Alumni Privacy Policy
The OU Students Association is committed to protecting your privacy. We work with our partners Aluminate Network Group Limited to provide access to this site. In accordance with UK law, we are the data controller of information processed by the site. Aluminate Network Group ltd may also process the data, any data that they may control is processed according to their policy which can be found here https://www.aluminati.net/privacy-policy/ This policy will help you to understand how we look after your personal data, and how we make sure that we meet our obligation to you under UK data protection laws. This notice outlines how we will use, store and share your personal data when you use this service, and supplements any other notices or statements we may provide to you.
In this policy, when we refer to “we”, “us”, “our” this means the Open University Students Association and is specifically applicable to this site.
The policy also applies to the website: [www.oustudents.com] (“Site”). Owner
Open University Students Association.
Contact us at:
Email:
oustudents-data-protection@open.ac.uk
Postal address:
OU Students Association PO Box 397
Walton Hall
Milton Keynes MK7 6BE
Telephone: 01908 652026 Services (“Services”).
The "alumni" privacy policy is in addition to the Open University’s privacy notice and applies specifically to information held about alumni, donors, supporters and Friends of the Open University Students Association. This notice applies to all of the services provided by the Open University Students Association where it works with the Aluminate Network Group Ltd.
Use of Your Data
We take data privacy very seriously. We have set out below the different ways we may need to use your data to enable you to use this service. We have also provided details of the legal basis for this. We would also like to point out the rights that you have over the way that we use your information. This policy should be read in conjunction with the Open University’s Data Protection Policy.
For the purposes of the UK data protection law which includes but may not be limited to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 as well as any other legislation which is relevant to the jurisdiction in which you reside, we are referred to as the data controller
(the entity which processes your data). All queries relating to this policy and/or data protection more generally should be referred to Dan Moloney the Chief Operating Officer of the Students Association at the above address.
User generated content
Information that you generate and that is posted on the site is your responsibility and subject to the terms of membership. We reserve the right to remove such content or block access where it is judged to infringe the terms of use. We strongly recommend that you do not post sensitive information about yourself or others on this site. If you do and we believe this create any risk, we will remove such content without notification.
Information we may collect about you
The information collected will generally be information that you create. For illustrative purposes this might include but is not limited to:
Personal data (“Personal Data”)
- First name
- Last name
- Preferred pronoun
- Registered modules and qualifications
- Date of birth
- Address
- Postcode
- Phone number
- Geo-location data (your geographical location based on your IP address)
- Personal Identifier Number
- Details of specific webpages visited within the Site and actions taken on those
- Free text (user generated content)
- This list is not exhaustive
The site may gather:
- Details of devices used to visit/view the Site
- Actions taken within the Site
Special category or Sensitive personal data (“Sensitive Personal Data”)
- Gender
- Racial or ethnic origin
- Politics
- Religious, philosophical or similar beliefs
- Disability status
- Data concerning a natural person’s physical or mental health or condition.
(Hereinafter together, “Personal Data”)
How data about you is collected
The Data is collected when you sign up and register on the Site, fill in website forms, contact us by telephone, email, letter.
How we use your personal data (the “Purposes”)
We may use the Data that you provide for the following purposes:
- To provide you with access to the site
- To facilitate your interaction with other members
- To monitor content to ensure it adheres to our terms
- To prevent access where this is appropriate
- To safeguard individuals where required
(“the Purpose(s)”).
- Developing a better understanding of our graduates and supporters through their personal data allows us to make better decisions, allows us to engage in a bespoke and relevant way. It also helps us to gather feedback to improve our services in the future.
- To promote matters that we believe are relevant and of value to you
- In order to ensure we comply with our safeguarding duty, for example to verify your identity
The use of your information for the Purposes is lawful because one or more of the following applies:
- you have given consent to this. Where we rely on your consent or explicit permission for processing the information you give us, this will be brought to your attention at the time the information is collected from you. You may withdraw consent to these uses at any time either by using the opt-out option (where applicable), by emailing us at oustudents-data-protection@open.ac.uk or by writing to us at OU Students Association, PO Box 397, Walton Hall, Milton Keynes MK7 6BE, noting that: (1) this will not affect the lawfulness of processing of your Data prior to your withdrawal of consent being received and actioned; and (2) if we have asked for your consent to a specific part of the service and you wish to withdraw this consent, you may not be able to partake in some of our services if you do so.;
- it is necessary for us to hold and use your Data so that we can perform our obligations under the contract we have entered into with you for the Purpose(s).
