Development and Alumni Relations Privacy Notice
Our alumni and supporters are extremely important to us, and this Privacy Notice explains how Lancaster University’s Division of Development and Alumni Relations (DDAR) collects, stores, manages and protects your data.
It outlines the range of personal information that we hold and how we use it to provide services to our alumni and supporters. We aim to be clear when we collect your personal information, and not do anything you wouldn’t reasonably expect. The DDAR is part of Lancaster University. The University has a range of other Privacy Notices for staff, students and other services that it offers. These can be accessed on the Lancaster University website.
The University will process your personal data in accordance with the General Data Protection Regulations (GDPR).
Who we are and what we do
The Division of Development and Alumni Relations supports Lancaster University through contact with alumni, students, and supporters of the University. We do this by offering a range of academic, social and networking events, printed and online publications and communications, providing access to University Library resources and employment and skills advice. We also fundraise to support the University’s students, teaching, research and capital projects. In order to do this, we have a database that contains personal data collected by the University during the course of our relationship with our students, alumni, donors and supporters.
What information do we collect from you?
The DDAR maintains a record of all former students of the University and, as such, we hold education records in perpetuity. Graduation information is published each year in graduation books and is therefore considered to be in the public domain. The personal data we store and process, the majority of which is given to us by our alumni and supporters, may include:
- name, title, gender, nationality and date of birth;
- contact details including postal address, email address, phone number and links to social media accounts;
- information about your time at the University and other academic institutions, including qualifications held and courses studied;
- your occupation and professional activities;
- your recreations and interests (for example your membership of student sports clubs);
- family and spouse/partner details and your relationships to other alumni, supporters and friends;
- records of donations and Gift Aid status, where applicable (as required by HMRC);
- records of communications sent to you by the DDAR or received from you;
- volunteering by you on behalf of the University;
- information about your wealth;
- media articles about you;
- information on your engagement in University meetings, events, groups or networks;
- information about your use of the University and alumni website, the Lancaster Online Directory and LUMS Connect in accordance with our Privacy and Cookies notice;
- information about your activity on University social media channels (e.g. the LinkedIn alumni group and the alumni Facebook page).
Tools may be used to help us improve the effectiveness of the University’s communications with you, including tracking whether the emails we send are opened and which links are clicked within a message. We monitor website visits and use tools such as Google Analytics to improve our website and services.
The University does not store any credit/debit card details and is fully PCI-DSS compliant. Bank details used for processing Direct Debits are stored by a trusted third-party, under the Direct Debit Guarantee scheme.
How is your information collected?
Initially, data about students is transferred into the University’s alumni database from the University’s student record system. This transfer is based on legitimate interest and the University has done a balance of interests test to ensure that its interests are not overriding your own rights and freedoms.
The vast majority of the information we hold is obtained directly from you; and if you interact with any other departments, divisions, schools or faculties within the University we may receive data from these areas.
We always aim to keep your details up to date, and we will conduct projects to check the contact details we have for you are correct, and, where appropriate, update them. As a result, some of the data may also have been obtained from publicly available sources – for example, we may find a new address for you by using the Royal Mail’s National Change of Address database (NCOA). We may also use information from publicly available sources, such as public LinkedIn profiles to gain up-to-date information about you, to carry out research to assess your inclination and capacity to support the University financially or by volunteering your time. We may use trusted third-party partners to carry out this type of data collection to automate some of this work.
Wealth screening and data analysis
Lancaster University’s foundation, growth and success have been supported by philanthropy, and philanthropy continues to make an enormous impact at our University. As we are a fundraising institution, we may gather information about you from publicly available sources – for example, Companies House, the Electoral Register, the media and public LinkedIn profiles – to help us to understand more about you as an individual, your interests and your ability to support the University. We may use trusted third-party partners to carry out this type of data collection to automate some of this work.
We may carry out wealth screening, a process which uses trusted third-party partners to automate some of this work. We may use information gathered from public sources or other departments, schools or faculties within Lancaster University, alongside the information you provide, to undertake analysis of who might support the University and to understand the preferences of our alumni about events, communication and services. By doing this, we can ensure that conversations we have with you about fundraising and volunteering are focused in the most effective way, and ensure that we provide you with an experience as an alumnus, donor or potential donor which is appropriate for you. We also use publicly available sources to carry out due diligence on donors in line with the University’s Gift Acceptance Policy and to meet money laundering regulations.
