Admissions privacy notice
This privacy notice explains what types of information will be gathered about students, and how this information will be used.
Nottingham Trent University is committed to protecting the privacy and security of your personal information, this Privacy Notice provides important information about how Nottingham Trent University and its associated entities (“NTU,” “we,” or “us”) which includes Confetti Constellations Ltd, Nottingham Conference Centre Ltd, Nottingham Consultants Ltd, Nottingham Law School Legal Advice Centre Ltd, Nova Centric Ltd and NTU Temporary Staff Ltd) (“we”, “our” or “us”) identifies and manages its Data Protection responsibilities in accordance with its legal and regulatory obligations.
Who we are
NTU is a “data controller” which means we are responsible for deciding how we hold and use personal information about you.
This statement applies to any NTU applicant (“you” or “your”) or services that link to it (collectively, our “Services”). Occasionally, a service will link to a different privacy statement that will outline the particular privacy practices of that service, such as:
Please read this privacy notice carefully and contact our data protection officer if you have any questions about our privacy practices or your personal information choices.
- Tracy Landon, Legal Services Manager and Data Protection Officer
Nottingham Trent University Address: 50 Shakespeare Street, Nottingham, NG1 4FQ
We may need to update this privacy notice from time to time. If changes made to this privacy notice are considered to be material, we will notify you of the changes.
- Tracy Landon, Legal Services Manager and Data Protection Officer
NTU is committed to the responsible handling and protection of personal information.
Personal data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data).The information will be personal data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations.
Why we process your data
We collect, use, disclose, transfer, and store personal information to provide Services to you and for our operational and business purposes as described in this statement. We want to be clear about our privacy practices so that you are fully informed and can make choices about the use of your information, and we encourage you to contact us at any time with questions or concerns.
The types of personal information we collect
The categories of personal information that we may collect, store and use about you include (but are not limited to):
- Name, address(es), telephone number(s), email.
- Your country of birth, nationality and date of entry to the UK.
- Date of birth and gender.
- Any disability/access requirements or medical issues.
- Your potential course details.
- School records and qualifications.
- Communications relating to decision we make.
- For international students - passport details, details of previous study in the UK and previous visa information or government-issued identification number.
- Bank statements or utility bills may be requested for verification purposes.
In some circumstances, we may, during the course of your application to study with us, also collect, store and use the following the “special categories” of more sensitive personal information which may include (but are not limited to) racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and personal data relating to criminal offences and convictions we have asked you to declare.
We may process special categories of personal information in the following circumstances:
- In limited circumstances, with your explicit written consent.
- Where we need to carry out our legal obligations, or comply with relevant legislation.
- Where it is needed in the public interest, such as for equal opportunities monitoring and reporting or to carry out Criminal Record background checks.
- Where it is needed to assess your capacity to study on health grounds to enable us to offer you the support, for example access or accommodation requirements if you have a disability, subject to appropriate confidentiality safeguards.
- To help you arrange sponsorship or grants.
- Where the processing is necessary for archiving purposes in the public interest, or for scientific or historical research purposes, or statistical purposes, subject to further safeguards for your fundamental rights and interests specified in law.
How we collect your data
Not all of the personal information NTU holds about you will always come directly from you. Apart from the data that you provide to us, we may also process data about you from a range of sources, which include:
- Data that we and our staff generate about you, such as through your attendance at recruitment fairs, open days, seminars and workshops.
- From your school or previous establishments, or employers and via qualifications.
- Through our digital services: Which are the NTU website at www.ntu.ac.uk and any other NTU-authorised internet services, websites, products, social media, mobile phone apps and/or software applications that enable you to use, access, view, listen to and/or download NTU content or to interact with us online (or through any other digital means) on any device. We collect information that you provide to us by filling out forms on the website or by corresponding with us through the Digital Services. It includes information that you provide when you participate in discussion boards or other social media functions within the Digital Services, enter a competition, promotion or survey, and when you report a problem with the digital services.
- Email or telephone correspondence you have with NTU.
The information provided at application stage, will form the basis of your student record, if you are accepted onto a course at NTU.
Our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.
NTU uses CCTV around campus, and will collect and store information. For full details of our CCTV use, please refer to our CCTV policy
How we use data about you
We use your personal information for the following purposes:
- To provide you with information on products or services that you may request from us, or which we feel may be of interest to you, and where you have given consent for us to contact you for such purposes.
- To carry out our contractual obligations with you which will include the operation and delivery of any services you have requested, deal with requests and enquiries.
- Where it is necessary to comply with a legal obligation.
- To provide management statistics through research using applicant data which may be used by NTU to enhance the applicant and student experience.
- Where you have agreed for the purpose of consulting, informing and gauging your opinion about our products and services, for example; surveys.
- To ensure we meet our statutory obligations, including those related to diversity and equal opportunity.
- To communicate with you, and notify you about changes to our services.
- Necessity to perform tasks carried out in the public interest and otherwise to pursue our legitimate interests – this includes use of your personal information to improve the services we offer as a higher education corporation.
