On This Page

The right to privacy is a fundamental human right that has never been more important in a digital world. This page is designed to act as a go to reference for UEL data protection issues and is available to everyone.

The law around data protection  has changed. The General Data Protection Regulation has applied in the UK since 25 May 2018 in the form of a new Data Protection Act.

The new law is designed to improve transparency, accountability and the effective use of your personal data. In order to comply with new rules, all organisations need to do some things differently in the way they collect, use and manage personal data as part of their operations.

Use the links throughout this site to explore data protection at UEL in more detail and if you have any queries you can contact us or visit the Information Commissioners Office Website.

COVID-19 and Data Protection

As part of our plans to allow staff and students to return to campus in September 2021, UEL is investing heavily to ensure that our sites are COVID-secure. One of the measures we will be introducing is a new mobile phone app that allows you to seek support from UEL support staff at the touch of a button and also allows you to "Check in" to campus to alert support staff to your presence and provide zone specific advice.

Below are answers to some Frequently Asked Questions relating to the use of the UEL Safety App.   

Do I have to download the UEL safety app before I can return to campus?

No. The aim of the service is to enhance the safety and security of users to the service and ensure that in the event of an emergency, subscribers have the reassurance of being in immediate contact with the team best placed to help. Use of the application is completely voluntary. There will be no adverse consequences if you choose not to install it and we will not prevent you coming on site.

Is my data safe?

Yes. All data within the UEL Safety app is secured by multiple mechanisms including encryption of the data, anonymisation of unique identifiers, limited access to data within the app and limited data collection.

If I download the app does UEL have access to the contents of my phone?

No. If you download the application UEL will have access to data generated by the app including information about you that you provide in your profile, your location while on campus and the type of alert that you have raised. This data will only be retained on a 14 day cycle and will be deleted and replaced by the next 14 day cycle.

If I use the app, can UEL track where I am off campus?

No. the location tracking feature of the app is limited by a boundary that acts like a digital fence. Once you are outside of the fence, the app no longer knows your location.

Is it legal to track my location?

Yes. Generalised location data trend analysis is helping to tackle the coronavirus crisis. This is lawful under the obligations of the Data Protection Act 2018 as long as the data collected is necessary and proportionate. In case of the Safe Zone App, we are limiting what data the app collects for the purpose of incident management for the purpose of ensuring we remain COVID-secure.

If I delete the app will it delete my data?

Yes, but not instantly. All data in the app will be collected on a 14 day cycle. If you delete the app from your phone, any residual data held by UEL from the app will be deleted after 14 days.

Who can see the data?

Data collected by the app will only visible to teams directly responsible for delivering services. Permission to view and act on data provided will be controlled centrally by the specify relevant team and access will only be granted to specific members of staff rather than whole departments.

Can I get a copy of the data held by the app?

Yes. You can submit a Subject Access Request for this data by emailing dpo@uel.ac.uk.

COVID-19 Testing centre fair processing notice

Who we are

  • UEL act as the Data Controller for the purpose of the Data Protection Act (2018).
  • We will make decisions about what personal data we collect from you and how we use it fairly, lawfully and in a transparent manner.
  • Our Data Protection Officer can be contacted on dpo@uel.ac.uk.

What we collect from you

  • We collect and process your personal data to book a Lateral Flow test.
  • We share the data including the result of your test with NHS Test and Trace and NHS Digital.
  • We do not have access to the test result.

Lawful basis

  • Booking a test is voluntary. We process your booking and share your data with your explicit consent.
  • We will retain the record of your booking to demonstrate that we have facilitated your test in the public interest.

What we do with your data

We collect and use your personal data for the following purposes:

  • To allow you to book a Lateral Flow Test.
  • To ensure you can be notified of a test result.

Your rights

Everyone has rights about how their personal data is collected, used, stored and managed. You can exercise these rights at any time, but not all rights are applicable in every circumstance. For more details see this page or visit our  UEL intranet. (internal link)

You have the right to complain to the Information Commissioners Office via ico.org.uk and to seek judicial remedy if you believe we have done something wrong with your data.

