The Roehampton Students’ Union is committed to protecting your privacy when you are using its online services.
Guiding Privacy Principles
On 25 May 2018 the General Data Protection Regulation (GDPR) replaced the Data Protection Act of 1998 as the law governing the processing of personal data by The Students’ Union.
Compliance with GDPR underlies all of our personal information privacy practices. We also have a set of guiding principles that govern how we use the information that we collect about you on our websites.
Use of data is compliant with the General Data Protection Regulation (GDPR) 2018 and specifically with the data principles that are set out within it. Data must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
The data controller shall be responsible for, and be able to demonstrate, compliance with the principles.
Information we collect
We will ask for “Personal Information” which identifies you and enables you to be contacted and to access Roehampton Students’ Union services. We will also ask for information about your course. If you join an activity group (Societies and student groups) we may ask you for next of kin details for emergency contact only, and for details of any medical conditions that might affect your participation in the activity that could put your or others at risk.
The Union collects information, including Personal Information that you provide us when you visit our website. “Personal Information” that will be collected or processed by the Union includes:
- Contact details such as name, address, email, phone number, next of kin
- date of birth;
- answers to security questions;
- equality information including sex/gender, sexuality, religion and nationality;
- academic records;
- medical information such as prescriptions;
- student registration identification number;
- purchasing history;
- IP address;
- DBS checks;
- ID such as passport, driving license, including, where necessary, visa details and passport numbers
- financial information; such as that which could be used to process invoices and payments
- If you register to the Students’ Union website, we collect contact information, username and password and can collect additional information submitted through registration or via updating your information.
- If you make any purchases through the site, we will record your billing address; however, we do not record your payment card details. This information is collected through our online payment gateway, our online payment provider. No card payment details are stored through the site.
- If you email us directly via an email hyperlink or contact form to provide us with feedback on the site, or to ask a question regarding the site, we will record any information contained in such emails for a period of up to one year to analyse trends and ensure improvements to the site.
- Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time we do not take steps to respond to such signals.
Roehampton Students’ Union may collect Personal Information in a variety of ways including directly from students while online when you use any of our online tools or features or applications.
We will use the information for the following purposes:
- To administer your membership of Roehampton Students’ Union.
- To administer the services and activities of Roehampton Students’ Union, such as Events, Volunteering, Societies, Programme Reps, and Representation.
- To carry out research on the demographics, interests and behaviour of our registered members.
- To send you email newsletters from Roehampton Students’ Union and details of student promotions as they become available.
- To improve the content of Roehampton Students’ Union websites.
- To perform marketing and promotional activities, including the use of third parties.
- To forward information to you which we feel you may find useful, such as details of products and services and forthcoming career/job opportunities.
We may pass your personal information onto the organisers of services of Roehampton Students Union, which you have chosen to join.
We also collect anonymous information for statistical purposes. Any anonymous information is not linked to your personal information and cannot be used to identify you.
Consent and Choice
If you choose not to register or not provide personal information, you may still visit Roehampton Students’ Union but you will not be able to access the restricted areas available to registered users. By clicking on "I accept" during the registration process, you accept the Terms and Conditions described herein and consent to our using your information accordingly.
Access to Personal Information
Individuals can find out if we hold any personal information by making a ‘subject access request’ under the GDPR. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to Roehampton Students’ Union for any personal information we may hold you need to make a request in writing please download a Subject Access Request form.
The Roehampton Students’ Union cannot be held responsible for any inaccurate personal details.
Disclosure of Personal Information
Your personal information will not be sold, traded, or rented to individuals or other entities. We may need to share Personal Information with third parties when purchasing items off our website. These third parties are required to not use your Personal Information other than to provide the services requested by Roehampton Students’ Union. We may disclose your Personal Information if we are required to comply with any legal obligations.
- The University of Roehampton our parent institution, and it's subsidiaries
- The National Union of Students UK, with whom members of the RSU have agreed to affiliate
- National Governing Bodies for Sports, Societies and Groups you may additionally become a member of
- Membership Services Solutions Ltd. - who provide membership management services including our Customer Relationship Management (CRM) software and related websites
- Google who supply both administration services such as Google Analytics Services
- Mailchimp who provide email services
- Survey Monkey who provide digital survey software
- internally with other companies and legal entities in our group (which means our subsidiaries), as defined in section 1159 of the UK Companies Act 2006; and
- Barclays Bank for bank payments and transfers
- The People’s Pension for staff pension payments
- Charlie HR for Human Resource related administrative systems
- Slack for internal communications purposes
- Governmental and regulatory bodies such as HMRC, Charity Commission and Companies House
- In addition we may, from time-to-time, also share externally with other third party service providers, as outlines above
The categories of third party service providers that we share your personal information with are, or may include:
- providers of online ticketing systems
- providers of systems and services that help us deliver our membership offer
- providers of systems and services that help us deliver employer responsibilities
- payment processors and providers of BACS, direct debit and credit card facilities
- printers, delivery and postal companies
- suppliers who host, provide, manage, support or administer certain aspects of our websites, and telephone services
- providers of customer surveys and customer insight analytics
- suppliers who host, provide, manage, support or administer certain aspects of our IT and business administration systems and data centres
- providers of Wi-Fi access for customers in our facilities
- suppliers of email, online and social media advertising and other marketing systems and services
- third parties who help us to run or administer competitions or deliver prizes
- third parties who host our events
- with our professional advisers such as instructed solicitors, accountants, auditors health and safety consultants and insurance brokers for our business administration, legal and compliance purposes;
- debt collection agencies and other such functions for the purposes of enforcing any agreements that we have with you;
- any other third party where we are obliged to, or permitted to do so, by law, court order or to comply with any search warrant or similar instrument presented to us by any law enforcement, government officer or regulatory authority;
We may provide third parties with aggregated but anonymised information and analytics about our customers and, before we do so, we will make sure that it does not identify you.
We have taken appropriate measures to ensure that your personal information is not unlawfully processed. However, no information transferred over the Internet or wireless network can be guaranteed to be completely secure. We will not be transferring your personal information outside of the European Economic Area.
Cookies are a means of storing information about you and your preferences on the hard drive of the computer you are using.
The Roehampton Students’ Union websites are intended for students and staff at the University of Roehampton who are over 17 years of age. Roehampton Students’ Union websites are not intended for children and we ask that no-one under the age of 17 submits personal information to us or uses the site without supervision of a parent or guardian.
The University and the Students’ Union is registered with the Information Commissioner to process personal data, and is obliged to comply with the General Data Protection Regulation 2018. Personal data collected via this website will only be used for the stated purpose for which they are collected. No personal data will be passed to any third party without the consent of the person concerned.
Roehampton Students’ Union is company limited by guarantee with charitable status and the ultimate data controller under the Act, its Trustees, are therefore ultimately responsible for implementation of this policy. The Trustees will be represented by the Chief Executive who will deal with day-to-day matters.
Acting Chief Executive
Roehampton Students’ Union
If you have any questions for Roehampton Students’ Union relating to privacy, please send them to this address.
Changes to this policy