Privacy Policy

Student Privacy Policy

The University of Essex Students Union – Student Privacy Policy - effective 6 July, 2018

Scope: This Privacy Policy applies to websites on or behalf of The University of Essex Students’ Union (hereafter “UoE SU” or “the Union”) and its operations within the UK.

Personal Information:

  • We collect the information you provide to us, such as your name, your postal or email address. Further details are included below.
  • We collect non-personal information such as browser type and web pages visited to help manage our websites and to improve your overall experience.
  • We use cookies and web beacons to manage our email programs and websites. We do NOT use these technologies to collect or to store personal information.

Uses:

  • We use the information you provide to place orders through our websites and distribution partners.
  • If you tell us to, we will send you information about promotions and other marketing events via mail and email.
  • We do NOT share your information with unrelated third parties for their marketing purposes.
  • We use personal information consistent with the purpose you provided it to us.

Your Choices:

  • You may request to be removed from our system by contacting us.
  • You may request access and revisions to the personal information you submitted by contacting us.

Important Information:

  • The Union respects your privacy, and we will do our best to earn and keep your trust.
  • The Union complies with the UK and EU data protection laws.
 

How to Contact Us:

University of Essex Students Union

Wivenhoe Park

Essex

CO4 3SQ

Telephone: +44(0)1206 863211

Email: su@essex.ac.uk

 

The University of Essex Students Union – Student Privacy Policy – effective 25 May, 2018

The Union respects your privacy, and we will do our best to earn and keep your trust. All Personal Information that you share with us is treated with the utmost care. The Union has created this Privacy Policy in order to demonstrate our firm commitment to the privacy of all our students within the UK. This Privacy Policy identifies what Personal Information we collect when you use our websites or other online services, what choices you can make about your Personal Information, how we use this data, and how we protect your Personal Information, and applies to all Personal Information provided to us in our sites or through our websites or other online services. 

We may, but shall not be required to, also process Personal Information submitted relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

CONTENTS

What is Covered by This Policy?
Personal Information We Collect
How We Use Your Personal Information
How We Process Your Personal Information
Your Choices and Access to Your Personal Information
Sharing Personal Information with Third Parties
Personal Information Security
Cookies
Changes to This Privacy Policy
Data Controller
Contact Us

What is Covered by This Policy?

This Privacy Policy applies to websites and sites operated by or on behalf of the Union across the UK. The purpose of this policy is to tell our students what information we collect, how it is used, where it is used, and how to contact the Union with privacy inquiries. Some websites of the Union may contain links to websites not owned or operated by the Union. The Union is not responsible for the content, privacy policies, or practices of those websites. We recommend that you review the privacy policies of each site you visit.

Personal Information We Collect

The Union collects information, including Personal Information that you provide us when you visit our website. “Personal Information” that will be collected or processed by the Union includes:

  • Contact details such as name, address, email, phone number, next of kin
  • date of birth;
  • answers to security questions;
  • equality information including sex/gender, sexuality, religion and nationality;
  • academic records;
  • medical information such as prescriptions;
  • images;
  • student registration identification number;
  • purchasing history;
  • IP address;
  • DBS checks;
  • ID such as passport, driving license, including, where necessary, visa details and passport numbers
  • financial information; such as that which could be used to process invoices and payments
  • hardship loan details, such as loan issued, and loan repayment date.
  • If you register to the Students’ Union website, we collect contact information, username and password and can collect additional information submitted through registration or via updating your information.
  • If you make any purchases through the site, we will record your billing address; however, we do not record your payment card details. This information is collected through Sage Pay, our online payment provider. No card payment details are stored through the site.
  • If you email us directly via an email hyperlink or contact form to provide us with feedback on the site, or to ask a question regarding the site, we will record any information contained in such emails for a period of up to one year to analyse trends and ensure improvements to the site.
  • Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them.  As a result, at this time we do not take steps to respond to such signals. 

The Union may collect Personal Information in a variety of ways including directly from students while online when you use any of our online tools or features or applications.

