Privacy notice

The University is required to inform you how personal data collected by you will be used and to provide other information, including details of with whom personal data may be shared and your rights.

The identity and the contact details of the controller 

University of St Andrews, College Gate, North Street, St Andrews, KY16 9AJ, Fife, Scotland, UK. The University is a charity registered in Scotland, No SC013532. 

The contact details of the University Data Protection Officer 

Mr Christopher Milne, Head of Information Assurance and Governance

University of St Andrews
Butts Wynd
North Street
St Andrews
KY16 9AJ

Email: dataprot@st-andrews.ac.uk 

The purposes for which the University will make use of your personal data 

Then University will use your personal data to provide you with the services and facilities which you have booked or requested of us.  This includes: 

Managing your stay with us

Name and contact details that were provided when an arrangement stay with us was made. 

Guest registration 

All guests, aged over 16 years of age will be required to complete a registration card with their name and nationality.

Guests who are not citizens of the: Commonwealth; Territories protected by the Crown or the Republic of Ireland, will be required to provide additional details i.e. the number and place of issue of their passport, certificate of registration or other document establishing identity and nationality; and details of their next destination if it is known. 

The University is required to record and retain those details by law, and to make those details available to the relevant authorities for inspection, which will normally include the Police. 

Invoicing or bill payment 

Your name, contact and bank details will be used to process payments for services provided by the University. The University will pass credit or debit card details to a third party payment provider, who will process payments. 

The legal bases for processing personal data 

  • Booking details - contract or preparation for entry into a contract; and 
  • Guest registration - Legal obligation. 

Who personal data may be shared with 

Disclosure to for the purposes of 

University staff and or agents or suppliers of the University; to prepare for and manage your stay at the University:  Booking details. 

Payment processor: Bank/credit card details. 

Law enforcement agencies; inspection of guest registrations: Guest registration details. 

The period for which personal data will be stored, or if that is not possible, the criteria used to determine that period 

The University will retain customer or booking data for a period of 6 years, after which time records will be destroyed. 

Guest registration cards will be destroyed 12 months after the period of residency has ended. 

Rights available to individuals 

European and UK data protection legislation provides individuals with a number of rights regarding the management of their personal data, in relation to guests making use of University accommodation your rights are: 

  • The right of access to your personal data, commonly referred to as a subject access request, which involves the following being carried out within a calendar month: 
    • Confirmation that personal data is being processed. 
    • Access being given to your personal data (provision of a copy), unless an exemption(s) applies; and 
    • The provision of supplementary information, for example an explanation of how your personal data is processed and who this is shared with. 
  • The right to rectification, which may involve: 
    • The University working to correct any inaccuracies in personal data or to address any omissions, which may require personal data to be annotated to acknowledge that this is incomplete. 
  • The right to erasure (the deletion of personal data, in specific circumstances), which is commonly referred to as the right to be forgotten, which may involve: 
    • The University destroying specific personal data. However, that right does not extend to guest registration records, as the University is required by law to collect and retain those details. 
  • The right to restrict processing, which may involve: 
    • The University agreeing to stop making use of your personal data where those data are contested, in terms of accuracy. 
  • The right to data portability, which may involve: 
    • The University providing you with a copy of elements of your personal data that exist in machine readable form that you have given to the University. 
  • The right to object. Individuals have the right to object to the University making use of contact details for direct marketing – in such circumstances the use of personal data must stop when an objection is received. 

These rights have to be met by the University and any other organisation that takes decisions about how or why your personal data is used. Details on how to access those rights are available from the University website, or you can contact dataprot@st-andrews.ac.uk

Where the University asks for your consent to make use of personal data 

The University may ask you for your permission to be contacted in the future, via any contact details you have provided to: 

  • Ask you about your stay and your experience, to help us improve the quality of our services and the customer experience guest surveys; and 
  • Provide you with details of accommodation services and offers. 

Consent is optional.  Individuals are under no compulsion to provide their consent, and where consent is provided, you will have the right to withdraw consent at any time, from which point the University’s use of your personal data will stop. 

The right to lodge a complaint with a supervisory authority 

If you believe that the University has not made use of your personal data, in line with the requirements of the law, you have the right to raise this with the regulator i.e. the UK Information Commissioner Office’s (“the ICO”). 

Details on how to contact the ICO are available online.  

Contractual requirement to provide personal data and the consequence where no personal data are provided 

In order to secure accommodation from the University, you must provide details about you and fellow guests in order to secure facilities. 

Revision of the Privacy Notice 

This Privacy Notice will be reviewed at regular intervals. Any significant change to relevant legislation, University policy or procedures primarily concerned with the protection of personal data may trigger an earlier review. 

Availability 

This Privacy Notice will be published on the University website; a summary of this notice will have been provided when individual’s make accommodation bookings. Copies will also be available from the University on request. 

Should a copy of this Privacy Notice be required in another form, including orally, that is to say an audio recording, please contact dataprot@st-andrews.ac.uk