KMMS Privacy Notices - Kent and Medway Medical School
  1. Kent and Medway Medical School
  2. KMMS Privacy Notices

KMMS Privacy Notices

This privacy notice explains how KMMS collects, stores and uses your data to provide you with a wide range of services

KMMS stands for Kent and Medway Medical School – we are a collaboration between Canterbury Christ Church University and the University of Kent. KMMS is also working in partnership with Brighton and Sussex Medical School for support and quality assurance purposes. Because of the nature of these collaborations KMMS sometimes use existing policies and procedures from each university. Where this is the case, we provide a link to the policy below.

As soon as you contact us, including through UCAS, we create a record in your name. We begin to collect other personal information about you such as your contact information (telephone numbers, emails and addresses) and your personal characteristic, including age, gender, ethnicity, health and disabilities.

During your time studying with us, we add information to your record about your study and your contact with us.  We collect information about your participation in learning and assessment activities, attendance and engagement, and your use of our virtual learning environment.

We collect and process a broad range of your personal data to deliver our services and support you. We use this personal data to manage our operations effectively, and to meet our legal requirements.

We have a commitment to the data protection principles of good practice for handling information. We hold personal information securely. We will only transfer data within the University on a ‘need-to-know’ basis. We do this to provide educational, support and other services to you.

We use your data to improve the wider student experience, and the quality of teaching and learning. We may contact you to carry out research to do with the student experience. We may use an external agency to do the research on our behalf.

We use your equal opportunities data (which is called special category data) you provide to us for monitoring purposes. We use this data to ensure we take account of the views of and have representation from students with specific protected characteristics. We may provide specific support to student groups with shared characteristics. We may use this data to identify if you need support and to provide you with relevant opportunities. We use information about any disabilities and special requirements you tell us about. This is to make reasonable adjustments and other provisions for your study.

We sometimes use external service providers to carry out activities for us, for instance to arrange events and carry out surveys. If so, they may process your personal information. They do this processing under contract with us. These contracts contain confidentiality obligations.

We share some information with Canterbury Christ Church Students’ Union (CCSU) and Kent Union. This is because you automatically become a member when you register to study with us. You can ask us not to share this information.

Information is also routinely shared between KMMS and the providers of clinical placements to support allocation processes, teaching and learning, assessment and quality assurance.

We share data with organisations where we have legal or regulatory requirements, for example we share limited information about Fitness to Practise outcomes with the General Medicine Council (GMC) and Medical Schools Council (MSC). We also share your data with the Higher Education Statistics Agency (HESA) and with Health Education England (HEE). We also share your data to invite you to participate in surveys commissioned by the Office for Students (OfS), which contractors may carry out on its behalf.

We share data, including demographic information, with the GMC to enable provisional registration ahead of you applying for your Foundation Programme.

We only keep data for as long as is necessary. We keep academic transcript data for ever. This is so we can provide references and verify your study with us. You can read about how long we keep your information in the KMMS Data Retention Schedule.

We rely on the following lawful basis as allowed by the UK GDPR for processing your personal data as this is necessary for:

  • the performance of a task carried out in the public interest or in the exercise of official authority –Article 6(1)(e)
  • our contract with you – Article 6(1)(b)
  • a legal obligation – Article 6(1)(c)
  • to protect your vital interests or those of another person – Article 6 (1)(d)
  • the purpose of our legitimate interests or those of a third party Article 6(1)(f) (unless those interests are overridden by your interests, rights or freedoms)

Our legitimate interests are ensuring the security of our IT systems and infrastructure, ensuring the security of our buildings and the protection of staff, students and visitors as set out in our CCTV Policy.

  • you have given your consent for one or more specific purposes- Article 6(1)(a)

As we also use your special category data, we must identify a further basis for processing that data. The processing is necessary for:

  • to protect your vital interests or those of another where you are physically or legally incapable of giving consent – Article 9(2)(c)
  • you have manifestly made the data public – Article 9(2)(e)
  • the university  to establish, exercise or defend legal claims (or where courts are acting in their judicial capacity) – Article 9(2)(f)
  • reasons of substantial public interest (as defined within the Data Protection Act 2018)– Article 9(2)(g).

Our substantial public interest reason(s) are:

  • statutory purposes
  • equality of opportunity or treatment monitoring
  • prevention or detection of crime
  • safeguarding
  • fraud purposes
  • archiving in the public interest, scientific or historical research purposes or statistical purposes with a basis in law – Article 9(2)(j) Where we do so, we will ensure that we comply with Article 89(1) UK GDPR and section 19 DPA 18 to ensure that the data is pseudonymised (or anonymised if possible)
  • Where we need to share your sensitive data with others and none of the legal bases above apply, we will seek your consent before doing so – Article 9(2)(a).

We have a Special Category and Criminal Offence Data Appropriate Policy document in place throughout the time that we use your data and for 6 months after we cease to use it.

KMMS is a partnership between two data controllers – Canterbury Christ Church University and the University of Kent.

Contact details of both controllers and DPOs:

Canterbury Christ Church University
Robert Melville
North Holmes Road
Canterbury
CT1 1QU

E-mail: dp.officer@canterbury.ac.uk
Telephone: 01227 767700

University of Kent
Laura Pullin
Registry
University of Kent
Canterbury
Kent CT2 7NZ

Email: datapro@kent.ac.uk

The University of Kent will act as the main point of contact for all queries or requests. For more information please visit the University of Kent Information Compliance Office.

During your programme your personal data will be handled by services located at both Canterbury Christ Church University and the University of Kent. The following list provides details of services processing your personal data and links to their privacy notices.