Privacy Notice

University of Southampton

Privacy Notice for The Office of Development and Alumni Relations

Our Privacy Notice describes how The Office of Development and Alumni Relations (ODAR) processes your data, helping us develop and maintain engaging services and activities that enrich your experience with the University.

1. About ODAR and this Privacy Notice

Henry Robinson Hartley’s generous donation in 1862 laid the foundations for the University of Southampton. We have since developed into a world-renowned research-intensive University, with a strong educational offering, known for our innovation and enterprise. We have a mission “to change the world for the better” and we work towards this goal in partnership with our alumni, staff, donors and the wider community.

This Notice sets out how the University’s Office of Development and Alumni Relations (“ODAR”) uses your personal data to help create a mutually beneficial relationship with you, whilst always processing data fairly and securely. We do value your privacy and we recognise the need to treat your data appropriately in accordance with the principles of the Data Protection Act 1998 (DPA) and, after 25 May 2018, the EU General Data Protection Regulation (GDPR).

Data refers to personal information that we hold about you from which either on its own, or in combination with other information, you can be identified. A list of the data we process is set out below.

Processing means doing anything with your data, such as collecting, recording or holding the data as well as disclosing, destroying or using the data in any way.

The University of Southampton is the data controller. Our Registration Number in the Data Protection Public Register is Z6801020. We keep this Privacy Notice under regular review and it may be amended from time to time.

2. What information are we processing about you

We process the following data about you:

i) Biographic details including name, title, date of birth, age and gender. ii) Contact details including home address, business, email, telephone, LinkedIn, Twitter etc. iii) Education information and your other connections with the University and other institutions including student clubs, societies, affiliations.iv) Employment/career details. iv) Career biographies or alumni profiles. v) Information publicly shared on social media. vi) Your interests. vii) Health related information if attending an event e.g. access, dietary requirements. viii) Family and partner/spousal details. ix) Relationships with other alumni or associated constituents. x) Volunteering activity. xi) Philanthropic affiliations. xii) Donation history to the University or to other organisations including bank account details (for processing direct debits). xiii) Records of communications with ODAR and the wider University. xiv) Event attendance on or off-campus. xv) Assessment of capacity to donate – prosperity assessment. xvi) Motivation for giving. xvii) Photographs. xviii) Identification numbers and online Identifiers; xiv) Expressions of opinion about you or indications as to our intentions about you. Some of the information we process, such as disability details for access to an event, is sensitive personal information that we will not process unless we have your explicit consent, or we are legally required to do so. 
We also process sensitive data that you have shared with us e.g. where giving in memory of a loved one and providing health details. This will always be done in a respectful and relevant manner.

3. Why are we processing your data

Why we are processing it

Processing your data helps us to develop and maintain engaging services and activities to enrich your experience with the University. We process your data in pursuit of our legitimate interests or because we hold your consent for specific activities. It enables us to:

A) Communicate and engage with you:

i) Creating direct marketing communications tailored to your preference - delivered through email and telephone (if consent gained), direct mail and social media. ii) Providing you with a more personalised user experience when using our website, application or any other services we might provide by analysing, segmenting and profiling our database and allowing us to target you with information we think you might be most interested in including products and services. iii) Helping to advance our transformative philanthropic programme through fundraising campaigns and/or meeting with alumni and supporters for fundraising purposes. iv) Tracking details of our communications with you, to help inform our future interactions and make them relevant. v) Storing and maintaining your communication preferences, and consents (when required). vi) Sourcing contact details, if we lose contact with you.

B) Provide you with beneficial services by developing programmes that give you opportunities to: (i) Attend networking/career development events, reunions (ii) Further your learning and development. (iii) Further your study and/or research. (iv) Donate to the University/stewardship of past gifts.
Creating and promoting benefits including:
(v) Alumni ID cards (giving access to University and discount membership). (vi) Email accounts and email for life services. (vii) Find a friend services. (viii) Careers support. (xi) Postgraduate fees discount. (x) Participating in University surveys.

