Student Advice and Wellbeing service privacy notice

Information you need to know

The Student Advice and Wellbeing service department is part of Liverpool John Moores University. See further information on the institution.

Liverpool John Moores University is the Data Controller.

Our Data Protection Officer can be contacted at

LJMU takes your privacy very seriously. This privacy notice explains how we use your personal information and your rights regarding that information. We will always use your data as set out in the principles of the General Data Protection Regulation (GDPR) and all current Data Protection Legislation. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations.

For information about how the wider University uses personal data please see the Privacy Notice section of our website.

What information are we collecting?

The type of personal information we collect and hold includes:

  • Name, address, phone number, email, date of birth, age
  • Family
  • Lifestyle
  • Social circumstances
  • Physical or mental health conditions (disability), mental health diagnosis /medical diagnosis
  • Personal circumstances medications.
  • Family history
  • Risk to self and others
  • Self-harm, alcohol and drug abuse
  • Finances
  • Possible safeguarding issues, including family members
  • Sexually transmitted disease
  • Life threating illness
  • Legal/criminal activities where applicable
  • Gender reassignment, pregnancy and maternity

Why are we collecting your data and what is the legal basis for this?

LJMU will collect personal data from you for several reasons, and will at all times do so in compliance with the principles of the GDPR, and for one of the legal basis set out in Articles 6 and 9 of the Regulation.

Student Advice will process your information under the following lawful basis.

  • Article 6(1)(b) Performance of a contract for example your student contract – on many occasions the University will process your data to enable it to meet its commitments to you.
  • Article 6(1)(e) Public task.
  • Article 6(1)(d) Protecting vital interest of yourself or others – sometimes the University needs to release.
  • Information to protect your interests or the interests of others, e.g. in a medical emergency.

Where we process your special categories’ data such as your medical information e.g. disability services related to learning and teaching we do so on the basis on your explicit consent under Article 9(2)(a) of the Regulation or were it is necessary for reasons of substantial public interest under Article 9(2)(g).

Who has access to this data?

Your personal data will be used only by relevant LJMU staff where the data is necessary for them to undertake their designated role.

Students cases may be discussed between individual staff members and their supervisors (usually within a line management system, but also external to the University in the case of Counselling and Mental wellbeing supervision). Counselling and Mental wellbeing supervision occurs with an appropriate independent professional clinical supervisor and professional guidelines are strictly adhered to (link to BACP and HPC).

Student cases will only be discussed within Student Advice and Wellbeing on a need to know basis and in the best interests of the student concerned. This discussion will centre on actions to be taken and possible allocation to the member of staff best placed to resolve issues.

Sharing Information outside the University

In some instances, it will be necessary to share information with an organisation outside the University. This will usually be with your consent, or where we have a legal obligation to do so, and could include services such as Student Finance England, the NHS, Landlords. On occasion where there is concern for the safety of an individual and/or others, action may be taken without consent. Staff within Student Advice and Wellbeing services will always be happy to explain the reasons behind this third party disclosure.

How does the University protect your data?

The University takes Data Protection very seriously and at all times your personal data will be handled in line with the University’s Information Security Policy.

Student cases are maintained using the University’s case management system and records are held electronically and on paper. There may be occasions when a mixture of storage methods are used. All cases are kept securely and in line with the General Data Protection Regulation 2018 (GDPR) and the Data Protection Act 1998 (DPA). All access to the case management system is password protected and different levels of staff security apply, and case notes are only accessed by appropriate SAW staff.

For how long does the University keep your data?

Your data is kept in line with our Records Retention Schedule.

All student cases and case notes will be stored for a period of six years after you leave the University. After this time, all information will be securely removed from the case management system and destroyed. If a student enrols at the University, leaves and returns, for instance, two years later, destruction of records will move to 6 years after the second period of study finishes.

Your rights

As a data subject, you have a number of rights. You can:

  • access and obtain a copy of your data on request, this could be in a portable electronic format
  • require the University to change incorrect or incomplete data if you think that it is inaccurate or out of date
  • require the University to delete or stop processing your data, for example where the data is no longer necessary or legally required for the purposes of processing

If your personal data has been provided by consent, you have a right to withdraw that consent at any time.

If you would like to exercise any of these rights, please contact the Data Protection Officer

What if you do not provide data?

If you do not provide all necessary information to us, we may not be able to offer certain services to you.

Transfers of data outside the UK

Generally, we do not send your personal data outside the UK. However, in some specific cases we may transfer the personal data we collect to countries outside the UK in order to perform our contract with you/or a contract with another organisation that requires your personal data i.e. a collaboration agreement with a University based outside of the UK. Where we do this, we will ensure that your personal information is protected by way of an ‘adequacy regulation’ with the UK or by putting alternative appropriate measures in place to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the UK laws on data protection, for example model contractual clauses, data sharing/data processing agreement and binding corporate rules (where applicable).

Automated decision making

We will not make any decisions about you automatically using a computer, based on your personal data. All decisions affecting you will be taken by a human.

How to complain to the Information Commissioner’s Office?

You have the right to complain to The Information Commissioner if you believe that our processing of your personal data does not meet our data protection obligations. The Information Commissioner can be contacted:

Post: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK95AF.
Telephone: 0303 123 1113.
Email: contact can be made by accessing