school, parents or a third sector organisation, depending on the intervention you are participating in. 

How we store your data: 
All data is stored in line with Data Protection Act 2018.  
Student data that relates to Outreach and Access work is stored in HEAT, who provide a tracking and monitoring service for us. This service is supplied by the University of Kent, it enables us to track the progression of outreach participants into higher education, their attainment in higher education, plus their progression into skilled employment or further post graduate study. 
For research and evaluation purposes, we may also share your data with HEAT researchers and the following bodies:

• The Office for Students (OfS)
•  The Department for Education (DfE)
• Education and Skills Funding Agency (ESFA)
• The Higher Education Statistics Agency (HESA)
• The Universities and Colleges Admissions Service (UCAS)

Your data will never be shared unless we are required to do so by law.  

How long will your data be kept?

Under 21 years old at the time of 1st outreach activity:

• Your data will be retained for 15 years after graduation or until 30 years of age (whichever is greater).

Over 21 years old at the time of 1st outreach activity:

• Your data will be retained for 15 years after graduation, or for 10 years after your first outreach activity
• After this time has been reached, data will be anonymised in bulk at the beginning of the next academic year.
   

For further information please see HEAT's data privacy webpage. 

We will have access to your data if you have previously taken part in an Outreach and Access event and consented to monitoring and/or being tracked long-term prior to July 2021. 

Sharing your information  

External Sharing 
We may share data about you with third party processors contracted by the university. We use third parties to perform a range of tasks including databases and systems to process enquiries and applications, send email, SMS or video messages, make phone calls, use Live Chat or manage events and webinars. We work with marketing agencies to promote courses and advertise information regarding the university We work with overseas agents for international recruitment.

• The University takes its obligations with your data very seriously and will ensure that all appropriate safeguards and security provisions are in place and full compliance with its third-party agreements and privacy notice are monitored. For more information on the third-party processors we use, please contact the Data Protection Officer at dpo@uel.ac.uk.

Internal Sharing
When you make an application with us, your personal data will be shared with the departments within the institution that are responsible for processing your application.  

Cookies and Analytics  
If you visit uel.ac.uk, we will send your computer a "cookie", a small text file that resides on your computer's hard drive. Cookies identify a user's computer to our server but in no way gives the University access to your computer or any information about you, other than the data you choose to share. The University website uses cookies for collecting user information and allows us to make the website more useful by tailoring the services we offer from time to time. You can set your browser not to accept cookies, although you may not be able to access all of the features if you do. 
The website also uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your visit to our website and compile reports and to help us improve the site. 

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using the UEL website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. See Google's Privacy Policy for more information. 

Records Retention 
Your personal data will be kept in line with the University Records Retention Schedule, which is available on request. This is a large document so, if you have any specific queries, please contact dpo@uel.ac.uk. Your personal data will be kept in line with the University Records Retention Schedule and will be disposed of when: 

• We have met our legal retention requirements for your personal data or; 

We no longer have a legitimate reason to maintain that data and it is considered not to contain information which has archival value to the University.

How we store your information
All personal data that we process about you will be stored securely and in line with the requirements set out in the GDPR. Wherever possible, we will store your data within the European Union (EU) or European Economic Area (EEA). 

Where this is not possible, and we need to store your data outside of the EU/EEA, we will only do so when we are satisfied that appropriate safeguards are in place.

Your data protection rights

You have rights associated with how your personal data is used and managed. These rights include:

• To be informed what personal data about you the University holds and what it is used for
• To access your personal data
• To update the personal data the University holds about you
• To be informed how the University is complying with its obligations under the Act
• To complain to the Data Protection Officer or Information Commissioner (ico.org.uk) and
• To have personal data erased where there is no compelling reason for us to keep the data. 
• These rights are not absolute in every circumstance and several factors such as exemptions in law apply. Visit uel.ac.uk for more details. All requests to exercise any of these rights should be made to the Data Protection Officer at dpo@uel.ac.uk.  

Where the processing of your personal data or sensitive personal data/special category data is based only on your consent, you have the right to withdraw their consent at any time by contacting the department or service who obtained that consent or UEL's Data Protection Officer. Examples of where we can only rely on your consent include marketing and promotions, or research. 

If you are unhappy with our handling of your personal data or believe that the requirements of the Act (or any legislation arising directly from it) may not be fully complied with, please contact the Data Protection Officer in the first instance.  The formal complaint procedure will be used if appropriate, and you have right to submit a complaint to the Information Commissioner's Office; further details can be found at www.ico.org.uk. 

The ICO's address:            
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Download the full version of this notice (pdf).