Your data and privacy
Alumni, friends and supporters play an in important role in the life of the University of St Andrews contributing to our achievements and ensuring we continue to be known across the globe as a world leader in education.
The Development Office at St Andrews is here to support our alumni, friends and supporters, keeping you informed as to what is happening at the University and beyond: engaging with you on relevant activities which we hope will be of interest to you. This includes sharing University, alumni and supporter news and activities, events, reunions, fundraising campaigns, networking, career and volunteering opportunities.
The Development Office cannot reach out to you, without making use of your personal data, which, more often than not, will involve your contact details.
The protection of personal information collected and processed by the University is legislated through the European and UK legislation, notably through the Data Protection Act 1998 (“the DPA”) and through rules on direct marketing activities as provided by Privacy and Electronic Communication Regulations. The University takes its obligations to protect personal information and to uphold the rights and freedoms of individuals seriously.
One of the core principles of data protection legislation is that personal data is processed fairly. Fairly, in this context, is concerned with individuals being informed as to how their personal information will be used. It is important that the University is clear about how personal data will be used to support development and alumni related activities, so that you can let us know if you wish for the University to act differently.
The purpose of this statement is therefore to inform alumni and friends how their personal information will be used by the University, and to set out our promise to you that –
The University will work at all times to protect your privacy. We will only make use of your personal data for clearly stated purposes and we will always respect and uphold your rights.
This privacy notice:
- Introduces the University’s responsibilities and obligations as a data controller – the organisation responsible for protecting and determining how your personal data will be used to support alumni and development activities at St Andrews;
- Explains the legal basis, which the University will draw upon, when using your personal data responsibly;
- Provides an overview as to how your personal data will be used;
- Informs you who has access to your personal data and the limited conditions under which your personal data may be made available to a third party;
- Explains your privacy rights and the steps you can take to exercise these;
- Explains how the University will protect your personal data, keeping this safe and secure;
Who collects and decides how your personal data will be used?
It is important that individuals understand the identity of the organisations who collect and decide how personal data are to be used, as without that understanding it can be difficult for people to exercise their rights. In data protection terms, the organisation that determines the purposes for which personal data is to be used is the data controller. The data controller is also responsible for upholding your privacy rights, as provided for in the DPA.
The University of St Andrews (“the University”) is the data controller for your personal data. The University has registered as a data controller with the Information Commissioner’s Office (“the ICO”) (the ICO being the UK supervisory authority responsible for oversight of the DPA and the enforcement of that Act). As a data controller the University is required to confirm with the ICO annually the purposes for which it processes personal data and sensitive personal data, and which persons are affected by such processing.
The ICO maintains a public register of data controllers, so that individuals can ascertain what personal information is being processed by a particular data controller. The University’s registration number in this regard is Z5909128. To fully understand what personal data the University holds and processes, you may wish to consult both this privacy notice and the University’s entry within the ICO data protection register. That, and the register, are available online from www.ico.org.uk
Who will make use of your personal data?
While the University is the data controller, on a day to day basis your personal data will be used by staff in University’s Development Office.
How do we collect your personal data?
- We maintain web page access logs for our SPARC members and email opening and click-through rates for database records who were sent email messages via our bulk emailing facility within Blackbaud NetCommunity.
- For more information on log files, see ‘Data protection and privacy server’ at https://www.st-andrews.ac.uk/terms/
- Cookies - see https://www.st-andrews.ac.uk/terms/
- Email marketing
- The Development Office exists to communicate the University of St Andrews’ activities, institutional views, latest news and points of excellence with staff, stakeholders, students, alumni, friends and current and past supporters of the University and to raise philanthropic funds to support key capital projects, scholarships and widening access programmes, academic research and a range of projects to enhance the teaching and learning environment for our students and the St Andrews community. We do this by providing information through a range of online and offline channels including publications, events, press releases, social media and email.
- In order to do this, we maintain a database that contains personal data collected by the University during the course of our relationship with our stakeholders, staff, students, alumni and friends. The vast majority of the information we hold will have been obtained directly from you via our website’s sign-up form or other hard copy information returns and also via letter, email and telephone updates from you.
- The Development Office values our relationship with you and we use your personal data to personalise our communications, improve our services and ensure we work efficiently and effectively.
- The personal data stored and processed by the University may include:
- biographical information such as name, title, DoB and gender;
- your contact details including address(es), email address(es) and phone number(s);
- information about your time at the University including graduation details;
- your professional activities; current interests and preferences;
- your business and career details including your philanthropic propensity and capacity to aid meaningful fundraising;
- records of communications sent to you by the Development Office or received from you.
- We collect bank or credit / debit card details in order to process event ticket or donation payments but we will not store bank or credit/debit card details beyond the requirements for processing the payment. This may involve using third parties to assist in setting up Direct Debit payments and processing your donations or ticket payments.
Using your personal data fairly and lawfully
The University can only make use of personal data with reference to one of the stated conditions for processing, as listed in the DPA. The most common conditions that the University will rely upon are outlined below.
In most instances, the University will ask you for your consent before it makes use of your personal data. Consent is and will always be optional. Individuals are under no compulsion to provide their consent.
If consent is withdrawn, the University will stop making use of your personal data, unless there is a requirement to do so under law.
- Legitimate interests
In a small number of instances, the University may make use of personal data when this is judged to be in the legitimate interests of the University and by doing so there is no detriment to you.
How will the University use your personal data?
