Data Protection Privacy Notice for Alumni and Supporters
About this notice
This privacy notice explains how Queen Mary University of London (Queen Mary) handles and uses the personal data we collect about alumni and past, current and potential supporters, whether donors, volunteers or participants in activities that we run. It is in addition to Queen Mary's Data Protection Policy, which identifies Queen Mary as a data controller in terms of Article 4 of the General Data Protection Regulation (GDPR).
All data is held securely and will be treated confidentially and with sensitivity to enable us to further the work of Queen Mary and better provide services to our alumni and supporters. We aim to be always clear about how and why we collect your personal information, and not do anything that you would not reasonably expect.
Who we are
The Directorate of Development and Alumni Engagement (DDAE) supports Queen Mary University of London by engaging with alumni, students, and supporters of the university. We help you keep in touch with Queen Mary and with fellow alumni; host academic, social and networking events; provide access to exclusive alumni services such as the Alumni Extra Card; and send news bulletins by mail and email. We also fundraise to support Queen Mary's students, especially those experiencing hardship, as well as Queen Mary's teaching, research and capital projects.
Our responsibilities and legal basis for processing your data
To carry out our work, it is necessary for us to process and store personal information relating to students, staff, alumni, supporters and friends of Queen Mary according to the principles of the GDPR.
Queen Mary processes the information outlined in this Privacy Notice in pursuit of our legitimate interests in:
- communicating with students, staff, alumni, and past, current and potential supporters
- providing benefits and services to students, staff, alumni and supporters, including careers support after graduation
- furthering Queen Mary's educational and charitable mission (which includes fundraising and securing the support of volunteers)
- enabling Queen Mary to achieve its strategic and operational goals
We may pursue these legitimate interests by contacting you by telephone, email, post, text or social media. Information about how you can manage the ways that we contact you, including how to opt out from some or all contact from Queen Mary, is outlined in the 'How we use your personal data' section below.
Whilst Queen Mary relies on legitimate interest as the legal basis for processing where this is not overridden by the interests and rights or freedoms of the data subjects concerned, it recognises that it is not the only lawful ground for processing data. As such, where appropriate, we will sometimes process your data on an alternative legal basis - e.g. because you have given us consent to do so.
The data we hold and how we collect it
DDAE maintains a record of all former students of Queen Mary. Student records are transferred to the DDAE database upon graduation, as stated in the Privacy Notice for Students.
We gather personal data from you when you enquire about our activities, register for an event, make a donation, volunteer, engage with our social media channels or otherwise provide us with information. In some circumstances, we may ask you if you are a UK taxpayer so that we can claim Gift Aid. Third parties, such as JustGiving or independent event organisers, may also share your personal data with us if you have given your permission, and you should consult their privacy policies to understand how and what may be shared.
If you interact with any other departments, divisions, schools or faculties within Queen Mary we may receive data from these areas providing you have given the appropriate consents. We always aim to keep your details up to date, and we will do this by communicating directly with you, as well as by using publicly available resources such as the Royal Mail's National Change of Address database (NCOA).
The vast majority of the information we hold is obtained directly from you, in the ways outlined above. In addition, we may also obtain data from trusted public domain sources.
The personal data we hold about you may include:
- name, title, gender and date of birth
- contact details including postal address, email, phone number and links to social media accounts, together with your communication preferences
- degree details and date of graduation etc
- membership of clubs, societies and other extra-curricular activities in which you participated as a student
- occupation, professional activities and other life achievements
- recreations and interests
- family and spouse/partner details and your relationships with other alumni, supporters and friends
- records of donations and Gift Aid status, where applicable (as required by HMRC)
- records of communications sent to you by DDAE or received from you
- volunteering by you on behalf of Queen Mary
- financial information relating to you and your family, including data and estimations around your income, assets and potential capacity to make a gift
- information about your philanthropic donations and volunteering with other organisations
- media articles about you
- information on your engagement with Queen Mary via meetings, events, groups or networks
- personal data provided by you for a specific purpose (e.g. disability and dietary preferences for event management purposes)
- information about your use of Queen Mary resources or facilities (e.g. the Library)
Queen Mary does not store any credit/debit card details and is PCI-DSS compliant. Bank details used for processing Direct Debits are held under the Direct Debit Guarantee scheme.
