Privacy Policy - DRAFT

Our alumni and supporters are extremely important to us. We want to stay in touch with you and keep your personal data in accordance with your wishes. This privacy notice explains how we use the personal data the University’s Development and Alumni Relations department (“DARO”) collects from our alumni and supporters. It supplements the page on our website ‘Data Protection – How the University Uses Your Data’.

It is important that the personal information we hold about you is accurate and current. Please keep your personal information updated during your relationship with us.

How does this privacy notice relate to other privacy notices?

If you studied at the University, data collected by the University during your time as a student are transferred from your student record to the DARO database when you graduate. This is explained on our website in the Student Privacy Notice.

The content of your student email account may be transferred to an alumni email account in M365 which is created for you upon your graduation. You will therefore be provided with an alumni M365 account.

If, once you graduate, there are ongoing student procedures such as academic appeals, the University will continue to process data relevant to that procedure in accordance with the Student Privacy Notice.

If you are a supporter of or a volunteer at the University, we will hold the personal data provided by you during your interaction with us. This is explained in the relevant privacy notices.

 

What personal data will be processed?

If you studied at the University, we process biographical, contact, and education details collected by the University during your time as a student.

If you are a supporter of the University, the data we process is that which you provide for example, if you sign up to our newsletters, register for an event or share your details with us following a visit to other parts of the University, such as Winterbourne House and Garden or the Barber Institute of Fine Arts.

We may also collect and hold personal information derived from publically available sources (either directly or through internet search functions). These public sources may include LinkedIn, Twitter, Companies House and other business-related resources including company websites, The Queen’s Honours lists, Royal Mail National Change of Address service, reliable news and press reports, and rich lists.

Examples of categories of personal data which we may hold are:

• Biographical/ contact details – for example, your name, postal/ email address and telephone number, date of birth, gender, nationality, marital status, and student number;
• Education details – for example, the courses you completed and dates of study;
• Professional details – for example, employer, occupation and work address;
• Any preferences provided by you for a specific purpose such as access requirements or other adjustments and dietary preferences for event management purposes and your communication preferences;
• Philanthropic details – for example, your history of donations (of both time (for example, volunteering) and money) made to the University, your areas of philanthropic interest and your publicly known philanthropy;
• Engagement details – for example, your membership of clubs, societies and alumni groups, your attendance at College or University events, your relationships with other alumni, supporters of the University and Colleges and publicly -known relationships with non-University stakeholders;
• Photographs – including those we have taken (for example, at events or to accompany a published interview) and those which are in the public domain.

When using video conferencing applications such as Zoom or Microsoft Teams, your name, user name, email address, your computer’s IP address, MAC address and device name may be collected.

The University will also keep records about your use of the IT facilities you use as an alumni user.

What is the purpose of the processing?

The majority of the personal data that we hold is the information that you have provided to the University or information which is in the public domain. We only process data for specified purposes and if it is justified in accordance with data protection law. 

In general terms, we process your personal data to improve your experience and engagement with the University as a supporter and/or member of our alumni community.

We also process personal data for the following purposes:

• To generate philanthropic support (for example, fundraising and/or volunteering) for University charitable projects. More specifically, these activities may include:
• sending you publications (for example, the alumni magazine, Old Joe; updates on events on campus; and email newsletters about the University and its fundraising projects) in a way which is tailored and relevant to you ;
• helping you keep in touch with other alumni and/or University supporters and donors by inviting you to alumni reunions and University events;
• informing you of the benefits available to alumni, such as careers advice and educational programmes, for alumni for two years after graduating;
• asking you if you would like to support the University (for example, by making a donation, contributing to surveys, volunteering, or acting as a mentor);
• thanking you for any gifts of time and money that help the University’s charitable causes;
• undertaking any necessary research for our due diligence to meet money laundering regulations in alignment to our Gift Acceptance policy; and,
• internal record-keeping and administration (for example, to process a donation or administer an event which you are attending).
• To validate your address and to prepare reports using maps by ‘geocoding’ your address against publicly available web mapping services
• To publish photographs and videos relating to our activities and events. We will inform you about such processing at the time when the data is obtained or as soon as reasonably possible thereafter.
• To compile anonymised statistics for ranking/league tables in which the University participates.

