Student Privacy Policy Agreement

Student Privacy Policy Agreement

    **IMPORTANT** PLEASE ENSURE THAT, WHEN COMPLETING THE EMERGENCY CONTACT DETAILS SECTION, YOU HAVE PERMISSION TO GIVE THE PERSON’S NAME AND NUMBER.

    When you register as a student with Athlone Institute of Technology you are agreeing to abide by the rules and regulations of the Institute as set out in the student handbook available at: https://www.ait.ie/student-supports/student-handbook. You are also agreeing that AIT may use the personal data you have supplied in line with the privacy policy set out below.

    1. Introduction

    1.1 Under General Data Protection Regulations (GDPR) privacy notices should be available on any collection point where personal data is being collected from a data subject, especially if being collected for a new purpose. GDPR expands on the requirements based on the widened first principle which now specifically requires controllers to be transparent with their data processing.

    1.2 This privacy notice explains how Athlone Institute of Technology collects, uses and shares your personal data and your rights in relation to the personal data that we
    hold on you. This privacy notice concerns our processing of personal data of past, current and prospective students of the Institute.

    1.3 The Institute is the data controller of all personal data it holds and must process it subject to the General Data Protection Regulation (GDPR) which came in to force on 25th May 2018, and with the Data Protection Act (Irl) 2018.

    1.4 We are committed to complying with our obligations under data protection laws. This is a short but detailed guide to inform you of how your data will be processed by AIT, and how we use and disclose student data in the course of performing Institute functions and services. This is also an introduction and outline to how we process data and is intended to be complementary to the Institute’s Data Protection Policy at https://www.ait.ie/about-ait/gdpr/data_protection_policies

    2. What personal data do we collect?

    2.1 Athlone Institute of Technology collects your personal data from a number of sources including:

    2.1.1 CAO – Full time programme applicants;

    2.1.2 SOLAS – Apprentice applicants;

    2.1.3 SPRINGBOARD

    2.1.4 DARE/HEAR

    2.1.5 Equal Ireland

    2.1.6 INIS – Immigration services

    2.1.7 You – direct applications, Lifelong Learning, General information

    2.2 In the course of carrying out essential Institute functions and associated student services the Institute requires certain personal data from you in order to fulfil its obligations. If we don’t collect this data it will mean that your registration will not be able to go ahead and you will not be a student of the Institute.

    2.2.1 Examples of this data include:

    Name, Contact information (address, email address, telephone numbers), Date of birth, PPS number*, Nationality and country of domicile, Next of kin, Photo, Eircode

    Information relating to your previous education, Qualifications and training records. Information relating to you current education, assessment, and examination records.

    Information relating to your family e.g. Emergency contact.

    2.2.2 *AIT are required to collect the PPS number of all students, where applicable.

    2.3 On occasion we have to collect sensitive personal data which is classed as special category data to include:

    2.3.1 Physical or mental health,

    2.3.2 Racial or ethnic origin,

    2.3.4 Financial, or other welfare data.

    2.4 Specifically, the Institute’s, Student Services, Health Centre, Counselling Service, Disability Service Departments, may receive health or conviction data necessary to the performing of their functions. For additional information on how the student resource centre collect and process data, please go to Student Resource Centre Privacy Notice.

    2.5 Garda Vetting: Students going on placement for courses, including but not limited to, Nursing, Pharmacy Technician, Social Studies Programmes, Sports Science Programmes, and Childcare programmes, will have to have Garda Vetting before commencing the placement.

    Garda Vetting is also carried out for students who are taking part in the PASS Leadership programme.

    Athlone I.T. carries out the Garda Vetting in order to meet our obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016.
    This means that our Placement office will receive any relevant information about you on file with the Gardai as part of this process. The information received by AIT from the Garda Vetting office will be shared with the placement provider. We have a data sharing agreement with our placement providers so that they are aware that they have to
    keep your personal data secure and private.

    2.5.1 We keep your Garda vetting information on file for the duration of your programme. You are requested to advise the placement
    office of any changes to this information.

    3 Who controls your data?

    3.1 The Institute is the data controller in relation to the student data you give us. Students may also provide data to student societies, the students’ union or other entities who act independently for the Institute, however the Institute has no responsibility for how those independent bodies use your personal data.

    3.2 Occasionally AIT is a data processor of your data for other organisations. In this instance the other organisations are the data controller and AIT processes your data as instructed.

    3.3 On other occasions AIT and another organisations both control different parts of your data.

    3.4 The personal data processing referred to in points 3.1 to 3.3 above will be carried out in line with data protection regulations. AIT has relevant agreements with all organisations.

