GDPR Policy

GKSU General Data Protection Regulation (GDPR) Policy Statement

An organisation that handles Personal Data and makes decisions about its use is known as a Data Controller. GKSU forms part of Kent Union who act as a Data Controller. Kent Union is responsible for ensuring compliance with the Data Protection requirements outlined in this policy and is committed to safeguarding the privacy of your information.

The purposes of processing your information

We process personal information to enable us to provide a voluntary service for the benefit of the public in a particular geographical area as specified in our constitution; administer membership records; to fundraise and promote the interests of the charity; manage our employees and volunteers; maintain our own accounts and records. Our entry in the Information Commissioner’s Office (ICO) Data Protection Register (Number ZA537740) contains more information about the type of information processed, who the information is about and who the information is shared with.

How we collect your information

If you are a member of GKSU, we primarily collect your details from the University of Kent and University of Greenwich. Our Data Sharing Agreements with University of Kent and University of Greenwich, apply to the provision and processing of students’ personal information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. It covers data provided by the Universities to Kent Union and sets out the purposes for which that Student Data may be used. It also covers the periodic sharing of data between the Universities and Kent Union, and vice versa, as required. Any data sharing between the parties is the responsibility of the University’s respective Student Administration Offices and Data Protection Officer (DPO).

In addition, we process personal information about people in order for us to operate, this includes information relating to Staff, Volunteers and Trustees.

Who your information may be shared with

We sometimes need to share the personal information we process with the individual and also with other organisations. Where this is necessary we will comply with all aspects of the General Data Protection Regulations (GDPR), including where appropriate obtaining consents, adhering to retention policies and obtaining assurances from third parties.

Your rights and our commitment to you

We will use your data in a concise manner in accordance with GDPR, ensuring that:

  1. We only collect and use your information where we have lawful grounds and legitimate business reasons to do so.
  2. We do not ask for more information than we need for the purposes for which we are collecting it and that your consent is freely given and recorded.
  3. We provide you with a copy of the data held about you on request in an appropriate form.
  4. We update our records when you inform us that your details have changed.
  5. We continue to review and assess the quality and accuracy of our information.
  6. We implement and adhere to information retention policies relating to your information, and securely dispose of your information at the end of the appropriate retention period.
  7. We observe the rights granted to you under applicable privacy and Data Protection laws, dealing with queries relating to privacy issues promptly and transparently. These rights include:
    • The right to be informed
    • The right of access to personal information
    • The right to request rectification
    • The right to request erasure
    • The right to restrict processing in certain circumstances
    • The right to data portability
    • The right to object to processing
    • The right to lodge a complaint with a supervisory authority
  8. For further guidance regarding your rights, please see the ICO website.
  9. We train our staff so that all those responsible for the processing of Personal Data are aware and comply with their privacy obligations.
  10. We have appropriate physical and technological security measures to protect your information regardless of where it's held and that when working with others they also have appropriate security measures in place that comply with Privacy Principles.

Membership Insight Package Privacy Notice

Read our Membership Insight Package Privacy Notice here

Further processing of your data

Where required, we will provide further privacy notices to you to ensure that we are transparent, accountable and you have control in how we use your personal information.

This policy will be reviewed on a regular basis. Any queries or concerns regarding this policy, should be sent to the Head of Governance Support, Veena King by email [email protected]

July 2020