Fundraising is a key part of the DDAR’s work, and we are committed to working in a transparent, ethical, responsible and honest way. To reflect this commitment, we are a member of the Fundraising Regulator and committed to the Regulator’s Code of Practice.
How do we use your information?
We value our relationship with you and we use your personal data to ensure we contact you in the most appropriate way, improve our services and to ensure we work efficiently and effectively.
Your data will be used for a full range of alumni engagement and fundraising purposes. These include the following communications and marketing activities, which may be delivered by mail, email, telephone and social media:
- Sending University publications and news;
- Notification of alumni events;
- Fundraising programmes;
- Promotion of discounts and services for alumni;
- Academic course information and alumni benefits;
- Promotion of alumni and student careers mentoring programmes;
- Information about alumni and marketing activities based in faculties, departments and colleges.
- To facilitate the assessment and improvement of services that the University offers, to assess the effective management of the University and to ensure the efficient running of the University via internal and external audit. (Legitimate Interest)
Where we communicate with you as Alumni we do so in the legitimate interests of the University. In doing so we have conducted a balancing test of the legitimate interests of the University against your own rights and interests. If we communicate with you by email or using a TPS-registered telephone number we will ensure that we have your consent before we do so
- Who do we share your information with?
How do we keep your information secure?
We are committed to holding your data securely and treating it with sensitivity. All data is held securely and in accordance with the Data Protection Act 1998. Your data is held on a database hosted on a secure server within the University network. This database is protected by multi-level authentication and access is restricted to individuals who need to see the data to carry out their duties at the University. This is limited to:
- members of staff and student members of staff in the DDAR;
- assigned IT support; and
- colleagues from other areas within the University who work closely with the DDAR on the provision of services to alumni, such as the Careers Service.
User access rights to the database are restricted according to individual job roles in order to ensure that users only see information relevant to them. This access is reviewed on a regular basis.
For further information please refer to the University’s Information Security Policy and Processes.
Do we transfer your data to third party countries?
Although most of the information we store and process stays within the UK, some information may be transferred to countries outside the European Economic Area (EEA). This may occur if, for example, one of our trusted partner’s servers are located in a country outside the EEA. Where these countries do not have similar data protection laws to the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law.
How long do we keep your information?
We will hold your educational record in perpetuity unless you request to have your data deleted from the Alumni database. Please see below for how to request that your data is deleted.
What are your rights?
You have the following rights regarding your personal data:
- To have access to your personal data - for further information see the Subject Access webpage;
- To have inaccurate or incomplete personal data amended
- To have your personal data deleted – this will only apply when there is no legitimate reason for the University to continue to use your personal data
- To restrict the use of your personal data
- To request personal information in a digital form so that you can provide it to other organisations
- To object to automated decision making and profiling
- To withdraw consent when we have used consent as the basis for using your information
The University has a range of policies to support these rights.
If you wish to exercise your rights you are advised to first read these policies as there are some exceptions to using your rights. For example, the University is required to keep permanently your basic student record which includes your name, date of attendance, degree classification, record of modules taken and marks for these. If the University received a request from you to be forgotten it would withhold the request for deletion of your basic record, but could agree to the deletion of more wider information that it holds on you.
Any requests to use your rights over your personal data should be made to Lancaster University's designated Data Protection Officer.
What are your responsibilities?
You are required to read this Privacy Notice so that you understand how we use your personal information and the rights that you have.
We may seek new contact details for alumni with whom we are not in contact, to ensure the University can remain in touch with as many of its alumni as possible. Many of our alumni choose to manage and update their own details, which you can do online at Lancaster Online.
Who do I contact for further information or if I have concerns?
If you have any questions about this Privacy Notice then please contact:
Development and Alumni Relations
+44 (0)1524 594109
Lancaster University’s designated Data Protection Officer is:
Mike Abbotts, Information Governance Manager
Phone: 01524 510841
Contact Mike if you have any concerns or complaints about this Notice or about the way your personal data is being used.
Lancaster University is the Data Controller for the personal data that it holds about you. The University’s contact details are:
If you are not happy with the way the University has handled your concern or complaint then you may submit a complaint to the Information Commissioner’s Office.
Changes to this Notice?
This Notice has been developed to be compliant with the General Data Protection Regulations (GDPR). This Notice is regularly reviewed and sometimes updated. It is important that you check for updates to this Notice. If we make significant changes we will contact you to inform you of this.