Privacy/Fair Processing Notice for Applicants

The University of South Wales is the data controller and the University’s Data Protection Officer can be contacted through [email protected]. The University is committed to protecting the rights of students in line with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).  This privacy notice provides detail of the use the University makes of personal data when processing applications from prospective students.  

What information do we collect?

The University will process the following personal data:

  • Details provided by prospective applicants during the application process (whether directly to the University or via a third party service such as UCAS) including: name, contact details, date of birth, gender, nationality, country of birth, any dependents and care leaver status   
  • Funding arrangements. 
  • Immigration and visa information for international students.
  • Qualifications (awarded/anticipated) and previous education and work experience.
  • Supporting documentation provided during the application process. 
  • Details of the outcomes of any selection procedures (including interviews, selection tests, and, where relevant, fitness to practice and/or health declarations or other suitability assessments).
  • Attendance at applicant events.
  • Eligibility for scholarships and prizes.
  • Information provided by applicants to departments or faculties in relation to queries such as those made to the Student Money Team.
  • General correspondence and administration in relation to your application.

In addition to this, the University may need to process ‘special category’ or sensitive personal data.  This data includes data about ethnicity, sexual orientation, religious beliefs or health/disability data.  This data is used to ensure that relevant support or reasonable adjustments are made and for statistical, research and monitoring purposes.  

Criminal convictions: The University may hold and process data about criminal offences or convictions where this has been disclosed on the application form or if it is appropriate given the nature of your programme (for example, if a Disclosure and Barring Service (DBS) check is needed for the chosen programme) or as part of the accommodation booking process. This information will be used to comply with regulatory requirements to decide suitability to study on a regulated programme or to practise in a regulated profession.

The University will only use information relating to criminal convictions where the law allows. Personal data relating to criminal convictions will be retained confidentially and securely and access to that data will be strictly controlled.

How is data used?

The University will process personal data for the following purposes:

  • To consider the suitability of applicants for the course or, if we cannot make an offer of admission for that programme, for any other programme for which an application is relevant;
  • To enable individuals to take part in events for applicants (for example, applicant visit days, interviews or other selection events).
  • To consider applications for accommodation.
  • To communicate by post, email, phone or other electronic media.
  • To provide information about the programme and accommodation for which the applicant has applied.
  • To provide information relating to the University (including its facilities and services);
  • To provide a notification on the decision in respect of an application.
  • To allocate accommodation.
  • To compile statistics and conduct research for statutory reporting purposes;
  • To fulfil and monitor legal responsibilities, for example, under equalities, immigration and public safety legislation.
  • To enable the University to contact others  (for example, any next of kin or emergency contact details provided) in the event of an emergency (The University will assume that applicants have confirmed with the next of kin on the use of their data prior to providing the University with their data).
  • To comply with any relevant statutory obligations.
  • To compile statistics and conduct research in relation to enquirers, applicants and students for the purpose of planning, reviewing, managing and developing the University’s business 
  • Where disclosures are made on application forms in respect of any disabilities, the University’s Disability and Dyslexia Service will contact individuals provide information on accessing additional support and services

What is the legal basis of the processing?

The University considers that the processing of applicant personal data is necessary for:

  • The performance of a contract or to take steps at the request of the data subject to enter into a contract. 
  • Compliance with a legal obligation or regulatory obligation (e.g. reporting to
  • Government/governmental bodies).
  • The performance of tasks carried out in the public interest (e.g. teaching and research).
  • For the purposes of the University’s legitimate business interests (for example, in order to manage and develop its business).
  • For the purposes of an external organisation’s legitimate interests (for example, to enable individuals with access to external services).
  • Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Special category data will only be processed with the applicant’s explicit consent or if it is necessary:

  • For the establishment, exercise or defence of legal claims
  • Very occasionally, when it is needed to protect the vital interest of the data subject/another person where the individual is not capable of giving consent. 
  • It is in the substantial public interest
  • Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Who receives this data?

Where necessary personal information will be shared internally within the faculties and departments across the University. Personal data is protected by the University and information will not be disclosed to third parties without consent, or, is permitted by law. This section outlines the major organisations and the most common circumstances in which we disclose data about students. Where this involves international transfer of your data, data will only be transferred if it meets the conditions set down under current data protection legislation.

Your personal data is shared with a range of external organisations as is necessary for the purposes set out above and as permitted or required by law,  including the following:

  • Certain data is required so that the University can fulfil its obligations to third parties such as the Higher Education Statistics Agency (HESA), the Higher Education Funding Council for Wales (HEFCW), the Quality Assurance Agency, and Council Tax officers.
  • Regulatory bodies relating to the course of study, including but not limited to Nursing and Midwifery Council, Care Council for Wales, Solicitors Regulatory Authority.
  • International, non-EU applicants, applying to the University should also note that in line with current UK immigration legislation the University of South Wales may be required to share information about you with various agencies. This could be regarding an immigration application you have made or, after enrolment, regarding your academic status. These agencies could include a British High Commission, a British Embassy, UK visas & Immigration (UKVI), other UK authorities or a financial sponsor if you have one. By agreeing to the Terms and Conditions you indicate that you understand we may share your information where legally appropriate and that you give your consent for these external agencies to share information with us regarding your immigration status or personal situation.
  • An overseas representative formally recognised by the University through whom you have submitted your application or who is supporting your application.  This may include an agent or prospective sponsor who has submitted an application on your behalf.
  • Relevant Higher Education bodies (for example, the Office for Students, UK Research and Innovation, Universities and Colleges Admissions Service, the Office for Fair Access).
  • Occasionally and when necessary, the police and other law enforcement agencies, for the prevention or detection of crime
  • Occasionally and when necessary internal and external auditors or regulators.
  • Individuals, companies or organisations providing specific services to, or on behalf of, the University.

We ensure we have appropriate data sharing agreements in place before sharing your personal data with any other data controllers.

How long will data be held?

Information held on file will be kept in line with our Records Retention Schedule.

Keeping information secure 

Data Protection legislation requires the University to keep personal data secure. This means that confidentiality will be respected, and all appropriate measures will be taken to prevent unauthorised access and disclosure. Only members of staff who need access to relevant parts or all of an individual’s data will be authorised to do so. Information held in electronic form will be subject to password and other security restrictions, while paper files will be stored in secure areas with controlled access. 

The processing of some data may be undertaken on the University’s behalf by an organisation contracted for that purpose.  Such organisations will be bound by an obligation to process data in accordance with the Act/Regulations.  

Normally personal data that we collect from you will be stored within the European Economic Area (“the EEA”).  However, in certain instances personal data will be collected by processors within a country or territory outside the EEA.  Where this occurs the University will ensure that the country is recognised by the European Commission as guaranteeing an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data; or, by companies registered with the EU-US Privacy Shield.  

Individual rights

Individuals have the right to access personal information, to object to the processing of their personal data, to rectify, to erase, to restrict and to port personal information. 

Any requests or objections should be made in writing to the Data Protection Officer – [email protected].

Where individuals are not satisfied with the University’s response, or believe that the University is not processing personal data in accordance with the law then they may complain to the Data Protection Officer.  

If the matter is not resolved and the individual remains dissatisfied then you have the right to apply directly to the Information Commissioner for a decision.

The Information Commissioner can be contacted at: 

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk