As part of processing enquiries, offering you access to our services and improving your customer experience, the University of Brighton Sport Brighton service collects and processes personal data provided by you directly to us or via the central university database. The University is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
Data Protection Officer
What information does Sport Brighton collect?
We collect a range of information about you. This includes:
- your name and contact details, including email address and telephone number; DOB, Unicard Number and membership category, history. Direct debit account information.
- whether or not you have a disability or medical information highlighted from members ParQ for which the organisation needs to make reasonable adjustments;
- Sport Brighton has access to the UoB staff and student database which gives us access to student and staff information such as student number, student course and halls of residence (if applicable) if you are studying at the University. For staff we receive your department.
Why do we collect your data?
FORMS ON OUR WEBSITE:
We take your details to understand your enquiry and/or feedback you are reporting relating to your usage of our services and website so that we may fix any faults or improve your experience of using our services. In addition, your details may be used to contact you for further information about your feedback or to respond to you. None of these details are processed without your consent and is taken at the time the feedback or enquiry is made.
THE ROAR NEWSLETTER:
We only hold email addresses for those that have either subscribed or who have an active role as either a coach, scholar or Sports Federation club committee member. We will remove your email address from this distribution list upon request at any time. Your details will only be used to receive the newsletter and will not be passed on to any other parties.
APPLICANT FOR EMPLOYMENT OR VOLUNTEER ROLES:
The University needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you. In some cases, the University needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check a successful applicant's eligibility to work in the UK before employment starts.
The University has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows the University to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a position. The University may also need to process data from job applicants to respond to and defend against legal claims.
Where the University relies on legitimate interests as a reason for processing data, it has considered whether or not those interests are overridden by the rights and freedoms of employees or workers and has concluded that they are not.
The University processes health information if it needs to make reasonable adjustments to the recruitment process for candidates who have a disability. This is to carry out its obligations and exercise specific rights in relation to employment.
TO PROCESS SALES FOR OUR SERVICES
The University needs to process data to take steps at your request prior to entering into a contract with you. It also needs to process your data to enter into a contract with you. In some cases, the University needs to process data to ensure that it is complying with its legal obligations and to deliver eligible services. For example eligibility for membership categories and applications for direct debit payment schemes.
The University will not use your data for any purpose other than internal processes these will form aggregated data for the analysis of usage trends and verification of membership/payments.
How your data is held
Your personal data is held within our email and management information system and accessed by staff within the Sport Brighton department who manage that system. Access to the system by third parties is only authorised by request when maintenance is carried out by our management information system providers.
The Parklife programme uses the Football Foundation data management system Upshot for the collation of participant information. Student data held by the University such as Name, Course, Age and participation history is held on this system. This is only used by Sport Brighton staff to form aggregated data for the analysis of usage trends. Data is held in accordance to Upshot’s privacy statement. Personal information is not held on this system for longer than 5 years.
Who has access to data?
Your information will only be shared internally for the purposes of the process outlined above. The University will not share your data with third parties.
How does the University protect data?
The University takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
Where is your data held?
Your data is held on the Sport Brighton Management Information system and selected third parties (Upshot for Parklife participation records).
All data is held within the EEA and will not be transferred outside of the EEA.
How long we will keep your data?
We will retain your data only until your feedback has been dealt with and is then deleted.
We will retain your data when relating to memberships for the duration of its validity. We will keep all data for a further 3 years in case of reactivation. Parklife data will be retained for 5 years.
Privacy notices and/or consent
You have the right to be provided with information about how and why we process your personal data. Where you have the choice to determine how your personal data will be used, we will ask you for consent. Where you do not have a choice (for example, where we have a legal obligation to process the personal data), we will provide you with a privacy notice. A privacy notice is a verbal or written statement that explains how we use personal data.
Whenever you give your consent for the processing of your personal data, you receive the right to withdraw that consent at any time. Where withdrawal of consent will have an impact on the services we are able to provide, this will be explained to you, so that you can determine whether it is the right decision for you.
Data subject's rights (access, rectification, erasure, restriction of processing, objection to procession, right to data portability)
As a data subject, you have a number of rights. You can:
access and obtain a copy of your data on request, see https://www.brighton.ac.uk/foi/requesting-information/index.aspx
require the University to change incorrect or incomplete data;
require the University to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
object to the processing of your data where the University is relying on its legitimate interests as the legal ground for processing; and
ask the University to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the University's legitimate grounds for processing data.
Whether providing personal data is a statutory or contractual requirement and the consequences for failing to provide the data
There is no statutory or contractual requirement to provide your personal data to us, we are processing it with your consent, in order to manage your feedback or instruction.
The existence of automated decision making, including profiling, information about the logic involved, including the significance and the envisaged consequences of such processing for the data subject
We will not use your personal data for automated decision making / or profiling about you as an individual.
The right to complain to the ICO