Skip to content

Introduction

The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or holds. This Data Processing and Privacy Notice describes how and why we collect and use personal information about you. It is issued under your right to be informed about how the University collects, uses and stores your personal data.

The Wellbeing and Mental Health team within Student Futures is dedicated to offering practical information, advice and guidance as well as general support with any emotional or mental health or wellbeing concern that may be impacting on a student’s university experience. The team consists of Wellbeing Advisers, Mental Health Advisers, administrators and a Counselling Service.

Data Protection Principles

We will comply with data protection legislation, which says that the personal information we hold about you must be:

  • Used lawfully, fairly and in a transparent way
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • Relevant to the purposes we have told you about and limited only to those purposes
  • Accurate and kept up to date
  • Kept only as long as necessary for the purposes we have told you about
  • Kept securely

What Personal Data does the University collect?

When engaging with the Wellbeing and Mental Health team students will be asked their name, student number, contact telephone number and a brief summary of their issues which will be used to create a case in our Client Record Management (CRM) database which draws information from the University’s student records system.

Following a face to face or telephone appointment with the Wellbeing team or a Mental Health Adviser, a summary of the discussion, including actions and any risks identified and discussed with the student concerned will be recorded in a pro-forma attached to a summary email. The Wellbeing and Mental Health team may, in preparation for or as part of the discussion with you, access your attendance record and other notes made on the CRM.

When engaging with the Counselling Service, the counsellor will keep brief notes of any initial consultations and counselling sessions, which are kept securely in the student’s counselling case in CRM. These are usually only seen by the student’s counsellor and Mental Health Adviser. However, in certain circumstances e.g. risk, safeguarding, legal, and service continuity situations these notes may need to be accessed by relevant Senior Managers in the Student Futures Support team.

If a student indicates significant risk issues (e.g. harm to self or others), this will also be flagged on our CRM database so that appropriate support can be put in place; this may include having multi-disciplinary meeting to discuss support options. Students flagged in this way may be referred to external agencies where appropriate.

What Special Category Data does the University Collect?

The information recorded by the Wellbeing and Mental Health team may contain special category data, but only where

  1. It is relevant to the case
  2. It is factual and accurate
  3. The student agrees with what has been recorded and has the ability to amend or delete information at all times

Why does the University need this data and how will the University use this data?

Our services collect and process data in order to offer students practical information, support and advice about any issues that may be affecting their University experience, including tailored support for International Students, Mature Students, Care Leavers and Carers. If we are not able to help you we will, if possible, refer you to someone who can.

What is the Legal Basis for processing the data?

Several legal bases for the processing of your data by the Wellbeing service exist as follows:

  • Where the processing is necessary to fulfil our contractual duties to you
  • Where we have a duty to deliver our educational and welfare services so as to act reasonably to protect the health, safety and welfare of our students in line with either our legitimate interests and/or our legal obligations such as equality law, or the health and safety of students and other persons.

Due to the nature of services we sometimes hold sensitive information about you such as health issues (including mental health). This is known as ‘special category data’. The legal bases for processing such data is as follows:

  • In order to provide you with the support you need and is therefore necessary for the provision of health and social care.
  • In rare circumstances, we may process this data to protect the vital interests of the data subject and where processing is necessary for the establishment, exercise or defence of legal claims.
  • We may in some circumstances rely upon a student’s explicit consent, for example sharing their data with certain third parties, except where an appropriate exemption exists.

For how long will the University keep this Data?

The University will keep students’ data for different periods, depending upon which service(s) they have accessed:

Wellbeing team: records will be kept for 3 years after a student has left the University.

Mental Health and Counselling team: records will be kept for 6 years from the academic year in which the student last saw a Counsellor or the Mental Health Adviser

Who has access to the data and with whom will the University share this data?

All staff members of the Wellbeing and Mental Health team and senior management staff of Student Futures Support will have access to the data recorded in CRM. This data will only be shared with other departments within the University i.e. a student’s academic department or a third party e.g. NHS services, with explicit consent, in the form of a signed declaration, from the student.

Please note where there is the potential of imminent risk to self or others this information may have to be shared without obtaining consent.

How will the University keep this data secure?

Information will be stored securely on our CRM database in line with the University’s information protection policies.

Your duty to inform us of changes

It is important that the personal information we hold is accurate and current. Please keep us informed if your personal information changes.

What Rights do you have as a Data Subject?

As a data subject of the University, under the Data Protection legislation, you have a number of rights with regard to your data, dependent upon the legal basis for processing. As such you have the right to…

  • Withdraw consent - where the University has used consent as the legal basis for processing;
  • Be informed – about how the University, collects and uses your data;
  • Access your personal data that the University holds and processes;
  • Rectify or correct any inaccuracies in your personal data that we hold;
  • Be forgotten, by requesting that your details are removed from the University systems;
  • Restrict the processing of your data whilst it is being verified or corrected;
  • Port your data in a machine readable and commonly used format;
  • Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics.

The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful basis for processing has been used or whether an exemption may apply.

The following table details the right that accompany each lawful basis.

  Lawful Basis to be INFORMED of ACCESS to RECTIFICATION to ERASURE (be FORGOTTON) to RESTRICT processing to DATA PORTABILITY to OBJECT AUTO-DECISION & PROFILING to WITHDRAW CONSENT
a CONSENT YES YES YES YES YES YES NO YES YES
b CONTRACT YES YES YES YES YES YES NO YES NO
c LEGAL YES YES YES NO YES NO NO YES NO
d VITAL YES YES YES YES YES NO NO YES NO
e PUBLIC YES YES YES NO YES NO YES YES NO
f LEGITIMATE YES YES YES YES YES NO YES YES NO

You may contact the University’s Data Protection Officer as necessary regarding your rights.

Who is the Data Controller and who is the Data Protection Officer?

The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ. The Data Controller’s representative is Mr Adrian Lee, University Secretary, who may be contacted at the University address and on 01244 511000.

The University’s Data Protection Officer (DPO) is Mr Rob Dawson. He may also be contacted at the University’s address and tel number and also by email on dpo@chester.ac.uk.

How to raise questions, comments, concerns, or complaints.

If you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above.

You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
www.ico.org.uk

Changes to this Notice

We reserve the right to update this privacy notice at any time, and we will provide a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.