This notice is for all students of The Courtauld Institute of Art, University of London, to explain how we use the information that we hold about you (your personal data).
If you are not happy with any aspect of how we process your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Our registration number is Z6896909.
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. You can email us at DPO@courtauld.ac.uk or you can write to us: Data Protection Officer, The Courtauld Institute of Art, Somerset House, Strand, London WC2R 0RN, or call us on 020 3751 0536.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at DPO@courtauld.ac.uk indicating the changes required. All emails will be responded to within 24 hours and actioned in line with the regulations.
You will be asked to confirm various personal and academic details at enrolment to Student & Academic Services. The Courtauld processes your personal data collected at both the application stage and at annual enrolment for the purposes of:
- Administration of your studies;
- Access to, and security of, The Courtauld’s facilities (including Student Residences);
- Provision of student support services (such as library, careers, health, counselling, sport, computing, academic support services, advice services and the operation of the Students’ Union)
- Carrying out statutory duties to provide information to external agencies (see ‘Disclosures’ for further details);
- Other activities that fall within the pursuit of The Courtauld’s legitimate business (including the development and maintenance of an Alumni Programme)
This personal data includes your photograph which will be used, where necessary, for the purposes of identifying you in the course of the University’s legitimate business, and will appear on your ID card and The Courtauld’s IT systems.
Where necessary The Courtauld will disclose, to external bodies, relevant items of your personal data as set out below.
|In accordance with the terms of the contract (which usually relate to attendance and progress reports).|
|Sponsors or funding organisations (including the Student Loans Company where a contract exists or US Loans)||This does not include third parties (such as parents) who may be paying for your studies but with whom no formal contract exists.|
|Professional bodies||For the purposes of confirming your qualifications and the accreditation of your course|
|Work Placement sites or other educational partners involved in joint course provision ( such as the LSE and Kings)||Where this is necessary for the purposes of your study.|
|University of London||For the provision of student services such as the Careers Group, Housing Services, Research Degrees Office, ULU, Diploma Production etc|
|The Office for Students (OfS) and its agents||Such as the Higher Education Statistics Agency (HESA) and the Quality Assurance Agency. You are also advised to refer to the collection notices on the HESA website: hesa.ac.uk|
|Student Surveys||To collect your feedback|
|Potential employers or providers of education whom you have approached||For the purposes of confirming your qualifications.|
|Local Government Departments, including Council Tax and Electoral Services||For the purpose of assessing and collecting Council Tax and or supporting your registration to vote in elections.|
|UK Agencies with duties relating to the prevention and detection of crime, apprehension and prosecution of offenders, collection of a tax or duty, or safeguarding national security||For example: Benefit or Tax Inspectors, the Police, the UK Border Agency (UKBA) or the Foreign and Commonwealth Office, as necessary, and with consideration of your rights and freedoms.|
The Courtauld may from time to time make other disclosures without your consent. However, these will always be in accordance with the provisions of the Data Protection Act 1998 and your interests will be considered.
The GDPR gives individuals a number of rights regarding their data. These include:
- The right to access your data – otherwise known as a ‘Subject Access Request’
The right to rectify data held about you
The right to object to your personal data being processed
The right to restrict the processing of your personal data
The right to erase personal data held about you
Rights requests are, in most cases, free of charge and need to be responded to within 30 calendar days. A longer period and a fee may result if a request is particularly complex.
Requests should be made to the Data Protection Officer at DPO@courtauld.ac.uk. We may ask you for additional information to help process your request.
Guidance on your rights can be found at https://ico.org.uk/your-data-matters/.
You have a responsibility to keep your personal details accurate and up to date and should notify Student and Academic Services of any changes.
Students at The Courtauld may, during the course of their studies, have access to personal information about other individuals. Students are, and have always been, expected to treat this in a responsible and professional manner. You have responsibilities under the EU General Data Protection Regulation (GDPR) for any personal data relating to other people which you may access whilst at The Courtauld. This responsibility is in addition to any obligations arising from professional ethics or codes of conduct. Information relating to an individual’s mental or physical health or other information obtained in the expectation of a duty of confidence should be treated as confidential and generally not disclosed without the subject’s consent.
It is an offence for students to knowingly and recklessly disclose personal data to anyone who is not entitled to receive it or to seek to obtain data to which they are not entitled. The Courtauld will take a serious view of any breach of the EU General Data Protection Regulation (GDPR) by any of its members, including the consideration of disciplinary action.