How We Use Your Personal Information

The Union collects and uses your Personal Information to:

  • Conduct business with you
  • Improve your experience with us
  • Process, fulfill, and follow up on events
  • Create and maintain accounts
  • Help you receive email and direct mail
  • Help you send us testimonials or other communications
  • Permit you to apply for a job
  • Crime prevention and prosecution of offenders

We process Personal Information submitted by students for the purpose of providing the above-referenced services (collectively, the “Services”) to students. To fulfill these purposes, we may access Personal Information to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of a customer who submitted the Personal Information, or in response to contractual requirements with our students.

Where you have entered into a contract with the Union, we will process your Personal Information in order to meet our obligations and exercise our rights in terms of that contract.

In other cases, the Union has a legitimate interest in processing Personal Information which allows us to provide you with a better customer service; and to send marketing emails to you where you have purchased goods from us and where you have not opted out from receiving those messages.

There may be some occasions where we seek your consent to process Personal Information but in those cases we will provide full details of what the Union is seeking consent for, so that you will be able to carefully consider whether to provide that consent.

How we Process Your Personal Information

 

When processing Personal Information the Union ensures that:

  • it is processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’);
  • it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’)
  • it is all adequate, relevant and limited to what is necessary in relation to the purposes for which the Personal Information is processed; (‘data minimisation’)
  • it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
  • it is kept in a form which permits identification of you for no longer than is necessary for the purposes for which the Personal Information is processed; (‘storage limitation’)
  • it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Union will facilitate any request from you to exercise you rights under data protection law and the General Data Protection Regulation as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay. 

The Union will also:

  • ensure that the legal basis for processing Personal Information is identified in advance and that all processing complies with the law.
  • not do anything with your Personal Information that you would not expect given the content of this policy.
  • ensure that appropriate information is provided advising how and why Personal Data is being processed, and in particular advising data subjects of their rights.
  • only collect and process the Personal Information that we need for the purposes we have identified in advance.
  • ensure that as far as possible the Personal Information we hold is accurate, or a system is in place for ensuring that it is kept up to date as far as possible.
  • only hold onto your Personal Information for as long as it is needed after which time we will securely erase or delete the personal data. The Union Data Retention Policy sets out the appropriate period of time.
  • ensure that appropriate security measures are in place to ensure that Personal Information can only be accessed by those who need to access it and that it is held and transferred securely.

Your Choices and Access to Your Personal Information

Our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us. You can choose to receive email and/or postal mail from the Union.

The Union honors a “once out – always out” policy. Once you opt out, you are opted out of that type of communication and that brand until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive. You also have the following rights:

Subject access: the right to request information about how Personal Information is being processed including whether Personal Information is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:

  • the purpose of the processing
  • the categories of personal data
  • the recipients to whom data has been disclosed or which will be disclosed
  • the retention period
  • the right to lodge a complaint with the ICO in the United Kingdom
  • the source of the information if not collected direct from the subject
  • the existence of any automated decision making.

Rectification: the right to allow a data subject to rectify inaccurate Personal Information concerning them.

Erasure: the right to have data erased and to have confirmation of erasure, but only where:

  • the data is no longer necessary in relation to the purpose for which it was collected; or
  • where consent is withdrawn; or
  • where there is no legal basis for the processing; or
  • there is a legal obligation to delete data.

Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:  

  • if the accuracy of the personal data is being contested; or
  • if our processing is unlawful but the data subject does not want it erased; or
  • if the data is no longer needed the data for the purpose of the processing but it is required by the data subject for the establishment, exercise or defence of legal claims; or
  • if the data subject has objected to the processing, pending verification of that objection.

Data portability: the right to receive a copy of Personal Information which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller.

Object to processing: the right to object to the processing of Personal Information relying on the legitimate interests processing condition unless the Union can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defence of legal claims.

Personal Information is to be used for a purpose other than those for which it was originally collected or subsequently authorised by such user.  We will treat as sensitive any Personal Information received from a third party where the third party identifies and treats it as sensitive.

Sharing Personal Information with Third Parties

We employ other companies (“Agents”) and people to perform tasks on our behalf and need to share, and may transfer within the EEA, your information with them to provide products or services to you. Other types of Agents with which we may share Personal Information include organisations providing services to support the Union functions, such as our mail and email processing companies, payment processing companies, market research firms and the University of Essex, as well as our subsidiaries UESU Ltd and Essex Students Lets Ltd. We also transfer Personal Information to Agents for email marketing purposes.

