Aluminate Privacy Notice
Royal Holloway and Bedford New College, also known as Royal Holloway, University of London, will act in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA2018) when controlling and processing your personal data.
This notice explains how we collect, use and share your personal data and your rights in relation to the processing of your data through the use of our Royal Holloway Connect platform (Royal Holloway Connect is hosted on the Aluminati Network Groups Aluminate platform).
In this notice:
- ‘personal data’ means any data which can identify you directly or indirectly (whether by itself or when combined with other data), regardless of the format or media on which the data are stored. This includes data that can identify you when combined with other data that is held separately (pseudonymous data) but does not include data that has been manipulated so that you can no longer be identified from it (anonymous data).
- ‘processing’ means any activity relating to your personal data including collection, use, alteration, storage, disclosure and destruction.
What personal data will be collected in Royal Holloway Connect
The data the College collects includes:
- Personal contact details
- Personal address details
- Education, professional qualifications details
- Current and previous employment details
- Usage data which may include how you use Royal Holloway Connect, who you connect and communicate with in the platform and how you engage with services and systems
- Communications data which may include your preferences in receiving marketing communications from Royal Holloway
- Visual images
Where you choose to provide this, special category data processed may include:
- Sexual orientation
- Gender reassignment
- Ethnic origin
- Trade union membership
- Religious or other similar beliefs
- Physical or mental health details
- Spent and unspent criminal convictions
Personal data provided by you about others
You may provide us with personal data about other individuals, for example, next of kin/emergency contact details and information about your family circumstances and dependents. You should notify the relevant person that you are providing their contact details to the College and in what capacity (i.e. as your listed next of kin/emergency contact).
How and when do we collect your personal data?
We will collect your personal data:
- When you register for a Royal Holloway Connect account
- When you update or amend your Royal Holloway Connect profile
- When you join a Royal Holloway Connect mentoring scheme or any other engagement scheme within the platform
- When you connect with alumni, recent graduates or students within the Royal Holloway Connect platform
- When you use Royal Holloway Connect to communicate with alumni, recent graduates or students within the platform
- When you contact us by any means with queries etc.
Personal data from third parties
Why do we collect this data, how do we use it and what is our legal basis for doing so?
We collect this data in order to verify alumni using the Royal Holloway Connect platform and in order to provide you a service through the alumni engagement functions within the platform. These include:
- mentoring programmes
- an alumni directory
- alumni personal profiles
- mentor profiles
The data provided by you to Aluminate is processed on the basis of your consent. You can withdraw that consent at any time and delete your account with the platform.
Any data which is passed from Aluminate to Royal Holloway during the course of your use of the platform is processed on the basis of our legitimate interests.
In relation to special categories of personal data and personal data relating to criminal convictions and offences, we may request your explicit consent unless a condition applies which allows us to process such personal data without doing so.
How long the College will retain your personal data
Sharing your personal data with third parties
We never sell any of your personal information.
International Data Transfers
How the College keeps your personal data secure
The College has put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in any unauthorised way or altered or disclosed. In addition, the College limits access to your personal data to the persons and organisations, including those described above, who have a lawful and/or legitimate need to access it.
The College has also put in place procedures to deal with any suspected personal data security breach and will notify you and any applicable regulator of a suspected breach where legally required to do so.
Aluminati Network Group who provide the services to host and maintain the Royal Holloway Connect platform have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
You and your data
You have a number of rights in relation to the processing of your personal data by the College:
- Access: You have the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that the College is processing it lawfully and fairly.
- Correction: You have the right to request correction of any inaccurate or incomplete personal data held about you.
- Deletion: You have the right to request erasure of any personal data held about you where there is no good reason for the College to continue processing it or where you have exercised your right to object to the processing of your personal data.
- Restriction: You have the right to request restriction of how the College processes your personal data; for example, to confirm its accuracy or the College’s reasons for holding it or as an alternative to its erasure.
- Objection: You have the right to object to the College’s processing of any personal data which is based on the legitimate interests of the College or those of a third party based on your particular circumstances. You also have the right to object to the College processing your personal data for direct marketing purposes.
- Portability: You have the right to receive or request that the College transfers a copy of your personal data in an electronic format where the basis of the College processing such personal data is your consent or the performance of a contract, and the information is processed by automated means.
- Complaints: You have the right to complain to the Information Commissioner’s Office (ICO) in relation to how the College processes your personal data. Our registration number with the Information Commissioner’s Office is Z7056965.