- We have a legal obligation to do so.
- To protect your vital interests.
- We have a legitimate interest to do so.
- Where we may have a public interest to do so.
We may process your data in our legitimate interest you may object to such processing.
(“Lawful Uses”).
Transfer to Third Parties
We may share data with our service provider partners and agents for the purposes of providing this service to you. Where we use third party service providers, we only disclose to them any personal information that is necessary to the provision of this service. We will either have a specific contract in place with the provider or use of your data will be in accordance with their own privacy policies. Further details of these will be available from the provider or within our disclaimer (where applicable), which you will be asked to accept before we are able to share your data. A list of current third-party service providers and agents can be provided upon request to oustudents-data-protection@open.ac.uk.
Your personal data may be disclosed to other organisations as required by law, for crime prevention, investigation or detection purposes. We may also share it in an emergency where it is in your vital interests for us to do so.
We undertake regular reviews of who has access to information we hold about you, and we ensure our staff and volunteers are appropriately trained in data protection.
Your information may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected.
Use of aggregated data:
Where Data can be aggregated (and anonymised), we may use this without restriction for research purposes (not limited). We are entitled to do this because use of your information for these purposes is for one of the Lawful Uses.
We may also use the Information we gather to notify you about important functionality changes and alterations to the Site. We ensure that any third parties processing your Data on our behalf protect it as carefully as we do and that they provide an adequate level of protection for your rights as a data subject. This may involve transferring your Data to other companies, inside or outside the UK.
Storage of Data
Your information will be stored only for so long as is reasonably necessary in order to carry out the Purpose(s).
Your rights
You have the right to request details of the processing activities that we carry out with your personal information through making a subject access request. Such requests have to be made in writing. More detail about how to make a request and the procedure to be followed can be found on the ICO’s website.
You also have the following rights:
- The right to request rectification of information that is inaccurate or out of date;
- The right to erasure of your information (known as the “right to be forgotten”);
- The right to object to the way in which we are dealing and using your Data;
- The right to restrict the processing of your Data
- The right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the right to portability).
All of these rights are subject to certain safeguards and exemptions, more details of which can be found on the ICO’s webpage. To exercise any of these rights, you should contact the Chief Executive at the above address.
If you are not happy about the way in which we have processed or dealt with your information, you may wish to contact our Data Protection Officer whose contact details can be found here; or file a complaint with Information Commissioners’ Office.
More detail about how you may do so can be found here.
We have appointed DataRep as the Data Protection Representative to act as a direct contact for members residing in the EU in relation to compliance with the EU GDPR. They have locations in each of the 27 EU countries and Norway and Iceland in the European. Economic Area (EEA). Other countries are UK or EU adequate, Contact details and more information can be found here.
International Transfers of Data
We may send your information outside of the UK, the EU or other countries that the UK considers adequate for the purposes of data protection. We do this because your Data may be stored on servers based outside the UK. However, we meet our obligations under the relevant legislation by ensuring that the information has the same protection as if it were being held within the UK. We do this by ensuring that any third parties processing your Data outside the UK are compliant with our laws. We may undertake a Transfer Risk Assessment in order to establish this. Wherever it is required, we will ensure suitable safeguards are in place to protect your fundamental rights and freedoms. These may include but are not limited to the UK Addendum and the UK International data transfer agreement (IDTA). Aluminate Network Group Limited makes every effort to process personal data within the EEA countries. However, on some occasions data may be transferred outside of the EEA.
Security of Your Data
The Site is a UK-based and we take reasonable care to comply with the requirements of UK data protection law relating to the personal information you supply on the Site. The Site uses a security system that protects your information from unauthorised use.
Site Statistics
We may monitor your usage of the site in order to optimise access and safeguard individuals.
Amendments to this Privacy Policy
We may occasionally make modifications to this Privacy Policy (“Variations”) and, if the Variations are significant, will endeavour to give you prior notification (including, for certain services, email notification of Privacy Policy Variations). Variations become effective immediately upon posting to the Site and by continuing to use the Site, you will be deemed to accept any such Variations.
We also keep prior versions of the Privacy Policy in an archive, which are available for you to review upon email request to us at oustudents-data-protection@open.ac.uk.
Privacy Policy, version [1.0] (updated Jan 23)