C) Inform our interactions by: (i) Creating constituent research profiles, which may include geographic, demographic, biographic, career information, personal connections and asset/capacity related data all sourced from reputable publically available information to help us make an appropriate approach to you. (ii) Prepare staff for fundraising/engagement meetings or events. (iii) Making targeted correspondence relevant to you. (iv) Undertaking automated data analytics exercises to help make strategic decisions. (v) Completing due diligence to ensure gifts are not from an untrustworthy or unethical source. (vi) Managing the processing of gifts and HM Revenue & Customs guidelines. (vii) Fulfilling any statutory requirements. (viii) Managing our work with volunteers. (ix) Adhering to statutory or other necessary obligations. (x) Conducting market research activities about our services

Processing for limited purposes

We will only process your data for the specific purpose, purposes that we tell you, or if specifically permitted by the Data Protection Regulations. We will only process your data to the extent necessary for that specific purpose or purposes.

Automated Decision Making and Profiling

We sometimes use your data to create automated models or profiles that help us to understand, analyse or predict certain aspects relating to you/your behaviour. We use the outcomes to shape our interactions with you, making them beneficial and timely e.g. tailor the communications you receive to ensure you are told about events or let you know about fundraising campaigns/groups that may interest you. This could include using data models that help predict your personal preferences, interests or behaviour. 
Whenever we use automated processes, we base our work on facts found through our database, or from reputable sources, to create tested algorithms/models. We always use appropriate mathematical or statistical procedures for the profiling, whilst continually checking for inaccuracies. 
We never use the outcome of this work to make decisions that could damage you personally or your relationship with the University. They are only used to help us best manage your data and relationship with us affectively.

4. How we collect your data

We collect your data from a variety of sources, including:

i) Directly from you. ii) From staff, supporters and volunteers. iii) Research into publicly available sources for profiling, address updates and analytics, for example, LinkedIn, Tracesmart, Companies House, Thomson World Check, and other similar sources. iv) Carefully selected third parties that help keep our data up-to-date or to help enrich your data e.g. screening companies. v) Data from your use of our website and/or apps. vi) From a third party whom you have interacted with on behalf of the University, for example: JustGiving, Crowdfunding, Eventbrite. The receipt of data is subject to the third party's own Privacy Policy. The Office of Development and Alumni Relations will treat this data as set out in this Privacy Notice.

If you are not an alumnus and we have not gathered your data directly from you, we will inform you about the personal data we hold at the time of our first communication with you.

5. Data accuracy, sharing and storing

Accurate Data

We always aim to keep your data accurate and up to date. Data that is inaccurate can be amended on your request. Please notify us if your personal details change or if data we hold about you is inaccurate. Depending on your privacy settings, we may use social media sites like LinkedIn, Facebook and Twitter and/or other data enrichment services to validate your data and help us maintain our communication with you.

Holding Data

We create and hold your data both electronically and on paper. The Office of Development and Alumni Relations consider its relationship with alumni, supporters and potential supporters as ongoing and as such will maintain a record until you tell us you no longer wish to keep in touch or we have a requirement to delete information. As an alumnus we may need to retain some information about your education with us and for identification purposes. If you are not an alumnus or donor and do not engage with us, we will remove the majority of your details, but retain a small amount to know you have not engaged and we will not pursue the relationship. 

Sharing your Data

We will never sell or share your data to third parties for the purposes of other marketing. We sometimes work with external providers to develop and improve the data we store. These include data enrichment and screening companies (like, for example, Factary, Tracesmart, Experian, Prospecting for Gold, and other research companies such as Thomson Reuters World-Check) or carefully selected companies for market research purposes.

If you have given a donation, we may share data to process your donation with your bank, under your instruction and/or with HMRC to collect Gift Aid on your behalf where we have a Gift Aid declaration from you.

We may also share your data with trusted third parties, including: 
 i) Business partners, suppliers and sub-contractors to deliver our work or something promised to you (for example, to an event venue for Health and Safety purposes, to our own Students’ Union for a specific purpose). ii) Advertisers and social media platforms (like Facebook, LinkedIn etc) that require your data to ensure relevant and tailored adverts to you and others on those platforms. iii) Analytics and search engine providers who help us in the improvement and optimisation of our site. iv) Software providers whose technology allows us to fulfil our work (for example, Eventbrite, Mailchimp, Blackbaud, Smarteezie). 
 We may have to disclose your data if required to do so by law in order to comply with a legal obligation, for example, to complete the Graduate Outcomes Survey (created by the Higher Education Statistics Agency), to protect or defend our rights, interests or property or that of third parties act (in urgent circumstances) to protect the personal safety of University of Southampton constituents or the public, or protect against legal liability.

