The Hive privacy notice

The Hive is a “data controller” which means we are responsible for deciding how we hold and use personal information about you.

This Statement applies to any NTU students, graduates, employees and external business candidates (“you” or “your”) or services that link to it (collectively, our “Services”). Occasionally, a Service will link to a different Privacy Statement that will outline the particular privacy practices of that Service. Such as:

• Nottingham Trent University
• Website and Cookies
• Alumni

Please read this Privacy Notice carefully and contact our Data Protection Officer if you have any questions about our privacy practices or your personal information choices.

Attn: Data Protection Officer

Nottingham Trent University Address: 50 Shakespeare Street, Nottingham, NG1 4FQ

We may need to update this Privacy Notice from time to time. When changes made to this Privacy Notice are considered to be material, we will notify you of the changes.

NTU is committed to the responsible handling and protection of personal information.

Personal Data, or personal information, means any information about an individual from which that person (a “Data Subject”) can be identified. It does not include data where the identity has been removed (anonymous data).The information will be Personal Data if a person can be identified either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. For example personal data may include names, addresses, email addresses and telephone numbers; it may also include images in photographs or films and recorded telephone conversations.

We collect, use, disclose, transfer, and store personal information to provide Services to you and for our operational and business purposes as described in this Statement. We want to be clear about our privacy practices so that you are fully informed and can make choices about the use of your information, and we encourage you to contact us at any time with questions or concerns.

We collect personal information from you, for example, if you request information, or enquire and apply to use any of our Services. The categories of personal information that we may collect, store and use about you include (but are not limited to)

• Name, address, telephone number, email address
• Gender
• Any disability/special requirements
• Employment status
• For International students, we will collect additional information on visa details and date of entry to the UK
• Business details, such as registered address, company and VAT number
• Course details

In some circumstances, we may need to process sensitive personal information or Special Category Data which includes (but is not limited to) racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.

We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:

1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations.
3. Where it is needed in the public interest, such as for equal opportunities monitoring.
4. Where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards.
5. Where the processing is necessary for archiving purposes in the public interest, or for scientific or historical research purposes, or statistical purposes, subject to further safeguards for your fundamental rights and interests specified in law.

Not all of the personal information The Hive holds about you will always come directly from you. We may collect personal information from service providers, and publicly available websites, to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services.

Apart from the data that you provide to us, we may also process data about you from a range of sources, which include:

• During events, seminars and workshops, we may obtain your student number or email address
• During events, seminars and workshops, we may take photographs. If we wish to use these in publications, we will gain your consent prior to publication
• Through our Digital Services: Which are the NTU website at www.ntu.ac.uk and any other NTU-authorised internet services, websites, products, social media, mobile phone apps and/or software applications that enable you to use, access, view, listen to and/or download NTU content or to interact with us online (or through any other digital means) on any device. We collect information that you provide to us by filling out forms on the website or by corresponding with us through the Digital Services. It includes information that you provide when you participate in discussion boards or other social media functions within the Digital Services, enter a competition, promotion or survey, and when you report a problem with the Digital Services
• Email or telephone correspondence you have with NTU

For example, if you pay or contribute to Services from The Hive or NTU, we will collect payment information, such as financial or bank card information, and other information necessary for us to process the transaction.

Our servers, logs, and other technologies automatically collect certain information to help us administer, protect, and improve our Services; analyse usage; and improve users’ experience.

We receive and store certain types of information whenever you interact with us. This includes the use of "cookies". Please refer to our cookies policy for further information regarding our use of cookies. We may also automatically record visits to our website for the purposes of improving our services. These recordings may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. Information collected by cookies or session recordings is stored and is used for aggregated and statistical reporting.

NTU uses CCTV around campus, and will collect and store information. For full details of our CCTV use, please refer to our CCTV Policy.

We will only process your personal information in accordance with this Privacy Policy and in accordance with the Data Protection Legislation.

The legal bases for our processing of your personal information are:

• Your consent – this applies where you have freely given your specific, informed, consent for the use of your personal information for particular purposes. We may seek your consent to provide advertising and marketing information to you, or to permit selected trusted partners or third parties to provide you with information about goods or services we feel may interest you. If you are under the age of 16 we will obtain consent from your parent or guardian before processing your personal information.
• Necessity to perform a contract with you – this will include the operation and delivery of any services you have requested and to deal with requests, enquiries, operations and services provided to you.
• Necessity to perform tasks carried out in the public interest and otherwise to pursue our legitimate interests – this includes use of your personal information to improve the services we offer as a higher education corporation.

