Anglia Ruskin University Higher Education Corporation (ARU) is committed to protecting your personal information when you use our services.
When saying “we”, “our” or “ARU”, we’re referring to Anglia Ruskin University.
This statement explains how ARU handles and uses the personal data we collect about you. ARU in this context means the central University (Cambridge, Chelmsford, Peterborough and London campuses as well as our partner colleges and former institutions including Cambridgeshire College of Arts and Technology (CCAT) and the Essex Institute of Higher Education (formerly the Chelmer Institute – itself formed from the Mid-Essex Technical College and the Brentwood College of Education). At first, these colleges combined to become Anglia Polytechnic, and then Anglia Polytechnic University in 1992. We’ve been known as Anglia Ruskin University since 2005.
Please read the following privacy policy to understand how we use and protect the information obtained via the following online services:
It also relates to us using any personal information that you provide by phone, SMS, email, in letters and other correspondence, and in person.
This Privacy Policy explains the following:
By providing us with your personal data and using our services, you agree to the collection and use of this information in accordance with the purposes described above in this privacy notice or as otherwise explained to you.
If you have any requests concerning this Privacy Policy, your personal information, or any queries with regard to our processing please contact [email protected].
Whenever we ask for your personal data we will always make sure that it is necessary to identify you from the data we collect. If we do need to identify you we will make sure that we only collect and use the minimum details we need for the specific purpose.
We may hold information relating to you from a number of sources. Primarily this will be information that you have chosen to give us directly. In some we will have been provided with your details by the company or institution you work for.
ARU also collects data about how you use ARU mobile apps, websites or other university-related online content, and the device(s) you use to access these services. This includes collecting unique online identifiers such as IP addresses, which are numbers that can uniquely identify a specific computer or other network device on the web. For more information, please see the section on cookies within this privacy notice.
We also undertake a number of commercial activities. When you become a customer for these activities we will keep the names and contact details of key employees in order to stay in touch and keep you informed. This may involve retaining emails between ARU and your company, maintaining a database record of how we have delivered our services and financial records which include delivery and invoicing contacts.
For our commercial activities we will normally obtain contact details directly from you when you sign-up to our services or from another contact in an organisation you may work for. Occasionally we may obtain your details from a third party but we will only contact you through data obtained in this way if you have consented to them sharing your details for marketing purposes.
Where you participate in our research projects, we use your personal data to inform those projects. In the final project report it is highly unlikely that you would be identifiable from the data. If we do need to identify you then we will explain why and what allows us to do so. Each research project will have its own specific Participant Information Sheet which gives you the necessary information about how your data will be used so that you can make a clear decision on whether you are happy to proceed. If you do participate we rely on our legal rights to process your data rather than under your consent, so you would not normally be able to withdraw your data after having provided it. However you do still have the legal right to challenge us over how we are using your data.
Where you work with us, either as an employee of a) a company who provides services to us or of b) an organisation or a professional body who engages with us, we will hold your details to allow us to continue those relationships effectively.
We share data on a considered and confidential basis, where appropriate, with:
If an ARU commercial service holds your personal data this will not be shared with other commercial activities in ARU unless we believe that the activities are sufficiently similar. We may use third parties to deliver some aspects of our services and therefore may need to share your personal details with them. We will make you aware of who they are as part of providing you with information about the service and will always make sure that we have contracts in place with them that ensure high standards of confidentiality. Where we use third-party providers to process payments from you they will always be compliant with industry security standard PCI-DSS. If for some reason we decide to no longer provide our services and enter into an agreement with another organisation to transfer the ongoing operation of the services, where we are satisfied that they are complaint with Data Protection we may provide them with the details of our customers to enable them to continue to deliver your services.
We ensure we have appropriate data sharing agreements in place before sharing your personal data.
We do not sell your personal data to third parties under any circumstances, or permit third parties to sell on the data we have shared with them.
We also facilitate communication between individual alumni, but in doing so we do not release personal contact details without prior permission. This function is seen as an additional benefit to being included in the Alumni Network. The Alumni Office will under no circumstances share your data with another member of the Alumni Network without your prior permission.
