Privacy Policy

VITA STUDENT
PRIVACY POLICY

Please follow the link below to read the full Vita Student privacy notice, explaining how we use and protect your personal data and how to exercise your rights.

This applies to anyone who provides their personal data to Vita Student, for example by joining a mailing list, making an accommodation enquiry, living at any Vita Student residence, using our App, registering for an event, or entering a competition.

  1. View Vita privacy policy
    more

    At Vita Student Management Ltd we take privacy seriously and we are committed to protecting it.

    This policy explains when and why we and companies in our Group (which here means our subsidiaries, our ultimate holding company and its subsidiaries from time to time, as defined in section 1159 of the UK Companies Act 2006, and may also include other companies which are closely associated through our management control but may not be a group company) collect personal information about individuals who are customers, prospective future customers, previous customers, users of our website, social media channels and the Vita Student app and other individuals who may be connected to them, how this information is used, the conditions under which it may be disclosed to others and broadly how it is kept secure.

    This policy may change from time to time so please check this page periodically to ensure that you’re aware of any changes.

    This policy was last updated in December 2022.

    Who we are (data controller)

    Vita Student Management Limited (company registered number 08540975) and contact data included in the section “contact us” below, referred to throughout this document as “Vita Student” is the data controller in relation to the processing activities described below. This means that Vita Student decides why and how your personal information is processed.

    This policy also covers certain other group companies or closely associated companies under the same management control, which are listed at Schedule 1 to this policy. Whenever dealing with one of these other companies, Vita Student will be the ‘controller’ of your personal information. Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to Vita Student or the particular Vita Group company that is the controller of your personal information. A “controller” is an organisation that decides why and how your personal information is processed.

    We provide student accommodation services at certain buildings as a processor on behalf of the owner of those buildings (“Relevant Buildings”). The Relevant Buildings owner and controller in respect of processing of your personal data for the purposes of providing student accommodation services for the Relevant Buildings and their full privacy policy explaining how they process your personal data, and other important information such as who to contact to exercise your rights, can be found at the bottom of this page.

    How we collect your information

    We collect personal information from you in the following ways:

    Personal information you give to us:

    This is information about you that you give to us by, for example:

    • Visiting our Website (www.vitastudent.com)
    • Using our Web or mobile applications (including online chat)
    • Viewing or following our channels on any social media platforms
    • Posting your own content on any social media platforms and tagging our account
    • Corresponding with us by phone, email, direct message via social media, or otherwise
    • Attending one of our organised or sponsored events
    • Making an expression of interest at a campus fayre or accommodation event run by your university or college

    and is provided by you voluntarily. This includes information provided at the time of registering to use our site, expressing an interest in making a booking, subscribing to the services we provide through our websites and other channels, requesting further information, material or associated services, managing your personal details (including accessing documentation and engaging in correspondence with us by phone, email or otherwise). If you complete any surveys that we request you complete for research purposes, we will collect information in such circumstances as well. The information you give us will typically include your name, address, email address and phone number(s), age and date of birth, your specific enquiry details, details of your course of study, and may include records of any correspondence and responses to marketing campaigns.

    Personal information we collect about you:

    We may collect the following information, either by request or automatically: your contact details, geographic and demographic information, preferences and interests and other information you provide through, amongst other things, your attendance at events, responses given in surveys, and visits to our Website and app, including, data about the information and resources you access. We may also automatically collect technical information, including anonymous data collected by the hosting server, the Internet Protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Please see our Cookies Policy for further information. We may also collect any personal information which you allow to be shared that is part of your public profile(s) on third party social networks, including but not limited to time zone setting, browser plug-in types and versions, operating system and platform, and your preferences, interests and other behaviours.

    Personal information we may receive from other sources:

    We may also obtain certain personal information about you from sources outside of our business which may include both our Group companies (where you have previously provided details to them) or other third party companies where you have previously provided your consent to personal information being shared, in accordance with those third parties’ own privacy policies. The personal information we receive from third party sources is typically your contact details, certain demographic information, and may also include details about information you have previously requested and/or preferences you have previously expressed concerning specific areas of interest.

    Types of personal information we process about you

    We may process a range of personal information about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the list below and provided a short explanation of the type of information each category typically covers.