In addition to disclosures to third party providers and Agents as described above, we may disclose or transfer Personal Information in connection with, or during negotiations of, any merger, sale of company assets, product lines or divisions, or any financing or acquisition. We may also disclose Personal Information to prevent damage or harm to us, our Services, or any person or property, or if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by public authorities.  Except as described in this Privacy Policy, we will not otherwise disclose Personal Information to third parties unless you have been provided with an opportunity to opt in to such disclosure.

The Union does not release the Personal Information it collects from you to any unrelated third parties so that they may send you commercial promotions or offers for products or services. We do, however, share anonymous, aggregate information concerning the demographic makeup of our students to unrelated third parties, and share Personal Information as described below.

Except as described in this Privacy Policy, we will not otherwise disclose personal data to any third parties unless you have provided consent to such disclosure and, in the case of personal data collected from children, the appropriate verifiable consent is obtained.

If an individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorised, the individual may send such request to su@essex.ac.uk.

When the Union transfers Personal Information to countries other than the country where it was provided, we do so in compliance with applicable data protection laws. Copies of the Personal Information at the point of origin are deleted on a regular basis. Any transfers of Personal Information from guests outside the European Economic Area (the “EEA”), will comply with GDPR requirements, as appropriate, in all respects.

Personal Information Security

The Union maintains reasonable and appropriate security measures designed to help protect against loss, misuse, and alteration of Personal Information collected by The Union, which include:

  • physical and logical access controls, including firewall, limited access, and SSL encryption technology, that limit who can access personal data based on business/processing need;
  • privacy policies for personal data (this document) and for employee personal data (a copy of which may be requested at su@essex.ac.uk);
  • employees who are bound by confidentiality obligations;
  • annual employee training on our privacy policies;
  • the appointment of a Data Controller to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by The Union; and
  • The University’s Information Security Policy, and the Union’s Data Breach Policy that contain incident response plans for escalation and resolution of data breach incidents.

Cookies and Web Beacons

The Union uses web beacons in emails to track traffic from the email to specific pages on our websites. You may be able to adjust your browser so that your computer either does not accept cookies, or notifies you when a website tries to deposit a cookie into your computer. Our website uses cookies however, our cookies do not contain confidential Personal Information such as your home address, telephone number, or credit card information. We do not exchange cookies with any third parties. 

Changes to This Privacy Policy

We may amend this Privacy Policy at any time. If we make any changes in the way we collect, use, and/or share your Personal Information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the web sites covered by this Privacy Policy.

Data Controller

Your Personal Information is protected in the United Kingdom by the Data Protection Act 2018 (the “Act”), the General Data Protection Regulation 2016/679; and all relevant EU and UK data protection legislation. Under the Act we will only process your Personal Information in a lawful and fair manner. We will secure your Personal Information to prevent unauthorised access by third parties. 

For the purposes of the Act, the data controller is the Union, registered at Wivenhoe Park, Essex, CO4 3SQ and registered with the Information Commissioner’s Office with registration number Z4727539.

All Personal Information collection and processing in the United Kingdom by the Union will be undertaken by the Union in accordance with the terms of this privacy policy. The Union may transfer your Personal Information to other Agents, such as the University of Essex, and also carefully selected third parties, such as Membership Services Limited, and various Affiliates. In order to provide for adequate protection of your Personal Information, we have in place security and contractual arrangements with such Agents and third parties to ensure the protection of your Personal Information. If Personal Information is transferred from within the UK to a jurisdiction outside the EEA, it is done so under a Data Transfer Agreement, which contains standard data protection contract clauses, which have been adopted by the European Commission, and where safeguards have been put in place for personal information that is transferred outside of the EEA. By submitting your Personal Information to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

The Union are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. We cooperate with country data protection authorities if they believe that a privacy problem has occurred.

