We take the privacy of your data very seriously. Although we gather very little information about those who contact us, it's important for us to be transparent in how we handle what we do have.
Glasgow Students' Nightline (“we, us, our”) of Glasgow University SRC, Strathclyde Students’ Union, and Glasgow Caledonian University Students’ Association takes your data protection and rights in relation to this very seriously. We have written this document to make things as clear as we can, if you have any questions about your privacy in relation to getting support* from Nightline then please contact us (details in section 10).
We promise to respect and protect any data you share with us; we won’t do anything with your data that you wouldn’t reasonably expect us to do when you contact us for support.
Data protection in the UK is overseen by the Information Commissioner’s Office and the main legislation that underpins it is the EU General Data Protection Regulations (2014) (GDPR).
*Support means emotional support, active listening, and provision of information where available and should be read as such through the rest of this document.
2. What Data We Collect – People Who Contact Us
When you contact us and ask for support we keep a statistical record of some of the information that we take from your contact with us. Unless you explicitly consent to us recording personal information about you we do not keep a record of any personal identifiable information.
When you contact us for support, we may identify information about you which is considered special category data under the law, however without your explicit consent there will no identifiable information recorded about you which links this information to you as an individual.
Special category data is anything related to your ethnic origin, religion, health (including disability), sexual orientation, etc.
3. What Data We Collect – Volunteers
When you apply to volunteer with Nightline the information you put in your application is viewed by the coordinators at Glasgow University SRC, Strathclyde Students’ Union and Glasgow Caledonian University Students’ Association.
We record the following: name, institution, Faculty/School, email address, telephone number, whether you are a Home/RUK/EU/International Student, whether you are an undergraduate or postgraduate student, if you are a mature student, and anticipated year of graduation.
We record information about you that is required to process your application as a volunteer and to inform our recruitment procedures. We have a legitimate interest to record this information in order to run and deliver the service.
Additionally, we ask all those attending a training or other formally organised event with us to complete a medical questionnaire. This is a disclosure form and is held securely in a locked cabinet or on a password protected online folder by staff coordinators in the event of a medical or health emergency in which a disclosure of a health condition or medication taken would be valuable for emergency services or other health professional. All questions are voluntary.
The data included in this is the following: title, full name, date of birth, address, phone number, email address, name of doctor and address of medical practice, name and relationship of next of kin, contact phone number for next of kin, known medical conditions, medication, any other relevant medical details (including religious preferences for medical treatment). The information on this form will only be used in the event of a medical emergency and forms will be destroyed one month followed the date of the event.
4. How We Collect and Use Your Data
Nightline is a listening and information service delivered for the students of University of Strathclyde and Glasgow Caledonian University. We process your data for our own records. Caller data is stored electronically externally to the Union/Association and University servers. Volunteer data is stored electronically on internal servers; this is held on a secure, password protected user account. We will never use the information about you for marketing purposes.
We collect data about you that we are provided directly from you. We use your data for two purposes: for statistical purposes from callers and to facilitate the running of the service from volunteers.
From the GDPR legislation, the legal basis we have to collect your data is called a legitimate interest (Article 6 GDPR). This means that we feel you would reasonably expect us to process your data when you approach us for volunteering or support. For example, it would be very difficult for us to interview you for a volunteering role if we did not have your contact details. Because of this, we don’t need direct consent to process your data when it is part of an application to join. It is necessary for Nightline to protect your interests as our volunteers and callers as well as our interests as a service.
We believe that you have a right to complain if the support or information you receive is incorrect or unsatisfactory. Without storing data, including contact details when appropriate or when explicitly consented to, it may be difficult for you to seek redress. We require your data in the event of a complaint so that we can check if the support or information provided was accurate or appropriate and you were treated in a fair and respectful manner.
The second reason that we process your data is for monitoring and statistical purposes. At this point any data is anonymised, so you can’t be directly identified from it. We then use this to look at trends/patterns so that we can focus our work on helping students in the best possible way.
5. Sharing Your Data and Disclosure to Others
In general, we will not share your information outside of Nightline without you giving your direct consent. However, we have a statutory obligation to share data as set out by an Act of Parliament where information is disclosed related to terrorist activity. We also make disclosures in certain circumstances where we have identifiable information if we believe there is a substantial threat to life/harm to yourself or a child or adult at risk.
We disclose information about terrorist activity that we receive even when identifiable information is not made available. You will be made aware by a volunteer when a disclosure will be made.
Consent has been clarified and defined in the GDPR. It has to be a clear process and involve a positive choice from the person giving it (no pre-ticked boxes allowed!). You are also able to withdraw your consent at any time and we can’t refuse to support you on that basis alone.
We will ask for your explicit consent for one reason. This is to get your permission share your information when it is relevant/necessary to support you to access support from emergency services. If we or you deem this necessary, we will ask you explicitly if you consent to us sharing information that you have provided to us.
7. How to Change and Erase Data We Hold on You
You have the right to be able to see the information we hold on you, have any incorrect facts changed and to have your data erased. If you want to exercise any of these rights, please contact us and we will talk you through the process.
8. Your Rights
The GDPR sets out your rights as an individual, we strive to uphold and protect your rights in balance with our legitimate interest in providing support for you.
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.