How we use your personal data
Your data is used by Queen Mary to communicate with you in a variety of ways, including:
- the promotion of the relationship between Queen Mary and its alumni for mutual benefit
- university-related fundraising initiatives involving alumni and other supporters
- eliciting non-financial support (e.g. careers support for students and assistance with student recruitment activities)
- sending invitations to alumni events and other events of interest organised by Queen Mary
- university mailings, both hard-copy and electronic (e.g. alumni magazines and e-newsletters)
- promoting the benefits and services available to alumni
Communications to you may be sent by post, telephone, email, text or via social media, depending on the contact details we hold and the preferences expressed by you about the types of communication you wish to receive.
Tools may be used to help us improve the effectiveness of Queen Mary's communications with you, including tracking whether the emails we send are opened and which links are clicked within a message. We monitor website visits and use tools such as Google Analytics to improve our website and services.
If you prefer not to receive some types of communication, or any communication whatsoever, you can amend your preferences at any time by telephoning 020 7882 6468, emailing email@example.com or writing to:
Directorate of Development and ALumni Engagement
Queen Mary University of London
Mile End Road
We will not contact you for any purposes by post, email, text message, social media or telephone if you have told us you do not want to hear from us by any of those channels. If you are registered with the Telephone Preference Service (TPS) but have provided us with a telephone number, we will assume that we have your consent to call you on this number until notified otherwise.
If you unsubscribe from any or all of the communication channels mentioned above, we will update our records to stop further communication as quickly as we can. Please be aware that it can sometimes take a short while for the change to be fully implemented.
Research, wealth screening, data analysis and data-matching
Queen Mary is an institution that has been and continues to be a grateful recipient of public and private philanthropy, enabling it to increase access to education, further research and improve facilities for students. Ethical and transparent fundraising is therefore essential to its mission.
In order to ensure that this is carried out as efficiently as possible, whilst respecting the rights and wishes of alumni, supporters and potential supporters, we may gather information about you from trusted publicly available sources to help us understand more about you as an individual and your ability to support the university in ways financial or otherwise.
We may perform wealth screening, a process which uses trusted third-party organisations to help us identify a small percentage of alumni who may be interested in becoming more closely involved in the life and aims of Queen Mary, and may have capacity to influence or give support at a significant level. We may use information gathered from public sources or other departments, schools or faculties within Queen Mary, alongside the information you provide, to undertake analysis of who might support the university and better understand the preferences of our alumni with regard to events, communication and services. By so doing, we can more effectively focus the conversations we have with you, and ensure that we provide you with an experience as an alumnus/na, donor or potential donor that is appropriate.
Publicly available sources are used to carry out due diligence on donors in accordance with Queen Mary's Gift Acceptance Policy and to meet money laundering regulations. We may also undertake data-matching, e.g. via the National Change of Address Register, to find new contact details for alumni with whom we have lost touch.
Queen Mary is a member of the Fundraising Regulator and committed to its Code of Practice.
Public domain sources
The publicly available sources we use to conduct research and due diligence include:
- Companies House and other business-related resources
- company websites and annual reports
- Charity Commission, Guidestar, US Foundation Directory and other sources for non-profits
- annual and donor reports of other organisations
- rich lists
- philanthropy press
- Factiva (national and international press, and due diligence tools)
- Lexis Nexis (national and international press, and due diligence tools)
- general internet and press searches
- Who's Who and Debrett's People of Today
- The Queen's Honours Lists
- National Change of Address Register
Sharing your personal data with others
Unless you choose to share details, e.g. via our alumni portal, your personal data is not disclosed to other alumni. Nor will it be disclosed to any external parties, other than those contracted by DDAE in order to assist with its routine activities as detailed above, or where we may be required to do so by law. An example of the latter is that Queen Mary has a legal obligation to supply some of the information we hold about you, as a graduate, to the Higher Education Statistics Agency (HESA), the official agency for the collection, analysis and dissemination of quantitative information about higher education in the UK. New graduates will be contacted regarding this 15 months after the completion of studies.
Where data is shared with a third-party contractor (e.g. for the purposes of analysis, updating or cloud-storage), we always ensure that we have a data processing and non-disclosure agreement in place. This means that any third party is only able to use information we provide for specified purposes and must keep it secure. We do not sell your personal data to other organisations, nor share it as part of any reciprocal arrangement.
This service is operated under contract by Aluminati Network Group Ltd. (Aluminati) acting under instruction as our Data Processor under the Data Protection Acts 1998 and 2018. Aluminati will process personal data strictly for the purposes of operating this service.
Aluminati is registered with the Information Commissioner under membership number Z8393842.