    4. What do we do with your data?

    4.1 The Institute processes and discloses your data within various departments/units of the Institute for the purpose of performing Institute functions and providing associated facilities and services. For example, we compile and retain the student registration data you give us and we maintain an ongoing record of course selection data, examinations data, attendance data, awards and credits etc.

    4.2 We will not normally use your data for any unrelated purpose without your consent. However, in exceptional cases permitted by data protection laws, we may process and
    disclose data without consent or notice to you, for example if it is required to investigate offenses, to prevent injury or damage or to comply with a legal obligation.

    4.3 Students who register with AIT automatically become members of the Students Union within the Institute. The Institute shares the following data with the AITSU for the purpose of membership identification for events such as student elections.

    4.3.1 Student I.D. Number

    4.3.2 Student email address

    4.3.3 Programme and year of Study

    4.4 A student email address is provided to each student upon registering with AIT and this will be used to provide you with specific and general information during the
    course of your studies.

    4.5 A student I.D card, which contains your photograph, is provided by the Institute for the purposes of identification, security, and for accessing certain services including the library services.

    4.6 AIT uses the personal phone number you have provided in order to contact you with information relating to your Programme, Registration status, Examinations, and
    timetable.

    4.7 AIT uses virtual learning platform called Moodle, for the purpose of providing you with teaching and learning resources to help you succeed within your programme of study.

    The personal information collected by this platform includes your name, student I.D., activity logs, including dates and times, and your assessment submission details. Your lecturer will have visibility of these details. AIT will not use this information for any other purpose without your consent.

    4.8 Your attendance may be recorded in electronic or hard copy format by your lecturers. Where appropriate this is remitted to the Faculty administration and retained in line with our retention schedule.

    4.9 In the event where there has been a breach of your personal data, AIT will contact you to let you know what happened and what actions we have taken to protect your data.

    4.10 Occasionally AIT may have events, or information, which we believe may be of interest or benefit to you. These may fall outside the original purpose of the collection of your data. In order to let you know about these we may send you an email, text message, or contact you using the phone number you provided, to request your consent. If you are not interested in what we have sent – we will not contact you any further on that matter.

    4.11 AIT anonymise student data in order to create statistics. These statistics are shared with other educational bodies.

    4.12 AIT will give you the choice to opt in to our Alumni Association when you graduate from the Institute. Please see section 9.2.3 for more information on this.

    4.13 Your name will be included on our Graduation Booklet when you graduate from an AIT programme.

    4.14 If something you have lost is found and handed in to the reception area then the receptionist will be given your mobile number in order to contact you. We consider this to be in your best interests and a fair and reasonable way to process your data.

    5. We need to keep your data accurate and you can help us

    5.1 The Institute is committed to ensuring that the data we process is accurate and up to date. We may, on occasion request clarification on the accuracy of your data.

    5.2 We would also request that you let us know about any relevant changes to your personal data.

    5.3 We need this to ensure that all documentation regarding your course and attendance is up to date.

    6. Do we share your data outside of AIT?

    6.1 Student data is normally retained by the Institute but in some cases we may appoint third parties to process data on our behalf. Some examples of this are:

    6.1.1 Student Record System providers;

    6.1.2 Library Management system;

    6.1.3 and Secure online payment and verification system).

    In each case the Institute will comply with our legal obligations to contractually protect the data.

    6.2 We may also disclose student data where it is required in the normal course of performing the Institute’s functions and services. For example, we may be required to provide student data to grant bodies or government departments in connection with funding decisions. These include:

    6.2.1 QQI (Quality and Qualifications Ireland),

    6.2.2 FETAC (Further Education & Training Awards Council),

    6.2.3 CAO (Central Applications Office),

    6.2.4 Grant Awarding Bodies,

    6.2.5 other Colleges and Research Institutes and Research Collaborators,

    6.2.6 the Department of Education & Science,

    And other relevant authorities such as:

    6.2.7 the Department of Social Welfare,

    6.2.8 the Department of Justice,

    6.2.9 the Department of Health and Children,

    6.2.10 the Nursing and Midwifery board of Ireland,

    6.2.11 the Veterinary Council of Ireland.

    6.2.12 the HSE (Health and Safety Authority) bodies for Nursing programmes

    6.2.13 Work Placement Providers

    6.3 AIT also shares data with the HEA (Higher Education Authority). Please click here to access their Privacy Statement.

    6.4 AIT is subject to audit by the Comptroller and Auditor General on an annual basis. Personal data in relation to financial transactions may form part of the audit process. The legal basis for this is the Comptroller and Auditor General (Amendment) Act 1993 and Chapter 3 (60)(3)(c(iii)) of the Data Protection Act 2018 (Irl).

