Last revised: 4 May 2018
This privacy notice tells you what to expect when Bristol SU (“the Students’ Union”, “we”, “us”) collects or processes personal information. All data is held in accordance with the guidelines set out in the General Data Protection Regulation (GDPR) and the Privacy of Electronic Communication Regulation.
It applies to information we collect about:
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
You might give us your personal data by filling in forms on our website, by registering to use our website, applying for jobs with Bristol SU, booking tickets to events or registering to be updated on upcoming events. If you are a student at the University of Bristol some of your personal data is shared with us by the University of Bristol to enable us to perform our functions as your Students’ Union. More detail is provided under the heading “I’m a Bristol student, what data do you hold about me?”
We collect personal data in connection with specific activities such as administering your membership, registration or membership requests, placing an order, booking tickets to an event, performing services, volunteering, conducting research, and employment.
This personal data you give us may include name, date of birth, age, gender, demographic information, email address, telephone numbers, attitudes, opinions, usernames and passwords, transactional information (where you are purchasing tickets or items). We will make sure that we only collect the data that we need, and will only use it for the purpose specified at the point it was collecting. Some of this information is imperative to enable us to administer your membership or provide a service (such as contact information), but there might also be instances where we need to collect sensitive data. We will only do this when necessary.
In addition where you book or purchase tickets for events, join a student group or use on of our services we may ask for the following information such as:
We automatically receive and save certain types of information whenever you interact with this website. We use the information to monitor website traffic and to assist with the navigation and user experience of the website.
Information that we will automatically receive includes:
We may use and analyse the information we collect so that we can manage and improve the services on the website. Demographic and statistical information about user behaviour may be collected and used to analyse the popularity and effectiveness of the website. Any disclosure of this information will be in aggregate form and will not identify individual users.
Bristol SU also uses services from Google on this website to measure and analyse visitor information. For further information on these, please visit Google’s website.
Bristol SU will not (nor will it allow any third party to) use the statistical analytics tools to track or to collect personally identifiable information of visitors to this website. Bristol SU will not associate any data gathered with any personally identifying information from any source as part of our use of the statistical analytics tools.
We might ask you to provide demographic information such as your age, gender, ethnicity or race or whether you have a disability. We use this to enable us to monitor whether our services and organisation is meeting the needs of a diverse student body, and to ensure that we are equally accessible to all students. When analysing our membership for monitoring reasons we will not use this data to identify you as an individual, and this data is coded within our database, to ensure greater protection of this data.
We also collect demographic information, including whether you identify as LGBT+ and those already listed in the previous paragraph to ensure that you are eligible to vote in all elections that affect you. Currently the Bristol SU bylaws provide that only members belonging to the liberation group being elected may vote in it’s election, this means for example that only LGBT+ students are eligible to vote for the candidates for LGBT+ Network Chair. This is collected on the basis of self-identification, and this information will only be collected where you give consent. You can also update or remove this information at any time by updating ‘My Account’ once you have signed in to this website. And there is an option to prefer not to say.
We will not use sensitive information to identify you as an individual. But there may be some specified circumstances in which we might use this data at aggregate level to contact all members of a specified group, where this enables us to provide valuable services such as to notify you of an election you are eligible to vote in.
Alongside the instances discussed above where you might give us your data directly, where you are a current student at the University of Bristol, some data that you share with the University at registration is shared with us by the University. You will be informed of this at the point of registration or re-registering with the University of Bristol each year. We have a formal data sharing agreement in place with the University and once we have received this information we will:
Sharing data in this way enables the University to fulfil its duty to provide a Students’ Union and to meet obligations under the Education Act 1994, as well as observing the legitimate interests of students to be offered the services provided by the SU, which include representation functions.
The University of Bristol has provided Bristol SU with the following student information:
The personal data collected here enables us to carry out our responsibilities as a Students’ Union and to enables us to ensure you have the required permissions to vote for elected student representatives.
The data is transferred securely and is not held on the website. No other sensitive personal data has been transferred between Bristol SU and the University. The University has only provided current student data. Equality monitoring data is used only to look at service delivery and to ensure the University and Bristol SU are meeting the needs of those with protected characteristics under equality legislation.
Our system is run by NUS Union Cloud.
Student information is provided via secure electronic transfer. The transfer ensures that Bristol SU hold up-to-date information at that time and ensure that the details of any students who opt out of the data sharing agreement are not processed further.
There may be some circumstances where data about you is shared with us.
This will only happen where there is a data sharing agreement in place, between ourselves and the organisation sharing your data. This data might be shared with us by partner providers for fulfilling a contract, for instance NUS Extra or some jointly run events.
