Student Privacy Policy Agreement

Student Privacy Policy Agreement

    **IMPORTANT** PLEASE ENSURE THAT, WHEN COMPLETING THE EMERGENCY CONTACT DETAILS SECTION, YOU HAVE PERMISSION TO GIVE THE PERSON’S NAME AND NUMBER.

    When you register as a student with Athlone Institute of Technology you are agreeing to abide by the rules and regulations of the

    Institute as set out in the student handbook available at: https://www.ait.ie/student-supports/student-handbook. You are also agreeing that AIT may use the personal data you have supplied in line with the privacy policy set out below.

    1. Introduction

    1.1 UnderGeneral Data Protection Regulations (GDPR) privacy notices should be available on any collection point where personal data
    is being collected from a data subject, especially if being collected for a new purpose. GDPR expands on the requirements based on the widened first principle which now specifically requires controllers to be transparent with their data processing.

    1.2 This privacy notice explains how Athlone Institute of Technology collects, uses and shares your personal data and your rights in relation to the personal data that we
    hold on you. This privacy notice concerns our processing of personal data of past, current and prospective students of the Institute.

    1.3 The Institute is the data controller of all personal data it holds and must process it subject to the General Data Protection Regulation (GDPR) which came in to force on 25th May 2018, and with the Data Protection Act (Irl) 2018.

    1.4 We are committed to complying with our obligations under data protection laws. This is a short but detailed guide to inform you of how your data will be processed by AIT, and how we use and disclose student data in the course of performing Institute functions and services. This is also an introduction and outline to how we process data and is intended to be complementary to the Institute’s Data Protection Policy at https://www.ait.ie/about-ait/gdpr/retention-schedule-and-policies

    2. What personal data do we collect?

    2.1 Athlone Institute of Technology collects your personal data from a number of sources including:

    2.1.1 CAO – Full time programme applicants;

    2.1.2 SOLAS – Apprentice applicants;

    2.1.3 SPRINGBOARD

    2.1.4 DARE/HEAR

    2.1.5 Equal Ireland

    2.1.6 INIS – Immigration services

    2.1.7 You – direct applications, Lifelong Learning, General information

    2.2 In the course of carrying out essential Institute functions and associated student services the Institute requires certain personal data from you in order to fulfil its obligations. If we don’t collect this data it will mean that your registration will not be able to go ahead and you will not be a student of the Institute.

    2.2.1 Examples of this data include:

    Name,

    Contact information (address, email address, telephone
    numbers)

    Date of
    birth,

    PPS number*

    Nationality and country of domicile,

    Next of kin,

    Photo,

    Eircode

    Information
    relating to your previous education,

    Qualifications
    and training records.

    Information
    relating to you current education, assessment, and examination records.

    Information
    relating to your family e.g. Emergency contact.

    2.2.2 *AIT are required to collect the PPS number of all students, where applicable.

    2.3 On occasion we have to collect sensitive personal data which is classed as special category data to include:

    2.3.1 Physical or mental health,

    2.3.2 Racial or ethnic origin,

    2.3.4 Financial, or other welfare data.

    2.4 Specifically, the Institute’s, Student Services, Health Centre, Counselling Service, Disability Service Departments, may receive health or conviction data necessary to the performing of their functions. For additional information on how the student resource centre collect and process data, please go to Student Resource Centre Privacy Notice.

    2.5 Garda Vetting: Students going on placement for courses, including but not limited to, Nursing, Pharmacy Technician, Social Studies Programmes, Sports Science Programmes, and Childcare programmes, will have to have Garda Vetting before commencing the placement.

    Garda Vetting is also carried out for students who are taking part in the PASS Leadership programme.

    Athlone I.T. carries out the Garda Vetting in order to meet our obligations under the National Vetting Bureau (Children and Vulnerable Persons) Acts 2012 to 2016.
    This means that our Placement office will receive any relevant information about you on file with the Gardai as part of this process. The information received by AIT from the Garda Vetting office will be shared with the placement provider. We have a data sharing agreement with our placement providers so that they are aware that they have to
    keep your personal data secure and private.

