Trinity College Dublin uses personal data relating to students for a variety of purposes. We are careful to comply with our obligations under data protection laws and we have prepared this short guide to ensure you understand how we obtain, use and disclose student data in the course of performing University functions and services. The guidance note is intended to supplement the University's Data Protection Policy.
Who controls your data?
The University is the data controller in relation to the student data you give us. Relevant student information may also be provided to the University's alumni and development office which is operated as a separate legal entity called Trinity Foundation (unless you have indicated a preference in your student registration form for your data not to be shared). Trinity Foundation is responsible for connecting students and alumni with each other and the University. Students may also provide data to student societies, the students' union or other entities who act independently for the University, however the University has no responsibility for how those independent bodies use your data.
What data do we hold?
In the course of performing University functions and associated student services, the University processes lots of data about students. Common examples include names, addresses, student numbers, photographs, mobile telephone numbers, dates of birth, etc. In some cases, the University may also receive sensitive personal data about students, such as health or welfare data. For example, the Trinity Health Service, Counselling Service or Disability Service may receive health or conviction data in the course of performing their functions.
What do we do with your data?
The University processes and discloses your data within various departments/units of the University for the purpose of performing University functions and providing associated facilities and services. For example, we compile and retain the student registration data you give us and we maintain an ongoing record of course selection data, examinations data, attendance data, awards and credits etc.
We will not normally use your data for any unrelated purpose without your consent. However, in exceptional cases permitted by data protection laws, we may process and disclose data without consent or notice to you, for example if it is required to investigate offenses, to present injury or damage or to comply with a legal obligation.
Do We Transfer your Data to Third Parties?
Student data is normally retained by the University but in some cases we may appoint third parties to process data on our behalf, in which case we will comply with our legal obligations to contractually protect the data. We may also disclose student data where it is required in the normal course of performing the University’s functions and services. For example, we may be required to provide student data to grant bodies or government departments in connection with funding decisions.
As the University considers students, even if they are not yet 18, to have the maturity to give consent for the use of their data, in normal circumstances, the University will not disclose personal data to the parents, guardians or other representatives of a student without the student’s consent. The University’s preference is to receive written consent by way of email from the student where possible. Without such consent the University will not release any details regarding students including details of their registration, attendance, fee payments etc. However, there may be exceptional circumstances, for example, in the case of potential danger to the health or well-being of a student or if a representative such as a solicitor or politician has written to the University making it clear that they are acting on behalf of the student.
The University will not engage in direct marketing activities without the appropriate level of consent required by law.
Accessing your Data
You have a legal right to access your personal data subject to payment of the statutory fee and certain exceptions which are set out at law. To ensure a coordinated and appropriate response to data access requests, all such requests should be directed to the University’s Information Compliance Officer, they should clearly and distinctly identify the specific personal data being requested and they should be accompanied by the statutory fee (currently €6.35).
The right for students to access their scripts and discuss their performance is outlined in s. 51 of the General Regulations and Information Section of the Trinity Calendar (page H11). Students wishing to access their scripts must do so in accordance with these regulations, and should therefore in the first instance contact the relevant Director of Undergraduate Teaching and Learning or Course Coordinator.
The University will comply with Irish data protection laws as they may be amended from time to time. This is the case regardless of the nationality of the students concerned.
The University has appointed an Information Compliance Officer who will assist the University and its staff in complying with the data protection legislation. Specific queries or concerns should be addressed to Information.Compliance@tcd.ie.