Personal data is held in the UK on secure servers by Queen Mary and Queen Mary approved contractors. Any transfers of your data overseas (outside of the European Economic Area), for example to an international branch of Queen Mary's alumni network, are protected either by a European Commission 'adequacy decision' (declaring the recipient country as a 'safe' territory for personal data) or by standard contractual clauses adopted by the European Commission, which obligate the recipient to safeguard the data. Further information about the measures we use to protect data when being transferred internationally is available from our Data Protection Officer (whose contact details are set out below).
How long your personal data is kept
Queen Mary maintains a record of all former students and, as such, we hold education details in perpetuity. Other information will be reviewed according to Queen Mary's records retention schedule and deleted if the criteria for retention are no longer met.
Your rights and further information
We try to ensure that the data we hold for you is up to date, reasonable and not excessive. You will always have the right to:
- be informed as to how we use your data (via this Privacy Notice)
- access or request a copy of the data we hold about you
- update, amend or rectify the data we hold about you
- change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from DDAE
- object to or restrict the processing of your information for any of the purposes outlined in this Privacy Notice
- ask us to remove your data from our records.
For further information, please see Queen Mary's Data Protection Policy. If you have any queries about this privacy notice or how we process your personal data, please write to firstname.lastname@example.org by email, or Data Protection Officer, Queen Mary University of London, Mile End Road, London, E1 4NS by post. Please read other privacy notices relevant to services you may access at Queen Mary.
Because of future legislation, or new institutional priorities, we may have cause to amend elements of the information processing described above. If this should happen, we will always alert you before any changes come into effect.
Last updated on: 14th May 2018
Queen Mary Network Social Sign In: Privacy Notice
This privacy notice provides you with details of how we (Aluminati Network Group Ltd) collect, process and store your personal data when you access the Aluminate service (the ‘Service’) via this third-party application (‘App’).
LAWFUL BASIS AND PURPOSE OF PROCESSING
Aluminati processes your data in order to perform its contract, with the institution or organisation, to provide you with the Service. We will process your information for the following purposes;
- To verify your details in order to provide you with access to the Service
- To improve your onboarding experience onto the Service
- To increase your accessibility to the Service
We will only use your personal data for the purposes listed above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) however we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Tel: 01638 676 232
WHAT PERSONAL DATA WE COLLECT
Personal data is any information capable of identifying an individual and does not include anonymised data. We may ask you to provide us with or automatically collect certain personally identifiable information that can be used to contact or identify you, including:
- Identity & Contact Data may include your first name and last name
- Contact Data may include your email address
- Technical Data may include your cookie data, information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the time and date of your visit, unique device identifiers and other diagnostic data
We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.
For data processed under the lawful basis of ‘performance of a contract’, you;
- DO have the right to; be informed, request access, data portability, data rectification, restriction processing, erasure if there is no overriding ‘legitimate interest’ for continuing to process the data
- DO NOT have the right to object
To exercise these rights please email email@example.com. We will likely have to request information from you to confirm your identity in order to ensure we are following instructions from the actual data subject concerned. No fee is payable for the exercise of these rights unless the request is clearly unfounded, repetitive or excessive in which case we may also legally refuse your request.
For more information on individual rights under the GDPR, go to the following site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
You have the right to lodge a complaint to the supervisory authority (the Information Commissioners Office); if you believe we are processing your data unfairly.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with third parties including:
- Our service providers who provide IT, hosting and system administration services
- Professional advisers including lawyers, bankers, auditors, insurers, financial advisers and corporate finance advisers who provide consultancy, banking, legal, insurance, accounting and financial services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We make active efforts to engage in service providers who are based within the European Economic Area (EEA). Where this is not possible, we may need to engage service providers resulting in your personal data being transferred outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
In addition to the above, your data may be temporarily transferred outside of the EEA during the course of our staff travelling abroad with personal data (for example meeting contact information and emails). There are appropriate safeguards in place to ensure the protection of your data - including encryption rendering the data unreadable in the case of loss or theft.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain personal data for as long as we need to fulfil the specified purposes we have collected it for as well as for satisfying legal, accounting, audit, or reporting requirements.
By law, for tax purposes, we have to keep certain data about our customers for six years after they cease being customers.
COOKIES & THIRD PARTY LINKS
Links from our website or other communications may link to third-party destinations over whom we have no control and do not take responsibility for their privacy statements or behaviours. Please read the privacy notice of these sites to understand their data policies.
Name and contact details of the data controller and data protection officer
Data Controller: Aluminati Network Group Ltd.
Address: Hyperion House, The Oaks, Newmarket, Suffolk, CB8 7XN
Data Protection Officer: Daniel Watts
Contact Details: firstname.lastname@example.org