3.1 Processing of Personal Data
The University holds, collects and processes information about its students (current and former), applicants and potential applicants. This information (which includes personal data) may include images and personal, academic, financial and disability information. This information is used for various academic, administrative, management, statutory, pastoral, and health and safety reasons.
Students, applicants and potential applicants (together “Data Subjects”) will be asked to provide and confirm their personal data and academic details with the University for the purpose of provision or potential provision of education and student experience. By providing/confirming this information the Data Subjects consent to the University holding, collecting and processing such information.
The information provided by Data Subjects is processed in accordance with the University’s Notification (Registration Number Z67235780) with the Information Commissioner under the Data Protection Act 1998 (the “Act”). This Notification is a public document and can be viewed at the Information Commissioner’s website (https://ico.org.uk/).
The information provided by Data Subjects may be disclosed to certain third parties (detailed at §3.2) in order to meet a statutory obligation, in accordance with the University’s Notification, or in accordance with the terms of the Act.
Some of the information processed by the University is “sensitive personal data” (as defined in the Act); this includes information on racial or ethnic origin, political opinions, religious or other beliefs, physical or mental health or conditions (including disability), sexual orientation or criminal records.
3.2 Disclosure of Personal Data
Data Subjects’ personal data may be accessed by the University’s employees, agents, contractors, and its service providers, who will only process this information in accordance with the Act and those University instructions, regulations and contracts. Such third-parties include:
a) authorised Officers of the Students’ Representative Council (SRC) for the purpose of verifying the registration status of proposed SRC Officer Bearers and elected SRC Office Bearers for the performance of their duties as representatives of the University student community; and
b) authorised Officers of the Glasgow University Union and the Queen Margaret Union for the purpose of managing their membership.
Personal data may also be accessed by other third parties (or their agents) where there is a legitimate interest in them receiving such information. Such third parties include:
a) Student sponsors, for example, the Student Loan Company, funding organisations and embassies;
b) Professional and accreditation bodies, for example, the Law Society of Scotland, General Medical Council, General Teaching Council Scotland, Association of MBAs;
c) Progression data will be shared with the UK Clinical Aptitude Test (UKCAT) Consortium for research purposes;
d) Relevant Government Departments to whom the University has a statutory obligation to release information, for example, Council Tax Department, UK Border Agency of the Home Office for purposes connected with immigration, the police, and benefit or tax inspectors;
e) Relevant regulatory and investigatory bodies such as the Scottish Public Services Ombudsman, Office of the Scottish Information Commissioner and Information Commissioner's Office;
f) Potential employers or providers of education who have been approached by Data Subjects;
g) Provision of student and alumni services facilitated by third party IT providers, such as the Careers Service system, Counselling & Psychological Services' client management system and alumni databases;
h) Work placement sites, for example, those students studying medicine, dentistry, education and veterinary medicine, or other educational partners, for example, Glasgow International College, or partners involved in joint/collaborative course provision;
i) Relevant and authorised third parties where the transfer of personal data is necessary in order to protect the vital interests of other person(s) where consent by or on behalf of the Data Subject has been unreasonably withheld or cannot reasonably be obtained;
j) An academic transcript for each international student, attending the University through the Study Abroad programme, will be sent to their home institution;
k) Electoral registration officers;
l) Higher Education Statistics Agency (HESA, see: https://www.hesa.ac.uk/about/regulation/data-protection/notices) includes, but is not limited to, approved research surveys into student attitudes, progress and other social and financial circumstances including the National Student Survey and, in the case of graduates, the DLHE graduate destinations longitudinal survey; and
m) Law enforcement agencies.
In emergency situations the University may provide emergency contact details and other appropriate information to those relevant authorities dealing with the emergency.
The University reserves the right to release appropriate and relevant information to a parent or guardian or sponsor of a student to ensure payment of any fees due to the University.
Disclosure to third parties not listed above will be made only where there is a legitimate interest, in accordance with the Act, and the consent of the Data Subjects will be sought where necessary.
3.3 Other use of data by the University
The information provided by students may be used for the purpose of development and alumni operations, including legitimate fundraising and marketing practices by means of accredited third party agencies and, in the case of graduates, for publication of the General Council Register (under legal statute) when a student leaves the University. For further information see www.gla.ac.uk/alumni/welcome/privacystatement/.
When a student leaves the University, appropriate data is kept as a permanent record to enable the University, if necessary, to provide references on a student’s behalf, or to maintain a record of a student’s achievements.
3.3.2 Graduation Ceremonies
Graduands, guests and staff attending should be aware that graduation ceremonies are regarded as public events. Names and Colleges of Graduands (including those graduating in absentia) are published in the graduation programme. Audio and visual images of the ceremony are publicly available via: the sale of DVDs of the ceremony and other promotional material; on the official university social media accounts; a live ‘on-campus’ video link-up; and a live ‘worldwide’ broadcast of the ceremony via the Internet.
Students’ images are captured at registration and at Graduation Ceremonies in accordance with the conditions set out in §3.1 and §3.3.4.
3.3.3 Publicity and Promotional material
In addition to the capture and use of images as set out in §3.3.3, the University may take photographs, and other images, of students for possible use in University publicity and promotional material which may be accessible on hard copy and via the Web. When practical, the University will ensure that notices are placed in any areas in which photographs/filming are taking place. It is the responsibility of the student to specify to the photographer/film crew that he/she should not be included in such photograph(s), or other images, at the time that the photograph/moving image, is taken. Where the student is the main focus of the image, consent will be sought.
4.3.5 Contact Information
Contact information for each student, such as postal and e-mail addresses and phone numbers, may be used by the University to provide important information related to attendance at the University. University contact information for Postgraduate Research students may also be placed on School websites to facilitate communication and the development of professional profiles. Students may request that this information is not publicised or request at any time that information, once publicised, be removed by contacting their Graduate School Office.
3.4 IT Facilities
All registered students will be allocated an email address and this email address, with other identifying information about students, will be displayed in the "address book" searchable by other University of Glasgow email users. Students may request that this information is not displayed in this way by contacting the IT Helpdesk.
All registered students will also be issued with a student ID card that will be used by students to gain access to appropriate University facilities.
A student is able to check that the information recorded about him/her in the University’s central student records system is correct and where appropriate update this, using the University's online registration system, MyCampus. Further details about MyCampus can be found at www.gla.ac.uk/students/myglasgow/.
The University operates CCTV and similar equipment to monitor safety and security, and may monitor telecommunications, data communications, and other communications as permitted by the relevant legislation and University regulations.
The University’s IT regulations expressly prohibit the use of the University’s IT equipment and infrastructure to access, to attempt to access, or to distribute material of a criminal, offensive or pornographic nature. Breaches will be subject to investigation and may result in disciplinary action and, in the event of contravention of law, referral to the police.
3.5 Plagiarism Detection
The University reserves the right to use plagiarism detection systems, which may be externally based, in the interests of improving academic standards when assessing student work. These systems involve the processing of basic personal data when work is uploaded. This includes an individual’s name, e-mail address, and course details. The University shall preserve student confidentiality on any external systems e.g. Turnitin and will not identify student authors or release any student material held on such databases to any external party.