    2.5.1 We keep your Garda vetting information on file for the duration of your programme. You are requested to advise the placement
    office of any changes to this information.

    3 Who controls your data?

    3.1 The Institute is the data controller in relation to the student data you give us. Students may also provide data to student societies, the students’ union or other entities who act independently for the Institute, however the Institute has no responsibility for how those independent bodies use your personal data.

    3.2 Occasionally AIT is a data processor of your data for other organisations. In this instance the other organisations are the data controller and AIT processes your data as instructed.

    3.3 On other occasions AIT and another organisations both control different parts of your data.

    3.4 The personal data processing referred to in points 3.1 to 3.3 above will be carried out in line with data protection regulations. AIT has relevant agreements with all organisations.

    4. What do we do with your data?

    4.1 The Institute processes and discloses your data within various departments/units of the Institute for the purpose of performing Institute functions and providing associated facilities and services. For example, we compile and retain the student registration data you give us and we maintain an ongoing record of course selection data, examinations data, attendance data, awards and credits etc.

    4.2 We will not normally use your data for any unrelated purpose without your consent. However, in exceptional cases permitted by data protection laws, we may process and
    disclose data without consent or notice to you, for example if it is required to investigate offenses, to prevent injury or damage or to comply with a legal obligation.

    4.3 Students who register with AIT automatically become members of the Students Union within the Institute. The Institute shares the following data with the AITSU for the purpose of membership identification for events such as student elections.

    4.3.1 Student I.D. Number

    4.3.2 Student email address

    4.3.3 Programme and year of Study

    4.4 A student email address is provided to each student upon registering with AIT and this will be used to provide you with specific and general information during the
    course of your studies.

    4.5 A student I.D card, which contains your photograph, is provided by the Institute for the purposes of identification, security, and for accessing certain services including the library services.

    4.6 AIT uses the personal phone number you have provided in order to contact you with information relating to your Programme, Registration status, Examinations, and
    timetable.

    4.7 AIT uses virtual learning platform called Moodle, for the purpose of providing you with teaching and learning resources to help you succeed within your programme of study.

    The personal information collected by this platform includes your name, student I.D., activity logs, including dates and times, and your assessment submission details. Your lecturer will have visibility of these details. AIT will not use this information for any other purpose without your consent.

    4.8 Your attendance may be recorded in electronic or hard copy format by your lecturers. Where appropriate this is remitted to the Faculty administration and retained in line with our retention schedule.

    4.9 In the event where there has been a breach of your personal data, AIT will contact you to let you know what happened and what actions we have taken to protect your data.

    4.10 Occasionally AIT may have events, or information, which we believe may be of interest or benefit to you. These may fall outside the original purpose of the collection of your data. In order to let you know about these we may send you an email, text message, or contact you using the phone number you provided, to request your consent. If you are not interested in what we have sent – we will not contact you any further on that matter.

    4.11 AIT anonymise student data in order to create statistics. These statistics are shared with other educational bodies.

    4.12 AIT will give you the choice to opt in to our Alumni Association when you graduate from the Institute. Please see section 9.2.3 for more information on this.

    4.13 Your name will be included on our Graduation Booklet when you graduate from an AIT programme.

    4.14 If something you have lost is found and handed in to the reception area then the receptionist will be given your mobile number in order to contact you. We consider this to be in your best interests and a fair and reasonable way to process your data.

    5. We need to keep your data accurate and you can help us

    5.1 The Institute is committed to ensuring that the data we process is accurate and up to date. We may, on occasion request clarification on the accuracy of your data.

    5.2 We would also request that you let us know about any relevant changes to your personal data.

    5.3 We need this to ensure that all documentation regarding your course and attendance is up to date.

    6. Do we share your data outside of AIT?

    6.1 Student data is normally retained by the Institute but in some cases we may appoint third parties to process data on our behalf. Some examples of this are:

    6.1.1 Student Record System providers;

    6.1.2 Library Management system;

    6.1.3 and Secure online payment and verification system).