Contact Us

If you have any questions regarding your privacy, please contact The Union directly:

University of Essex Students Union

Wivenhoe Park

Essex

CO4 3SQ

Telephone: +44(0)1206 863211

Email: su@essex.ac.uk        

 

If you believe that the Union has not complied with your rights in relation to your personal data in relation to processing in or related to the United Kingdom, you can complain to the Information Commissioner’s Office. Their contact details are available at www.ico.org.uk

Guest Privacy Policy

The University of Essex Students Union – Guest Privacy Policy - effective 6 July, 2018

Scope: This Privacy Policy applies to websites on or behalf of The University of Essex Students’ Union (hereafter “UoE SU” or “the Union”) and its operations within the UK.

Personal Information:

  • We collect the information you provide to us, such as your name, your postal or email address. Further details are included below.
  • We collect non-personal information such as browser type and web pages visited to help manage our websites and to improve your overall experience.
  • We use cookies and web beacons to manage our email programs and websites. We do NOT use these technologies to collect or to store personal information.

Uses:

  • We use the information you provide to place orders through our websites and distribution partners.
  • If you tell us to, we will send you information about promotions and other marketing events via mail and email.
  • We do NOT share your information with unrelated third parties for their marketing purposes.
  • We use personal information consistent with the purpose you provided it to us.

Your Choices:

  • You may request to be removed from our system by contacting us.
  • You may request access and revisions to the personal information you submitted by contacting us.

Important Information:

  • The Union respects your privacy, and we will do our best to earn and keep your trust.
  • The Union complies with the UK and EU data protection laws.
 

How to Contact Us:

University of Essex Students Union

Wivenhoe Park

Essex

CO4 3SQ

Telephone: +44(0)1206 863211

Email: su@essex.ac.uk

 

The University of Essex Students Union – Guest Privacy Policy – effective 25 May, 2018

The Union respects your privacy, and we will do our best to earn and keep your trust. All Personal Information that you share with us is treated with the utmost care. The Union has created this Privacy Policy in order to demonstrate our firm commitment to the privacy of all our guests within the UK. This Privacy Policy identifies what Personal Information we collect when you use our websites or other online services, what choices you can make about your Personal Information, how we use this data, and how we protect your Personal Information, and applies to all Personal Information provided to us in our sites or through our websites or other online services. 

We may, but shall not be required to, also process Personal Information submitted relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

CONTENTS

What is Covered by This Policy?
Personal Information We Collect
How We Use Your Personal Information
How We Process Your Personal Information
Your Choices and Access to Your Personal Information
Sharing Personal Information with Third Parties
Personal Information Security
Cookies
Changes to This Privacy Policy
Data Controller
Contact Us

What is Covered by This Policy?

This Privacy Policy applies to websites and sites operated by or on behalf of the Union across the UK. The purpose of this policy is to tell our guests what information we collect, how it is used, where it is used, and how to contact the Union with privacy inquiries. Some websites of the Union may contain links to websites not owned or operated by the Union. The Union is not responsible for the content, privacy policies, or practices of those websites. We recommend that you review the privacy policies of each site you visit.

Personal Information We Collect

The Union collects information, including Personal Information that you provide us when you visit our website. “Personal Information” that will be collected or processed by the Union includes:

  • Contact details such as name, address, email, phone number, next of kin;
  • date of birth;
  • answers to security questions;
  • password;
  • IP address;
  • Financial information; such as that which could be used to process invoices and payments
  • If you make any purchases through the site, we will record your billing address; however, we do not record your payment card details. This information is collected through Sage Pay, our online payment provider. No card payment details are stored through the site.
  • If you email us directly via an email hyperlink or contact form to provide us with feedback on the site, or to ask a question regarding the site, we will record any information contained in such emails for a period of up to one year to analyse trends and ensure improvements to the site.
  • Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them.  As a result, at this time we do not take steps to respond to such signals. 

The Union may collect Personal Information in a variety of ways including directly from guests while online when you use any of our online tools or features or applications.

How We Use Your Personal Information

The Union collects and uses your Personal Information to:

  • Conduct business with you
  • Improve your experience with us
  • Process, fulfill, and follow up on events
  • Create and maintain accounts
  • Help you receive email and direct mail
  • Help you send us testimonials or other communications
  • Crime prevention and prosecution of offenders

We process Personal Information submitted by guests for the purpose of providing the above-referenced services (collectively, the “Services”) to guests. To fulfill these purposes, we may access Personal Information to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of a customer who submitted the Personal Information, or in response to contractual requirements with our Guests.