We may occasionally carry out wealth screening. This involves using trusted third parties who review information which is in the public domain (for example, FTSE100 directorships, company directorships, property holdings, Forbes, rich lists, etc.) on our behalf to give an indication of the financial giving capacity of individuals. We never use the data produced by this exercise as the sole basis for sending out communications; it is a starting point for further research we carry out about a person to identify if they may be interested in supporting the University, which includes considering any previous engagement with the University, their philanthropic interests and previous donations. This enables us to identify and contact only those individuals whose interests we believe align with our charitable fundraising mission.

 

Video conferencing applications

When using video conferencing applications, such as Zoom and Microsoft Teams, personal data such as your IP address and device name may collected by the companies who own these applications in order to schedule and create a record of meetings, improve and tailor your experience when using these applications. Where video conferencing applications are used to record meetings, personal data captured within the recording are stored within the cloud service owned by that company. Where recording is taking place, you will be notified at the beginning of or as you enter the recording session.

Data held and used by the University are compliant with GDPR. Personal data stored by a service provider within the cloud may be stored outside of the European Economic Area. 

What is the legal basis of the processing?

We consider the processing of your personal data for these purposes to be necessary:

• For the pursuit of the University’s legitimate interests in fundraising, in support of the University’s charitable mission and maintaining a strong relationship with our alumni and supporters;
• To enable the University to comply with its legal obligations, for example for compliance with money laundering rules and Gift Aid requirements, disclosing personal data to Local Authorities for specified purposes.
• For the performance of tasks carried out in the public interest or in the exercise of our official authority, for example the completion of Destinations of Leavers from Higher Education/ Graduate Outcomes survey;
• Very occasionally, when it is needed to protect your or another person’s vital interests and you are not capable of giving your consent (for example, in an emergency).

In some circumstances (for example, if you are not an alumnus of the University, or if, because of a disability, we need to make reasonable adjustments for you at an event we are organising), we will need your consent to process your personal data. In these cases, we will seek your consent which, if given, you will be able to withdraw at any time.

 

Who will your personal data be shared with?

Within the University, your data is shared with only those University staff who need access for the purpose of delivering our alumni and supporter activities and within the University M365 tenancy. Your personal data is held securely on the University’s Careers Network and DARO databases, which are restricted to nominated university employees.

Your personal data is shared as is necessary, on a considered and confidential basis, with several external organisations which assist with our alumni and supporter activities. These organisations act on our behalf in accordance with our instructions behalf for the purposes outlined above and do not process your data for any purpose over and above what we have asked them to do. We make sure we have appropriate contracts in place with them. Sometimes your personal data is processed by these organisations outside the European Economic Area (for example, because they use a cloud-based system with servers based outside the EEA), and if so, appropriate safeguards are in place to ensure the confidentiality and security of your personal data.

It is also sometimes necessary for us to share personal data with third parties as follows:

• Third parties engaged by the University to provide alumni, supporter and fundraising related services – we share biographical, contact and education details, professional details, volunteering and philanthropic details;
• Event venue providers – names and accessibility and assistance requirements and related information;
• The Charity Commission – for compliance with charity law;
• The Office for Students - as our principal regulator for charity law purposes;
• Compilers of ranking leagues, including, but not exclusively, the Financial Times;
• Local Authorities to carry out any of their public functions;
• HMRC - as required for Gift Aid purposes; and
• Occasionally and when necessary internal and external auditors or regulators.

We ensure we have appropriate data sharing and/or processing agreements in place before sharing your personal data with any other data controllers.

We do not sell your personal data to third parties under any circumstances, or permit third parties to sell on the data we have shared with them.

How long is your data kept?

We will retain most of your data indefinitely in support of your lifelong relationship with the University, or until there is no longer a legal basis for holding it, or you object to the use of your data for direct marketing purposes.

Your rights in relation to your data

Details about your rights are set out on the website page ‘Data Protection – How the University Uses Your Data’. This also explains how to ask any questions you may have about how your personal data is used, exercise any of your rights or complain about the way your data is being handled.

If you change your mind about receiving information about the University’s alumni and supporter services and activities, you should contact us using the contact details provided in all our emails to you. 