Contact our Data Protection Officer on dpo@uel.ac.uk for more details.

Data Protection Basics

The Data Protection Act 2018 (the Act) regulates how organisations use the personal data of living people. The Act sets out the requirements for businesses handling personal data and gives individuals rights about how it is managed. The requirements of the Act apply equally to all personal data whether it is held in electronic or physical form.

Everyone that uses the personal data of someone else, has a duty of care under the Data Protection Act to treat personal data appropriately. Good questions to ask yourself are:

  • Am I treating someone else's personal data in the way that I would want mine to be treated?
  • Would someone be surprised to learn that I hold their personal data and the purpose for which I am processing it?

See the links below to find out more about personal and special category data.

Data Protection Framework

In the digital world, it can be difficult to know where your data is, who has access to it, why they need it and what your rights are. To address these issues, and to improve how we manage the data that we have been given by you UEL is in the process of implementing a Data Protection Framework to centralise all of our practices around data protection and the use of your personal data.

The framework is based on the requirements of a BS10012:2017 which is a quality standard that sets requirements on how we collect, store, use, share and dispose of personal data as well as how we react in the event of a personal data breach. The benefits of adopting a framework approach are that:

  • It helps UEL embed accountability into is practices.
  • It promotes education and awareness about data protection issues
  • It allows us to understand and react to privacy risks and
  • It gives you more control over how we use your data

Data Protection Policy

UEL’s Data Protection Policy sets out how we collect, manage, store and dispose of your personal data. It also sets out your information rights and the responsibilities of our staff, students and visitors. You can access a copy of our Data Protection Policy below.

Fair processing notices

Fair processing notices provide you with information about what an organisation is going to do with your personal data to allow you to decide for yourself if you are happy to give your data to them.

UEL has a range of Fair Processing Notices for different situations: click on the links below for the fair processing notice relevant to you. These notices may change from time to time as we evolve how we use your data. If you have any queries you can always contact us.

Staff fair processing notice

Who we are

  • UEL and UELPS act as the Data Controller for the purpose of the Data Protection Act (2018).
  • We will make decisions about what personal data we collect from you and how we use it fairly, lawfully and in a transparent manner.
  • Our Data Protection Officer can be contacted on dpo@uel.ac.uk.

What we collect from you

  • We collect and process your personal and special category data including:

 - Name address and contact details for getting in touch with you.
 - Financial details for payroll and pension purposes.
 - Sensitive data including your ethnicity, declared disabilities and health information for equality monitoring, and our legal obligations.
 - Data relating to your role including data used for performance assessment.
 - Data relating to any personal devices that you connect to our network.

Lawful basis

  • All processing of personal data needs a lawful basis.
  • As your employer, our principal lawful basis is the fact there is a contract between you and us for us to provide you with employment.
  • We may process your personal data under a different lawful basis depending on the circumstances of the processing. For example:

 - We will process your personal data where we are legally required to. For example, we are legally required to ensure you pay your taxes.
 - We will process your personal data for our public tasks. For example, we will share some personal data with HESA as part of our statutory return.
 - We will process your personal data based on our legitimate interests. For example publicising your work contact details, or as part of a performance appraisal.

What we do with your data

  • We collect and use your personal data for the following purposes:

 - To provide you with employment, pay pensions and other staff services.
 - To meet our legal obligations around taxation health and safety and equality.
 - To meet our statutory obligations as a University such as submitting our HESA return.
 - To fulfil our legitimate interests as a business such as using your data in staff lists, contact directories or employee appraisals.

  • We share your data with other organisations that carry out work on our behalf. These organisations are called Data Processors. We only share the data necessary for them to carry out their tasks and we have a contract with them to limit what they do with your data. Where we share your data outside of the EU, we will do so when we are satisfied that there are the correct safeguards in place.
  • We may also share your data with other organisations that use that data for their own purposes, for example to provide you with a pension. These organisations are also Data Controllers and they will make their own decisions about how they use your data outside of our control.

