Introduction
- The University of Chester is committed to protecting the rights and freedoms of individuals as detailed in relevant Data Protection legislation including looking after any personal data that it collects, uses or hold. This Data Processing and Privacy Notice describes how and why we collect and use personal information about you for marketing, student recruitment and admissions purposes. It is issued under your right to be informed about how the University collects, uses and stores your personal data.
- Marketing, Recruitment and Admissions (MRA) is a central function within the University of Chester. The purpose of MRA is to communicate with customers about products and services offered by the University that may be of interest to them, to process applications to courses of study, and send information to customers that we are required to do so. ‘Customers’ are defined as:
- Prospective students and/or service users
- Applicants to courses of study
- Current students and/or service users
- Graduates and/or past students
Data Protection Principles
- We will comply with data protection legislation, which says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
- Relevant to the purposes we have told you about and limited only to those purposes
- Accurate and kept up-to-date
- Kept only as long as necessary for the purposes we have told you about
- Kept securely
What Personal Data does the University collect?
- MRA at the University of Chester collects Personal Data including:
- First name
- Last name
- Gender
- Email address
- Phone number(s)
- Date of birth
- Address
- Postcode
- Country
- Course applied for
- Campus applied to
- Last school attended
- IP address
- UCAS number
- Student number
- Application decision
- Public images on social platforms
- Usernames on social platforms
- Location tags on social platforms
- Personal data collected via UCAS application for an undergraduate or PGCE course.
- Personal data collected for the purpose of applying for a postgraduate course.
What Special Category Data does the University Collect?
- MRA at the University of Chester may collect and process Special Category Data relating to health and/or disabilities that are disclosed to us by Customers. This data will be used to ensure that we are offering an inclusive and accessible experience and that we are able to meet the needs of our customers. As part of the admissions process, it is also necessary for the University collect and process information relating to criminal convictions. This data is processed in an official capacity for safeguarding purposes.
Why does the University need this data and how will the University use this data?
- MRA at the University of Chester requires Personal Data in order to:
- Process applications to courses of study
- Inform customers about products and services that may be of interest to them (i.e. marketing communications)
- Send information necessary for the fulfilment of our obligations to you (i.e. necessary communications)
What is the Legal Basis for processing the data?
- MRA at the University of Chester will use the following legal bases for processing data, depending on the customer type and purpose for processing the data.
| Customer type | Purpose of processing data | Legal basis for processing |
| Prospective students and/or service users | Marketing communications | Consent |
| Prospective students and/or service users | Necessary communications | Legitimate interests |
| Prospective students and/or service users | Fulfilment of a service | Contract |
| Applicants to courses of study | Marketing communications | Consent |
| Applicants to courses of study | Necessary communications | Legitimate interests |
| Applicants to courses of study |
Fulfilment of a service |
Contract |
| Current students and/or service users | Marketing communications | Consent |
| Current students and/or service users |
Necessary communications |
Legitimate interests |
| Graduates and/or past students | Marketing communications | Consent |
| Graduates and/or past students | Necessary communications | Legitimate interests |
For how long will the University keep this Data?
- MRA at the University of Chester will observe the following schedule for retention and/or deletion of data, depending on the customer type and how the relationship with us is ended.
| Customer type | How the relationship is ended | Retention schedule |
| Prospective students and/or service users. | Customer chooses not to pursue an application for a course or service. | Data will be deleted after one year of the date of the relationship ending. |
| Applicants to courses of study | Customer declines, withdraws or is rejected from an offer of study. | Data will be deleted after one year of the relationship ending. |
| Current students and/or service users | Customer leaves the University, either during or at the end of their course of study or service term. | Data will be deleted after one year of the relationship ending. |
| Graduates and/or past students | Over five years have passed since the student last studied with us. | Data will be deleted after five years since the student last studied with us. |
Who has access to the data and with whom will the University share this data?
Partners
- In order to process an applicant’s application, in some circumstances, depending on the course applied for, it may be necessary to share applicant data with one of the University’s partners.
Third Party Services
- The University of Chester may contract selected third party service providers to process personal data about customers. These service providers are authorised to use your personal data only as necessary to provide the requested services to us. Unless described in this Privacy Statement, the University of Chester does not share, sell, rent, or trade any data with third parties for their promotional purposes.
- The following is a list of purposes for which personal data of customers may be processed by third parties and the service providers by whom it may be processed on behalf of the University of Chester. Links to the privacy statements of the selected third parties have also been provided.
Data Management
MRA at the University of Chester use third party data management providers for the purposes of storing personal data about customers and their marketing preferences. Personal data may also be processed in order to support and improve the services that are offered.
Service providers that personal data may be processed by, for the purposes of data management, include:
MRA at the University of Chester use third party email providers for the purposes of sending emails relevant to customer interests and application status. Personal data may also be processed for the purposes of personalising emails with customer application details and other relevant information. Personal data may also be processed to track customer behaviour relating to emails received, including whether a customer opened the email, and/or clicked any links.
Service providers that personal data may be processed by, for the purposes of sending emails include:
Image Processing
MRA at the University of Chester use third party image processors for the purposes of collecting, storing and republishing images that customers post on social networks. With the permission of the customer (by responding to a request with #YESChester), these images may be used by us for the purposes of marketing and advertising. Further details about these permissions can be found in our separate Image Processing Terms of Use.
Service providers that personal data may be processed by, for the purposes of image processing include:
Market Research
MRA at the University of Chester uses a third party survey software provider for the purposes of contacting respondents and collecting survey responses. Personal data may be processed by this provider for the purposes of collecting customer feedback, including feedback from customer events, decision making processes and behaviour.