The purposes for which we process your data includes:

• To assist you in your business ventures
• To provide you with information on products or services that you may request from us, or which we feel may be of interest to you, and where you have given consent for us to contact you for such purposes. This may include disclosing personal data to trusted third parties, such as appointed service providers, from time to time.
• To enable any financial transactions to and from us, including payments, grants and benefits
• To carry out our contractual obligations between you and us
• Where it is necessary to comply with a legal obligation
• To ensure that content from our website or Services is presented in the most effective manner for you and for your computer or device by gathering aggregate information about our users, using it to analyse the effectiveness and efficiency of communications.
• To ensure we meet our statutory obligations, including those related to diversity and equal opportunity.
• To notify you about changes to our services

The University is required to collect and process certain information about you to certain external agencies. These bodies include, but are not limited to: The Higher Education Statistics Agency (HESA), The United Kingdom Visas and Immigration Authority (UKVI), grant awarding bodies, course relevant professional standards and registration bodies, government agencies, police and the emergency services for legitimate purposes. The University may also be asked by HEFCE to provide student data collected by the University to other bodies acting on their behalf such as National Student Surveys. We will also share certain data with our associated entities of NTU.

NTU may share your personal information with our trusted partners and selected third parties to help us perform functions such as statistical analysis, sending you e-mails, postal mail, and text messages or anonymously as part of a research paper and for our marketing purposes.All such third parties are prohibited from using your personal information except to provide these services to NTU, and they are required to maintain the confidentiality of your information. NCC ensures such third parties handle your information in accordance with the Data Protection Legislation.

Below are the parties with whom we may share personal information and why;

• Within NTU: Associated entities or services around the world are provided data by a variety of NTU teams and functions, and personal information will be made available to them if necessary for the provision of Services, account administration, marketing, student and technical support, for instance.
• We will share data your information with our approved mentors, if you choose to take up their services
• We will share specific information with investors who may provide you funds in support of business ventures

• We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud.
• We may also use personal information to meet our internal and external audit or governmental requirements, information security purposes, and as we otherwise believe to be necessary or appropriate:
  • (a) Under applicable law, which may include laws outside your country of residence;
  • (b) To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence;
  • (c) To enforce our terms and conditions; and
  • (d) To protect our rights, privacy, safety, or property, or those of other persons.
• If you register as a user of an e-registration Services in order to apply for Higher Education, your personal information, including any sensitive personal information you provide, will be made available to the organization to which you have applied. In order to consider an application fully, your personal information may be forwarded on to respective institutions.

We will not store your personal information for longer than is necessary. NTU will ensure that our trusted partners and selected third parties with whom we share your personal information in accordance with this Privacy Policy will delete your personal information when they no longer require it.

In determining data retention periods, NTU takes into consideration local laws, contractual obligations, and the expectations and requirements of our data subjects. When we no longer need personal information, we securely delete or destroy it. View our full Data Retention Schedule.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition we limit access to your personal information to those employees, agents, contractors and other third parties who have a business requirement to know

The Hive at NTU takes data security seriously, and we use appropriate technologies and procedures to protect personal information.

For example:

• Policies and procedures – measures are in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data.
• Business Continuity and Disaster Recovery strategies that is designed to safeguard the continuity of our service to our clients and to protect our people and assets.
• Appropriate restrictions on access to personal information.
• Monitoring and physical measures, to store and transfer data securely.
• Data Privacy Impact Assessments (DPIA) in accordance with legal requirements and our business policies.
• Periodic training on privacy, information security, and other related subjects for employees and contractors.
• Vendor risk management

Contracts and security reviews on third-party vendors and providers of services.

Your personal information may be transferred by us or our trusted partners out of the European Economic Area (the “EEA”). The trusted partners that may do this are organisations who process data for analysis or marketing purposes, including a marketing automation hub where the email address of recipients will be logged and a record of email delivery, opening, click-through and bounce-backs will be kept. Our partner uses Microsoft’s Windows Azure data centres located in East US (Virginia), West Europe (Netherlands), and Australia East (New South Wales).

NTU has networks, databases, servers, systems, and support located throughout the world. NTU collaborates with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of the university, workforce, and students. Your personal information may be shared with record matching and customer targeting partners, including Google, Facebook, Snapchat and LinkedIn.  Some of these partners process personal data in Canada and the United States of America.

We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within NTU or to third parties in areas outside of your home country.

NTU shall ensure that your personal information transferred to countries outside of the EEA is adequately protection by transferring the personal information on terms of the standard data protection clauses adopted by the European Commission.

This means, your rights and protection remain with your data, ie: we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your personal information protect it. If you would like to know more about our data transfer practices, please contact our Data Protection Officer.

We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

Under certain circumstances, by law you have the right to:

• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

• Request correction of the personal information that we hold about you. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.

• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

• Object to processing of your personal information where we are processing your personal information on the basis of our legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

• Suspend processing of your personal information,for example if you want us to establish the accuracy of the data we are processing.

• Object to any direct marketing (for example, email marketing or phone calls) by us, and to require us to stop such marketing.

• Object to any automated decision-making about you which produces legal effects or otherwise significantly affects you.

• Request the transfer of your personal information to another party.

Please contact our Data Protection Officer with any requests related to your personal information.

If you are not satisfied with how NTU manages your personal data, you have the right to make a complaint to a data protection regulator - ICO.