Online Giving The University of Southampton (the 'Data Controller') and the Site's associated Data Processor, Sponsorcraft Ltd (Hubbub), will hold and process your data securely in line with the EU's laws related to the storing of personal data. Your data will be treated confidentially and handled with the utmost care and respect and is never passed on to third parties for their uses.

The data that we collect from you for processing is stored in Dublin, Ireland, hosted by Amazon Web Services (AWS), in line with the EU-approved AWS Data Protection Agreement and Model Clauses.

We process all donations through the University of Southampton Stripe account. Stripe holds the highest level of PCI-DSS certification. If you would like to read Stripe's privacy policy you may do so here ( No details related to payments are stored with the Data Controller or the Data Processor.

Use of Your Data by Third Party Sites Connected to Hubbub Services: If you agree to create a login for the site using your social media account (facebook or twitter), you will be doing so in agreement with the privacy policy associated with AddThis, which can be read here ( Creating an account using your social media account is optional, and should you prefer to use another method of creating an account, you may also create an account using a valid email address, providing other personal identification details when it may be required to do so on the site (for example: creating projects or making a donation projects that you wish to support).

Cookies: This website was designed to use cookies to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit card numbers for ease of recording information on behalf of the user which may help aid the completion of forms whilst visiting the site, both now and in the future. Cookies are also used to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past). This is useful for creating ease of use for the end user, while also creating data from which the site can be analysed and evaluated to provide a better end user experience.

6. Your data rights and security

Processing in line with your rights

You have the right to:
 i) Be informed about the data we hold on you
ii) Access the data we hold on you
iii) Update or edit the data we hold on you
iv) Erase certain data we hold on you
v) Request that we stop processing your data in a specific way
vi) Be provided with your data in a portable way
vii) Object to specific processing of your data
viii) Object to automated decision making and profiling where there is a significant effect on you

Data Security

Everyone working at the University has a legal duty to keep information about you confidential. There are strict codes of conduct in place to keep your information safe. Staff abide by the Data Protection Act 1998, and from 25 May 2018, the EU General Data Protection Regulation, and the University Data Protection Policy. We ensure that suitable measures are in place to prevent the unlawful or unauthorised processing and against the accidental loss of, or damage to, your personal information. This includes: i) Storing data on a secure, specially designed, customer relationship management database. ii) Training all our staff in Data Protection and their responsibilities. iii) Collaborating only with reputable companies for data processing services, who comply with Data Protection Regulations and put in place appropriate non-disclosure agreements. iv) Ensuring that alternative protection is in place if we work with trusted organisations based outside the European Economic Area (EEA) in countries that do not have comparable data protection laws to the UK. v) We will work to internal best practice guidelines to ensure encryption, pseudonymisation and other data security measures are used at the appropriate time.

7. Controlling and accessing your data

Control over your data

You can update your own data or contact preferences at any time by visiting or calling +44(0)23 8059 2747. 
If you wish us to stop contact, you can do so by visiting or calling +44(0)23 8059 2747.

If you do not wish for us to continue to process your data, we will retain minimal details on our database to:
i) Ensure your details are not re-added in the future for another purpose.
ii) If an alumnus, to retain your educational details with the University, for future reference e.g. for degree validation/replacement transcripts. This will include name, date of birth and education record/s details.

Accessing your data

If you would like to access your personal information please make a request in writing to: The Data Protection Officer
Legal Services
University of Southampton, Highfield
Southampton, SO17 1BJ Email:

You will need to be able to provide proof of identity (e.g. full name, address, date of birth). We will provide your information within 30 calendar days of receiving your request.

Further information

If you would like further information, please see the University’s Data Protection Policy and Electronic Use Policy. 
If you are unhappy with the way that we have handled your information you can contact us at:
 Email: Telephone: +44(0)23 8059 2747

If you have any serious complaint, you have the right to lodge this with the supervisory authority, the Information Commisioner's Officer

8. Future Changes

From time to time we may use your data for new purposes not described in this Privacy Notice. If there are changes we will always post the policy changes on this Privacy Notice.

Last Updated: 08 June 2018