Student Governance privacy notice

Information you need to know

The Student Governance department is part of Liverpool John Moores University (LJMU). See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at DPO@ljmu.ac.uk

This privacy notice explains how we use your personal information and your rights regarding that information.

For information about how the wider university uses personal data, please see the Privacy notice section of our website.

Information we are we collecting

Issues, concerns and allegations may be considered by Student Governance under the university’s procedures. These may be raised by the student themselves, other students, members of staff, or external parties. External parties may include the police and other statutory bodies (such as UK Visas and Immigration), placement providers, student accommodation providers, local authorities, sponsors, or representatives.

When considering cases under university procedures, the Student Governance team may receive a wide range of information. In some cases, this may include more sensitive personal data that requires a higher level of protection, such as information relating to a person’s health, sexual orientation, or criminal convictions.

Depending on the nature of the case and the procedure being applied, Student Governance may consider personal data relating to students, staff, and third parties. Student Governance will only consider information that is relevant to the individual case. This may include:

  • names and contact details
  • gender and sexuality
  • ethnicity
  • religious views
  • academic information such as transcripts, Boards of Examiners minutes, feedback, and academic advice
  • medical or health information, including medical letters, disability declarations, needs assessments, Individual Student Learning Plans, and records of support or contact from Student Life and Wellbeing
  • information relating to criminal convictions, cautions, or police investigations, including DBS disclosures, probation officer reports, disclosures from the police or other statutory bodies, and information provided by victims of crime
  • social media activity relevant to a case such as screenshots of comments, photographs, or similar material

This list is not exhaustive and is dependent on the specifics of the individual case and the process the case is being considered under.

In each case, we will let you know what type of information we need to be able to resolve the matter. We ask that you only send us information relevant to the matter we are dealing with.

Student Governance cases also provide an important source of information for the university. Student Governance may collate statistical information and produce annual reports to help ensure that relevant issues are identified and addressed appropriately. All such statistical information is produced in an anonymised format so that individuals cannot be identified.

Student Governance procedures operate in accordance with the principles of natural justice. This means that, where appropriate, full disclosure of allegations made against students or staff, together with supporting evidence, will be provided to the relevant parties involved in a case.

Personal information provided may be rejected, redacted, or anonymised by Student Governance where this is necessary and appropriate.

Source of the personal data

Most of the personal data we process about you will be provided directly by you, for example, when you engage with Student Governance processes or use related university services.

In some cases, information may also be obtained from other internal university sources, such as your tutor, other members of staff, or the Student Life and Wellbeing Service.

Where relevant to a case, we may also receive personal data from external sources. This can include information from the police or other law enforcement bodies, student accommodation providers, or health professionals.

Why we are collecting your data and the legal basis for this

We process personal data in accordance with the principles of the GDPR and only where there is a valid lawful basis to do so.

The Student Governance team usually processes personal data because its procedures form an important part of the university carrying out tasks in the public interest, including maintaining standards, ensuring fairness, safeguarding individuals, and complying with regulatory requirements.

In some cases, we also process personal data in order to meet contractual obligations that exist between LJMU and its students.

Student Governance may additionally need to process personal data to comply with legal obligations, or to carry out functions under powers granted by legislation to which the university is subject. This includes legislation such as the Equality Act 2010 and the Education Act 2004.

We will only process special category personal data where you have given your explicit consent, or where processing is otherwise permitted by law and is strictly necessary. This may include circumstances where processing is required for reasons of substantial public interest or where it is necessary to protect your vital interests or those of another individual.

Further information about data protection and the Office of the Independent Adjudicator for Higher Education (OIAHE) is available on the OAI website.

Information about criminal convictions and offences

We will only process information relating to criminal convictions and offences where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations or exercise our rights and is undertaken in accordance with the university’s Data Protection Policy.

Information about criminal convictions may come to our attention during Student Governance processes. We will only collect or use such information where it is appropriate given the nature of the complaint, concern, or issue being considered, and where we are legally permitted to do so.

Information relating to criminal convictions and offences may be used, where appropriate, for example:

  • when considering an applicant’s admission to a programme under the Applicant and Student Criminal Convictions Policy
  • when considering whether a student can continue on a programme of study under the Applicant and Student Criminal Convictions Policy
  • when considering a student’s Fitness to Practise on programmes regulated by professional bodies

LJMU’s Applicant and Student Criminal Convictions Policy is available on the Guidance Policy and Process webpage.