Are changes made to this webpage?

This privacy notice is effective from 25 May 2018 and was last updated on the 14 February 2020. It is reviewed when necessary and at least annually. Any changes will be published here and you will be notified by email or as appropriate.

Service Provider

This service is operated under contract by Aluminati Network Group Ltd. (Aluminati) acting under instruction as our Data Processor under the Data Protection Acts 1998 and 2018. Aluminati will process personal data strictly for the purposes of operating this service.

 

Aluminati is registered with the Information Commissioner under membership number Z8393842.

UoB Mentoring Connect Social Sign In: Privacy Notice

This privacy notice provides you with details of how we (Aluminati Network Group Ltd) collect, process and store your personal data when you access the Aluminate service (the ‘Service’) via this third-party application (‘App’).

LAWFUL BASIS AND PURPOSE OF PROCESSING

Aluminati processes your data in order to perform its contract, with the institution or organisation, to provide you with the Service. We will process your information for the following purposes;

• To verify your details in order to provide you with access to the Service
• To improve your onboarding experience onto the Service
• To increase your accessibility to the Service

We will only use your personal data for the purposes listed above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.

By accessing the Service through this App, you agree to the collection and use of information in accordance with this privacy policy.

If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) however we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

Email: privacy@aluminati.net

Tel: 01638 676 232

WHAT PERSONAL DATA WE COLLECT

Personal data is any information capable of identifying an individual and does not include anonymised data. We may ask you to provide us with or automatically collect certain personally identifiable information that can be used to contact or identify you, including:

• Identity & Contact Data may include your first name and last name
• Contact Data may include your email address
• Technical Data may include your cookie data, information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the time and date of your visit, unique device identifiers and other diagnostic data

We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.

YOUR RIGHTS

For data processed under the lawful basis of ‘performance of a contract’, you;

• DO have the right to; be informed, request access, data portability, data rectification, restriction processing, erasure if there is no overriding ‘legitimate interest’ for continuing to process the data
• DO NOT have the right to object

To exercise these rights please email privacy@aluminati.net. We will likely have to request information from you to confirm your identity in order to ensure we are following instructions from the actual data subject concerned. No fee is payable for the exercise of these rights unless the request is clearly unfounded, repetitive or excessive in which case we may also legally refuse your request.

For more information on individual rights under the GDPR, go to the following site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

You have the right to lodge a complaint to the supervisory authority (the Information Commissioners Office); if you believe we are processing your data unfairly.

DISCLOSURES OF YOUR PERSONAL DATA

We may have to share your personal data with third parties including:

• Our service providers who provide IT, hosting and system administration services
• Professional advisers including lawyers, bankers, auditors, insurers, financial advisers and corporate finance advisers who provide consultancy, banking, legal, insurance, accounting and financial services
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
• Third parties to whom we sell, transfer, or merge parts of our business or our assets
• We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

INTERNATIONAL TRANSFERS

We make active efforts to engage in service providers who are based within the European Economic Area (EEA). Where this is not possible, we may need to engage service providers resulting in your personal data being transferred outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
• Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

In addition to the above, your data may be temporarily transferred outside of the EEA during the course of our staff travelling abroad with personal data (for example meeting contact information and emails). There are appropriate safeguards in place to ensure the protection of your data - including encryption rendering the data unreadable in the case of loss or theft.

DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

DATA RETENTION

We will only retain personal data for as long as we need to fulfil the specified purposes we have collected it for as well as for satisfying legal, accounting, audit, or reporting requirements.

By law, for tax purposes, we have to keep certain data about our customers for six years after they cease being customers.

COOKIES & THIRD PARTY LINKS

We use cookies as described in the section above on how we use your data. If you choose to disable cookies in your browser certain parts of our service will cease to function.

Links from our website or other communications may link to third-party destinations over whom we have no control and do not take responsibility for their privacy statements or behaviours. Please read the privacy notice of these sites to understand their data policies.

Name and contact details of the data controller and data protection officer
Data Controller: Aluminati Network Group Ltd.
Address: Hyperion House, The Oaks, Newmarket, Suffolk, CB8 7XN
Data Protection Officer: Daniel Watts
Contact Details: privacy@aluminati.net