University of Brighton: Philanthropy and Alumni Engagement – our privacy statement
1. Who we are and what we do
1.1 The University of Brighton’s Philanthropy and Alumni Engagement (PAE) department supports the life and work of the university through contact and interaction with alumni and other supporters. We do this by offering a range of academic, social and networking events, keeping our community updated via regular communications and providing access to specific resources, e.g. the careers service. We also work to secure philanthropic support (financial and in-kind) for the university’s students, teaching, research and capital projects.
1.2 In order to do all of the above, we maintain a database that contains personal data collected by the university during the course of our relationship with our students, alumni, donors and supporters. Initially, data about students is transferred into our database from the student record system, in accordance with the section on retention of student data within the university’s data protection policy (section 12.1).
1.3 Our database is protected by multi-level authentication and access is restricted to individuals who need to see the data to carry out their duties at the university. User access rights to the database are restricted according to individual job roles in order to ensure users only see information relevant to them.
1.5 Our aim is to provide you, our alumni and stakeholders, with a personalised experience and information about you helps us achieve this. We always aim to keep your details up to date and so we will conduct projects to check the contact details we have for you are current, and, where appropriate, update them.
1.6 As a result, some of the data we hold for you may also have been obtained from publicly available sources – for example, we may find a new address for you by using the Royal Mail’s National Change of Address database (NCOA).
1.7 We may also use information from publicly available sources to assess your inclination and capacity to support the university financially or by volunteering your time.
1.8 The University of Brighton is committed to holding your data securely and treating it with sensitivity. We will only hold the data for as long as it is necessary for the purposes outlined in this policy. All data is held, used and processed in accordance with the Data Protection Act (1998).
1.9 We will never sell your data, nor would we transfer personal data to any third parties unless you have consented to this or it is legal obligation – for example, supplying information we hold about graduates to the Higher Education Statistics Agency (or HESA) which is the official agency for the collection, analysis and dissemination of quantitative information about higher education in the United Kingdom, such as university league tables.
1.11 All alumni and stakeholders can update their consent and communications preferences here. This allows you to inform us what you would like to hear from us about and via which communications channels. We will periodically contact alumni and stakeholders to review communication preferences and areas of interest – most likely every 2-5 years.
2. The data we hold
2.1 The majority of the information we hold is obtained directly from you; and if you interact with any other departments or schools within the university, we may receive data from these areas.
2.2 The personal data stored and processed by the University of Brighton may include:
- your name, title, gender and date of birth;
- your contact details, including postal address, email address, phone numbers and links to social media accounts;
- information about your time at the university and other education history;
- your professional activities and/or employment, including salary details where available or provided;
- current interests and activities, which may include extracts from any related media stories;
- family and spouse/partner details and your relationships to other alumni, donors and friends;
- records of donations you have made to the university and associated Gift Aid status, where applicable;
- information about your wealth;
- records of all communications and marketing activities we have sent you and any responses from you;
- your posts and messages on social media directed to any University of Brighton account;
- information on your engagement in university meetings, events, groups or networks;
- volunteering by you on behalf of the university;
2.3 The university does not collect and store any bank or credit/debit card details within the PAE database. The University of Brighton is a PCI DSS compliant organisations which means we adhere to high security standards in order to protect your payment card details when you provide us with this information. Bank details used for processing Direct Debits are stored by a trusted third-party, under the Direct Debit Guarantee scheme. Also, please note that we do our best to keep information secure, including the use of SSL technology (secure server software) wherever personal data is collected online.
2.4 For those using our crowdfunding platform, Springboard, as project creators or supporters, all personal data collected via the site is securely held with our site provider, Sponsorcraft Limited. All information you provide to us is stored on secure servers located within the European Union in compliance with the EU Data Protection Directive, the EU-US Privacy Shield or any other contractual clauses that are required for providing data holding adequacy. All data is held with the site provider for an agreed period of time so as to allow the University of Brighton the ability to report on and to transfer over any and all data to its own internal systems.
3. How we use your data
3.1 Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. In the case of engaging with alumni and supporters, our basis for the use of personal information is legitimate interest. A legitimate interest is when we have a business reason to use personal information. But even then, it must not unfairly go against what is right and best for you.
3.2 Unless you have requested otherwise, your data will be used and processed for a full range of alumni/stakeholder engagement activities and programmes involving both academic and administrative departments at the university.
3.3 These include the following communications and marketing activity, which may be sent by mail, email, telephone and social media: - sending of university publications - notification of relevant events - fundraising appeals (including telephone campaigns staffed by current students) - promotion of benefits and services for alumni and friends - promotion of alumni and student mentoring services.
3.4 Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an email sent from us is opened and/or how many links are clicked within the message – the data from such tracking is used in an anonymised and aggregated form. In addition, we may collect other non-personal data such as IP addresses and webpages accessed.
3.5 As part of this, we may analyse the personal information we collect to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information. This allows us to target our resources as effectively as possible which our alumni and stakeholders tell us is important for them.
3.6 We may combine information you provide to us with information available from other external sources – this could be via social media channels (depending upon your privacy settings) or other publicly available information sources such as LinkedIn, Companies House and printed/online articles and newspapers – to help us understand more about you as an individual and your ability to support or engage with the university, as well as the preferences of our wider alumni community.
3.7 We also use publicly available sources to carry out due diligence on donors in line with the university’s Donation Acceptance, Disbursement and Ethical Fundraising policy and to meet money laundering regulations.
4. Our commitment to you
4.1 Fundraising is a key part of PAE’s activities and we are committed to working in a transparent, ethical, responsible and honest way. To reflect this commitment, we are a member of the Fundraising Regulator, adhere to the Regulator’s Code of Practice and we will also always abide by our institutional obligations as an exempt charity.
4.2 We consider our relationships with alumni and supporters to be lifelong and we will hold your details until you tell us you no longer wish to hear from us.
4.3 We will always try to ensure that the information we hold about you is up to date, reasonable and not excessive. You will always have the right to: - be informed as to how we use your data (via this Privacy Notice); - access or request a copy of the data we hold about you; - update the data we hold about you; - change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from our department; - ask us to remove your data from our records; - withdraw consent, where it is used as a legal basis for processing; - object to or restrict the processing of your information for any of the purposes outlined above.
4.4 If you have any questions about this privacy notice or would like to receive a copy of the information we hold about you, please contact us at: Philanthropy and Alumni Engagement . Room 209, Mithras House , University of Brighton, Lewes Road , BRIGHTON, BN2 4AT
Email: firstname.lastname@example.org Phone: +44 (0) 1273 642600
- 5 For wider enquiries about how the University of Brighton manages information, please contact:
Head of Data Compliance and Records Management University of Brighton 8th Floor Cockcroft Building Lewes Road Brighton, BN2 4GJ email@example.com +44 (0) 1273 642010
5. Future changes to this policy
5.1 We may make changes to this policy from time to time, including as part of the new European data protection legislations which will start to apply on 25 May 2018 (the ‘General Data Protection Regulation’ or GDPR). Any updates made to our policy will be published on our website and communicated via email and social media.