Where you have entered into a contract with the Union, we will process your Personal Information in order to meet our obligations and exercise our rights in terms of that contract.

In other cases, the Union has a legitimate interest in processing Personal Information which allows us to provide you with a better customer service; and to send marketing emails to you where you have purchased goods from us and where you have not opted out from receiving those messages.

There may be some occasions where we seek your consent to process Personal Information but in those cases we will provide full details of what the Union is seeking consent for, so that you will be able to carefully consider whether to provide that consent.

How we Process Your Personal Information

When processing Personal Information the Union ensures that:

  • it is processed lawfully, fairly and in a transparent manner (‘lawfulness, fairness and transparency’);
  • it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’)
  • it is all adequate, relevant and limited to what is necessary in relation to the purposes for which the Personal Information is processed; (‘data minimisation’)
  • it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
  • it is kept in a form which permits identification of you for no longer than is necessary for the purposes for which the Personal Information is processed; (‘storage limitation’)
  • it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The Union will facilitate any request from you to exercise you rights under data protection law and the General Data Protection Regulation as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay. 

The Union will also:

  • ensure that the legal basis for processing Personal Information is identified in advance and that all processing complies with the law.
  • not do anything with your Personal Information that you would not expect given the content of this policy.
  • ensure that appropriate information is provided advising how and why Personal Data is being processed, and in particular advising data subjects of their rights.
  • only collect and process the Personal Information that we need for the purposes we have identified in advance.
  • ensure that as far as possible the Personal Information we hold is accurate, or a system is in place for ensuring that it is kept up to date as far as possible.
  • only hold onto your Personal Information for as long as it is needed after which time we will securely erase or delete the personal data. The Union Data Retention Policy sets out the appropriate period of time.
  • ensure that appropriate security measures are in place to ensure that Personal Information can only be accessed by those who need to access it and that it is held and transferred securely.

Your Choices and Access to Your Personal Information

Our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us. You can choose to receive email and/or postal mail from the Union.

The Union honors a “once out – always out” policy. Once you opt out, you are opted out of that type of communication and that brand until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive. You also have the following rights:

Subject access: the right to request information about how Personal Information is being processed including whether Personal Information is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:

  • the purpose of the processing
  • the categories of personal data
  • the recipients to whom data has been disclosed or which will be disclosed
  • the retention period
  • the right to lodge a complaint with the ICO in the United Kingdom
  • the source of the information if not collected direct from the subject
  • the existence of any automated decision making.

Rectification: the right to allow a data subject to rectify inaccurate Personal Information concerning them.

Erasure: the right to have data erased and to have confirmation of erasure, but only where:

  • the data is no longer necessary in relation to the purpose for which it was collected; or
  • where consent is withdrawn; or
  • where there is no legal basis for the processing; or
  • there is a legal obligation to delete data.

Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:  

  • if the accuracy of the personal data is being contested; or
  • if our processing is unlawful but the data subject does not want it erased; or
  • if the data is no longer needed the data for the purpose of the processing but it is required by the data subject for the establishment, exercise or defence of legal claims; or
  • if the data subject has objected to the processing, pending verification of that objection.

Data portability: the right to receive a copy of Personal Information which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller.

Object to processing: the right to object to the processing of Personal Information relying on the legitimate interests processing condition unless the Union can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defence of legal claims.

Personal Information is to be used for a purpose other than those for which it was originally collected or subsequently authorised by such user.  We will treat as sensitive any Personal Information received from a third party where the third party identifies and treats it as sensitive.

Sharing Personal Information with Third Parties

We employ other companies (“Agents”) and people to perform tasks on our behalf and need to share, and may transfer within the EEA, your information with them to provide products or services to you. Other types of Agents with which we may share Personal Information include organisations providing services to support the Union functions, such as our mail and email processing companies, payment processing companies, market research firms and the University of Essex, as well as our subsidiaries UESU Ltd and Essex Students Lets Ltd. We also transfer Personal Information to Agents for email marketing purposes.

