This Notice sets out the basis on which any personal data we at UCC Students Union (UCC SU) collect from you, or from others, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Who are we? How can you contact us?
“We” are UCC Students Union,(“UCC SU”).
This Notice applies to UCC SU as the DATA CONTROLLER for the purposes of the General Data Protection Regulation EU2016/679, and the Data Protection Acts 1988 – 2018 .
For data protection issues, please email our Data Protection Officer at email@example.com
What information about me do you collect & use? Where do we get your personal data from?
“Personal Data” is data that can identify you, either directly or indirectly, as an identified or identifiable individual.”
There are many elements of Personal data which may be sought and recorded at enrolment and may be collated and compiled during the course of participation with us.
At all times we are conscious that our processing of personal data, including sensitive personal data will be limited to only what is necessary and proportionate for the purposes for which it is collected.
We receive the following data directly from University College Cork following your enrollment as a Student:
- Student ID Number;
- Date of Birth;
- University email address;
- Fee Status;
- Year of Study;
- Course Start Date;
- Course End Date;
- Department of Study;
When you use our services, we may obtain personal data from others to include: University College Cork, Government Agencies and Community Services, or your authorised Representatives or involved agencies and statutory bodies.
Also, the UCC SU collects, and processes additional data based upon:
- Participation in Union activities and services;
- Participation in market research and student voice survey initiatives;
- Bank details for the processing of expense claims should this be required;
- Election to a representative post or function and election form details;
- Use of the student advice service;
- The joining of sports clubs and societies;
- Photos and film footage from Union events and CCTV images from the student common room (as CCTV is used in the common room to monitor health and safety standards and for security);
- Applying for employment opportunities within the organisation;
You may also give us personal data by:
- Corresponding with us by phone, e-mail or otherwise. We ask you to disclose only as much information as is necessary to provide you with our services or to submit a question/suggestion/comment in relation to our services.
- Filling in forms on the website, via download or in person UCC SU will use the personal information you provide in connection with our projects and services.
- your Personal Data that will be collected and processed for the purposes of the various programs including to facilitate the operation, management and coordination of these services including the Leap card. Personal Data relating to your emergency contacts and parents or guardian details for under 18s may be processed by us.
- Taking part in events. Photographs and recorded images of attendees are taken to celebrate students’ achievements.
- Applying to work with us. The type of information you may provide in your CV, a cover letter, your name, address, e-mail address and phone number. CVs should include information relevant to your employment history and education (degrees obtained, places worked, positions held, relevant awards, and so forth). When you apply to work with us we may share your Personal Data with our various Funders and or Auditors.
- The processing of your Personal Data may include personal data relating to your socio-economic background such as your ethnic or cultural background and/or living circumstances) or otherwise which is regarded as Special category data.
- Garda Vetting
- Where required, as stipulated in The National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016 all staff, volunteers, voluntary officers and other individuals who provide services to us and who interact with children or vulnerable persons must be vetted by An Gardaí Síochána.
- Garda Vetting is a procedure through which An Garda Síochána is asked, with a person’s permission, to disclose any information held on Garda file. The vetting process requires the provision of verified proof of identify and proof of address by all vetting candidates and, subsequently, checks by An Gardaí Síochána of their records The purpose for processing your Personal Data in this context is that it is necessary to comply with our legal obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016.
We may also process other data, which is not personal data.
When you access our website your device’s browser provides us with information such as your IP address, browser type, access time and referring URL which is collected and used to compile statistical data. This information may be used to help us to improve our website and the services we offer, and to offer services to you.
Do you collect information from children (under 16yr olds)?
Children’s Personal Data: We do collect and manage information about children. Where possible and appropriate we will seek consent from a parent or guardian before collecting information about children.
How and why do we use your personal information?
UCC SU collects a variety of different personal data to ensure we fulfil our obligations to represent students and conduct fair and democratic elections and to ensure we meet our objectives.
In summary, we use the personal data we hold:
- To provide an interactive website that provides information that you’re most interested in.
- To facilitate student activities and groups that you express interest in or join such as sports, societies and volunteering.
- To communicate membership services and opportunities that aid your student experience.
- To undertake diversity monitoring and engagement to ensure we can engage and fully represent you.
- To gain representational insight to allow elected representatives to fully represent your views at University committees and meetings.
- To support students to resolve issues, complaints and disputes with the University or external organisations and bodies.
- To communicate social and cultural activities run by the UCC SU or closely chosen partner providers.
- To promote the events and services of the UCC SU through social media, publications, online content and other relevant digital media mediums.