Your rights

  • Everyone has rights about how their personal data is collected, used, stored and managed.
  • You can exercise these rights at any time, but not all rights are applicable in every circumstance. For more details visit our this page or the UEL intranet.
  • You have the right to complain to the Information Commissioners Office via ico.org.uk and to seek judicial remedy if you believe we have done something wrong with your data. Contact our Data Protection Officer on dpo@uel.ac.uk for more details.

Download the full version of this notice (pdf)

Prospective students and Outreach and Access participant fair processing notice

Our contact details 

The University of East London is the “Data Controller” for any personal data that we collect, use, store or otherwise process. Any queries relating to Data Protection should be directed to:
The Information Assurance Office
University Way
London 
E16 2RD
Telephone 0208 223 2103
dpo@uel.ac.uk

 

The type of information we have 

When you apply to study with us, register for one of our events or open days, take part in Outreach and Access activity or sign up to hear more about studying with us, we collect the following data about you: 

  • Your contact details including your name, address, email, contact phone number;
  • Geographical information;
  • Information on your interests that relate to courses and events or recruitment activities on or off campus;
  • Additional information from Outreach and Access activity, such as your school and year group, disability & ethnicity information, if you are In Care or Care experienced, if you are an asylum seeker / refugee, or from a military family.  

When you apply to study with us, we will collect the following personal data about you as part of your application:

  • personal details (name, address, date of birth); 
  • phone numbers; 
  • email addresses;
  • identity documents; 
  •  agent information (for those students using an agent)
  • gender
  • gender identity
  • photographs
  • financial information
  • academic marks
  • appraisals
  • references
  • disciplinary information
  • health and disability information
  • ethnicity data
  • sexual orientation
  • religious belief data
  • caring responsibilities 
  •  personal data that is needed to provide academic and pastoral support.
  • Emergency contact details 

Lawful Basis  

All personal data that is collected by us, is done so in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
When the University of East London processes your personal data, we are required to have a lawful basis for doing so. 
As a prospective student when you sign up to hear more about studying with us or attend one of our events or open days, our lawful basis for processing your personal data is Legitimate Interest.

As a prospective student, that is applying to study with us, our lawful basis for processing your personal data is Contractual Obligation. If you accept an offer to study at the University of East London, a contract is entered into between you and the University.

Where we process special category data, such as data relating to ethnicity, religion, or information relating to your health or disability, we are required to rely on a separate lawful basis specifically for that type of personal data. The circumstances for processing will determine the lawful basis chosen. 

Special category data, in relation to an application to study with us, is processed under legal obligations related to employment, social protection or social security law. We have further obligations under equality legislation, and we may therefore process such information because it is substantially in the public interest to promote equality of opportunity and treatment.

How do we get the information and why we do we have it?

We collect personal data about you in the following ways: 

  • Web forms on uel.ac.uk including registrations for events or requests for more information;
  •  Direct emails to the Student Recruitment mailbox/email addresses; 
  •  Registrations for events;
  • Via tablets at events in an electronic format; 
  •  From Applicants already in our student records system who have applied through UCAS, or directly to the University;
  • Via our online application process;
  • Via surveys and feedback forms.

We will use the personal data that we collect from you for the following purposes and will not use this data for any other purpose without telling you.

  • To record and respond to your enquiry or to register and administer your attendance at a Student Recruitment Event. 
  • To provide communications relevant to becoming a University of East London Student. 
  • The promotion of our recruitment Open Days and Evenings
  • The promotion of other recruitment initiatives either, on-campus, on-line, on-location in the UK or abroad;
  • Analysis and reporting of prospective student data and statistics
  • To process your application to study with us, including adding you to our database.
  •  If you are a prospective student in our database and make an application to us, we will use the data you provide to match your prospective student record with your application record to ensure the communications we send about the application process and studying with us are relevant.