In addition to disclosures to third party providers and Agents as described above, we may disclose or transfer Personal Information in connection with, or during negotiations of, any merger, sale of company assets, product lines or divisions, or any financing or acquisition. We may also disclose Personal Information to prevent damage or harm to us, our Services, or any person or property, or if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by public authorities.  Except as described in this Privacy Policy, we will not otherwise disclose Personal Information to third parties unless you have been provided with an opportunity to opt in to such disclosure.

The Union does not release the Personal Information it collects from you to any unrelated third parties so that they may send you commercial promotions or offers for products or services. We do, however, share anonymous, aggregate information concerning the demographic makeup of our guests to unrelated third parties, and share Personal Information as described below.

Except as described in this Privacy Policy, we will not otherwise disclose personal data to any third parties unless you have provided consent to such disclosure and, in the case of personal data collected from children, the appropriate verifiable consent is obtained.

If an individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorised, the individual may send such request to su@essex.ac.uk.

When the Union transfers Personal Information to countries other than the country where it was provided, we do so in compliance with applicable data protection laws. Copies of the Personal Information at the point of origin are deleted on a regular basis. Any transfers of Personal Information from guests outside the European Economic Area (the “EEA”), will comply with GDPR requirements, as appropriate, in all respects.

Personal Information Security

The Union maintains reasonable and appropriate security measures designed to help protect against loss, misuse, and alteration of Personal Information collected by The Union, which include:

  • physical and logical access controls, including firewall, limited access, and SSL encryption technology, that limit who can access personal data based on business/processing need;
  • privacy policies for personal data (this document) and for employee personal data (a copy of which may be requested at su@essex.ac.uk);
  • employees who are bound by confidentiality obligations;
  • annual employee training on our privacy policies;
  • the appointment of a Data Controller to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by The Union; and
  • The University’s Information Security Policy, and the Union’s Data Breach Policy that contain incident response plans for escalation and resolution of data breach incidents.

Cookies and Web Beacons

The Union uses web beacons in emails to track traffic from the email to specific pages on our websites. You may be able to adjust your browser so that your computer either does not accept cookies, or notifies you when a website tries to deposit a cookie into your computer. Our website uses cookies however, our cookies do not contain confidential Personal Information such as your home address, telephone number, or credit card information. We do not exchange cookies with any third parties.  

Changes to This Privacy Policy

We may amend this Privacy Policy at any time. If we make any changes in the way we collect, use, and/or share your Personal Information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the web sites covered by this Privacy Policy.

Data Controller

Your Personal Information is protected in the United Kingdom by the Data Protection Act 2018 (the “Act”), the General Data Protection Regulation 2016/679; and all relevant EU and UK data protection legislation. Under the Act we will only process your Personal Information in a lawful and fair manner. We will secure your Personal Information to prevent unauthorized access by third parties. 

For the purposes of the Act, the data controller is the Union, registered at Wivenhoe Park, Essex, CO4 3SQ and registered with the Information Commissioner’s Office with registration number Z4727539.

All Personal Information collection and processing in the United Kingdom by the Union will be undertaken by the Union in accordance with the terms of this privacy policy. The Union may transfer your Personal Information to other Agents, such as the University of Essex, and also carefully selected third parties, such as Membership Solutions Ltd. In order to provide for adequate protection of your Personal Information, we have in place security and contractual arrangements with such Agents and third parties to ensure the protection of your Personal Information. If Personal Information is transferred from within the UK to a jurisdiction outside the EEA, it is done so under a Data Transfer Agreement, which contains standard data protection contract clauses, which have been adopted by the European Commission, and where safeguards have been put in place for personal information that is transferred outside of the EEA. By submitting your Personal Information to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

The Union are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. We cooperate with country data protection authorities if they believe that a privacy problem has occurred.

Contact Us

If you have any questions regarding your privacy, please contact The Union directly:

University of Essex Students Union

Wivenhoe Park

Essex

CO4 3SQ

Telephone: +44(0)1206 863211

Email: su@essex.ac.uk        

If you believe that the Union has not complied with your rights in relation to your personal data in relation to processing in or related to the United Kingdom, you can complain to the Information Commissioner’s Office. Their contact details are available at www.ico.org.uk