    • Basic contact and identification details, such as name, address, phone number, email address and date of birth*
    • Behavioural Such as your activities, actions and behaviours
    • Biographical Such as your academic background and course(s) of study Contact information which can be used to address, send or otherwise communicate a message to you
    • Geo-location information which contains or reveals the location of your electronic devices
    • Health & Safety information such as details of your travel into the UK and/or details of your vaccination status, as well as next-of-kin details to contact in case of an emergency
    • Identification information contained in a formal identification document such as your passport*
    • Banking/Billing information used to collect payments from you or return money owed to you. Credit your application for credit terms and information relating to the provision of credit to you*
    • Fraud information relating to the occurrence, investigation or prevention of fraud
    • Legal information relating to legal claims made by you or against you or the claims process*
    • Booking Transactions information relating to accommodation bookings and ancillary services provided to you and*
    • Correspondence information contained in our correspondence or other communications with you about our products, services or business

    *For student residents living in the Relevant Buildings, the Relevant Buildings owner is the data controller in respect of the processing of your personal data for the purposes of providing student accommodation services for the Relevant Buildings. See the Relevant Buildings owner’s privacy policy here.

    How we use your personal information

    The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.

    Where there is a Legal Requirement

    We will use your personal information to comply with our legal obligations, such as: (i) to assist any public authority, industry regulator or criminal investigation body; (ii) to correctly identify you when you contact us and/or to verify the accuracy of data we hold about you.
    We will also use your personal information in complying with the law and any relevant regulation, including responding to regulators.

    Where it is required to complete or comply with a Contract*

    We may use and process your personal information where we have sold you a product or products, supplied you (or continue to supply you) with any services, where we have arranged for the supply of another party’s products or services to you as their appointed agent, or where you are in detailed discussions with us about the sale or purchase of a product or service. We will use this information in connection with ensuring that the terms of the relevant contract(s) are carried out or entered into. This may include circumstances in which we are not a party to the contract ourselves, however we have been appointed to administer or provide services relating to that contract. For the purpose of this description, a ‘contract’ will typically mean a sale and purchase agreement, lease or management services agreement. Please refer to ‘Type of personal information we process’ about you above for details of the types of personal information we process for these purposes.

    *For student residents living in the Relevant Buildings, the Relevant Buildings owner is the data controller in respect of the processing of your personal data for the purposes of providing student accommodation services for the Relevant Buildings. See the Relevant Buildings owner’s privacy policy here.

    Where we have assessed there is a Legitimate Interest

    We may (where applicable data protection laws permit) use and process your personal information where it is necessary for us to pursue either our legitimate interests as a business, or the Legitimate Interests of a Group company or of another third party, for the following purposes:

    • to correspond or communicate with you generally, for example with company or relevant location news;
    • for marketing activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same, as explained below);
    • for analysis to inform our future marketing strategy, and/or to enhance or personalise your customer experience (such as improving the quality or relevance of information we provide to you in future);
    • to verify the accuracy of data that we hold about you and create a better understanding of you as a customer or potential customer;
    • for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
    • for prevention of fraud and other criminal activities;
    • to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
    • to review facts, assess and improve our service to customers through recordings of any calls with our offices;
    • for the management of any queries, complaints, or claims you bring;
    • in running our business, and maintaining appropriate websites, records and service administration;
    • as may be necessary in conducting the corporate acquisition or disposal of a building; and
    • for the establishment and defence of our legal rights.

    If you are physically located within the territory of Mainland China when we collect your personal information, our use and processing of your personal information may be subject to certain Chinese data protection law requirements. In such a case, we will not rely on the lawful basis of “Legitimate Interests” to use or process your personal information. For each use of your personal information, the lawful basis of which is indicated as “Legitimate Interests” in this section above, we instead will rely on the lawful basis of Consent. In such cases, we will not use or process your personal information unless you have consented.

    Where you have provided Consent

    We may use and process your personal information on the basis that you have consented for us to do so, for the following purposes:

    • to contact you via email or SMS with marketing information about relevant goods and services, predominantly being accommodation and accommodation services.
    • to enable and enhance your participation in the wider Vita Student experience, including but not limited to social events and interactions facilitated through certain services you may choose to sign up to, such as the Vita Student app. Further details will be provided in obtaining your consent.
    • to share your data with certain Group companies in order for them to contact you with marketing information about similar products and services – we will only share your data with our Group companies, suppliers and service providers as detailed below.
    • such other purposes for which consent is required to process personal data under applicable data protection laws.

    You may withdraw your consent for us to use your information in any of these ways at any time. Please see ‘Withdrawing your consent’ for further details.