The survey software provider that personal data may be processed by, for the purposes of market research is:
MRA may use third party service providers for the purposes of conducting market research. We will always make this clear in such cases and full details of these providers will be given.
Online Advertising
MRA at the University of Chester use a number of advertising platforms in order to inform customers about courses, events, news and other information that may be of interest to them. Personal data may be processed by these providers in order to better target our advertisements to customers. Personal data may also be processed in order to inform the University of Chester about the performance of advertising campaigns.
Service providers that personal data may processed by, for the purposes of advertising include:
- Adroll
- Bing (Microsoft)
- Hotcourses
- Net Natives
- Snap Inc. (Snapchat)
- TikTok
How to opt-out of personalised online advertising
We may use Google, Twitter, Facebook, LinkedIn, and Snapchat remarketing features which support promotion of our courses and other services you have shown an interest in, if you are a user of these platforms.
This may be based on hashed (anoymised) personal data (see section 4 on the data we may collect for marketing), or other anonymous information collected by cookies when you visit our website, such as things like your mobile device location (if location features are turned on), browser cookie ID, mobile device identifier, and IP addresses. This helps us provide you with relevant adverts if you have a Google, Twitter, Facebook, LinkedIn, or Snapchat account.
You can choose to opt out of receiving these adverts by:
- changing your account settings for Twitter, Facebook, Google, LinkedIn, and Snapchat to opt out of receiving ‘audience advertising’, to ensure you do not receive tailored adverts
- enabling the 'Limit Ad Tracking' setting (on iOS devices), or the setting to 'Opt out of Interest-Based Ads' (on Android), so Google, Twitter, Facebook, LinkedIn, and Snapchat do not tailor our adverts for you by matching your device to information from partners
Online Messaging Platforms
MRA at the University of Chester use third party service providers to enable prospective students and applicants to chat online to existing students and staff of the University. Personal data may be processed by these providers for the purposes of enabling these conversations to take place on these platforms, enabling the University to monitor and track these conversations, and also keep you updated on the University.
Service providers that personal data may be processed by, for the purposes of online messaging services include:
Postal
MRA at the University of Chester use third party service providers for the purposes of sending postal communications. Personal data may be processed by these providers in order to send postal communications such as prospectuses, letters, postcards and other materials to customers on behalf of the University of Chester.
Service providers that personal data may be processed by, for the purposes of sending postal communications include:
- MailChimp
- Royal Mail
- Other third parties, subject to the University of Chester’s Procurement Policy. Details of these third parties can be obtained by emailing enquiries@chester.ac.uk.
SMS/Text Messages
MRA at the University of Chester use third party service providers for the purposes of sending SMS/text messages. Personal data may be processed by these providers for the purposes of sending SMS/text message invitations to events or updates on customer applications on behalf of the University of Chester.
Service providers that personal data may be processed by, for the purposes of SMS/text messages include:
Social Media/News Monitoring
MRA at the University of Chester use third party service providers for the purposes of sending, monitoring, and responding to social media messages. Personal data may be processed by these providers in order to collect, store and transmit messages to customers that are posted either publicly on social media networks, or privately to the University of Chester by direct message. These providers may also monitor the wider internet, such as news websites, blogs and forums for mentions of University of Chester customers for the purposes of news sourcing, alumni relations and reputation management.
Service providers that personal data may be processed by, for the purposes of social media/news monitoring include:
How will the University keep this data secure?
- MRA at the University of Chester use carefully selected platforms and services to store and process the personal data of its customers (as detailed above). These providers have negotiated Data Processing Agreements and Service Level Agreements with the University of Chester and use encrypted, hashed, pseudonymised and anonymised techniques to protect the integrity of Personal Data. Where data is transferred outside of the EU, it is subject to EU/US Privacy Shield Frameworks. Personal Data is only made available to employees who are authorised to use it, and those employees are required to take appropriate security precautions and receive continual training on best security practices.
Your duty to inform us of changes
- It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
What Rights do you have as a Data Subject?
- As a data subject of the University, under the Data Protection legislation, you have a number of rights with regards to your data, dependent upon the legal basis for processing that data. As such you have the right to:
- Withdraw consent - where the University has used consent as the legal basis for processing;
- Be informed – about how the University, collects and uses your data;
- Access your personal data that the University holds and process;
- Rectify or correct any inaccuracies in your personal data that we hold;
- Be forgotten by requesting that your details are removed from the University systems;
- Restrict the processing of your data whilst it is being verified or corrected;
- Port your data in a machine readable and commonly used format;
- Object to certain processing by the University including direct marketing, automated decision making, profiling, scientific/historical research and statistics;
- The above rights are not absolute and may only apply in some circumstances such as being dependent upon which lawful process has been used or whether an exemption may apply.
- The following table details the right that accompany each lawful basis.
- You may contact the University’s Data Protection Officer as necessary regarding your rights.
Who is the Data Controller and who is the Data Protection Officer?
- The Data Controller is the University of Chester, Parkgate Road, Chester, CH1 4BJ. The Data Controller’s representative is Mr Adrian Lee, University Secretary, who may be contacted at the University address and on 01244 511000.
- The University’s Data Protection Officer (DPO) is Rob Dawson. He may also be contacted at the University’s address and tel number and also by email on dataprotection@chester.ac.uk
How to raise questions, comments, concerns, or complaints.
- Should you have any questions, comments, concerns or complaints regarding the use of your personal data you should contact the University’s Data Protection Officer as detailed above.
- You may also raise any concerns or complaints with the Information Commissioner’s Office who may be contacted as follows:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113.
www.ico.org.uk
Changes to this Notice
- We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.