    In each case the Institute will comply with our legal obligations to contractually protect the data.

    6.2 We may also disclose student data where it is required in the normal course of performing the Institute’s functions and services. For example, we may be required to provide student data to grant bodies or government departments in connection with funding decisions. These include:

    6.2.1 QQI
    (Quality and Qualifications Ireland),

    6.2.2 FETAC
    (Further Education & Training Awards Council),

    6.2.3 CAO
    (Central Applications Office),

    6.2.4 Grant
    Awarding Bodies,

    6.2.5 other
    Colleges and Research Institutes and Research Collaborators,

    6.2.6 the
    Department of Education & Science,

    And other relevant authorities such as:

    6.2.7 the
    Department of Social Welfare,

    6.2.8 the
    Department of Justice,

    6.2.9 the
    Department of Health and Children,

    6.2.10 the
    Nursing and Midwifery board of Ireland,

    6.2.11 the
    Veterinary Council of Ireland.

    6.2.12 the
    HSE (Health and Safety Authority) bodies for Nursing programmes

    6.2.13 Work
    Placement Providers

    6.3 AIT
    also shares data with the HEA (Higher Education Authority). Please click here to access their Privacy Statement.

    6.4 AIT
    is subject to audit by the Comptroller and Auditor General on an annual
    basis. Personal data in relation to
    financial transactions may form part of the audit process. The legal basis for this is the Comptroller
    and Auditor General (Amendment) Act 1993 and Chapter 3 (60)(3)(c(iii)) of the
    Data Protection Act 2018 (Irl).

    6.5 Parents/Guardians

    As the Institute considers students, even if they are not
    yet 18, to have the maturity to give consent for the use of their data, in
    normal circumstances, the Institute will not disclose personal data to the
    parents, guardians or other representatives of a student without the student’s
    consent.

    6.5.1 The
    Institute’s preference is to receive written consent by way of email from the
    student where possible.

    6.5.2 Without
    such consent the Institute will not release any details regarding students
    including details of their registration, attendance, fee payments etc.

    6.5.3 However,
    there may be exceptional circumstances, for example, in the case of potential
    danger to the health or well-being of a student or if a representative such as
    a solicitor has written to the Institute making it clear that they are acting
    on behalf of the student.

    6.6 AIT
    share pseudonymised (you can’t be identified without additional information)
    student data with the Technological Higher Education Association (THEA). THEA is the representative body for the
    Institutes of Technology and Technological Universities and supports our aims
    and objectives in numerous ways including collating student data for
    statistical analysis. We have a relevant
    data protection agreement in place with THEA.

    7. Consent

    7.1 Some of the
    functions within the Institute have processes, events, or run surveys, which do
    not form part of the student/Institute contractual core business, but which do
    help to improve the overall student experience. These include AIT Career
    Fair, Graduate Survey, Alumni events, Sports events, etc. During your
    time in the Institute you may be requested to give consent for AIT to contact
    you with regard to some or all of these purposes. See section 8 for more
    details on Surveys.

    7.2 Should you agree your data will be
    processed in line with the GDPR. You will have the right to withdraw this
    consent at any time by using the unsubscribe facility provided by the
    particular function. This withdrawal will not affect the data processed
    under this consent. The Institute will not continue to use this data once
    consent has been withdrawn.

    8. Surveys

    8.1 Student Led Surveys. The Institute receives a number of requests
    each year from students and staff who wish to circulate surveys, relating to
    their studies, using the Institute email system. Where appropriate the
    Institute will try to accommodate these requests.

    8.2 We
    follow the following protocols in relation to the circulation of surveys:

    8.2.1 Individuals
    who are carrying out academic research surveys which relate to specific
    individuals or groups of individuals must submit the request to the Institute’s
    Ethics committee for review, comment, and approval.