    For Users in India: Your information may be shared and / or transferred in jurisdictions other than your place of residence. You may email to our Privacy team at the details provided below. For any grievances related to the use of your personal information, you may contact us at:

    Attn: The Data & Privacy Officer
    E-mail at: myprivacy@vitastudent.com

    Others who may receive or have access to your personal information

    Group companies

    We may share your information with other Group companies. They may use your personal information in the ways set out in the section ‘How we use your personal information’ above, in connection with the certain specific ancillary or complementary products and/or services, for example products and services which only they can provide for regulatory reasons, or products and services which are similar to those we offer but may be under the name of a different brand. Some of our Group companies may also be service providers to us, as explained in the section below.

    Please see the start of this policy for a description of what we mean by Group companies with whom we may share your personal information in this way.

    The owners or landlords of the Relevant Buildings

    We may disclose your information to a third party which owns the building in which you have booked to live at Vita Student, and in respect of which we have been appointed as their building manager, for purposes related to them managing their interest in the building and overseeing the services we provide on their behalf. Details of the Relevant Buildings and the full privacy policies of those landlords (which are the controllers of your personal data) can be found here.

    Our suppliers and service providers

    We may disclose your information to certain selected third-party service providers, agents, subcontractors and other organisations where necessary for the purposes of them providing services to us or directly to you on our behalf. Such third parties may include cloud service providers (such as hosting, data storage and software service providers), our client relationship management system provider, our app developer / provider digital and marketing agencies, and administrative services providers and debt management providers (where relevant).

    When we use third party service providers in this way, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions for the purposes intended and set out in this Policy.

    Credit/debit card payment processors

    Where relevant, when you purchase certain products or services via our websites, over the phone or at one of our residences or premises, a credit or debit card payment may be processed with your instruction by a third party payment processing agent who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please ask us at the time of making the payment or contact us using the details at the end of this policy.

    We do not store or keep a record of your credit card details on our own websites or within our own systems.

    Other ways we may share your personal information

    We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, for example to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of other data subjects. We may also share your personal data with our legal and other professional advisors, and insurers, from time to time for legitimate reasons. If/when we do so, we will always take steps with the aim of ensuring that your privacy rights continue to be protected and your rights are upheld.

    Where we transfer your personal information

    Information you provide to us may be transferred to countries outside the EEA, for example where any of our Group companies which need access to that information are incorporated in a country outside of the EEA, or if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK or the EEA.

    If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. This is because some countries outside the EEA do not have the same adequate data protection laws equivalent to those within the EEA. These steps may include, for example imposing contractual obligations on the recipient of your personal information or ensuring that the recipients subscribe to other relevant regulatory regimes or best practice that aim to ensure adequate protection.

    This is mainly relevant to the following third-party service providers that we use:
    Customer Relationship Management system provider – US based
    Data Storage Provider – US based
    Hosting Provider – US based
    Banking services – global
    Messaging, scheduling and collaborating software application
    providers – mainly US based (but mainly hosted locally)

    We have standard contractual clauses and other relevant measures in place for transfers of personal data to these providers and other relevant third parties, as required under applicable data protection laws.

    If you require more information about the protections that we put in place in these circumstances or to access a copy, please contact us using the details at the end of this policy.

    If you use our services, access our systems or view any of our content whilst you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.

    If you are physically located within the territory of Mainland China when we collect your personal information, our use and processing of your personal information may be subject to certain Chinese data protection law requirements. In such a case, we will not rely on the lawful basis of “Legitimate Interests” to use or process your personal information. For each use of your personal information, the lawful basis of which is indicated as “Legitimate Interests” in this section above, we instead will rely on the lawful basis of Consent. In such cases, we will not use or process your personal information unless you have consented.

    How long we keep your information for

    When we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than we consider necessary.

    The length of time we retain your personal data may also vary depending on the legal basis we are using.

    When you contact our offices by telephone these calls may be recorded. Such call recordings are retained for no longer than 90 days.

    Where your personal data is required to complete or comply with a Contract

    We may need your personal information to comply with our own legal and accounting responsibilities, and/or to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under ‘How we use your personal information’ above. Where we are only required to retain some of your information for these purposes, we will use our reasonable endeavours to ‘minimise’ that data and not to retain any information which we do not need to hold for 7 years.