The College may be entitled to refuse any request in certain circumstances and where this is the case, you will be notified accordingly.
Where the lawful ground relied upon by the College to process any of your personal data is your consent, you have the right to withdraw such consent at any time without having to give any reason. However, if you do so, the College may not be able to provide some or all of its services to you or the provision of those services may be affected.
You will not have to pay any fee to exercise any of the above rights, though the College may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, you will be notified accordingly.
To protect the confidentiality of your personal data the College may ask you to verify your identity before fulfilling any request in relation to your personal data.
Changes to this notice
The College may update this notice at any time and may provide you with further notices on specific occasions where we collect and process personal data about you. You should check this notice regularly to take notice of any changes. Where any change affects your rights and interests, we will make sure we bring this to your attention and clearly explain what this means for you.
Questions or comments
If you have any questions or comments regarding this notice or you wish to exercise any of your rights you should contact our Data Protection Officer by email at firstname.lastname@example.org.
You also have the right to complain to the Information Commissioner’s Office and you can find more information on their website – www.ico.org.uk
Royal Holloway Connect Social Sign In: Privacy Notice
This privacy notice provides you with details of how we (Aluminati Network Group Ltd) collect, process and store your personal data when you access the Aluminate service (the ‘Service’) via this third-party application (‘App’).
LAWFUL BASIS AND PURPOSE OF PROCESSING
Aluminati processes your data in order to perform its contract, with the institution or organisation, to provide you with the Service. We will process your information for the following purposes;
- To verify your details in order to provide you with access to the Service
- To improve your onboarding experience onto the Service
- To increase your accessibility to the Service
We will only use your personal data for the purposes listed above unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground of processing. We may process your personal data without your knowledge or consent where this is required or permitted by law.
If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk) however we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
Tel: 01638 676 232
WHAT PERSONAL DATA WE COLLECT
Personal data is any information capable of identifying an individual and does not include anonymised data. We may ask you to provide us with or automatically collect certain personally identifiable information that can be used to contact or identify you, including:
- Identity & Contact Data may include your first name and last name
- Contact Data may include your email address
- Technical Data may include your cookie data, information such as your device's internet protocol address (e.g., IP address), browser type, browser version, the time and date of your visit, unique device identifiers and other diagnostic data
We do not collect any sensitive data about you including details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, trade union membership, health, criminal convictions and offences.
For data processed under the lawful basis of ‘performance of a contract’, you;
- DO have the right to; be informed, request access, data portability, data rectification, restriction processing, erasure if there is no overriding ‘legitimate interest’ for continuing to process the data
- DO NOT have the right to object
To exercise these rights please email email@example.com. We will likely have to request information from you to confirm your identity in order to ensure we are following instructions from the actual data subject concerned. No fee is payable for the exercise of these rights unless the request is clearly unfounded, repetitive or excessive in which case we may also legally refuse your request.
For more information on individual rights under the GDPR, go to the following site: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
You have the right to lodge a complaint to the supervisory authority (the Information Commissioners Office); if you believe we are processing your data unfairly.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with third parties including:
- Our service providers who provide IT, hosting and system administration services
- Professional advisers including lawyers, bankers, auditors, insurers, financial advisers and corporate finance advisers who provide consultancy, banking, legal, insurance, accounting and financial services
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We make active efforts to engage in service providers who are based within the European Economic Area (EEA). Where this is not possible, we may need to engage service providers resulting in your personal data being transferred outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
- Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
In addition to the above, your data may be temporarily transferred outside of the EEA during the course of our staff travelling abroad with personal data (for example meeting contact information and emails). There are appropriate safeguards in place to ensure the protection of your data - including encryption rendering the data unreadable in the case of loss or theft.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain personal data for as long as we need to fulfil the specified purposes we have collected it for as well as for satisfying legal, accounting, audit, or reporting requirements.
By law, for tax purposes, we have to keep certain data about our customers for six years after they cease being customers.
COOKIES & THIRD PARTY LINKS
Links from our website or other communications may link to third-party destinations over whom we have no control and do not take responsibility for their privacy statements or behaviours. Please read the privacy notice of these sites to understand their data policies.
Name and contact details of the data controller and data protection officer
Data Controller: Aluminati Network Group Ltd.
Address: Hyperion House, The Oaks, Newmarket, Suffolk, CB8 7XN
Data Protection Officer: Daniel Watts
Contact Details: firstname.lastname@example.org