My Uni House's

Privacy Policy.

Last updated on 15/04/2023.

1. Introduction

This privacy policy describes the information that we obtain about you and how we process that information to support the My Uni House website ("the website") and other products and services offered by My Uni House, including the Abode Community ("the Abode"). This policy and applies to all users and vistors to our website. We recommend that you carefully read this policy. If you have any questions, or want to know exactly what data we keep of you, please contact our Data Protection Officer. You can find additional tools and information on the management of your privacy data in your Account Settings.

In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy policy;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

2. The Personal Information We Collect From You

My Uni House collects personal data from our users and site visitors. This may include personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies. The specific type of personal data that My Uni House collects, the reason for the collection of that information and the period of time that we keep that data is listed in the purpose, data and retention period section below. The legal basis for why we collect your personal information can also be seen below.

The Abode (Abode Community) at My Uni House is the social community and engagement platofurm here at My Uni House. Abode is powered by BuddyPress and rely heavily on user-provided data. In this section, you should note what data you collect, from both registered users and anonymous visitors.

By default WordPress does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. However some of our plugins may collect personal data. You should add the relevant information below.

3. How We Recieve Your personal Data

We receive these personal infromation from you either voluntarily through you comlpeteting a form or some other means of gathering information through your consent we will ask you to. Iwhy you collect it. These explanations must note either the legal basis for your data collection and retention or the active consent the user has given.

Personal data is not just created by a user’s interactions with your site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third-party embeds.

4. Who We Share Your Data With

In this section, you should name and list all third-party providers with whom you share site data, including partners, cloud-based services, payment processors, and third party service providers, and note what data you share with them and why. Link to their own privacy policies if possible. By default WordPress does not share any personal data with anyone.

5. Where We Send Your Data

All transfers of site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services. European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third-party providers, whether that is through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporate rules

6. Purpose, Data and Retention Period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

6.1 Registering an account

See Details
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.2 Profile data

See Details
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. In this section you should note what information is collected on user profiles. The suggested text gives an overview of the kinds of profile data collected by BuddyPress. Suggested text: When you register for the site, you may be asked to provide certain personal data for display on your profile. The "Name" field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator. User information provided during account registration can be modified or removed on the Profile > Edit panel. In most cases, users also have control over who is able to view a particular piece of profile content, limiting visibility on a field-by-field basis to friends, logged-in users, or administrators only. Site administrators can read and edit all profile data for all users.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.3 Profile Activity

See Details
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. In this section you should note what information is collected on user profiles. The suggested text gives an overview of the kinds of profile data collected by BuddyPress. Suggested text: When you register for the site, you may be asked to provide certain personal data for display on your profile. The "Name" field is required as well as public, and user profiles are visible to any site visitor. Other profile information may be required or optional, as configured by the site administrator. User information provided during account registration can be modified or removed on the Profile > Edit panel. In most cases, users also have control over who is able to view a particular piece of profile content, limiting visibility on a field-by-field basis to friends, logged-in users, or administrators only. Site administrators can read and edit all profile data for all users. In this section you should describe the kinds of information collected in the activity stream, how and whether it can be edited or deleted, and to whom the activity is visible. Suggested text: This site records certain user actions, in the form of "activity" data. Activity includes updates and comments posted directly to activity streams, as well as descriptions of other actions performed while using the site, such as new friendships, newly joined groups, and profile updates. The content of activity items obey the same privacy rules as the contexts in which the activity items are created. For example, activity updates created in a user's profile is publicly visible, while activity items generated in a private group are visible only to members of that group. Site administrators can view all activity items, regardless of context. Activity items may be deleted at any time by users who created them. Site administrators can edit all activity items.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.4 Uploading Media

See Details
Users that can upload media files, all uploaded files are usually publicly accessible locally on the website or accessible through a secure cloud system which is only accessible by the site administrator and the cloud hosting platform. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.5 Contact Forms

See Details
My Uni House uses a contact form plugin, use this subsection to note what personal data is captured when someone submits a contact form, and how long you keep it. For example, you may note that you keep contact form submissions for a certain period for customer service purposes, but you do not use the information submitted through them for marketing purposes.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated, for customer service purposes. For example, you may want to say that you keep contact form entries for six months, analytics records for a year, and customer purchase records for ten years.

