Student Wellbeing Privacy Notice

This Privacy Notice outlines how Canterbury Christ Church University (the Data Controller) collects, uses, and protects personal data in relation to services offered at the University relating to student support and wellbeing. It applies to students who access services provided by the Student Wellbeing & Support team.

We are committed to handling your personal data responsibly and transparently, in accordance with the Data Protection Act 2018 and UK General Data Protection Regulations (GDPR) and any other relevant legislation. This notice is intended to ensure you are fully informed about how your personal information is used and the rights you have in relation to it.

You can access our Data Protection Policy here.

1. What personal information do we collect about you?

When you engage with the University in order to access services provided by the Student Wellbeing and Support team, we collect and retain relevant personal data. This information is used for the purposes set out in Section 3 of this Privacy Notice.

We may process the following categories of personal data about you:

Your course and other personal details held on student record systems

Information you provide to us regarding your health and wellbeing including information on disability

Information given to us on your behalf by third parties, for example, Disabled Student Allowance assessment centres, your doctor and the occupational health service.

Information you shared in the Learning support plan (LSP) or Placement Support Plan (PLSP)

2. How do we collect your information?

The University may collect your personal data through a range of methods and sources, depending on your relationship with us and the nature of our interaction. We may collect your personal information:

Directly from you – for example,

When you fill in forms to access services

When you correspond with the Student Wellbeing and Support team

When you attend appointments

From third parties – for example,

From Student Finance England when you apply and are assessed for Disabled Student Allowance.

Your doctor or healthcare professional; and

The occupational health service

3. How do we use your personal data?

The University may process your personal data for the following purposes:

The administration and management of Student Wellbeing and Support services

To respond to requests, queries or other correspondence. Including guidance concerning your studies and the regulations, policies and processes of the University.

To provide information, advice, guidance and support. This includes preparing a Learning Support Plan or Placement Support Plan and arranging for reasonable adjustments to be made.

Providing counselling, mental health support and giving you disability advice.

To monitor, evaluate and develop our services.

To prevent and detect fraud, bribery, corruption, or other unlawful activities in accordance with the University's internal policies and legal obligations;

To comply with statutory and regulatory requirements, including those under the Data Protection Act 2018 and UK GDPR.

4. The lawful basis we use to process your data?

Data protection law sets out reasons for collecting and processing your personal data. In this section, we outline the legal bases the University uses.

We will be processing your data under:

Article 6(1)(e) Public Task "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller"

We may need to process your data in order to ensure we are complying with our statutory obligations and legal requirements.

Article 6(1)(c) Legal obligation "processing is necessary for compliance with a legal obligation to which the controller is subject"

We process your data under this legal basis to comply with our statutory obligations, specifically the Equality Act 2010. Reasonable adjustments are a legal requirement under the Equality Act to ensure our services are accessible to all disabled people. We are required to take reasonable steps to make adjustments where a provision, criterion or practice puts disabled students at a substantial disadvantage.

Where we process Special Category Data, we will do so under the following legal basis:

Article 9(2)(a) Explicit consent

Article 9(2)(g) Reasons of substantial public interest (with a basis in law)

We have an Appropriate Policy Document in place which records our processing in relation to Special Category Data. If you are a student, you may access the document here.

5. Who do we share your personal data with?

We may share your personal data with trusted third-party service providers who act as data processors on our behalf. These providers are:

Medical professionals

Suppliers of relevant services or goods

PCMIS – secure caseload system

Problem Shared – our partner counselling provider

Symplicity – secure caseload system

We will share your personal data with these third-party providers when you have requested support from the Student Wellbeing and Support team. The services support with the delivery and operation of wellbeing support services, such as the provision of disability support, counselling and financial aid. All third parties are required to handle your data securely and in accordance with data protection legislation.

We may also disclose your personal data where necessary to meet our legal or statutory obligations under the Data Protection Act 2018 and UK GDPR. This may include sharing information with government departments, regulatory bodies, funding agencies, or law enforcement authorities where disclosure is legally required.

Whoever we share your information with, we will only share what is relevant and necessary to perform the specific task or to meet our legal obligations.

6. How long do we keep your personal data?

We retain personal data only for as long as is necessary to fulfil the purposes set out in this Privacy Notice, including to satisfy legal, regulatory, and contractual obligations. This includes our obligations under the Data Protection Act 2018 and UK GDPR.

In relation to the provision of student wellbeing support services, we retain personal data for six years after the last entry, in line with our legal and statutory requirements for Simple Contract under the Limitation Act 1980. When identifiable records are no longer required for the purposes set out in this Privacy Notice, they are either anonymised or securely disposed of according to our Confidential Waste Policy.

7. How do we protect and store your personal information?

We are committed to safeguarding the personal data we process and have robust internal policies and controls to prevent unauthorised access, accidental loss, destruction, misuse, or disclosure of personal data. Access to personal information is strictly limited to authorised University personnel who require it for the performance of their duties in connection with the provision of student wellbeing and support services.

Where personal data is shared with third-party processors, such parties are contractually required to act solely on our instructions, implement appropriate technical and organisational safeguards, and comply fully with the requirements of the Data Protection Act 2018 and UK GDPR.