How Do We Use Your Data?
South West Wales Reaching Wider Partnership/Reaching Wider Institutional Plan Privacy Notice
The South West Wales Reaching Wider Partnership is funded by the Higher Education Funding Council for Wales Reaching Wider Programme and our partners are Swansea University, University of Wales Trinity Saint David, The Open University in Wales, Coleg Sir Gâr, Gower College Swansea, Neath Port-Talbot College Group, Pembrokeshire College, Careers Wales, local authorities and schools in South West Wales.
Swansea University is the lead partner and is responsible for the collection and processing of personal data including data defined as special category. As such, Swansea University is the data controller and is committed to protecting the rights of participants in line with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, other partnership members may also act as data controllers when appropriate. Swansea University has a Data Protection Officer who can be contacted through email@example.com
In 2018 the Reaching Wider Institutional Plan at Swansea University was established. This was initially funded by the Higher Education Funding Council for Wales and is now funded by Swansea University’s fee and Access plan commitments. Responsibility for working with Key Stage Five participants transferred to the newly established Step Up To Swansea University Programme. With reference to personal data Step Up adheres to the same policies and practises as the Reaching Wider Partnership.
We take the collection, storage and use of personal data very seriously. In this document, you will find an explanation of why we collect individual data as part of the Reaching Wider programme, how we process it and the steps we take to ensure data security at all stages.
All data collected through Reaching Wider/Step Up initiatives is processed and stored in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
What kind of information do we collect?
We collect the following pieces of information for participants who participate in our activities to help us confirm that our activities are reaching young people from backgrounds that are currently under-represented in Higher Education:
- Contact details
- Date of birth
- Home postcode
- Free school meals or Educational Maintenance Allowance eligibility
- Whether the participant is living in care or has in the past
- Photographs and films- During events we may take photos and films which we use for marketing purposes such as on our website or in our newsletter.
Where possible we also collect the following pieces of information:
- For participants under the age of 21, whether the participant’s parent(s) or siblings went to university and the occupation of their parent(s)
- Whether the participant is a carer of a family member or dependent
- Prior Educational Achievement
For residential and out of school hours activities we also collect details of medical and special requirements for the purpose of providing support and ensuring the health and safety of participants and staff. These include:
- Dietary requirements
- Cultural requirements
- Emergency contact details
- Medical arrangements
- Medication taken
What is the legal basis for processing the data?
The work we carry out to promote wider engagement and participation in higher education is carried out in the public interest. We need to ensure that the money we receive from government funding agencies is spent appropriately and has a positive impact. In order to measure impact and to conduct our activities, we need to gather participant data.
The South West Wales Reaching Wider Partnership/Reaching Wider Institutional Plan processes personal data as it is necessary for it to perform a task in the public interest and for its official functions.
The legal basis for processing special category data collected on the Equal Opportunities form is on the basis that it is in the substantial public interest and is necessary for statistical purposes to monitor equality of opportunity in accordance with the Equality Act. This processing is necessary for the purposes of identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained
The legal basis for the processing of special category data collected for residential and out of hours activities, is explicit consent
The legal basis for processing the use of photographs and marketing communications is Consent.
Who receives your information?
Why we collect individual data and how we use it
We collect data on individuals for the following four main reasons.
- For the purposes of monitoring which allows us to fulfil compulsory external reporting requirements to regulatory bodies such as the Higher Education funding Council for Wales (HEFCW), as well as giving us a clear picture of the activities we deliver and the people we work with to help us make sure we’re reaching those could benefit most from outreach activities.
- For the purposes of evaluation which helps us to assess the effectiveness of different initiatives on widening participation to HE. This includes the long-term tracking of participants’ education journeys, which lets us see how many of those who participate in our activities go on to university.
- To help us identify people who belong to groups that are under-represented in Higher Education and to and ensure that people from these groups are given priority access to our activities. For further information on this please see hefcw.ac.uk/policy_areas/widening_access/reaching_wider_initiative.aspx
- To ensure the health and safety of all participants in our programmes and assist with pastoral and welfare needs eg ensuring that we are aware of medical conditions.
How data is processed
- In initiatives that involve Reaching Wider/Step Up working directly with a school, a form and explanatory letter is sent home to parents of participating children via the school asking for some pieces of information about the participant and consent to use this for the purposes outlined above. This form is then returned to Reaching Wider via the school, and the data is typed-up into a secure spreadsheet.
- In initiatives that involve participants applying directly to Reaching Wider/Step Up (eg Residential schemes), data is supplied in an online application form over a secure URL or via paper form which is returned directly to the RW/Step Up team. This data can only be accessed and downloaded/read by one of our central RW/Step Up team members.
- Password protected spreadsheets containing individual participant information are stored in the RW/Step Up file area. Access to these spreadsheets is restricted to members of the RW team and, on occasion, designated student leaders working for Reaching Wider/Step Up.
- Participant information is visually checked and inputted to our secure online database, Upshot by a member of the Reaching Wider/Step Up team.
- Information in the database can only be accessed by designated members of the Reaching Wider/Step Up team and the central team that manages the Upshot service. For the purposes of monitoring and research only, data may be shared with specific external bodies such as the University and College Admissions Service (UCAS). This allows us to see the Higher Education destination of participants who have taken part in our activities.
- For the purposes of monitoring and research, anonymous data may also be shared with third parties such as NWIS (NHS Wales Informatics Service) and SAILS (Secure Anonymised Information Linkage Databank).
- Personal participant data may be shared between Swansea University and University of Wales Trinity Saint David
- Any internal or external reporting that utilises collected data does so in an aggregate fashion, meaning that only totals are shown so data on individuals is never disclosed.
How long will your information be held?
We understand that records and information should only be retained for legitimate use and for no longer. Paper based information will be stored securely and destroyed within one year of the event. Electronic records will be stored within a secure online database ‘Upshot’ for a period of 10 years after an event, the annual date of review being 31st August.
Data shared / linked with third parties for research purposes will remain within the third party databases for the lifetime of the third parties’ projects, as individuals are no longer identifiable.
Security of your information
Data Protection legislation requires us to keep your information secure. This means that your confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of your information will be authorised to do so. Information about you in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access.
Some processing may be undertaken on the University’s behalf by an organisation contracted for that purpose. Organisations processing personal data on the University’s behalf will be bound by an obligation to process personal data in accordance with Data Protection legislation.
What are your rights?
You have a right to access your personal information, to object to the processing of your personal information, to rectify, to erase, to restrict and to port your personal information. If you have any concerns about the use of data for these purposes or would like a copy of the data we hold about you, requests should be made in writing to the University Data Protection Officer:
University Compliance Officer (FOI/DP)
If you have further questions about how we process individual monitoring data, please feel free to get in touch with Martyn Sullivan, Reaching Wider Data and Communications Coordinator, at firstname.lastname@example.org or 01792 602 128.
How to make a complaint
If you are unhappy with the way in which your personal information has been processed you may in the first instance contact the University Data Protection Officer using the contact details above.
If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: -
Information Commissioner’s Office,
Reviewed and Updated: October 2018