Stakeholders and Fundraising

Privacy notice - Stakeholders

The University of Derby’s stakeholders are kept up to date on relevant information regarding the University’s activities and progress, and to develop and maintain relationships, and retain levels of engagement.

The data we hold

The majority of the information we hold is obtained directly from you; and if you interact with any other departments or schools within the University, we may receive data from these areas.

The personal data stored and processed by the University of Derby may include:

• your name, title, gender and date of birth
• your contact details, including postal address, email address, phone numbers and links to social media accounts
• your professional activities, membership, businesses you were a Director of and/or employment and any associated media articles
• current interests and activities, which may include extracts from any related media stories
• family and spouse/partner details and your relationships to other stakeholders, alumni, supporters and relevant contacts
• records of pledges, donations you have made to the University and associated Gift Aid status, where applicable;
• publicly available information about your wealth, including net worth
• records of all communications and marketing activities we have sent you and any responses from you
• your posts and messages on social media directed to any University of Derby account
• information on your engagement in University meetings, events, groups, resources, facilities or networks
• volunteering by you for, and/or on behalf of, the University
• information about your time at the University and other academic institutions you have attended
• any other personal information you provide to us during communication with us may be stored in the form of notes for reference purposes.  This may include sensitive personal data, but only where you provide this to us directly or is already publicly available

How we will use your information

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. In the case of engaging with stakeholders, our basis for the use of personal information is legitimate interest. A legitimate interest is when we have a business reason to use personal information. But even then, it must not unfairly go against what is right and best for you.

Unless you have requested otherwise, your data will be used and processed for a full range of stakeholder engagement activities and programmes involving both academic and administrative departments at the University.

These include the following communications and marketing activity, which may be sent by mail, email and telephone.

• sending of University publications
• notification of relevant events
• fundraising appeals
• prospect research/wealth screen

Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an email sent from us is opened and/or how many links are clicked within the message – the data from such tracking is used in an anonymised and aggregated form.

As part of this, we may analyse the personal information we collect to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information. This allows us to target our resources as effectively as possible which our stakeholders tell us is important for them.

We do not currently make automated decisions about you.

The processing of the University of Derby's stakeholder data appropriate to 'legitimate interest', will be completed by a third party and then accessible to the University of Derby. This third party has been assessed and approved via our Data Protection Impact Assessment process.

Our prospect research and wealth screening activities are:

• creating the best experience for our alumni and supporters
• ensuring our communications are relevant and timely – and sent to the correct audience
• engaging a constituent with the correct staff at an event or meeting – helping our staff to prepare and make the event more enjoyable for those attending
• creating connections with notable alumni or other distinguished constituents who could go on to, for example: volunteer, feature in a University publication or support the University as an expert consultant
• allowing us to make an appropriate first communication with the correct level of fundraising staff

Adhere to guidelines and follow good practice:

• completing due diligence to ensure we do not develop a relationship with a constituent, or receive a gift from, an untrustworthy or unethical source
• continuing to find new potential donors to grow our fundraising pipeline, acknowledging the Charity Commission CC20 Guidance – the Guidance states we are responsible for ensuring that fundraising targets are realistic and money raised is used effectively. Without knowledge on our potential donor base, we would not be able to do this
• adhering to guidance provided by:
  • Fundraising Regulator
  • ICO - Fundraising and Regulatory Compliance 
• adhering to the Fundraising Regulator’s Code of Fundraising Practice – the code states people should not put undue pressure on a person to donate or at a higher level than they could. We cannot ensure this if we do not know the level a constituent could potentially donate
• The processing of your data is therefore necessary in order to allow us achieve these goals. However, we always ensure that we balance these objectives against your rights and freedoms as an individual, by reviewing our activities regularly for compliance with our ethical and legal obligations

Retention of information

We consider our relationships with our stakeholders to be lifelong and we will hold your details until you tell us you no longer wish to hear from us. If we communicate with you because of your professional, civic or elected position we will hold your details for 5 years past your official position coming to an end.

We will always try to ensure that the information we hold about you is up-to-date, reasonable and not excessive.

In the event that a stakeholder no longer wishes to hear from us their data will be securely destroyed.

You will always have the right to:

• be informed as to how we use your data (via this privacy notice)
• access or request a copy of the data we hold about you
• update the data we hold about you
• change your communication preferences at any time to restrict how we process your data or opt out of some or all communication from our department
• ask us to remove your data from our records
• withdraw consent, where it is used as a legal basis for processing
• object to or restrict the processing of your information for any of the purposes outlined above

Privacy notice - Fundraising

The University of Derby’s prospective supporters, donors and past donors are kept up to date of relevant information regarding the University’s activities and progress, and to develop and maintain relationships, and retain levels of engagement. We work to secure philanthropic support (financial and in-kind) for the university’s students, teaching, research and capital projects.

This policy sets out how the University of Derby uses your personal data for its charitable purposes and is provided in addition to the University’s policies.

The data we hold

The majority of the information we hold is obtained directly from you; and if you interact with any other departments or schools within the University, we may receive data from these areas.