Your personal data will be held confidentially for as long as necessary to fulfil the purposes for which it was it collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Data will be retained in accordance with our Records Retention Schedule.
Specific Purpose | Legal Basis |
---|---|
Obtaining information about your opinions or facts about you to inform our initiatives to improve engagement with local communities. The information we may ask for will vary across all of our surveys, but examples of data requested may include
|
Where we do not need to identify you, we do not need a legal basis. Where we do, the processing is necessary:
Where we process Special Category data for these purposes, we do so because it is necessary in the substantial public interest. |
Specific Purpose | Legal Basis |
---|---|
To allow us to communicate with you on matters relating to, but not limited to:
Verifying practitioner's registration with regulatory bodies and to facilitate audits with external auditors. |
Processing is necessary
Where we process Special Category data for these purposes, we do so because it is necessary in the substantial public interest. Processing is necessary
|
Specific Purpose | Legal Basis |
---|---|
To allow us to communicate with you in support of using the services you provide to us |
Processing is necessary:
|
Specific Purpose | Legal Basis |
---|---|
To allow us to hold your contact details so that we can communicate with you on matters where you have registered an interest in being informed about our activities. |
Processing is done with your consent which you may withdraw at any time. |
Specific Purpose | Legal Basis |
---|---|
Holding recorded footage of you obtained from CCTV cameras for preventing and detecting crime and the health and safety of users of our premises and supporting investigations into suspected breaches of our polices and regulations. |
Processing is necessary for performance of a task carried out in the public interest namely:
|
Specific Purpose | Legal Basis |
---|---|
Assessing applicants to be a member of the governing body against the ‘fit and proper’ persons test in accordance with the conditions of registration as a Higher Education institute regulated by the Office for Students (OfS) |
Processing is necessary:
|
Publicising information about Governors in line with regulatory requirements, including informing the Office for Students (OfS) |
Processing is necessary:
|
Specific Purpose | Legal Basis |
---|---|
Using your contact details to provide goods and services that you have requested from us. |
Processing is necessary:
|
Keeping you informed about our goods or services that:
|
Processing is necessary:
|
Contacting you regarding goods or services which you have not previously requested from us or are not similar to those previously requested. |
Processing is undertaken only with your consent which you can withdraw at any time. |
Specific Purpose | Legal Basis |
---|---|
Supporting participation in and access to events and learning opportunities to a broader number of participants through live-streaming the activity |
Processing is necessary for:
|
Supporting participation in and access to events and learning opportunities for a broader number of participants through recording the activity |
Processing is necessary:
|
Please read about your rights under Data Protection legislation. It is important to note that the ‘legal basis’ we rely on (above) to process your data determines which of your rights are available. You are not expected to know these details, it is our responsibility to understand how the law applies and to explain it to you when responding to a request from you. Our Rights guidance is an opportunity to provide you with information on how you can expect us to handle your requests.
The law provides for the following rights:
To complain to the Information Commissioner’s Office (ICO): the ICO is the UK supervisory authority for data protection issues. For more information please visit the ICO website.
ARU is committed to holding your data securely and uses information security best practice to transmit personal data. Data is held in accordance with the Corporate Information Security Policy . For example, your personal data is accessible only by those authorised and who have a business need for access. When shared with third parties, your personal data is shared with encryption or in password protected files.
Where we have given you (or where you have chosen) a password that enables you to access our systems, you are responsible for keeping this password confidential. You must not share passwords with anyone.
Although we maintain a number of safeguards, fraudulent email requests are occasionally delivered to staff and students. We will never ask for your username or password by email. Any message that does so should be treated as a potential breach of security, no matter how legitimate it may appear. If you are in any doubt, do nothing until you have spoken to a member of the IT Services Customer Support Team.
ARU have put in place procedures to deal with any suspected data security incident and will notify you and any applicable regulator where we are required to do so. If you have any concerns that personal data has been compromised please contact