We may use your information for a number of purposes including the following:
- To provide you with information about our work or our activities. This might include sending you e-newsletters, publications (Campaign Magazine, Chronicle etc.), invitations to events, meetings and to highlight suitable volunteering opportunities;
- To ask you for your permission to use the story of your experience with the University of St Andrews to promote our work (via printed or online publications);
- To ask you to help us raise money or donate money to the University of St Andrews, but always in accordance within the guidelines set out by OSCR and the Independent Fundraising Standards & Adjudication Panel for Scotland and the University’s Gift Acceptance Policy;
- To create an account for you if you register with us through SPARC and/or upon graduation, or have an external connection with us;
- For internal record keeping, including the management of any feedback or complaints;
- To analyse and improve the services offered on our sites to make it as user-friendly as possible;
- To benchmark our activity with other relevant organisations, including CASE (Council for Advancement and Support of Education) - this will make use of anonymised personal data;
- For administration purposes for example we may contact you about a donation you have made or event you have expressed an interest in or registered to attend;
- To reclaim Gift Aid from HM Revenue and Customs;
- To facilitate payments made by credit card, direct debit or standing order;
- For statutory and regulatory compliance.
- We may assess your personal information for the purposes of credit risk reduction or fraud prevention.
- We may use your data for wealth screening and research profiling to gain a better understanding of our supporters, inform our fundraising strategy and target our communications more effectively and appropriately.
- We want to make sure we use our resources as effectively as possible to help us engage with our community of alumni and supporters appropriately. In order to achieve this we may undertake wealth screening of our database. This enables us to better target our conversations about fundraising and therefore generate philanthropic funds cost-effectively. To achieve this we will share your data with one of our trusted third-party suppliers.
- In order to provide you with the best experience and understand how we could engage with you in the future, we undertake analysis on the personal data we hold on you. This analysis helps us to gain a better understanding of your interests, of how you engage with us, and to understand broader demographic and geographic trends. This may include research on demographic, philanthropic, business and financial information from publicly available sources and or subscription based sources, including social media. We may also combine the data you provide with data we obtain from other sources (eg to verify we have correct addresses/postcodes).
- We may employ data mining and predictive modelling techniques to forecast the probability of successful support approaches.
- Where appropriate, we may employ the use of NCOA (National Change of Address) supress and update services for participating countries. These services allow us to cut down on wasted mailing costs and help ensure the accuracy of our address data.
- Tools may be used to help us improve the effectiveness of the University’s communications with you, including tracking whether the emails we send are opened and which links are clicked within a message. We also track website visits and use analytical tools, such as Google Analytics, to use this information to improve our website.
- We utilise tools and resources to help us understand our stakeholders, staff, students, and alumni gathering information from publicly available resources (eg the electoral register, press, charity register) to assess the capacity of these groups to support the University. Lastly, we use data to undertake analysis projects to ensure only effective and relevant communications are sent to you.
If you do not wish your data to be used in any of the ways listed above or have questions about this, you can notify us using the contact details at the top of this page.
Transfer of personal data to third-parties
The University will never share your personal data with another charity or similar third party to use for their own purposes, unless we are required to do so by law, eg where served with a court order or for the purposes of prevention of fraud or other crime. The University will never sell your personal data.
The University may from time to time, pass some of your personal data to third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. Those tasks can include event ticket and donation payment processing, the management of mailing and distribution, the preparation of phone appeals or event management.
On the occasions that we use third party service providers, we will only disclose the minimum information necessary to deliver that service, and there will always be a contract in place to ensure that the selected service provided only makes use of your information for the purposes set out by the University and that they have in place measures to protect and keep your details secure.
In some instances the University will pass some of your details on to a third party, with your permission, for publicity purposes or to register your association with the University. This may include placing details of your name in the University Donor Roll.
You have the right to:
- Understand what personal data is held by the University and the origin of that data, as well as to receive a copy of that information;
- Have the information we hold about you updated or amended if this is incorrect;
- Withdraw your consent – the University will then stop making use of your personal data for alumni and development activities; and
- Instruct the University to stop making use of your contact details for direct marketing purposes.
How will the University secure and protect your personal data?
The University puts in place a series of technical and organisational measures to protect and safeguard all data it holds. For example, data is securely stored in dedicated data centres, where appropriate data and devices are encrypted, staff receive training and briefings on information security and data handling. The effectiveness of those measures is routinely tested by the University Court (via its Audit and Risk Committee), and through internal and external audit.
How long will the University make use of your personal data to support alumni and development activities?
Unless individuals direct otherwise, the University’s relationship with alumni, friends, donors and other stakeholders is considered to be life-long. The University will retain your personal data to support the alumni/development activities outlined herein, until you ask us to do otherwise.
Please note that in some circumstances, so that the University can continue to meet its other legal obligations it may be required to retain personal data in accordance with tax and accounting rules, and charity law.
This Privacy Notice will be published on the University website, and copies may also be distributed to alumni via mailings of publications such as Chronicle. Printed copies are also available on request – please use the details at the top of this page to request a printed copy of this Notice.
Changes to our Privacy Notice
The details as to how personal data are used to support alumni and development activities at the University will be reviewed annually – the University may make changes to the associated Privacy Notice from time to time. Any significant change to relevant legislation, University policy or procedures primarily concerned with the protection of personal data may trigger an earlier review. If we make any significant changes in the way we treat your personal information we will make this clear on the Alumni section of the University’s website or by contacting you directly.
Contacts, further information
If you have enquiries about this Privacy Notice, or wish to exercise any of your privacy rights, please direct these to the Associate Chief Information Officer (Information Assurance and Governance) by e-mailing email@example.com
Updated 9 May 2017