How the University uses parent or carer personal data (fair processing notice)

About this notice

The University needs to collect and process parent/carer personal data in order to function effectively as an organisation. Personal data is processed for a variety of reasons (as set out below) and all such personal data will be collected and processed in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

This notice explains how the University collects, uses and shares personal data relating to parents or carers of applicants and prospective students (you/your) and your rights in relation to the processing of your personal data.

In this notice:

Unless the University processes your personal data on behalf of another organisation for purposes that have been determined by that organisation, the University is a ‘controller’ in relation to your personal data and is registered as such with the Information Commissioner’s Office (ICO) (registration number Z6650067).

Changes to this notice

The University may update this notice at any time and may provide you with further notices on specific occasions where we collect and process personal data about you. You should check this notice regularly to take notice of any changes, however where any change affects your rights and interests, we will make sure we bring this to your attention and clearly explain what this means for you.

Questions or comments

If you have any questions or comments regarding this notice or you wish to exercise any of your rights (see below), you should contact our Data Protection Officer by email at data-protection@bristol.ac.uk or by phone on ext. 41824.

How we collect your personal data

We may collect your personal data in a number of ways, including:

Types of personal data processed

Personal data the University may process includes:

Personal data provided by you about others

You may provide us with personal data about other individuals, for example, your child’s/ward’s contact or application details, next of kin/emergency contact details and information about your family circumstances and dependents. You should notify the relevant person that you are providing their contact details to the University as a listed next of kin/emergency contact.

How the University uses personal data about you

The University may process personal data (including special categories of personal data) about you for the following purposes:

The University will also use parent/carer personal data to produce non-identifiable statistical data for analysis to fulfil its commitment to provide a more targeted response to improving the student and parent/carer experience, and to respond to freedom of information requests.

Lawful grounds for processing your personal data

We will only use your personal data when we are permitted to do so by law. Most commonly, we will use your personal data:

In circumstances, where you have a genuine choice as to whether we should process your personal data, we will ask you for your consent. The method used to obtain your consent will depend on the scope and context of the processing that we propose.

In relation to special categories of personal data and personal data relating to criminal convictions and offences, we may request your explicit consent unless a condition applies which allows us to process such personal data without doing so.

Sharing your personal data with third parties

Where there are lawful grounds for doing so, the University may share your personal data with the following third parties:

Where the University uses third parties to process personal data on its behalf (acting as data processors), a written contract will be put in place to ensure that any personal data shared will be held in accordance with the requirements of data protection law and that such data processors have appropriate security measures in place in relation to your personal data.

Please note that we may need to share your personal information with a regulator or to otherwise comply with the law.

Where your personal data are stored

Most personal data about you will be stored on servers within the UK or elsewhere within the European Economic Area (EEA). However, some personal data that the University processes about you may be accessed from, transferred to, or stored in, a country or territory outside of the EEA. The University will only transfer your personal data outside of the EEA:

How the University keeps your personal data secure

The University has put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in any unauthorised way or altered or disclosed. In addition, the University limits access to your personal data to the persons and organisations described above who have a need to access it. For further information, visit the University’s Information Security page.

The University has also put in place procedures to deal with any suspected personal data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so.

How long the University will retain your personal data

The University must only to retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to satisfy any legal, regulatory, accounting or reporting requirements.

Specified retention periods are applied to each category of personal data that we may process about you. In setting these retention periods, the University has taken into account:

General speaking parent/carer contact information will be kept by the University for no longer than 3 years. In the case of parent/carer opting out of, or not opting in to communications from the University, related contact information will usually be removed within a month.

In some cases, the University may anonymise your personal data so that it can no longer be identified with you, in which case the University may retain such data indefinitely.

If notice of a legal claim or other proceeding is received, then the University may retain and process relevant personal data in order to defend the claim for the duration of the same.

Whilst the University may dispose of any personal data after the conclusion of the claim, please be aware that all litigation documents disclosed, or evidence given, may be a matter of public record.

Your responsibilities

The University will attempt to ensure that accurate and up to date personal data about you is held. Parents/Carers can assist with this by contacting enquiries team to provide up to date personal data.

Your rights

You have a number of rights in relation to the processing of your personal data by the University:

To exercise any of these rights you will need to contact the University’s Data Protection Officer at data-protection@bristol.ac.uk. The University may be entitled to refuse any request in certain circumstances and you will be notified accordingly where this is the case.

Where the lawful ground relied upon by the University to process any of your personal data is your consent, you have the right to withdraw such consent at any time without having to give any reason. However, if you do so, the University may not be able to provide some or all of its services to you or the provision of those services may be affected.

You will not have to pay any fee to exercise any of the above rights, though the University may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, you will be notified accordingly.

To protect the confidentiality of your personal data the University may ask you to verify your identity before fulfilling any request in relation to your personal data.