We will ensure this data is held in line with the data sharing agreement and disposed of in line with the retention period set out in the retention policy.
Where we process your data we will only do so where there is a legal basis. This includes the following:
We’ll always act upon your choice of how you want to receive communications (for example if you want to receive our newsletter or information about offers). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a member, volunteer, donor or buyer of goods or services from Bristol SU. Examples are:
Where you have given us consent we use profiling and screening techniques to ensure communications are relevant and timely, and to provide an improved experience for our members. Profiling also allows us to target our resources effectively, which members consistently tell us is a key priority for them. We do this because it allows us to understand the background of the people who study at the University and helps us to deliver appropriate services and information to members who need it.
When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. Your data would only ever be analysed or profiled through encrypted and protected data processes, which only ever identifies broad statistics. In doing this, we may use additional information from third party sources when it is available.
We carry out research with our members, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring).
We may give some of your personal data (e.g. contact information) to a research agency who will carry out research on our behalf. They will only be supplied with information necessary for them to carry out this purpose (such as name and email address) and only on the basis of legitimate interest. Any other information you can choose to share by consenting to take part in the research.
For most research we carry out, you will not be asked to provide any identifying information, though we may ask you to provide sensitive data to help us identify how different groups are affected by student issues. However where you are asked to enter identifying information, such as email to remain eligible for a prize draw, we will disaggregate this from the results, and dispose of this data 3 weeks after responses close and winners have been notified.
Personal data collected and processed by us may be shared with Students’ Union employees and volunteers. Students’ Union staff and volunteers will only have permissions to access the information required for them to perform their role. Everyone who handles personal data, whether a Bristol SU staff member or student volunteer, is mandated to do so in line with UK Law. All staff are required to undertake mandatory training as part of their induction, and guidance is provided for all student volunteers. Below more detail is provided on what data student leaders or volunteers have access to.
There may be instances where we share data with the University of Bristol. This includes:
We may use third party companies as data processors to carry out certain administrative functions on behalf of the Students’ Union. If so, a written agreement will be put in place to ensure that any personal data disclosed will be held in accordance with the General Data Protection Act, will only be used for the purposes specified by Bristol SU and will have appropriate security measures in place. Any data used for these purposes is destroyed once used.
We do not sell or share your personal information for other organisations to use.
Alongside these actors there may be some circumstances where we give access to personal data to the following:
When we allow access to your information, we will always have complete control of what they see, what they are allowed to do with it and how long they can see it. We do not sell or share your personal information for other organisations to use.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
Some of our suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as companies based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside the EEA.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Certain categories of students will have access to some limited personal data:
When you register to join a student group or network through our website or to attend one of their events, you consent to the relevant student leader (President, Club Captain or Network Chair) holding limited personal data (name, email address). This is under a legitimate interest for them to achieve their objectives of administering the membership you have requested. Whilst registering for membership of one of these groups you may be asked to provide other personal data to enable them to perform their duties. They will not collect information beyond what is needed.
Under some limited circumstances they may need to collect additional personal data, such as emergency contact or medical information to meet their requirements to perform a service you have requested, for example where you have requested membership for a group or event that involves high risk activity. This is to ensure that they can meet their obligations to comply with health and safety, and this data will not be used for any other purpose.
Bristol SU provide guidance to Student Leaders, Network Chairs, Representatives and Officers to ensure they handle your data in compliance with UK law..
We will only hold your personal data as long as is strictly necessary. Where this relates to your membership of the Students’ Union, registration with societies, our general retention policy is to hold this data for one year after the end of the academic year in which the data was collected or shared. This ensures that we can maintain an accurate record for a sufficient time period to administer your membership correctly or respond to any outstanding queries or complaints. There are some limited circumstances in which a different retention policy will be applied to enable us to comply with relevant legislation requirements, this includes:
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your membership or registering you for an event) we will do so. Contact email@example.com if you have any concerns.
You have a right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them. You can already correct some of the information we hold by logging into your account on this website.
If you want to access your information, you must complete the Subject Access Request Form with a description of the information you want to see and the required proof of your identity by post to the University of Bristol Students’ Union, Richmond Building, 105 Queens Road, Bristol, BS8 1 LN. We do not accept these requests by email so we can ensure that we only provide personal data to the right person.
If you want to opt-out of all communications and data processing you will be required to surrender your membership to the Students’ Union which will limit your access to activities and services. You can do this by writing to the Chief Executive at the Students’ Union. Please be aware that without membership you will be unable to vote in Bristol SU elections.
If you have any questions please send these to firstname.lastname@example.org.
We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our Website or by contacting you directly.
If you have any questions, comments or suggestions, please let us know by contacting email@example.com