Who has access to this data

Your personal data will only be accessed by relevant LJMU staff where this is necessary for them to carry out their designated role. This may include:

  • staff within the Student Governance team
  • staff involved in responding to or investigating the matter, including Faculty and Professional Services staff, Investigating Officers, and Panel members
  • staff within the Student Life and Wellbeing team
  • Finance and Legal and Governance Services staff, where access is required for university business or to perform their roles

In some circumstances, personal data may also be shared with relevant third parties where appropriate and necessary for the handling of a case. This can include:

  • the police
  • the Disclosure and Barring Service
  • Social Services departments within local authorities
  • the Office of the Independent Adjudicator
  • third‑party software providers engaged by the university to provide services

If you use the university’s Report and Support service, your personal data will be processed by the university’s software provider, Culture Shift. Further information about how Culture Shift processes personal data is available on the Culture Shift website.

Student Governance will not discuss a student’s personal information with third parties who are not relevant to the case (for example parents, landlords, employers, or sponsors) without the student’s prior written consent.

Where more than one individual is named in a case, individuals will normally only be party to the matters of concern and outcomes that are directly specific to them.

Decisions made under the Student Complaints Procedure, Student Code of Behaviour, and Student Disciplinary Procedures - including the outcomes of investigations and any penalties or sanctions imposed - will not normally be disclosed to third parties.

However, in cases involving sexual misconduct or harassment, the university will give careful consideration to informing parties directly affected of decisions and outcomes that are relevant to them, where this is necessary to meet regulatory requirements, support fairness, or protect the safety and wellbeing of individuals.

In each sexual misconduct or harassment case, the parties considered to have a legitimate interest will be identified by the Student Governance Adviser managing the case. Any decision to disclose information will be made by the Head of Student Governance or their nominee.

In other cases, where the outcome of a case has a direct impact on the health, wellbeing, or safety of other students and/or staff, consideration may also be given to disclosure of decisions or outcomes without consent. Any decision to do so will be made by the Head of Student Governance or their nominee.

How the university protects your data

We are committed to keeping your personal data safe in line with data protection legislation and our information security and data protection policies.

Personal data processed by Student Governance is stored securely in appropriate electronic systems with access restricted to authorised staff.

Where personal data is held in paper form, it is stored securely within university offices or in secure off‑site storage provided by Iron Mountain.

How long the university keeps your data

All personal data relating to Student Governance cases is retained in accordance with LJMU’s Records Retention Schedule.

Case files and supporting documentation relating to issues considered under Student Governance procedures (including complaints, disciplinary matters, academic appeals, fitness to practise, and criminal convictions processes) are normally retained for six years after the case is closed.

At the end of the applicable retention period, information is securely destroyed or anonymised.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request - this could be in a portable electronic format
  • request that the university changes incorrect or incomplete data if you think that it is inaccurate or out of date
  • request that the university delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If you would like to exercise any of these rights, please contact the Data Protection Officer at DPO@ljmu.ac.uk.

If you do not provide data

Students and staff should also note that the removal of personal information relevant to the case may result in Student Governance not being able to continue to look into the matter, may limit the investigation and response or decisions will be made based on the information available.

If personal data that is relevant to a case is withheld or removed, this may limit the university’s ability to investigate the matter or reach a fully informed decision. In some circumstances, Student Governance may be unable to continue to consider a case, or decisions may have to be made based on the information that is available.

Transfers of data outside the UK

We normally keep your personal data within the UK. In some cases, however, we may need to transfer it to another country - for example, to deliver a contract with you or to work with a partner organisation such as a university based overseas.

Whenever this happens, we make sure your information stays protected. This could be through a UK “adequacy regulation” (which confirms that the other country’s data protection laws are up to UK standards) or by putting strong safeguards in place.

These safeguards might include:

  • model contractual clauses
  • formal data sharing or processing agreements
  • binding corporate rules

In short, even if your data travels abroad, it will continue to be treated with the same care and respect as it would under UK law.

Automated decision-making

We do not use computers to make decisions about you based solely on your personal data. Any decisions that affect you will always be made by a human, ensuring that you are treated fairly.

How to complain to the university

You have a right to complain to the university if you think it has not properly responded to your request for personal information or feel it has not handled your personal data responsibly.

If you are not satisfied with how your request for information or how your personal data has been handled, you should set out your complaint in writing to:

Maria Burquest
University Secretary and General Counsel
Legal and Governance Services
2nd Floor Exchange Station
Tithebarn Street
Liverpool
L2 2QP

or by email via DPO@ljmu.ac.uk.

How to complain to the Information Commissioner’s Office

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted using the following details:

  • Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
  • Telephone: 0303 123 1113.
  • Email: contact can be made by accessing the ICO website.