    8.2.2 All
    other survey requests must be submitted to the Registrar’s office for approval
    to circulate.

    8.2.3 All
    survey requests are assessed by the Information and Compliance office to ensure
    that they are compliant with data protection laws.

    8.2.4 Emails
    advising students of a survey are circulated by designated Institute offices or
    from the Student’s Union, no email addresses or contact details are shared with
    the person carrying out the survey.

    8.3 Disclaimer:
    The Institute accommodates, where appropriate, the circulation of
    surveys in order to ensure that the process is compliant with data
    protection. The Institute cannot
    guarantee the process once the data has been collected. It is up to each individual to satisfy
    themselves with regard to the safety of their personal data before completing
    any surveys or taking part in interviews.

    8.4
    Official Surveys. The Institute has an obligation to the HEA
    and other official bodies to carry out a number of official surveys.

    The official
    surveys include:

    8.4.1 Equal Access Survey – a consent based
    survey completed by first year students – This data is collected pseudonymously
    using Student ID number only.

    8.4.2 Graduate Survey – completed by graduates
    – Personal data is collected by AIT and sent to the HEA using a reference
    number instead of your name. Only AIT
    can link the information back to you.

    8.4.3 ISSE – Irish Survey of Student Engagement
    – this is a voluntary survey. The
    company who collect the data are given the student number while the information
    is being collected. This is then removed
    so that the final data set are anonymous.
    AIT is only given the anonymous information and therefore it is not
    possible for you to be identified.

    Where AIT use an external company to assist
    with these surveys, we make sure that there are adequate data protection
    agreements in place. In this way your
    personal data is kept safe.

    8.5 Feedback and Service Provision
    Surveys. The Institute is committed
    to providing a student focused service.
    In order to check how we are doing we may circulate short surveys from
    time to time requesting your feedback.

    8.6 The
    Surveys referred to in this section are, by their nature, consent based and so
    you are not obliged to take part in any of the surveys circulated.

    9. Marketing Communications

    9.1 The
    Institute will not engage in direct marketing activities without the
    appropriate level of consent required by law.

    9.2 AIT
    processes data for potential and current students in a number of ways.

    9.2.1 Alumni:
    All graduates of AIT are Alumni of the Institute. The AIT Student Resource Centre is
    responsible for the administration of the AIT Alumni Association. As membership of the Association is not
    automatic you will be invited to join after you graduate.

    As a member you will be contacted for
    the following reasons:

    ·
    Keeping
    you up to date with news and progress regarding AIT and its community by
    sending you publications, such as alumni magazines and ezines along with
    marketing and promotional materials including emails etc.

    ·
    Conducting
    surveys including research on when and whether donations or funding appeals may
    be of interest to you.

    ·
    Contact
    you about promotional offers, marketing programs, or communications from AIT
    programs and services.

    ·
    Providing
    services and benefits of being an alumni member of AIT, such as access to the
    library and other related facilities.

    ·
    Sending
    you details of volunteering opportunities.

    ·
    Inviting
    you to Alumni and other institution wide events.

    ·
    The
    promotion of part time, PG and research programmes available to you as part of
    the alumni network.

    ·
    Internal
    record keeping including feedback and complaints.

    ·
    Communication
    to be sent to you by post, telephone, SMS or electronic email, based on the
    preferences expressed by you about the types of communication you wish to
    receive.

    ·
    Administrative
    purposes (to process a donation you have made or administer an event you have
    registered for / attended).

    ·
    Respond to your comments or requests for
    information.

    ·
    Track, measure and analyse your use of and activity
    relating to the site, and your engagement with AIT and their programs, services
    and activities, in order to enhance AIT’s relationships with you.

    ·
    Generate analytics that improve the Site layout,
    content, product offerings and services.

    ·
    Comply with legal requirements.

    ·
    Compile aggregate and statistical data to help in
    website design and to identify popular features.

    ·
    Measure site activity to allow us to update the
    Site to better meet user wants and needs.

