Privacy Policy – UCB Guild of Students

As a student at University College Birmingham (UCB), you are automatically a member of the Guild of Students. To protect your data, we have a data agreement with the University, detailed in Appendix A of the Guild’s Relationship Agreement with the University.

For further information, please contact our Data Protection Officer at guildinfo@ucb.ac.uk.

To make a Subject Access Request, please email guildinfo@ucb.ac.uk, addressing it to our Data Protection Officer.

Who We Are

This privacy policy explains how University College Birmingham Guild of Students (registered charity 1177734) uses your information when you use our digital services.

Your Data

Comments

When visitors leave comments on our site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to our website, please avoid including embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from images on the website.

If you feature in the Guild’s media on this website or social media, you can contact us to request that we remove it.

Cookies

This site uses cookies in the following ways:

To track website usage
To facilitate our login process

If you login to this site with a UCB account, you consent to the use of cookies to facilitate Microsoft Entra authentication.

If you are a Guild employee, selecting “Remember Me” on the login page will cause your login will persist for two weeks.

If you log out of your account, the login cookies will be removed.

Data Processing

We use Microsoft products and services extensively to administer and process user data. To ensure compliance with data protection regulations, we have entered into a Data Protection Addendum (DPA) with Microsoft. This DPA outlines the responsibilities and commitments of both parties regarding the protection of personal data.

Your data may also be stored and processed within the Guild’s Monday.com account. You can view the relevant DPA here.

Embedded Content from Other Websites

Pages on our site may include embedded content (e.g., videos, images, articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

What Rights You Have Over Your Data

If the Guild currently holds data about you, you can request an exported archive, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

How Long We Retain Your Data

For registered users, we store the personal information provided in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Where Your Data Is Sent

Visitor comments may be checked through an automated spam detection service. Student data may also be stored within the Guild’s internal systems for delivering services you opt into.

Use of Artificial Intelligence

We utilize artificial intelligence (AI) technologies to enhance our services. All data processed by this AI model is handled securely within the Guild’s Microsoft tenant and remains within the European Union (EU) to ensure compliance with data protection regulations. Any data processed through AI is done on the same legal bases as our normal processing/retention of data, and will be redacted as appropriate to ensure that personal data is not processed through AI unnecessarily.

The Guild’s processing of your data is not used to train commercial AI models, but any of your publicly-accessible content on this site may be crawled by third parties.