Data Protection information specific to Outreach and Access interventions: 
The Outreach and Access team at the University of East London carries out a wide range of outreach interventions that are available to students both locally and across the UK. We also deliver 'in-reach' retention and progression activities for students from underrepresented backgrounds. We ask for specific personal data when participants take part in Outreach and Access interventions, to show we are meeting our aims of improving participation at University level, as well as improving retention and progression whilst at University. We want to ensure that we are giving young people from all backgrounds the information that they need to make an informed choice about university. Collecting personal data allows us to report and monitor this. This is part of government policy to eliminate inequalities in higher education. For further information, please see the Office for Students website
We collect details of individuals taking part in our activities for the following reasons:

  • To plan interventions
  • To monitor participation in interventions
  • To evaluate and report on the impact of these interventions
  • To understand the student journey through education and progression to higher education /future careers.


The lawful basis to process this data is Public Interest. It is necessary for the Outreach and Access team to process your data in accordance with our obligations in line with the aims of the Office for Students. 
Personal data are we ask you for:  

  • Full name
  • Date of birth
  • School / College name
  • Year group
  • Gender
  • Postcode
  • If you have a disability, learning difficulty or long-term physical or mental health condition
  • Ethnicity information
  • If you are the first person in your family to go to university 
  • If you are In Care (i.e. live with a Carer/s rather than your parent/s) 
  • Care experienced (i.e. been In Care at some point)
  • If you are an asylum seeker / refugee
  • From a military family
  • Your email address.  


How we collect your data: 
Data will be most commonly requested from students aged 13 years or older (from Year 9 upwards).
To process your data we may use Jisc Online Surveys (or another secure, GDPR compliant form). This tool allows us to collect data and produce graphs for analysis of your responses. Your information will be removed from the online survey tool by March in the following academic year. Your personal details (for example, your name) will be transferred from Jisc Online Surveys (or similar) on to an online database called the Higher Education Access Tracker (HEAT). 

Data may be collected via paper form which will be kept securely in a locked cupboard and transferred on to HEAT within two weeks upon completion of an intervention. Paper copies are then destroyed using confidential waste bags. 
Data may be collected via your school, parents or a third sector organisation, depending on the intervention you are participating in. 

How we store your data: 
All data is stored in line with Data Protection Act 2018.  
Student data that relates to Outreach and Access work is stored in HEAT, who provide a tracking and monitoring service for us. This service is supplied by the University of Kent, it enables us to track the progression of outreach participants into higher education, their attainment in higher education, plus their progression into skilled employment or further post graduate study. 
For research and evaluation purposes, we may also share your data with HEAT researchers and the following bodies:

  • The Office for Students (OfS)
  •  The Department for Education (DfE)
  • Education and Skills Funding Agency (ESFA)
  • The Higher Education Statistics Agency (HESA)
  • The Universities and Colleges Admissions Service (UCAS)

Your data will never be shared unless we are required to do so by law.  

How long will your data be kept?

Under 21 years old at the time of 1st outreach activity:

  • Your data will be retained for 15 years after graduation or until 30 years of age (whichever is greater).


Over 21 years old at the time of 1st outreach activity:

  • Your data will be retained for 15 years after graduation, or for 10 years after your first outreach activity
  • After this time has been reached, data will be anonymised in bulk at the beginning of the next academic year.
     

For further information please see HEAT's data privacy webpage

We will have access to your data if you have previously taken part in an Outreach and Access event and consented to monitoring and/or being tracked long-term prior to July 2021. 

Sharing your information  

External Sharing 
We may share data about you with third party processors contracted by the university. We use third parties to perform a range of tasks including databases and systems to process enquiries and applications, send email, SMS or video messages, make phone calls, use Live Chat or manage events and webinars. We work with marketing agencies to promote courses and advertise information regarding the university We work with overseas agents for international recruitment.

  • The University takes its obligations with your data very seriously and will ensure that all appropriate safeguards and security provisions are in place and full compliance with its third-party agreements and privacy notice are monitored. For more information on the third-party processors we use, please contact the Data Protection Officer at dpo@uel.ac.uk.