- To facilitate democratic processes
- To provide welfare support to the student community.
- To provide event ticketing for UCC SU events/activities and sports and societies events/activities to ensure smooth and effective administration.
- To otherwise deliver services to students or to meet our statutory, regulatory or commercial obligations.
- To administer and improve our website and for internal operations, including troubleshooting, and statistical and survey purposes where consent is given; as part of our efforts to keep our website safe and secure;
Special Category Data and the lawful basis for that processing activity.
The processing of your Personal Data may include personal data relating to your socio economic background such as your ethnic or cultural background and/or living circumstances, your health and wellbeing or otherwise which is regarded as Special category of Personal data under the GDPR.
The legal bases for the processing of your special category data or sensitive data are:
- That you have explicitly provided consent.
- Processing necessary for compliance with a legal obligation to which we are subject.
Where data is collected and processed, explicit and informed consent is gained at the point of the collection which can be withdrawn at any point by contacting firstname.lastname@example.org
Do you share my information?
We may share your personal data with our selected suppliers and contractors to provide you with our services. The Personal Data held on your record will be disclosed to relevant staff/volunteers of UCC SU and other parties on a need-to know basis. All staff/volunteers are made aware of the procedures they must follow to ensure your Personal Data is appropriately protected.
The Personal Data you provide may be disclosed to third parties if we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation or request or to perform a public function. It may also be necessary to disclose your Personal Data to comply with reporting obligations where you are a participant of a European Union co-funded programme and the transfer of your personal data is required by that programme. Some of your Personal Data will be disclosed to allow monitoring, reporting and evaluating of programmes where the programme is co-funded by the European Union.
We may also disclose your Personal Data to governmental, regulatory and/or public bodies.
In addition, we may disclose your personal information to third parties:
- Statutory and regulatory bodies (including central and local government) and law enforcement authorities in order to comply with any applicable laws, grant applications and /or court orders.
- Your Authorised representatives.
- Third parties with whom: (i) we need to share your information to facilitate transactions you have requested, and/or (ii) you ask us to share your information.
Is my information sent outside the European Union?
We will, from time to time, make use of services provided by 3rd parties for the delivery of our services which may necessitate the transfer of personal data outside the EU/EEA. For example, we use a variety of cloud-based tools such as Office 365/Microsoft. Where Personal Data needs to be transferred or processed outside the EU/EEA, we chose providers who process Personal Data on the basis of
- Standard Contractual Clause (s)(SCC’s)
- An Adequacy Decision from the European Commission.
- Technical and Organisational measures where SCCs alone are not sufficient.
What is the legal basis for you collecting and processing my information?
Irish and EU law sets out the grounds upon which data controllers such as UCC SU can rely on to lawfully process personal data.
We rely on the following grounds:
- Student data collection and processing is undertaken on the legal basis of the UCC SU being required to do so to fulfil a legal contract which is signed by students upon joining University College Cork or on the basis of legitimate interest, depending on the nature of the data collected and its purposes.
- You become a member of UCC SU from the enrolment process and you can withdraw from UCC SU at anytime by emailing us directly at email@example.com
- Additionally, UCC SU data collection and processing concerning student representation and elections is conducted in order to allow for the UCC SU to fulfil its duties as the representative voice of the students and conducting fair and democratic elections.
- Where you have given us consent to the processing of your personal data for a specific purpose, for example for marketing purposes
- Where processing is necessary for the purposes of the legitimate interests pursued by UCC SU or by a third party such interests may be overridden by the interests or fundamental rights and freedoms of the data subject. Some marketing might take place under this heading, but never to children.
The legal bases for the processing of your special category data or sensitive data (for example health and well being data) are:
- That you have explicitly provided consent.
- Processing necessary for compliance with a legal obligation to which we are subject
Where our processing of your personal data is based on your consent to that processing, you have the right to withdraw that consent at any time but any processing that we have carried out before you withdrew your consent remains lawful.
If you are receiving marketing from us, you may opt out. If you no longer wish to be contacted for marketing purposes, please contact us as set out in this Notice to request to “opt out” of marketing.
What are my rights, and how do I exercise them?
As an individual, under EU law you have certain rights to apply to us to provide information or make amendments to how we process your Personal Data. These rights apply in certain circumstances and are set out below: –
- The right to access Personal Data relating to you (‘access right’).
- The right to rectify/correct Personal Data relating to you (‘right to rectification’).
- The right to object to processing of Personal Data relating to you (‘right to object’).