6.6 Messages

See Details
In this section you should describe any personal data related to private messages. Suggested text: The content of private messages is visible only to the sender and the recipients of the message. With the exception of site administrators, who can read all private messages, private message content is never visible to other users or site visitors. Site administrators may delete the content of any message.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.7 Leaving a comment

See Details
When users submit comments on the website, by default WordPress collects the data shown in the comments form, and also the user’s IP address and browser user agent string to help with spam detection through our security plugin. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Visitor comments will be checked through an automated spam detection service, through our security plugin.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data

The basis on which we may process these data is:
Consent obtained

Retention period
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

6.8 Using the chat rooms

See Details
When users participate in the community chat rooms personal data is collected and retained in log files. The data collected may include your IP address and browser user agent string to help with spam detection through our security plugin.

For this purpose we use the following data:

  • Name
  • Username and other account specific data

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
When you write a message in the chat rooms the message and its metadata are retained indefinitely in the chatroom logs. This is so we can monitor chat room messages.

6.9 Writing a post

See Details

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.10 Embedded content from other websites

See Details
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Birth date
  • Username and other account specific data
  • Other:

Education Status

The basis on which we may process these data is:
Consent obtained

Retention period
We retain this data until the service is terminated.

6.11 Compiling and analyzing statistics for website improvement

See Details
My Uni House compiles analytics about its website, users and interactions with the website. We use two different analytics packages. Users can opt out of analytics tracking by toggling the cookie settings.

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Financial data
  • Username and other account specific data
  • Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period
We retain this data until the service is terminated.

6.12 Newsletters

See Details

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Username and other account specific data
  • Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period
We retain this data until the service is terminated.

6.13 To be able to offer personalised products and servicestle

See Details

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Financial data
  • Username and other account specific data
  • Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period
We retain this data until the service is terminated.

6.14 Payments

See Details

For this purpose we use the following data:

  • Name, Address and City
  • Email address
  • Financial data
  • Username and other account specific data
  • Visitor behavior

The basis on which we may process these data is:

Consent obtained

Retention period
We retain this data until the service is terminated.

7. Data Protection Officer

Controller

My Uni House Ltd is the data controller that is responsible for your personal data.

We have appointed a data protection officer ("DPO") who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

8. Contact Details

If you have privacy-specific concerns, you can contact our DPO with the details below:

Company Name: My Uni House Ltd
Data protection officer: Andrea Smikle
Email address: data.protection@myunihouse.co.uk
Website URL: myunihouse.co.uk

9. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

10. Cookies

Our website uses cookies. We use a cookie to show success and failure messages to logged-in users, in response to certain actions, like joining a group. These cookies contain no personal data, and are deleted immediately after the next page load. We use cookies on group, member, and activity directories to keep track of a user’s browsing preferences. These preferences include the last-selected values of the sort and filter dropdowns, as well as pagination information. These cookies contain no personal data, and are deleted after 24 hours. When a logged-in user creates a new group, we use a number of cookies to keep track of the group creation process. These cookies contain no personal data, and are deleted either upon the successful creation of the group or after 24 hours.

For more information about cookies, please refer to our Cookie Policy.

11. Third-party Websites

This privacy policy does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notice of every website you visit.

12. Changes to This Privacy Policy

We reserve the right to make changes to this privacy policy. It is recommended that you consult this privacy policy regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

13. Accessing and Modifying Your Data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

14. What Rights You Have Over Your Data

In this section, you should explain what rights your users have over their data and how they can invoke those rights. If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

15. Submitting a Complaint

If you are not satisfied with the way in which we handle the processing of your personal data, you have the right to submit a complaint to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk):
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

16. Children

Our website is available for all visitors to browse. Howeer, our website is not intended to collect personal data from children under the age of consent. Therefore, we request that children under the age of 18 do not submit any personal data to us.

17. How We Protect Your Data

In this section you should explain what measures you have taken to protect your users’ data. This could include technical measures such as encryption; security measures such as two-factor authentication; and measures such as staff training in data protection. If you have carried out a Privacy Impact Assessment, you can mention it here too.

  • Aliquam tincidunt cons ectetuer mauris eu risus
  • Vestibulum auctor dapibus con sectet uer neque
  • Suspendisse a pellentesque dui, non felis