- Progressive profiling – we may use your personal information to better personalise communications to you.
- Analysing web behaviour – we may use your personal information to recognise web visitors on and off our Digital Services to improve experiences, analyse marketing activities, understand audiences, and personalise content for our Digital Services, applications and advertising.
- Targeting advertising – using data collected automatically on and off our Digital Services to target and tailor advertising and analyse marketing activities (e.g. retargeting users from an NTU website, or using anonymous data segments created by trusted partners who may collect your data).
- Internal data matching – to enable us to merge certain types of data collected by NTU to identify known and unknown users and map interactions with NTU’s Digital Services to CRM platforms and applications, for purposes of personalising content, understanding audiences, analysing marketing performance and targeting advertising.
- External data matching – to match customer lists with online platforms (e.g. through applications such as Facebook Custom Audiences and Google Customer Match) to target and tailor advertising, understand audiences and analyse marketing activities.
Who we share your data with
NTU shares or discloses personal information when necessary to provide Services or conduct our business operations. When we share personal information, we do so in accordance with data privacy and security requirements. We may occasionally share non-personal, anonymised or pseudonymised, and statistical data with third parties.
We may share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legal requirement or legitimate interest in doing so. Third parties will only process your personal data on our instructions and where they have agreed to treat that information confidentially and to keep it secure.
Below are the parties with whom we may share personal information and why;
- Within NTU: Associated entities, departments or services are provided data by us, and personal information will be made available to them if necessary for the provision of Services, account administration, marketing, student and technical support, for instance.
- Our business partners: We occasionally partner with other organisations to deliver co-branded courses, provide content, or to host events, conferences, and seminars. These partners include, but are not limited to: UCAS, Nottingham Trent International College, GB Group Plc and BSB Soliciting. As part of these arrangements, you may become a student of both NTU and our partners, and we and our partners may collect and share information about you. NTU will handle personal information in accordance with this Privacy Notice, and we encourage you to review the privacy notices of our partners to learn more about how they collect, use, and share personal information.
- Our third-party service providers: We partner with and are supported by service providers both in the UK around the world. Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as registering, required pre-course information, direct marketing services; advertising; data analytics and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
- Anonymised or Pseudonymised data will be shared with placement providers as part of the Social Work Suitability Panel.
- We may also use personal information to meet our internal and external audit or governmental requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:
- Under applicable law, which may include laws outside your country of residence.
- To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
- To enforce our terms and conditions.
- To protect our rights, privacy, safety, or property, or those of other persons.
If you register as a user of an e-registration Service in order to apply for Higher Education, your personal information, including any sensitive personal information you provide, will be made available to the organisation to which you have applied. In order to consider an application fully, your personal information may be forwarded on to respective institutions.
How long we keep your data for
We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this privacy notice will delete your personal information when they no longer require it.
In determining data retention periods, NTU takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. When we no longer need personal information, we securely delete or destroy it.
You can access our full Data Retention Schedule shortly.
How we secure your data
We have in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know.
NTU takes data security seriously, and we use appropriate technologies and procedures to protect personal information.
- Policies and procedures – measures are in place to protect against accidental loss and unauthorised access, use, destruction, or disclosure of data.
- Business Continuity and Disaster Recovery strategies that are designed to safeguard the continuity of our service to our clients and to protect our people and assets.
- Appropriate restrictions on access to personal information.
- Monitoring and physical measures, to store and transfer data securely.
- Data Privacy Impact Assessments (DPIA) in accordance with legal requirements and our business policies.
- Periodic training on privacy, information security, and other related subjects for employees and contractors.
- Vendor risk management.
- Contracts and security reviews on third-party vendors and providers of services.
How we keep your data secure in other countries
Your personal information may be transferred by us or our trusted partners out of the European Economic Area (the “EEA”). The trusted partners that may do this are organisations who process data for analysis or marketing purposes, including a marketing automation hub where the email address of recipients will be logged and a record of email delivery, opening, click-through and bounce-backs will be kept. Our partner uses Microsoft’s Windows Azure data centres located in East US (Virginia), West Europe (Netherlands), and Australia East (New South Wales).
NTU has networks, databases, servers, systems, and support located throughout the world. NTU collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of the university, workforce, and students. Your personal information may be shared with record matching and customer targeting partners, including Google, Facebook, Snapchat and LinkedIn. Some of these partners process personal data in Canada and the United States of America.
We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within NTU or to third parties in areas outside of the UK. The areas in which these recipients are located will vary from time to time, but may include the United States, Europe, Canada, Asia, Australia, India, and other countries.
When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection.
In other words, your rights and protection remain with your data, i.e. we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact firstname.lastname@example.org
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- Request erasure of your personal information in limited circumstances. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction or suspension of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.
- Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.
- Request the transfer of your personal information to another party.
How to contact us
Please contact our data protection officer with any requests related to your personal information.
If you are not satisfied with how NTU manages your personal data please contact the data protection officer.
In addition, you have the right to make a complaint to a data protection regulator. The Information Commisioner's Office contact details are on the ICO website.