    The only exceptions to this are where:

    Where we have assessed there is a Legitimate Interest

    If you are a citizen of the UK or any EEA country, we will not retain your personal data for longer than 3 years after a Legitimate Interest Assessment has been made or renewed, unless either:

    This period generally correlates with your period of study and the length of time for which you will require student accommodation. If you are not a citizen of the UK or any EEA country, we may retain your personal details for longer than 3 years where we consider it necessary, justifiable or there is a legal requirement to do so, subject at all times to upholding your rights as a data subject.

    Where you have provided Consent

    We will retain your personal data for as long as we consider it necessary and justifiable and in line with your reasonable expectations, subject at all times to upholding your rights as a data subject (including the right for you to withdraw your consent and the right to have your personal data erased).

    Even where you have given and not withdrawn your consent, we may at any point make the decision not to retain your personal data where we consider it to be no longer necessary and justifiable.

    Security and links to or from other organisations

    We are committed to maintaining security standards to ensure that your information is held securely in systems that can be controlled and protected in accordance with data security best practice. In order to protect against unauthorised access or disclosure we put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you. Where possible we only store information in structured systems (databases) which can only be accessed with secure passwords and other appropriate security controls.

    Occasionally it may be necessary to store or transfer some of your personal data in unstructured ways, such as on paper or in document formats that are necessary to enable us to collect and process that information in accordance with the purpose. In these cases, we will take steps to ensure that procedures and controls are in place to maintain the security of and access to that information.

    Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to or from our website at all times and any transmission is therefore at your own risk. Once we have received your personal information, we put in place appropriate security controls against accidental or unlawful destruction, loss, alteration, or unauthorised access.

    Our websites may contain links to other websites run by other organisations. Similarly, we may refer you from time to time to other organisations who are not Group companies and to whom you may also provide personal data. This policy does not apply to those other organisations where this happens, therefore we encourage you to read their separate privacy statements. We cannot be responsible for the privacy policies and practices of other websites or third parties, even if you access those websites or otherwise make contact with those organisations using links or contact details that we provide.

    In addition, if you linked to our website, a contact details form, or any other material we have published electronically from a third party website or an email sent to you by a third party, we are not responsible for the privacy policies and practices of the owners and operators of those third parties and recommend that you check their privacy statements as well.

    Where we have given (or where you have chosen) a password which enables you to access certain information we hold in any of our systems, you are responsible for keeping this password confidential. We ask you not to share your password with anyone and to tell us as soon as possible if you think your password may have been stolen, exposed or compromised in any way.

    Cookies

    Like many other websites, our website uses cookies. A cookie is a small file which asks permission to be placed on your computer or mobile device’s hard drive. These cookies primarily help us to analyse use of our Websites and provider a better experience by tailoring information to you.

    For more information on how we use cookies and how to set your cookies preferences, please view our banner and separate Cookies Policy.

    Marketing

    We may collect your personal data and certain information about your preferences in interests in order for you to receive marketing information directly from us by email, SMS, via third-party social media platforms and targeted online promotions in the following ways:

    • If you register for ‘more information’ on one of our websites
    • If you receive and act upon a marketing campaign run by one of our marketing affiliates
    • If you tag Vita Student on any of our social media channels using any geolocation or using any recognisable tags including but not limited to @VitaStudent, #VitaStudent or #BeginBig, Vita Student
    • If you make a reservation enquiry by telephone to one of our offices
    • If you attend one of our hosted or sponsored events
    • If you enter a competition or free prize draw we are running
    • If you opt-in to receive newsletters or regular insights, interviews, perspectives, videos, podcasts relating to our business or market
    • If you engage with other electronic content we provide, including following one of our channels on a social media platform
    • If you download our app to one of your devices
    • If you purchase a product or service from us or one of our Group companies

    In any of these cases listed above we may contact you with further marketing information in future in the ways mentioned in this policy, except where you indicate your preference not to (and otherwise only with your consent, if consent is required).

    We may contact you with marketing information by telephone, email or post, via third-party social media platforms, or with targeted advertising delivered online through social media and platforms operated by other companies by using your personal information. We may also use your personal information to tailor marketing to improve its relevance to you. We only do so with your consent (if consent is required), and will respect your preferences where you indicate your preference not to receive a particular type of marketing.

    If you ‘tag’ Vita Student in any of our social media channels using any geolocation or any tags including but not limited to @VitaStudent, #VitaStudent or #BeginBig, We may use the content you have shared as user-generated content within our channels. By tagging us in this way you therefore agree to allow Vita Student to share or republish your own content (which may include your name and image) within our own social media channel activity, strictly in accordance with the terms of use of the social media channel provider.

