Placement Privacy Notice
In order for you to complete your programme you may be required to go on placement where you will work for a period of time with a third-party organisation. This document sets out the arrangements for sharing your personal data in order to facilitate your placement.
This sharing is not limited to just the placement provider themselves: we may need to get you sorted with a uniform for your placement and so have to share limited details with a uniform supplier; we may also have to ensure that our students are suitable to go on placement and so undergo vetting checks through the Disclosure and Barring Service (DBS) and have occupational health checks provided by an external provider; finally we may sometimes use external organisations to match students to placements and again we may share information with such bodies.
All sharing of personal data is undertaken in accordance with data protection legislation (The UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018).
Under what legal basis does the processing of my personal data take place?
The data protection legislation provides for a number of different legal bases under which processing of personal data may take place. In this case, the following bases apply:
Performance of a contract:
As part of the student contract between you and the University we must process your personal data in order to deliver the teaching and learning that you are here to undertake. This may take the form of different activities and going on placement, for many students, is one of these activities. For most programmes that involve a placement, the processing is a mandatory part of the performance of the student contract and cannot be opted out of.
Where you choose to go on an optional placement, we rely on your consent for us to disclose this information, where you do not give consent however, you will be unable to go on placement.
Where we process special category personal data (e.g. vetting checks, disability status and physical & mental health details and any learner support information this would be with your explicit consent.
You have the right to withdraw your consent at any time. Please contact the placement office if you wish to do so.
What categories of personal data are used?
The types of personal data can include but is not limited to:
- personal details (e.g. contact details);
- staff/student ID number;
- visual images, personal appearance and behaviour;
- emergency contact details;
- education details and student records;
- disciplinary and/fitness to practise information;
- vetting checks;
- disability status and physical & mental health details;
- learner support information; and
- clothing size.
Where do we get your personal data from?
The information disclosed is normally held within the University’s student information systems. This information is normally collected from the student, created internally or co-created with a student.
Some information is provided by external bodies such as DBS or our subcontracted occupational health providers.
Who else do we pass this information on to?
The types of organisations that we may share your personal data may include but are not limited to:
- The placement providers themselves;
- Organisations which help us with finding placements for students and vice versa
- Placement uniform suppliers;
- Regulatory bodies (e.g. Health Education England;
- The Disclosure and Barring Service (DBS); and
- Our subcontracted occupational health providers.
Do we transfer the information overseas?
We are not permitted to transfer information overseas unless equivalent or adequate protection of personal information is in place. Most placements are in the UK but not all. We endeavour to ensure that these protections are in place via different means:
The following countries have been determined as having adequate protection in place:
- Canada (private sector commercial organisations only);
- Crown Dependencies (Jersey, Guernsey and Isle of Man);
- Countries in the European Economic Area (i.e. all EU countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden; and all EFTA countries: Iceland, Norway and Liechtenstein; as well as EU or EEA institutions, bodies, offices or agencies;
- Faroe Islands;
- Japan (private sector organisations only);
- New Zealand;
- South Korea
- Switzerland; and
For other countries we will either insist that other arrangements to protect your personal data are in place or seek your explicit consent.
How long do we keep this information for?
Information will be retained by the University in accordance with the University’s Document Retention and Disposal Policy.
Third party organisations will hold the personal data in accordance with their own records retentions policies.
What are your rights as a data subject?
As a person whose personal data we are processing, you have certain rights in respect of that personal data; you have the right:
- To withdraw consent;
- To access your personal data that we process;
- To rectify inaccuracies in personal data that we hold about you if it is inaccurate or incomplete;
- To request the deletion or removal of your personal data where there is no compelling reason for its continued processing;
- To restrict the processing of your personal data in certain ways;
- To obtain your personal data for reuse;
- To object to certain processing of your personal data;
- To complain to the Information Commissioner’s Office about the way in which we process your personal data.
Where can I get more information?
For more information please contact the University’s Data Protection Officer, email@example.com, University of Bradford, Richmond Road, Bradford BD7 1DP.
|Version Control Information Heading||Version Control Detail|
|Written by:||Assistant Head (Student Conduct, Risk & Information Governance) / Data Protection Officer|
|Reviewed by DPO:||Assistant Head (Student Conduct, Risk & Information Governance) / Data Protection Officer|
|Date Published on Web Page:||August 2023|
|Next Review Date:||1 July 2025|
|Version Number:||PN48 V1.0|