Student Hubs Privacy Policy

v2018052301

Privacy Statement

At Student Hubs, we are committed to protecting and respecting your personal data. The data that we gather and hold is managed in accordance with the General Data Protection Regulations (GDPR) 2018.  This privacy policy explains how we use any personal information that we collect about you when you engage with any of our activities or services, with effect from 25 May 2018.

  1. Who are we?

Student Hubs is a national charity working in universities across the UK to transform

student involvement in charitable activities and social action. We are a registered charity in England and Wales (number 1122328.)

We support students to develop skills and knowledge through practical volunteering, skilled placements in charities and social enterprises, and through incubation of new community projects and social ventures. Our activities include: student-led community volunteering projects; internship and consultancy placements, conferences; training and events.

  1. How can you contact us?

We operate through 7 local Hubs. Each Hub can be contacted using the following details:

manager@bristolhub.org

manager@brookeshub.org

manager@cambridgehub.org

manager@kingstonhub.org

manager@oxfordhub.org

manager@southamptonhub.org

manager@winchesterhub.org

The Student Hubs Data Protection Officer, responsible for data protection across the network and the overall organisation, is Catherine Mitchell. They can be contacted on catherine.mitchell@studenthubs.org.

  1. What data do we collect from you and how do we use it?

Below, we’ve outlined the different ways in which we collect and process data from people engaging across our activities and services. Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights.

3.1 People who sign up to our Key Social Action Activities (volunteering, skilled placements and incubation) and events and training.

3.1.1 We collect information that you provide when you create an account on the Hub Platform, such as your name, email address and your year of study. This account and the associated information is required in order for you to apply to take part in our activities (e.g. a volunteering project or an event). We will only process your data in the following ways where you have given us explicit consent to do so by agreeing to the terms of this privacy notice and opting in using a checkbox. The account information that you provide forms a ‘person record’ that is stored securely on our computer system.

We use this information to:

In addition, we use this data in an anonymised form to carry out application analysis, in order to improve how we market our opportunities and to increase the accessibility of our activities.

We also process personal data provided to us in this way for certain legitimate interest purposes, which include some or all of the following:

We will retain this information for up to 10 years in order to conduct long-term, longitudinal impact evaluation.

3.1.2 We collect equal opportunities data (e.g. your gender, your ethnicity and your household income) that you provide optionally when you apply to take part in our activities.

We use this data in an anonymised form for the following purposes:

We will never process this data in a way that allows you to be personally identified.

3.2 People who register to hear from us via our newsletters

We collect your name, email address and year of graduation for the following purposes:

We refresh consent for this kind of marketing every 3 years, or when you graduate (whichever is sooner.)

We use a third party provider, Mailchimp, to deliver our newsletters. We gather statistics around email opening and clicks using industry standard technologies, to help us monitor and improve our newsletter. For more information, please see Mailchimp’s privacy notice.

3.3 Visitors to our websites

By using our websites, you’re agreeing to be bound by the terms of this privacy notice.

3.3.1 We collect log data about you whenever you visit our websites. We will only use this data in order to troubleshoot problems with your use of the website (for example, if a form will not load) and never to do any individual profiling of you for marketing purposes. The information that we collect includes: originating IP addresses, internet service providers, the files viewed on our site (e.g. HTML pages, graphics, etc.), operating system versions, device type and timestamps.

3.3.2 We use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this in order to:

This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

       

3.3.3 Cookies

We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect data about visitors to our websites. This data includes usage and user statistics.

We also use cookies if you log into our websites to identify you and enable us to save your login status.

.

3.4 People who email us

To encrypt and protect email traffic we use Transport Layer Security (TLS) by default, but when a secure connection isn’t available (both sender and recipient need to use TLS to create a secure connection), messages will be delivered over non-secure connections. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

3.5 General partners

Student Hubs uses a third party provider called Salesforce to help us store and manage partner information to assist us in providing the best service to our partners. The Salesforce privacy notice can be accessed here.