Internal Sharing
When you make an application with us, your personal data will be shared with the departments within the institution that are responsible for processing your application.  

Cookies and Analytics  
If you visit uel.ac.uk, we will send your computer a "cookie", a small text file that resides on your computer's hard drive. Cookies identify a user's computer to our server but in no way gives the University access to your computer or any information about you, other than the data you choose to share. The University website uses cookies for collecting user information and allows us to make the website more useful by tailoring the services we offer from time to time. You can set your browser not to accept cookies, although you may not be able to access all of the features if you do. 
The website also uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate your visit to our website and compile reports and to help us improve the site. 

Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using the UEL website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. See Google's Privacy Policy for more information. 

Records Retention 
Your personal data will be kept in line with the University Records Retention Schedule, which is available on request. This is a large document so, if you have any specific queries, please contact dpo@uel.ac.uk. Your personal data will be kept in line with the University Records Retention Schedule and will be disposed of when: 

  • We have met our legal retention requirements for your personal data or; 

We no longer have a legitimate reason to maintain that data and it is considered not to contain information which has archival value to the University.

How we store your information
All personal data that we process about you will be stored securely and in line with the requirements set out in the GDPR. Wherever possible, we will store your data within the European Union (EU) or European Economic Area (EEA). 

Where this is not possible, and we need to store your data outside of the EU/EEA, we will only do so when we are satisfied that appropriate safeguards are in place.

Your data protection rights

You have rights associated with how your personal data is used and managed. These rights include:

  • To be informed what personal data about you the University holds and what it is used for
  • To access your personal data
  • To update the personal data the University holds about you
  • To be informed how the University is complying with its obligations under the Act
  • To complain to the Data Protection Officer or Information Commissioner (ico.org.uk) and
  • To have personal data erased where there is no compelling reason for us to keep the data. 
  • These rights are not absolute in every circumstance and several factors such as exemptions in law apply. Visit uel.ac.uk for more details. All requests to exercise any of these rights should be made to the Data Protection Officer at dpo@uel.ac.uk.  

Where the processing of your personal data or sensitive personal data/special category data is based only on your consent, you have the right to withdraw their consent at any time by contacting the department or service who obtained that consent or UEL's Data Protection Officer. Examples of where we can only rely on your consent include marketing and promotions, or research. 

If you are unhappy with our handling of your personal data or believe that the requirements of the Act (or any legislation arising directly from it) may not be fully complied with, please contact the Data Protection Officer in the first instance.  The formal complaint procedure will be used if appropriate, and you have right to submit a complaint to the Information Commissioner's Office; further details can be found at www.ico.org.uk. 

The ICO's address:            
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Download the full version of this notice (pdf).

 

 

Student fair processing notice

Who we are

  • UEL act as the Data Controller for the purpose of the Data Protection Act (2018).
  • We will make decisions about what personal data we collect from you and how we use it fairly, lawfully and in a transparent manner.
  • Our Data Protection Officer can be contacted on dpo@uel.ac.uk.

What we collect from you

  • We collect and process your personal and special category data including:
  • Name address and contact details for getting in touch with you.
  • Financial details for student fee, loans and grant administration.
  • Sensitive data including your ethnicity, declared disabilities and health information for equality monitoring, and our legal obligations.
  • Data relating to your studies including data used for the formation of your student record.
  • Data relating to any personal devices that you connect to our network.

Lawful basis

  • All processing of personal data needs a lawful basis.
  • As an applicant or student, our principal lawful basis is that we are providing you with an education as part of our public tasks.
  • We may process your personal data under a different lawful basis depending on the circumstances of the processing. For example:
  • We will process your personal data where we are legally required to. For example, we are legally required to ensure you pay your fees.
  • We will process your personal data for the purposes of a contract that you have with us. For example, where you stay in our accommodation or we monitor your attendance.
  • We will process your personal data for our public tasks. For example, we will share some personal data with the Office for Students as part of our statutory return.
  • We will process your personal data based on our legitimate interests. For example taking your photo for your student ID card.
  • In some cases will process your personal data with your consent. For example when we send you marketing or promotional material. When we rely on your consent to do this, you can withdraw that consent at any time.

