Data protection

The University takes the security and integrity of all the personal data it holds very seriously. We have an Information Security Policy and all staff are trained in Data Protection

Off

Access Service privacy notice 

The University takes the security and integrity of all the personal data it holds very seriously. We have an Information Security Policy and a Data Protection Policy and all staff are trained in Data Protection to ensure good practice. The University works with its collaborative partners (Sheffield Hallam University and the Higher Education Progression Partnership South Yorkshire (HeppSY)) to ensure our approach to data protection is clearly communicated to the parents, children and young people who work with all partners.


Why are we collecting your data?

The University of Sheffield undertakes widening access activities with schools, colleges and communities across the UK, to support progression and widen access into higher education. This is part of our commitment as a university to open opportunities and transform lives, as well as part of government policy to widen participation in higher education, as overseen by the Office for Students.

We collect details of individuals taking part in our activities for the following reasons:

  • To plan activities
  • To assess eligibility of students for participation in our sustained access programmes
  • To monitor participation in activities
  • To evaluate and report on the effectiveness and impact of our widening access activities
  • To understand the student journey through education and progression to higher education/future careers

Why are we able to process data?

  • Under data protection law we are able to process this data because it is necessary for a task carried out in the public interest (Article 6(1)(e) GDPR: "processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller").
  • In some circumstances, for example if you participate in certain activities as part of our access programmes, we may process your data because you have given your consent for us to do this (Article 6(1)(a) GDPR: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”). 
  • We are able to process special category data as it is justified under Article 9(2)(g) UK GDPR - "processing is necessary for reasons of substantial public interest, on the basis of domestic law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject". Our substantial public interest conditions (which will vary depending on the nature of the processing) are Schedule 1, Part 2, Paragraph 6 of the Data Protection Act 2018 (Statutory purposes) or Schedule 1, Part 2, Paragraph 8 of the Data Protection Act 2018 (Equality of opportunity or treatment).
  • We are also able to process special category data for statistical purposes, as this is justified under Article 9(2)(j) GDPR - "processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes". We are relying on Schedule 1, Part 1, Paragraph 4 of the Data Protection Act 2018 (Research) as our condition for processing.

The data we collect

We collect the following data from individuals either directly, or via schools and colleges, for evaluation and monitoring purposes. The amount of data we collect is dependent on the type of activity the individual engages with, but as a minimum we would ask for: full name, DOB, postcode, school college they attend and gender:

Full name

DOB

School/College Name

Gender*

Postcode

Unique Learner ID

Ethnicity

Disability

Looked After Child / Care Leaver status

Young Carer status

Estranged status

First generation into Higher Education

Pupil Premium / Free School Meals

Other equal opportunity monitoring information where appropriate

*Due to changes on the HEAT database, this information as collected by schools and colleges and shared with the HeppSY partnership will be recorded on HEAT under the label ‘Sex’. Data collected directly from participants as gender will be recorded in the same way.


How we store your data and keep it safe

The privacy of students is important to us and the University takes care to safeguard it. Information will be used and stored in accordance with the General Data Protection Regulation and Data Protection Act 2018, as well as all legislation enacted in the UK in respect of the protection of personal data ("Data Protection Legislation").

Student data will be stored on a secure database (the Higher Education Access Tracker - HEAT) and used to administer participation in widening access activities and projects. For evaluation and monitoring purposes only, this data may also be shared back with your school or college, with the University of Sheffield’s Impact and Evaluation team, with government and funding bodies* and our collaborative partners** to help run and evaluate the effectiveness of this activity. The project and its partners will not use your record in a way that would affect you individually and we will not release data to anyone who is unauthorised. The University does not, and will not, sell personal data to third party organisations.

*Government and funding bodies include: Office for Students, Higher Education Statistics Agency (HESA), Department for Education, Local Authorities, UCAS, CFE Research

HESA and HEAT may share your data as detailed in their own privacy notices, which are accessible at the links provided:

**Our collaborative partners include: Universities, Schools and Colleges, Higher Education Progression Partnership, HeppSY, Higher Education Access Tracker (HEAT) service subscribers, The Brilliant Club, Realising Opportunities.


Data retention - how long we will keep your data

We keep student data for extended periods of time to enable us to determine whether our activities have been successful in widening access to Higher Education. We will retain records securely for the durations detailed below, and will review our retention periods annually in line with Information Commissioner’s Office guidance and other best practice in the sector. All the data we collect is stored in the HEAT database, and the HEAT data retention policy is outlined below:

Under the terms of this Schedule the following is applied to personal data:

1. Where a participant has supplied a first name, last name, date of birth, and postcode and has not withdrawn or denied permission for their data to be included in research, their record is considered expired and should not be retained for longer than 15 years from:

a) the year in which they might be expected to enter HE, or

b) the date their record was created, or 

c) when they last engaged in activity, whichever of these conditions is most recent. 

Once expired, according to the criteria above, the record will appear in the Retention Filter to be reviewed by the collecting member organisation.

2. Where personal data is considered incomplete, i.e., the following has not been captured:

a) any or all of first name, last name, date of birth, postcode 

b) and/or the data subject’s permission for inclusion in tracking research,

it will be considered expired after 7 years from the date the record was created. It will appear in the Retention Filter, except where a data subject has taken part in an activity within the last 7 academic years. 

Sustained Access Programme data retention

All of this data is held on HEAT and the above HEAT data retention policy applies. The data is also held on our Access Service application and events system - Access to Sheffield - and this will be anonymised two academic years after a student has finished participating in a programme.

Any personal data gathered through activities or approved platforms is reviewed regularly, and data is deleted when no longer required for monitoring, research, and evaluation purposes.


Your rights

You have a number of rights under data protection law:

  • The 'right to object' to your data being processed
  • The right to request for your data to be removed from our system
  • The right to request a copy of the data we hold about you

If you have a query, complaint or would like a copy of the data you have supplied to us, please contact the Access Service by email at accesstosheffield@sheffield.ac.uk or telephone 0114 2221027.

If you would like more information about Subject Access Requests or to speak with our Data Protection Officer, please visit our data protection webpages.

Connect with us

Be the first to know about activities at the university as well as support that we can provide to you and your students.