3.6 Job applicants, current and former Student Hubs employees

3.6.1 What information do we ask for, and why?

We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t. Information that we collect might include:

3.6.2 How long is the information retained for?

If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of six months. If you say yes, we would proactively contact you should any further suitable vacancies arise.

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 2 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign.

Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.

3.7 Beneficiaries

When our activities involve direct beneficiaries (e.g. residents of a local care home who take part in befriending with Student Hubs student volunteers, or young people who are referred to take part in activity days run by Student Hubs student volunteers), we may collect personal data about those beneficiaries in order to manage their involvement with the specific activity, and to ensure that the activities we are providing are safe, efficient and positively impactful.

Where this information is collected by us directly (e.g. through one of our forms sent to the beneficiary to complete), we will always ensure that we collect informed consent from the beneficiary (or their parent/guardian if they are under 13) in order to process this data.

Where this information is shared with us by the intermediary community partner (e.g. a school or care home), we will always ensure that we have a data sharing agreement in place with that community partner, that states the legal basis for processing this personal data.

  1. How do we share and transfer your personal data to other organisations?

We will never sell, rent, or trade your personal data. We may disclose your data to service provides who render services to us or on your behalf (e.g. Mailchimp or Google), all of which are

obliged to operate in accordance with applicable laws, including GDPR.

Individual Hubs may also share specific data with affiliated organisations (e.g. partner universities or community partners with whom we run activities), as part of a contractual agreement which includes a data sharing agreement, in place to ensure that any data shared is done so securely and inline with GDPR. For example, basic data collected from students who apply to take part in our activities (3.1.1) may be shared with community partners with whom we work to provide those specific activities to which the student has applied. This is in order to run those specific activities and includes data such as name and email address, so that the community partner can send volunteers details about their volunteering activity.

If you have questions about your local Hub’s affiliated organisations and how we share data, please get in touch using the contact details provided at the start of this privacy notice.

We also may disclose your information if required by law or to enforce our legal rights.

Some of our service providers lie outside of the EEA (e.g. Mailchimp and Google.) Therefore, sometimes we transfer your data outside of the EEA. If we do, we ensure your data is processed only in countries that provide an adequate level of protection for your data or where the recipient provides appropriate safeguards, such as mechanisms like the EU-US Privacy Shield Framework.

You can read more about how our service providers comply with GDPR here:

Mailchimp

Google

SendGrid

Netlify

Postmark

  1. What rights do you have?

You are not required to provide any personal data to us. However, your failure to do so may affect our ability to provide you with the services that you request. For example, we are unable to contact you with information about an activity if you do not provide your email address.

We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided us. If you wish to access or amend any Personal Data we hold about you, or to request that we delete any information about you, you may contact us at: info@studenthubs.org.

Please note that while any changes you make will be reflected in our active user databases instantly or within a reasonable time period, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so

At any time, you may object to the processing of your Personal Data by contacting the above email address, on legitimate grounds, except if otherwise permitted by applicable law.

If you believe your right to privacy granted by applicable data protection laws has been infringed upon, please contact Student Hub’s Data Protection Officer at catherine.mitchell@studenthubs.org. You also have a right to lodge a complaint with data protection authorities.

  1. How do we retain your personal data and how do we keep it secure?

Internally, your data is shared with staff members responsible for managing the activities with which you are involved. As we are a student-led organisation, your data may also be shared with selected individuals who have been selected as student leaders in accordance with our recruitment policy, and who have signed a data sharing agreement. Data is only shared with individuals who require access in order to provide the services or activities to which you have signed up.

We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity. Please see section 2 above for more information on how long we hold your information for.

We use reasonable organisational, technical and administrative measures to keep any information collected and/or transmitted to us secure. This includes the use of HTTPS with TLS (Transport Layer Security), which encrypts transmitted data, however, no data transmission or storage system can be guaranteed to be 100% secure.

  1. How often is this policy reviewed and updated?

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 23/05/2018.

v2018052301