Information governance

NTU processes personal data about:

• students, including prospective and exchange students
• unsuccessful applications (students)
• former students (withdrawn)
• alumni
• participants of apprenticeships
• staff
• workers and contractors
• former staff
• unsuccessful applicants (staff)
• donors and friends of the University
• external third parties
• visitors
• volunteers
• landlords and tenants
• work experience students or children under 18
• individuals captured by CCTV images
• parents, guardians, or carers of students
• business or industry contacts
• suppliers (e.g. goods and services)
• enquirers or complainants
• external examiners and
• governors and former governors.

The types of personal data NTU may process are as follows:

• biographical and family details
• contact details
• country of residence
• next of kin and emergency contact information
• lifestyle and social circumstances
• photographs
• financial information
• employment record information
• RoPA Nottingham Trent University
• student record, attendance and academic information
• qualifications and professional membership information
• survey or feedback information
• health and disability information
• criminal conviction information (alleged offences and offences)
• misconduct, disciplinary and grievance information
• records of consent
• equality information
• vetting and barring checks
• contract information — including external third parties
• religious and philosophical beliefs
• political opinion
• trade union membership
• sex life and sexual orientation
• biometric data (where used to for the purposes of identifying a person)
• genetic data
• information captured by CCTV.

NTU processes personal data for the purposes of:

• providing education and associated support to students
• administrative purposes (staff and students)
• data security and integrity purposes
• safeguarding the health and safety of staff, students and third parties
• university research management
• marketing and promoting our events to the NTU community
• financial and procurement purposes
• marketing
• management and promotion of events
• fundraising and donor management
• engaging with our alumni
• prevent and detection of crime
• managing our contracts, our contractors, and our relationships with third parties
• Student Union administration
• for regulatory and legal purposes to comply with statutory returns and legal obligations.

On occasion, we need to share personal data with third parties. We do this when it is:

• required by law, or
• otherwise necessary to achieve a specified purpose.

Whenever we share personal data with third parties, we'll comply with the UK GDPR and DPA.

The categories of recipients for personal data are:

• professional, regulatory and awarding bodies
• auditors
• regulatory bodies, including the Office for Students (OfS)
• Student Loan Company (SLC)
• Universities and Colleges Admissions Services (UCAS)
• government bodies, including UKVI, ESFA, Ofsted, DSA, HMRC
• local government or councils
• third-party statistical agencies, including Higher Education Statistics Agency (HESA)
• accommodation providers
• student support providers
• RoPA Nottingham Trent University
• research councils
• international agents
• third-party suppliers or service providers
• work experience and placement providers
• debt collection agencies and payment service providers
• legal representatives
• police and law enforcement agencies
• trade unions or staff associations
• the Students' Union
• current, past or prospective employers
• benefit suppliers (staff benefits)
• parents, guardians, and carers.

NTU has relationships with other institutions and agencies. Some of these bodies are outside the UK. The purpose of these relationships is to support and facilitate learning and research.

That means we sometimes transfer personal data outside the UK. Whenever we do this, we ensure appropriate contracts or other safeguards are in place.

We hold personal data and special category data. We keep it in line with our records retention schedule. The schedule documents how long we retain records. This will be in line with regulatory and operational requirements. See a copy of our records retention schedule.