- The right to restrict the processing of Personal Data relating to you (‘right to restriction’).
- The right to erase/delete Personal Data relating to you (i.e., the ‘right to erasure’).
- The right to ‘port’ certain Personal Data relating to you from one organisation to another (‘right to Personal Data portability’).
These rights are not absolute and only apply in certain circumstances. You may exercise any of the above rights by contacting us accompanied by all necessary information via: an e-mail to firstname.lastname@example.org
You may lodge a complaint with your local supervisory authority with respect to our processing of your personal data. The local Supervisory Authority in Ireland is the Data Protection Commission. The website is www.dataprotection.ie
DATA PROTECTION COMMISSION contact details are:
Dublin Office: 21 Fitzwilliam Square, Dublin 2, D02 RD28
Portarlington Office: Canal House, Station Road, Portarlington, R32 AP23
Phone +353 57 868 4800 or +353 761 104 800
LoCall 1 890 25 22 31
Fax +353 57 868 4757
We would ask that you contact us first at email@example.com to enable us to try to deal with the matter to your satisfaction.
The exercise of Data Subjects’ rights as some other “interactions” requires the univocal identification of the person submitting such request as being, in fact, the Data Subject to whom such Personal Data pertains to, hence we may have to set in place a process or mechanism that allows it to document having undergone such assertive identification.
Can I stop getting emails, text messages and other communications from you?
If you no longer wish us to contact you in a particular way, for example, to no longer send you text messages, just advise us of that and we will respect your wishes.
It may be necessary for us to contact you from time to time in connection with services, for example to ensure your Personal Data is correct.
If you no longer wish to receive marketing communications by electronic means, just use the opt-out facility in any of our communications, OR advise us at firstname.lastname@example.org
Is my information secure?
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our databases, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We will continue to revise policies and implement additional security features as new technologies become available.
The transmission of information via the internet is not completely secure and may involve the transfer of Personal Data to countries outside of the European Economic Area (EEA). This occurs typically through use of cloud solutions for web hosting, email hosting or proprietary software solutions delivered to us through the Cloud. We do not however authorise any third party to use your Personal Data for their own purposes. Non-EEA countries may not provide an adequate level of protection in relation to processing your personal data. By submitting your Personal Data, you agree to this transfer, storing and processing. The sharing, storage and processing of your personal data/ information will predominantly take place within the EEA.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to us. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access.
How long do you keep my information?
The time periods for which we retain your information depends on the type of information and the purposes for which we use it. We will keep your information for no longer than is required or permitted.
We keep your Personal Data for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. If you no longer want us to use your Personal Data to provide this service to you, you can request that we erase your Personal Data. Please note that if you request the erasure of your Personal Data:
- We may retain some of your Personal Data as necessary for our legitimate interests, such as fraud detection and prevention and enhancing safety
- We may retain and use your Personal Data to the extent necessary to comply with our legal obligations.
• Because we maintain our records to protect from accidental or malicious loss and destruction, residual copies of your Personal Data may not be removed from our backup systems for a limited period of time.
How do you contact us?
If you wish to exercise any of the rights you have in respect of your data, please contact us email@example.com
Where we process your Personal Data based only on your consent, you may withdraw your consent.
You have the right to bring a complaint to a supervisory authority if you have any complaints about the processing of your Personal Data. In Ireland the Personal Data Protection Commission is the supervisory authority.
In circumstances where the provision of your Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, we will advise you at the point of collecting your Personal Data whether the Personal Data is a required field, and the consequences of not providing the Personal Data.
Videography and Photography: Some of our programmes will involve photographic or videos records to be made for informational and promotional purposes due to your presence at the event hosted by us or by any third party authorised by us. The images resulting from the photography, videography or recordings, and any reproductions or adaptations of same, may be used for promotion, publicity and/or other purposes.
By attending at such events, you acknowledge that event run by us is in a public place and that you may have a reduced expectation of privacy. While you have a right to object to your inclusion in any photographs or video footage, any such objection must be balanced against the legitimate interests pursued by us and/or third-party media outlets and broadcasters
Links to other sites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies/notices and that we do not accept any responsibility or liability for those policies/notices. Please check those policies/notices before you submit any Personal Data to those websites,
We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will involve cookies being set by these networks while using our site. You may choose to refuse these cookies. Your use of these social media platforms remains subject to your own user agreements with the platform providers.
Changes to this Notice
This notice may change from time to time, and any changes will be posted on our website and will be effective when posted. Please review this notice each time you use our website or our services. This notice was last updated on 13th Feb 2023