The personal data stored and processed by the University of Derby may include:

• your name, title, gender and date of birth
• your contact details, including postal address, email address, phone numbers and links to social media accounts
• your professional activities, membership, businesses you were a Director of and/or employment and any associated media articles
• current interests and activities, which may include extracts from any related media stories
• family and spouse/partner details and your relationships to other stakeholders, alumni, supporters and relevant contacts
• records of pledges, donations you have made to the University and associated Gift Aid status, where applicable
• publicly available information about your wealth, including net worth
• records of all communications and marketing activities we have sent you and any responses from you
• your posts and messages on social media directed to any University of Derby account
• information on your engagement in University meetings, events, groups, resources, facilities or networks
• volunteering by you for, and/or on behalf of, the University
• information about your time at the University and other academic institutions you have attended
• Any other personal information you provide to us during communication with us may be stored in the form of notes for reference purposes. This may include sensitive personal data, but only where you provide this to us directly or is already publicly available

How we will use your information

Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. In the case of engaging with prospective, current and past donors and supporters, our basis for the use of personal information is legitimate interest. A legitimate interest is when we have a business reason to use personal information. But even then, it must not unfairly go against what is right and best for you.

Unless you have requested otherwise, your data will be used and processed for a full range of supporter and donor engagement activities and programmes involving both academic and administrative departments at the University.

These include the following communications and marketing activity, which may be sent by mail, email and telephone.

• sending of University publications
• notification of relevant events
• fundraising appeals
• prospect research / wealth screen

Fundraising is a key part of University of Derby activities and we are committed to working in a transparent, ethical, responsible and honest way. To reflect this commitment, we are a member of the Fundraising Regulator, adhere to the Regulator’s Code of Practice and we will also always abide by our institutional obligations as an exempt charity.

Our prospect research and wealth screening activities are:

• creating the best experience for our alumni and supporters:
• ensuring our communications are relevant and timely – and sent to the correct audience;
• engaging a constituent with the correct staff at an event or meeting – helping our staff to prepare and make the event more enjoyable for those attending;
• creating connections with notable alumni or other distinguished constituents who could go on to, for example: volunteer, feature in a University publication or support the University as an expert consultant;
• allowing us to make an appropriate first communication with the correct level of fundraising staff.

Assisting effective fundraising for the University:

• Developing our fundraising programme in a sustainable and ethical way – based on information gained through this work
• Providing efficient and effective fundraising, meaning more donations go specifically to the causes we are raising money for, and not on administrative costs. This allows us to improve the future financial stability of the University and improve the future experience for our students
• Supporting automated data analytics exercises to help make strategic decisions – this is only ever used for internal decision making e.g. propensity to give scores

Adhere to guidelines and follow good practice:

• completing due diligence to ensure we do not develop a relationship with a constituent, or receive a gift from, an untrustworthy or unethical source
• continuing to find new potential donors to grow our fundraising pipeline, acknowledging the Charity Commission CC20 Guidance – the Guidance states we are responsible for ensuring that fundraising targets are realistic and money raised is used effectively. Without knowledge on our potential donor base, we would not be able to do this
• adhering to guidance provided by
  • Fundraising Regulator
  • ICO
• adhering to the Fundraising Regulator’s Code of Fundraising Practice – the code states people should not put undue pressure on a person to donate or at a higher level than they could. We cannot ensure this if we do not know the level a constituent could potentially donate 
• the processing of your data is therefore necessary in order to allow us to achieve these goals. However, we always ensure that we balance these objectives against your rights and freedoms as an individual, by reviewing our activities regularly for compliance with our ethical and legal obligations.

The University does not collect and store any bank or credit/debit card details within our database.

The University of Derby is a PCI DSS compliant organisation which means we adhere to high security standards in order to protect your payment card details when you provide us with this information. Bank details used for processing Direct Debits are stored by a trusted third-party, under the Direct Debit Guarantee scheme. Also, please note that we do our best to keep information secure, including the use of SSL technology (secure server software) wherever personal data is collected online.

Tools may be used to monitor the effectiveness of our communications with you, including email tracking, which records when an email sent from us is opened and/or how many links are clicked within the message – the data from such tracking is used in an anonymised and aggregated form.

As part of this, we may analyse the personal information we collect to create a profile of your interests and preferences so that we can contact you in the most appropriate way and with the most relevant information. This allows us to target our resources as effectively as possible which our stakeholders tell us is important for them.

We do not currently take automated decisions about you.

The processing of the University of Derby’s stakeholder data appropriate to 'legitimate interest'. will be completed by a third party and then accessible to the University of Derby. This third party has been assessed and approved via our Data Protection Impact Assessment process.

Retention of information

We consider our relationships with our stakeholders to be lifelong and we will hold your details until you tell us you no longer wish to hear from us. If we communicate with you because of your professional, civic or elected position we will hold your details for 5 years past your official position coming to an end.

We will always try to ensure that the information we hold about you is up-to-date, reasonable and not excessive.

In the event that a stakeholder no longer wishes to hear from us their data will be securely destroyed.

You will always have the right to:

• be informed as to how we use your data (via this Privacy Notice);
• access or request a copy of the data we hold about you;
• update the data we hold about you;
• change your communication preferences at any time to restrict how we process your data, or opt out of some or all communication from our department;
• ask us to remove your data from our records;
• withdraw consent, where it is used as a legal basis for processing;
• object to or restrict the processing of your information for any of the purposes outlined above.

If you have any questions regarding the above privacy notices, please contact us at:

Development and Alumni Relations Office (DARO)
University of Derby
Kedleston Road
Derby
Email: development@derby.ac.uk
Tel: 01332 591368

Data Controller

The Data Controller is the University of Derby, Kedleston Road, Derby. If you would like information about how the university uses your personal data please email us at gdpr@derby.ac.uk

Data Protection Officer

The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. 

Contact our Data Protection Officer at dpo@derby.ac.uk

Find out more about how we handle your information