Skip to main content

The Highlands and Islands Students’ Association (HISA) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe. This Statement explains how we will collect and use your personal data. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect with it. 

How we collect information

Each year that you enrol on a course at the University of the Highlands and Islands (UHI), or at one of its Academic Partners, you automatically become a member of the Highlands and Islands Students’ Association. When that happens, UHI shares some limited personal data with us, including your student number and email address. 

What data we hold about you

If you are one of our members, the University - in response to their obligations to you - provide us with a set of key information. This generally includes your student number and email address, however if you are a Class Representative, or are involved in Clubs & Societies, then we may hold further information, such as the institution you study at, or the Clubs & Societies that you are a member of.

When you use our services or participate in one of our activities we will use this information to provide the best possible standards of administration and communication. In addition when you attend one of our events, join a student club or society, or use one of our services we may ask for additional information such as:

  • Your date of birth to ensure compliance with safeguarding and age-related laws

  • Information relating to your health if you are taking part in a high risk activity

  • Any disabilities so that we can provide assistance where needed

  • Your bank details to facilitate payments

  • Personal and academic issues you identify to us

We will not hold any personal data for more than 12 months after the end of your final academic year.

 

Why we collect your information and the legal basis for processing

When you enrol on a course at UHI, you are asked questions about whether you consent to your personal information being used in various ways, one of the questions you are asked is whether you want to receive marketing information from HISA. This gives HISA the chance to highlight events and opportunities that we think you might find interesting – we will always strive to send relevant information to you about the products and services we offer, what we’re doing to represent you and opportunities that might be of interest to you.

Much of what we do at HISA is covered by Legitimate Interest, and we carefully balance your rights when we think there is a legitimate interest in us processing data to support you. We will mainly use your data to:

  • Provide you with the services, products or information you asked for

  • Administer your membership and our services

  • Keep a record of your relationship with us

  • Ensure we know how you prefer to be contacted

  • Understand how we can improve our services, products or information

Some of the essential running of the Students’ Association is covered by Legal Obligation. We are obliged by various laws, including the Education Act, to process certain data. This is why you may still occasionally receive information about essential services from HISA, such as elections, even if you have opted-out of marketing.

 

How we keep your data safe

All data is kept in a secure location. How UHI and HISA store and use this information is strictly controlled by law. To find out more about how UHI keep this information, you can read about data collection on the UHI website: https://www.uhi.ac.uk/en/students/support/student-records/why-we-collect-data-about-you/  

 

Will HISA pass on my information?

HISA won’t ever share your personal data with external organisations or third parties, without your express permission.

 

Your right to know what data we hold about you, making changes or asking us to stop using your data

We are the data controller for personal data that we process about you, registered with the Information Commissioner’s Office (ICO): https://ico.org.uk/ 

We will only hold your data for a maximum of a year after you cease to study at UHI. If you would like to make changes to your personal details, please contact hisa@uhi.ac.uk for further information.

If you want to opt-out of all communications and data processing you will be required to surrender your membership to the Students’ Association, which will limit your access to activities and services. Any student who wishes not to be a member of the Students’ Association must inform the Students’ Association in writing, this can be done via email hisa@uhi.ac.uk

More information

If you have any questions, please send them to hisa@uhi.ac.uk 

 

Cookies

The website, powered by the MSL system includes four cookies:

ASP.NET_SessionID Stores a temporary unique identifier for your session – no other information is stored. This cookie is removed when you close your browser. Expires on exit of browser
ASPXAUTH When you are logged in, this cookie stores a value that identifies you to your site. This value is encrypted and can only be read by the server. If you use the Remember Me function this cookie remains on your computer for 3 months, otherwise it is removed when you log out of the site. Expires on exit of browser or 3 months (optional)
AntiXsrfToken

Implements a preventative mechanism against Cross-Site Request Forgery attacks (see https://en.wikipedia.org/wiki/Cross-site_request_forgery for further details)

Expires on exit of browser
NREUM

Used by New Relic (performance monitoring) as a workaround for browsers that do not support the Navigation Timing API.

Expires on exit of browser

 

We also use Google Analytics to measure the performance of our website. These cookies and their details can be found below.

_utma Used by Google Analytics to capture and determine unique visitors and the frequency of views. __utma is written to the browser on your first visit to a site (from the browser being used). 2-year expiry
_utmb Used by Google Analytics to establish and continue your session on the site. Each time you visit a page it is updated to expire in 30 minutes. It expires if you spend more than 30 minutes on a single page. 30-minute expiry
_utmc Previously used by Google Analytics javascript to define a session status. 6-month expiry
_utmz Used by Google Analytics to store the type of referral used to reach the site; e.g. direct, link, web search, etc. Expires on exit of browser

 

Powered by MSL