    6.5 Parents/Guardians

    As the Institute considers students, even if they are not yet 18, to have the maturity to give consent for the use of their data, in normal circumstances, the Institute will not disclose personal data to the parents, guardians or other representatives of a student without the student’s consent.

    6.5.1 The Institute’s preference is to receive written consent by way of email from the student where possible.

    6.5.2 Without such consent the Institute will not release any details regarding students including details of their registration, attendance, fee payments etc.

    6.5.3 However, there may be exceptional circumstances, for example, in the case of potential danger to the health or well-being of a student or if a representative such as a solicitor has written to the Institute making it clear that they are acting on behalf of the student.

    6.6 AIT share pseudonymised (you can’t be identified without additional information) student data with the Technological Higher Education Association (THEA). THEA is the representative body for the Institutes of Technology and Technological Universities and supports our aims and objectives in numerous ways including collating student data for statistical analysis. We have a relevant data protection agreement in place with THEA.

    7. Consent

    7.1 Some of the functions within the Institute have processes, events, or run surveys, which do not form part of the student/Institute contractual core business, but which do
    help to improve the overall student experience. These include AIT Career Fair, Graduate Survey, Alumni events, Sports events, etc. During your time in the Institute you may be requested to give consent for AIT to contact you with regard to some or all of these purposes. See section 8 for more details on Surveys.

    7.2 Should you agree your data will be processed in line with the GDPR. You will have the right to withdraw this consent at any time by using the unsubscribe facility provided by the particular function. This withdrawal will not affect the data processed under this consent. The Institute will not continue to use this data once consent has been withdrawn.

    8. Surveys

    8.1 Student Led Surveys. The Institute receives a number of requests each year from students and staff who wish to circulate surveys, relating to their studies, using the Institute email system. Where appropriate the Institute will try to accommodate these requests.

    8.2 We follow the following protocols in relation to the circulation of surveys:

    8.2.1 Individuals who are carrying out academic research surveys which relate to specific individuals or groups of individuals must submit the request to the Institute’s Ethics committee for review, comment, and approval.

    8.2.2 All other survey requests must be submitted to the Registrar’s office for approval to circulate.

    8.2.3 All survey requests are assessed by the Information and Compliance office to ensure that they are compliant with data protection laws.

    8.2.4 Emails advising students of a survey are circulated by designated Institute offices or from the Student’s Union, no email addresses or contact details are shared with the person carrying out the survey.

    8.3 Disclaimer: The Institute accommodates, where appropriate, the circulation of surveys in order to ensure that the process is compliant with data protection. The Institute cannot guarantee the process once the data has been collected. It is up to each individual to satisfy themselves with regard to the safety of their personal data before completing
    any surveys or taking part in interviews.

    8.4
    Official Surveys. The Institute has an obligation to the HEA and other official bodies to carry out a number of official surveys.

    The official surveys include:

    8.4.1 Equal Access Survey – a consent based survey completed by first year students – This data is collected pseudonymously using Student ID number only.

    8.4.2 Graduate Survey – completed by graduates – Personal data is collected by AIT and sent to the HEA using a reference number instead of your name. Only AIT can link the information back to you.

    8.4.3 ISSE – Irish Survey of Student Engagement – this is a voluntary survey. The company who collect the data are given the student number while the information is being collected. This is then removed so that the final data set are anonymous. AIT is only given the anonymous information and therefore it is not possible for you to be identified.

    Where AIT use an external company to assist with these surveys, we make sure that there are adequate data protection agreements in place. In this way your personal data is kept safe.

    8.5 Feedback and Service Provision Surveys. The Institute is committed to providing a student focused service. In order to check how we are doing we may circulate short surveys from time to time requesting your feedback.

    8.6 The Surveys referred to in this section are, by their nature, consent based and so you are not obliged to take part in any of the surveys circulated.

    9. Marketing Communications

    9.1 The Institute will not engage in direct marketing activities without the appropriate level of consent required by law.

    9.2 AIT processes data for potential and current students in a number of ways.

    9.2.1 Alumni: All graduates of AIT are Alumni of the Institute. The AIT Student Resource Centre is responsible for the administration of the AIT Alumni Association. As membership of the Association is not automatic you will be invited to join after you graduate.

    As a member you will be contacted for the following reasons:

    Keeping you up to date with news and progress regarding AIT and its community by sending you publications, such as alumni magazines and ezines along with marketing and promotional materials including emails etc.