    9.2.2 Publications and Website: The Institute has a number of
    publications including our Student Prospectus, and Student Handbook. These publications are in hard copy and are
    also available on the Institute website.
    They will include the following personal data:

    9.2.4.1 Student Name (Profiles)

    9.2.4.2 Student Images

    The students included in the publications are aware of
    and have agreed to their data being used for this purpose.

    10. Your Rights

    10.1 The right

    to be informed

    You have the legal right to be informed about the
    processing of your personal data. This
    document gives an overview of that processing.

    10.2 Accessing your Data

    You have a legal right to access your personal data
    subject to certain exceptions which are set out at law. To ensure a coordinated
    and appropriate response to data access requests, all such requests should be submitted
    in writing and directed to the Institute’s Information Compliance Officer, they
    should clearly and distinctly identify the specific personal data being
    requested.

    10.2.1 The Institute reserves the
    right to verify the identity of any person making an application for personal
    data under the Data Protection Act.

    10.3 Amending Your Data

    You have the legal right to amend your personal data in
    order to keep it accurate and up to date. Some amendments may require
    documentation, e.g: Marriage
    Certificate.

    10.4 Right to be forgotten

    You have the legal right to have your personal data
    deleted subject to certain exceptions which form the basis for the contract
    between the Institute and the student.

    10.4.1 Data
    which cannot be deleted include, Name, Student ID, Date of Birth, certain
    financial, medical, and legal information (subject to a legal retention
    period), and Examination results.

    10.5 The right to object.

    You have the legal right to object to the processing of
    your personal data by AIT in certain circumstances including the sending and
    receipt of direct marketing material.

    The right to object to automated decision making and
    profiling. You have the right to object
    to decision taken by automatic methods without a human intervention in some
    circumstances.

    10.6 The

    right to data portability.

    Where personal data you have submitted to us is processed
    by automated means (e.g. online registration) you have the legal right to have that
    personal data transferred, in electronic format, to another provider. This requires a written request with proof of
    identification. Your application should
    be submitted to dp@ait.ie.

    10.6.1 Please
    note that additional safeguards may be required for the transfer of sensitive
    personal data. A request for data
    portability in this instance should be made to the DPO at dp@ait.ie, however the data will be transferred directly from the
    relevant department: e.g: AIT Health Centre or Disability Office and
    will not be processed viewed by the DPO.
    A log of all file names, with no content, will be retained by the DPO.

    10.6.2 Medical records: If you transfer to another practice we will
    facilitate that decision by making available to your new doctor a copy of your
    electronic records on receipt of your signed consent from your new doctor. For
    medico-legal reasons we will also retain a copy of your records in this
    practice for seven years following the date of your most recent consultation.

    11. Applicable Law

    11.1 The
    Institute will comply with Irish data protection laws as they may be amended
    from time to time. This is the case regardless of the nationality of the
    students concerned.

    12. Further Information

    12.1 The
    Institute has an Information and Compliance Officer who will assist the
    Institute and its staff in complying with the data protection legislation.
    Specific queries or concerns should be addressed to:

    Betty Brennan

    Information and Compliance Office

    Athlone Institute of Technology

    Dublin Road

    Athlone

    Co Westmeath

    Email
    address: dp@ait.ie Telephone: 00353 (0)90 6468009

    Website: www.ait.ie/gdpr

    DATA COMMISSIONER

    You have the right
    to raise a complaint with the Data Commissioner’s Office regarding your rights
    under by the data protection legislation by contacting:

    Telephone

    +353 57 8684800 +353 (0)761 104 800

    Lo Call Number

    1890 252 231

    Fax

    +353 57 868 4757

    E-mail

    info@dataprotection.ie


    +353 57 8684800
    +353 (0)761 104 800

    Lo Call Number

    1890 252 231

    Fax

    +353 57 868 4757

    E-mail

    info@dataprotection.ie


  • HEA Student Data Collection Notice 2018

    HEA Student Data Collection Notice 2018