What we do with your data

  • We collect and use your personal data for the following purposes:
  • To provide you with education and student support services such as access to the library and information and advice.
  • To meet our legal obligations around payment of fees, health and safety and equality.
  • To meet our statutory obligations as a University such as supplying your data to the Office for Students.
  • To fulfil our legitimate interests as a business such as providing your data to UEL’s Student Union or Alumni team.
  • We share your data with other organisations that carry out work on our behalf. These organisations are called Data Processors. We only share the data necessary for them to carry out their tasks and we have a contract with them to limit what they do with your data. Where we share your data outside of the EU, we will do so when we are satisfied that there are the correct safeguards in place.
  • We may also share your data with other organisations that use that data for their own purposes, for example to provide you with a Student Loan. These organisations are also Data Controllers and they will make their own decisions about how they use your data outside of our control.

Your rights

  • Everyone has rights about how their personal data is collected, used, stored and managed.
  • You can exercise these rights at any time, but not all rights are applicable in every circumstance. For more details visit this page or the UEL intranet.
  • * You have the right to complain to the Information Commissioners Office via ico.org.uk and to seek judicial remedy if you believe we have done something wrong with your data. Contact our Data Protection Officer on dpo@uel.ac.uk for more details.

Download full version of this notice (pdf)

Alumni fair processing notice

Who we are

  • UEL acts as the Data Controller for the purpose of the Data Protection Act (2018).
  • We will make decisions about what personal data we collect from you and how we use it fairly, lawfully and in a transparent manner.
  • Our Data Protection Officer can be contacted on dpo@uel.ac.uk.

What we collect from you

  • We collect and process your personal and special category data including:
  • Name address and contact details for getting in touch with you.
  • Education data 
  • Employment data since you graduated from UEL, if you choose to provide it.
  • Financial details if you want to make a donation to us or attend a payable event.
  • Sensitive data including your ethnicity, declared disabilities and health information, if you choose to share it, for equality monitoring and, reasonable adjustment at events. It will not be used for any other purpose.

Lawful basis

  • All processing of personal data needs a lawful basis.
  • As an alumni our principal lawful basis is that we are providing you with an alumni service as part of our legitimate interest.
  • We may process your personal data under a different lawful basis depending on the circumstances of the processing. For example:
  • We will process your personal data where we are legally required to. For example, we are legally required to follow health and safety law.
  • In some cases will process your personal data with your consent. For example when we send you marketing or promotional material. When we rely on your consent to do this, you can withdraw that consent at any time by getting in touch with the alumni team.

What we do with your data

  • We collect and use your personal data for the following purposes:
  • To provide you with an alumni service.
  • To understand your preferences in regards to donating to the university.
  • To provide you with updates about University and alumni activities.
  • To promote opportunities for you to further engage with the University

Your rights

  • Everyone has rights about how their personal data is collected, used, stored and managed.
  • You can exercise these rights at any time, but not all rights are applicable in every circumstance. For more details visit this page or the UEL intranet.
  • * You have the right to complain to the Information Commissioners Office via ico.org.uk and to seek judicial remedy if you believe we have done something wrong with your data. Contact our Data Protection Officer on dpo@uel.ac.uk for more details.

Download full version of this  notice (pdf)

Information Rights

The Data Protection Act 2018 gives you more control over your personal data by strengthening your information rights. These are:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (aka. The right to be forgotten)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

More information about each of these rights is provided on the ICO's website.

You can submit an Information Rights request quickly, easily and free of charge by completing an Information Rights Request form and emailing it to dpo@uel.ac.uk.

You can find the answers to some frequently asked questions in our Understanding your Information Rights document.