    • Conducting surveys including research on when and whether donations or funding appeals may be of interest to you.
    • Contact you about promotional offers, marketing programs, or communications from AIT programs and services.
    • Providing services and benefits of being an alumni member of AIT, such as access to the library and other related facilities.
    • Sending you details of volunteering opportunities.
    • Inviting you to Alumni and other institution wide events.
    • The promotion of part time, PG and research programmes available to you as part of the alumni network.
    • Internal record keeping including feedback and complaints.
    • Communication to be sent to you by post, telephone, SMS or electronic email, based on the preferences expressed by you about the types of communication you wish to receive.
    • Administrative purposes (to process a donation you have made or administer an event you have registered for / attended).
    • Respond to your comments or requests for information.
    • Track, measure and analyse your use of and activity relating to the site, and your engagement with AIT and their programs, services and activities, in order to enhance AIT’s relationships with you.
    • Generate analytics that improve the Site layout, content, product offerings and services.
    • Comply with legal requirements.
    • Compile aggregate and statistical data to help in website design and to identify popular features.
    • Measure site activity to allow us to update the Site to better meet user wants and needs.

    9.2.2 Publications and Website: The Institute has a number of publications including our Student Prospectus, and Student Handbook. These publications are in hard copy and are also available on the Institute website.


    They will include the following personal data:

    9.2.4.1 Student Name (Profiles)

    9.2.4.2 Student Images

    The students included in the publications are aware of and have agreed to their data being used for this purpose.

    10. Your Rights

    10.1 The right to be informed

    You have the legal right to be informed about the processing of your personal data. This document gives an overview of that processing.

    10.2 Accessing your Data

    You have a legal right to access your personal data subject to certain exceptions which are set out at law. To ensure a coordinated and appropriate response to data access requests, all such requests should be submitted in writing and directed to the Institute’s Information Compliance Officer, they should clearly and distinctly identify the specific personal data being requested.

    10.2.1 The Institute reserves the right to verify the identity of any person making an application for personal data under the Data Protection Act.

    10.3 Amending Your Data

    You have the legal right to amend your personal data in order to keep it accurate and up to date. Some amendments may require documentation, e.g: Marriage Certificate.

    10.4 Right to be forgotten

    You have the legal right to have your personal data deleted subject to certain exceptions which form the basis for the contract between the Institute and the student.

    10.4.1 Data which cannot be deleted include, Name, Student ID, Date of Birth, certain financial, medical, and legal information (subject to a legal retention period), and Examination results.

    10.5 The right to object.

    You have the legal right to object to the processing of your personal data by AIT in certain circumstances including the sending and receipt of direct marketing material.

    The right to object to automated decision making and profiling. You have the right to objectto decision taken by automatic methods without a human intervention in some
    circumstances.

    10.6 The right to data portability.

    Where personal data you have submitted to us is processed by automated means (e.g. online registration) you have the legal right to have that personal data transferred, in electronic format, to another provider. This requires a written request with proof of identification. Your application should be submitted to dp@ait.ie.

    10.6.1 Please note that additional safeguards may be required for the transfer of sensitive personal data. A request for data portability in this instance should be made to the DPO at dp@ait.ie, however the data will be transferred directly from the relevant department: e.g: AIT Health Centre or Disability Office and will not be processed viewed by the DPO.
    A log of all file names, with no content, will be retained by the DPO.

    10.6.2 Medical records: If you transfer to another practice we will facilitate that decision by making available to your new doctor a copy of your electronic records on receipt of your signed consent from your new doctor. For medico-legal reasons we will also retain a copy of your records in this practice for seven years following the date of your most recent consultation.

    11. Applicable Law

    11.1 The Institute will comply with Irish data protection laws as they may be amended from time to time. This is the case regardless of the nationality of the students concerned.

    12. Further Information

    12.1 The Institute has an Information and Compliance Officer who will assist the Institute and its staff in complying with the data protection legislation. Specific queries or concerns should be addressed to:

    Betty Brennan

    Information and Compliance Office

    Athlone Institute of Technology

    Dublin Road

    Athlone

    Co Westmeath

    Email
    address: dp@ait.ie Telephone: 00353 (0)90 6468009

    Website: www.ait.ie/gdpr

    DATA COMMISSIONER

    You have the right to raise a complaint with the Data Commissioner’s Office regarding your rights under by the data protection legislation by contacting:

    Telephone

    +353 57 8684800 +353 (0)761 104 800

    Lo Call Number

    1890 252 231

    Fax

    +353 57 868 4757

    E-mail

    info@dataprotection.ie


    +353 57 8684800
    +353 (0)761 104 800

    Lo Call Number

    1890 252 231

    Fax

    +353 57 868 4757

    E-mail

    info@dataprotection.ie