Volunteer Privacy Notice

This statement explains how and why the University of Plymouth collects, uses and shares your personal data and your rights in relation to that data.

The University (“we” or “us”) is the Data Controller of your information and is registered with the Information Commissioner’s Office under resignation number Z7546246. Its Data Protection Officer can be contacted at dpo@plymouth.ac.uk.

The volunteer privacy notice covers the following

  • ?Why do we collect your data?

  • @What type of data do we collect?

  • ?When and how do we collect your data?

  • @How do we use your data?

  • ?What is the lawful basis for processing personal data?

  • @How long do we keep your data?

  • ?Who do we share your data with?

  • @Who internally has access to your data?

  • ?What rights do I have?

  • @Changes to this notice

  • ?Reminder of individual responsibility

1. Why do we collect your data?

The University works with volunteers from time to time and when we do, we need to collect and process volunteer personal data in order to fulfil our obligations to volunteers as well as manage the nature of our engagement with them. 

Processing volunteer personal information allows the volunteer agreement to be performed and allows the University to comply with its legal obligations, which are outlined below. 

The University will not process personal data for marketing purposes or transfer personal data outside of the EU framework, and data is not subject to automated data processing.

2. What type of data do we collect?

The following are examples of personal data (not exhaustive) which may be collected, stored and used:

  • Personal contact details such as name, date of birth, title, address(es), telephone number(s) and personal email addresses
  • Gender
  • Next of kin and nominated emergency contact information
  • Recruitment information (CVs, covering letter(s), references and other information included upon application and engagement)
  • Volunteer agreement
  • CCTV footage and other information obtained through electronic means such as swipe/identity card records
  • Information about your use of our information and communications system(s)
  • Photographs

We may also collect, store and use the following types of special category data:

  • Information related to protected characteristics as defined within the Equality Act for monitoring and institutional reporting
  • Information about your health, in order for us to exercise our duty of care, such as medical condition(s), health and sickness records and disability information
  • Information about criminal convictions and offences

3. When and how do we collect your data?

The University will collect your information in different ways prior to and during its engagement with you, as a volunteer. These will include:

  • Information you provide directly to us such as through the recruitment process or during your period of voluntary engagement
  • Information provided by other sources such as referees or the Disclosure and Barring Service

4. How do we use your data?

The University requires this information to manage the relationship with all volunteers and the obligations and responsibilities which arise from this. For example the University may use your information to:

  • Carry out any necessary checks to ensure volunteers are eligible to work with children or other vulnerable individuals and have suitable references
  • Administer volunteer agreements
  • Maintain accurate information for current volunteers
  • Manage the health and wellbeing of volunteers through maintenance of emergency contact details, medical details, recording of absence, health screening, information relating to disability, incident records, personal emergency evacuation plans, risk assessments etc
  • Record training and development of volunteers
  • Record the dates on which volunteers are engaged
  • Report and monitor data relating to protected characteristics to inform and develop action plans that promote equality, diversity and inclusion at the recruitment stages and within the workplace
  • Facilitate internal day-to-day communications relevant to volunteer engagement, including managing any security through photographic volunteer ID cards
  • Fulfil and monitor legal obligations for example within the Equality Act and health and safety legislation
  • Provides references on request for current and former volunteers
  • Provide relevant management information to support the University with its workforce management and business planning

5. What is the lawful basis for processing personal data?

The University processes volunteer data for the above purposes under the following conditions:

  • Where consent has been provided
  • In order for the University to fulfil its obligations under the volunteer agreement
  • Where the University needs to comply with a legal obligation (for example the detection or prevention of crime)
  • Where it is necessary for the University’s legitimate interests (or those of a third party) and the interests of and fundamental rights of the volunteer do not override those interests
  • To protect the vital interest of the volunteer or of another person (for example, in the case of a medical emergency)
  • In order to perform a task carried out in the public interest 

The University will only process special category data with the volunteer’s explicit consent or under the following conditions:

  • For the purposes of the volunteer and/or the University carrying out its obligations, providing appropriate safeguards are in place to protect the individual’s fundamental rights and interests
  • For the establishment, exercise or defence of legal claims
  • When it is needed to protect the volunteer or another person’s vital interests and the volunteer is not capable of giving consent (for example, in an emergency)
  • For reasons of substantial public interest
  • Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

If your consent is required for any specific use of your personal data, it will be collected at the appropriate time.

6. How long do we keep your data?

The University keeps your personal information as long as necessary for the purpose(s) for which it was collected, in line with the University’s Records Retention Schedule and the JISC Records Retention Management Guidance. It will be securely destroyed when no longer required.

7. Who do we share your data with?

The University may disclose certain personal detail to external bodies for the legitimate interests of the University or of third parties as detailed below:

Disclosure to Details and legitimate grounds for processing
Disclosure and Barring Service and GB Group acting as an umbrella body on behalf of the University To ensure potential volunteers’ suitability for particular positions of trust where clearance is required
UK government and other agencies e.g. Police, DWP, UKVI, FCO, Unions, ONS Relating to detection of crime, safeguarding national security, benefits, union membership, collection of tax or other payments, and government reporting activities
UK Enforcement Organisations e.g. The HSE, Home Office, LA and Devon and Somerset Fire and Rescue Service Relating to investigation and enforcement of UK Health and Safety, Fire and other statutory legislation

8. Who internally has access to your data?

Personal information is held locally by the member of staff overseeing the volunteer engagement and access is carefully controlled with access only being granted if it is needed for a legitimate business requirement i.e. related to one of the activities listed in the section on how we use your data. For example:

  • For operational and business continuity purposes, your personal data may be shared with other relevant employees of the University including Senior Managers
  • Your personal data is also shared across relevant IT systems and databases to facilitate the management and delivery of University services, legal requirements and equality reports
  • Managers have access to certain information following incident reports in order to fully investigate those incidents and ensure appropriate control measures are in place

We take your privacy and the security of your data seriously and requests for access to your data are only approved if there is a legitimate reason which is covered by the relevant lawful basis. If your consent is required that would be collected in advance of your information being shared.

9. What rights do I have?

As a data subject you have a number of rights in relation to your personal data. You can:

  • Access and obtain a copy of your data on request
  • Require the University to amend incorrect or incomplete data
  • Require the University to stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • Object to the processing of your data where the University is relying on its legitimate interests as the legal ground for processing
  • Require us to erase your personal data
  • Require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal)
  • Receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller

Please note that the above rights are not absolute, and the University may be entitled to refuse requests where exceptions apply. 

If you wish to exercise any of these rights or if you have a complaint about the way you believe your data is being processed, in the first instance, please email: dpo@plymouth.ac.uk.

If you have a complaint and you remain dissatisfied with how your complaint has been dealt with you can take your complaint to the Information Commissioner’s Office (ICO) for a review. They can be contacted at casework@ico.org.uk

10. Changes to this notice

This privacy notice is reviewed annually or when required to ensure compliance with data protection legislation. If significant changes are made to this notice and the way we treat your personal information we will make this clear and may seek to communicate this directly to you