Student Survey Privacy Notice
This document sets out our privacy policy for the purposes of survey research among Canterbury Christ Church students (past and present), staff and/or the general public aged 16+ years old.
Introduction
Each year, we invite students to take part in national student surveys. There are different surveys for different levels of study and research, but they all focus on your student experience. This document outlines what information we collect through the survey and how it is used.
This document does not include our corporate or business to business market research.
Information about you: what we collect and how we use it
In the survey we collect the following information:
- Information on your behaviours and attitudes as requested within the questionnaire or supporting interview for the purposes of gathering insight and monitoring trends.
- The collection of gender, ethnic and geodemographic information for the purpose of analysis.
- Information on studies and course participation.
- Event attendance and opinions held by you.
- This may also include numerical, written, audio, audio visual, imagery and observation data.
This includes all survey respondents, and individuals contacted to be invited to take part in surveys irrespective of whether research was subsequently carried out.
The legal basis for the processing of the data
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
Legal Obligation
Canterbury Christ Church University may need to process your data in order to ensure we are complying with relevant laws and legislation. We will need to process your personal data under this lawful basis for the following reasons:
- Carrying out the National Student Survey (NSS)
- Carrying out the Graduate Outcomes survey; part of HESA/Jisc
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(c):
“processing is necessary for compliance with a legal obligation to which the controller is subject.”
Legitimate Interest
Canterbury Christ Church University are collecting this information to enable us to deliver Higher Education more efficiently and effectively; to meet our contractual obligations to students, staff and other contractual parties and to help improve the quality of the University’s services and facilities.
We may need to process your personal data under this lawful basis for the following reasons:
- Postgraduate Taught Experience Survey (PTES) for postgraduate taught students
- Postgraduate Research Experience Survey (PRES) for postgraduate research students
- UK Engagement Survey (UKES) for non-final year undergraduates
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(f):
“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
Consent
We also collect and process your data with your consent. When you are invited to take part in student surveys and any further interviews, this is done with your consent. We may also use consent when we invite you to take part in ad-hoc surveys we carry out from time to time.
The legislation relating to processing data under this lawful basis can be found in UK GDPR, Article 6(1)(a): (a)the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
Recipients of your personal data
A third-party data collection and/or processing organisation may, at times, be used to collect and hold survey responses (e.g. an online survey platform).
These organisations will hold their own Privacy Policies that will be supplementary to your rights outlined in this document and will not replace them. We will provide you with the name of any third party organisations used in the processing of your data at your request.
How does The University protect data?
The University takes the security of your data seriously. The University has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
All data is stored securely within Canterbury Christ Church University and/or their Third Party Agency(s) used to administer or enable survey and research delivery. All research data will be stored within the European Economic Area or a country that has subscribed to a recognised ‘international framework’ to ensure adequate privacy protection.
Where the University engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Retention Period
Our default for one-off research projects is to remove and destroy all personal identifiers (such as email addresses, postal address) from data sets so that all remaining information is anonymised within 12 months of the close of field work.
However, personal data from surveys that provide historical time series may be held for up to ten years to enable appropriate statistical and historical analysis as the need arises.
Data Controller and Further Information
Version Control
| Title: | Privacy Notice - Student Survey |
| Applicable to: | General Public |
| Process Owner: | Student Experience |
| Date approved: | 20 May 2024 |
| Date of review: | 23 May 2024 |
| Date last amended: | 23 March 2024 |