Hidden Gems Privacy and Cookies Notice

This privacy notice sets out how Lancaster University uses and protects any information you provide when using our application.

Lancaster University is committed to ensuring that your privacy is protected. If we ask you to provide certain information by which you can be identified when using this application, you can be assured that it will only be used in accordance with this privacy notice.

We may update this notice from time to time by changing this page. Please check this page occasionally to ensure you are happy with any changes.

To see the privacy notice for the wider iLancaster app, please click here.

Data Controller

Lancaster University is the Data Controller for personal data processed through Hidden Gems.

If you have any questions about this notice or how your data is handled, you can contact us via the app or at information-governance@lancaster.ac.uk. We are committed to providing you with any information or support you need.

Lawful Basis for Processing

The lawful basis for processing Hidden Gems data is:

  • Article 6(1)(a) UK GDPR – Consent
  • Article 9(2)(a) UK GDPR – Explicit consent (where selected interests may indirectly imply special category data)

You may withdraw your consent at any time within the app settings.

What Personal Data We Collect

We may collect the following types of personal information:

  • Name
  • Student or staff ID
  • Contact details (email address, phone number)
  • Location data (if permissions are granted)
  • Motion data (as necessary for app functionality)

If you choose to enable Hidden Gems, we may process:

  • Your name and University ID (via existing University authentication)
  • User-selected interests (e.g. topics, societies, activities)
  • Event engagement indicators (such as clicks or interactions)
  • Structured relationship data linking your interests to events
  • Optional proximity-based location data (only where explicitly enabled)
  • Limited session metadata (e.g. timestamp, model version, safety flags – no prompt text is retained)

Providing interest data and enabling the feature is entirely optional and requires the consent or explicit consent of the user. Consent can be withdrawn at any time via the app Settings.

Special Category Data

Hidden Gems does not directly request special category personal data. However, certain interests you select (for example, faith societies, political groups, accessibility-related events, or LGBTQ+ societies) may indirectly suggest characteristics relating to religion, political opinion, disability, or sexual orientation. Processing of this data is based on your explicit opt-in consent, and it is used solely to generate recommendations within the app. We do not use this data to make inferences about you beyond delivering relevant content.

How We Use Your Data

Personal data is used to help us to understand your needs and provide you with a better service, for the following purposes:

  • Deliver the iLancaster app service to you
  • Internal record keeping
  • Improvement of our products and services
  • Other purposes as advised at the point of data collection and in compliance with our registration with the Information Commissioner's Office as Data Controller

Data is not used for advertising, marketing, or commercial profiling.

Use of Artificial Intelligence

Hidden Gems uses artificial intelligence to generate recommendations based on the interests you select.

  • Recommendation logic is primarily processed within Lancaster University systems.
  • We use Microsoft Azure AI Foundry (Sweden/EU region) to generate text embeddings that support search and recommendation functions.
  • Azure AI services operate in Zero Data Retention mode, meaning:
    • Prompts and outputs are not logged or stored by Microsoft.
    • Data is not used to train external AI models.
    • Processing is transient and for inference only.
  • No automated decisions are made that produce legal or similarly significant effects on you.

Location Data

If enabled, proximity-based location data may be used to provide nearby recommendations. Location processing:

  • Requires separate explicit opt-in consent
  • Can be disabled at any time via your device settings
  • Is not used for tracking outside the scope of the feature

Data Sharing and International Processing

Personal data remains under Lancaster University control. Microsoft Azure AI Foundry processes data transiently in the Sweden (EU) region under contractual Data Processing Agreements and Zero Data Retention configuration. We do not sell your data, and we do not allow third parties to use it for marketing or AI training.

We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required to do so by law.

Data Retention

Interest and engagement data are retained on a rolling 30-day basis. Data is automatically purged after 30 days. If you withdraw consent, associated preference and recommendation data will be deleted within 30 days. Moderation records may be retained longer where required for safeguarding or compliance purposes.

Your Data Protection Rights

You have numerous rights regarding your personal data, including:

  • The right to access personal data we hold about you
  • The right to rectify any inaccurate data
  • The right to request erasure of your data
  • The right to restrict processing of your data
  • The right to withdraw your consent at any time

To exercise your rights, please contact us at information-governance@lancaster.ac.uk.

Your Control

You can:

  • Choose whether to enable Hidden Gems
  • Select and modify your interests
  • Withdraw consent at any time
  • Disable location access via your device settings
  • Request deletion of your associated data

Not all of the above rights are absolute and some may only apply in specific circumstances. For further information on your rights, please visit this webpage.

Changes to This Privacy Notice

This Privacy Notice may be updated as Hidden Gems evolves.

Significant changes will be communicated through iLancaster or the Hidden Gems website.

Security of Your Information

We are committed to ensuring that your information is secure. We have implemented appropriate technical and organisational measures to protect your personal information against loss, misuse, or alteration. These measures include restricting access to university databases to authorised personnel only.

The iLancaster app is committed to protecting your privacy and ensuring the security of your personal information. We have implemented strict data protection measures to comply with the UK General Data Protection Regulation (UK GDPR).

Raising Concerns

If you have concerns about how your data is used within Hidden Gems, you can:

  • Use feedback options within iLancaster
  • Contact the Innovation Team via ISS
  • Raise a concern through the University’s data protection channels

Contact Details

If you have any questions about our data protection practices, please contact us via the app or at information-governance@lancaster.ac.uk. We are committed to providing you with any information or support you need.