Within the University, your data is shared with only those University staff who need access for the purpose of delivering our academic and non-academic services and facilities.
Your personal data is shared with a range of external organisations as is necessary for the purposes set out above and as permitted or required by law, including the following:
- Higher Education Statistics Agency. This will include reporting special category data you provided on registration or re-registration (for example, relating to your ethnicity, sexuality, disability etc. (HESA is a non-Governmental organisation which is the designated data body for England for collecting, processing, and publishing data about higher education in the UK. HESA explains how it will use your personal data in its statement published at https://www.hesa.ac.uk/about/regulation/data-protection/notices);
- Your funders and/or sponsors (for example, as relevant, the Student Loans Company, Research Councils, the funders of any awards or prizes). Unless you have agreed otherwise with your sponsor, we only share with them information about your academic progress;
- The providers of any external or collaborative learning and training placements or fieldwork opportunities (and we will explain to you how and when this will be shared when we collect the data from you);
- Your employer, if your programme is a requirement of your employment or being employed is a requirement of your programme;
- External examiners and assessors, and external individuals involved in relevant University committees or procedures;
- Relevant Government Departments (for example, the Home Office, the Foreign and Commonwealth Office, Department of Health);
- Relevant executive agencies or non-departmental public bodies (for example, UK Visas and Immigration, HM Revenue and Customs, the Health and Safety Executive);
- Relevant Higher Education bodies (for example, the Office for Students, UK Research and Innovation, Universities and Colleges Admissions Service, Office for Fair Access, Office of the Independent Adjudicator, the organisation(s) running the National Student Survey and other student and leaver surveys);
- Any relevant professional or statutory regulatory bodies (for example, the General Medical Council); we will tell you in what circumstances we share data with these organisations;
- Our partner accommodation providers, if you apply for accommodation;
- The Guild of Students, in order to facilitate your membership of the Guild and access to their services (we provide them with your name, gender, date of birth, nationality, residency for fees, student ID number, contact details, programme details, year of study, your School and whether you have informed us you have dependents). Occasionally we share data to implement measures and sanctions arising in relation to misconduct proceedings;
- Local authorities, including for Council Tax purposes (in particular, we have an agreement with Birmingham City Council to share student data to assist with the students’ applications for exemption from Council Tax);
- Occasionally and when necessary, the police and other law enforcement agencies, for the prevention or detection of crime;
- Occasionally and when necessary internal and external auditors or regulators;
- Individuals, companies or organisations providing specific services to, or on behalf of, the University (for example, the University Medical Officer, external Occupational Health services);
- In the year you leave the University, your details (name, gender, contact details, information about your programme and award and registration status, emergency contact details, details of other universities attended, nationality, and secondary school details) will be shared with the University’s Development and Alumni Relations department while you are still a student so that you can be added to the alumni database. The University considers it is in the legitimate interests of the University to do so, as alumni are very important supporters of and ambassadors for the University, and that it is in the legitimate interests of alumni to do so, to develop their social and professional networks and help alumni achieve positions of success and influence. Information about how alumni personal data is used by the University is set out in the Alumni Privacy Notice; you will receive more details at the relevant time.
We ensure we have appropriate data sharing agreements in place before sharing your personal data with any other data controllers.
With your consent, we will share your data with the Multi-Faith Chaplaincy and with the University’s chaplains (who are not members of staff).
We will normally confirm details of the degree awarded to external enquirers or organisations, and at your request we will provide references to third parties
Your name and the type of degree awarded, including classification for those gaining a First, and Merit or Distinction for Taught postgraduate students, will be published in the relevant congregation programme. This information may also be published in newspapers and will be made publicly available.
Your University email account will be included on the University general email list which is used for contacting you about University business and activities.
Sometimes, we may have to send your personal data outside the European Economic Area (for example, so you can take part in an exchange visit or so we can to report to an overseas funding provider, or if you are studying at a campus overseas, for example, in Dubai). This is usually necessary to meet our contractual obligations with you, or your contractual obligations with a third party, and we make sure that appropriate safeguards are in place to ensure the confidentiality and security of your personal data.
Your personal data is shared as is necessary, on a considered and confidential basis, with several external organisations which assist with processing your information. These organisations act on our behalf in accordance with our instructions and do not process your data for any purpose over and above what we have asked them to do. We make sure we have appropriate contracts in place with them. Sometimes your personal data is processed by these organisations outside the European Economic Area (for example, because they use a cloud-based system with servers based outside the EEA), and if so, we make sure that appropriate safeguards are in place to ensure the confidentiality and security of your personal data.
We do not share your data with external organisations for marketing their products or services. We do not sell your personal data to third parties under any circumstances, or permit third parties to sell on the data we have shared with them.