    If you choose to leave a review about Vita Student on any third party site, Vita Student have the right to publish using your name, image and review details.

    We will only share your information with third parties for marketing purposes where they are:

    • A Group company offering similar products and services but potentially under a different brand name.
    • A data processor acting on our instructions as data controller as part of the means we use to send our marketing information to you and track whether you have received and/or acted on it.

    If you’d like to opt-out of receiving marketing from any of our Group companies we may share your information with, you can do so at any time by contacting them or using the unsubscribe links in any such information you receive from them. From time to time, we may ask you to update your marketing preferences by asking you to confirm your preferences for the frequency and method of receiving future marketing information from us. You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above at any time. Please see ‘Withdrawing your Consent and Objecting’ to our use of your personal information above for further details on how you can do this.

    Your rights

    If you are a located in the UK, an EEA country, India or mainland China you have a number of rights in relation to your personal information under data protection law, which are summarised below. Not all these rights may be applicable to individuals in countries outside the UK or EEA, or you may have different rights. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to locate your personal information. We will respond to you within any applicable time limits under the relevant data protection laws.

    Accessing your personal information and data portability

    You have the right to make a reasonable request for a copy of the information that we hold about you by emailing or writing to us at the address below. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information. You may in limited circumstances have a right of data portability (i.e. to ask us to create a file to transfer to you or a different service provider) of electronically-processed personal data held about you.

    Correcting and updating your personal information

    The accuracy of your information is important to us and we are always keen to make sure we can regularly and easily review and correct the information that we hold about you. If any of personal information changes, in particular your name or address/email address and contact telephone numbers, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us as soon as possible using any of the contact details below.

    Withdrawing your consent

    Where we rely solely on your consent as the legal basis for processing your personal information, as set out under ‘How we use your personal information’, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

    Objecting to our use of your personal information

    Where we rely on an identified legitimate interest as the legal basis for processing your personal information for any purpose(s), as out under ‘How we use your personal information’, you may object to us using your personal information for these purposes by emailing or writing to us at the address below. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have assessed the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes at any time and we will comply with your request within a reasonable time. If you would like to do so, please use our unsubscribe links in any such marketing we send you electronically.

    Erasing your personal information or restricting its processing

    In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address below. Unless there is a reason that the law allows us to continue to use your personal information, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

    Complaining to the UK data protection regulator and other data protection authorities

    You have the right to complain to the relevant data protection regulator that oversees the processing of your data if you are concerned about the way we have processed your personal information.

    In the UK, this is the Information Commissioners Office (ICO). Please visit the ICO’s website www.ico.org.uk for further details.

    For residents at any building in Spain, the data protection authority is the Agencia Española de Protección de Datos (AEPD). Please visit the AEPD´s website www.aepd.es for further details.

    Contact us

    Our contact details for queries about your personal data, including to exercise any of your data subject rights are:

    Vita Student Management Ltd, company registered number 08540975
    Address: Horseshoe Farm, Elkington Way, Alderley Edge, England, SK9 7GU
    email: myprivacy@vitastudent.com

    Changes to this policy

    We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website(s). In some circumstances we may also notify or contact you, for example by email, to let you know about the changes. Any such changes will take effect 7 days after the date on which we post the modified terms on our website. We recommend you regularly check for changes and review this policy whenever you visit our websites.

    This Policy was last updated in December 2021

    SCHEDULE 1
    GROUP COMPANIES

    Vita Group Holdings Limited, company registered number 11963176
    Address: Horseshoe Farm, Elkington Way, Alderley Edge, England, SK9 7GU
    Email: myprivacy@vitagroup.com

    Vita Living Management Limited, company registered number 10976545
    Address: Horseshoe Farm, Elkington Way, Alderley Edge, England, SK9 7GU
    Email: myprivacy@vitagroup.com

    Select Property Group Limited, company registered number 5071388
    Address: Horseshoe Farm, Elkington Way, Alderley Edge, England, SK9 7GU
    Email: myprivacy@selectproperty.com

    Vita Spain Management SLU, registered in Spain with company NIF number B67626770
    Address: Avinguda Diagonal 538, 5-2, CP: 08036 Barcelona

If you are a current resident in Vita Student accommodation or have made a booking to stay with us, please select your residence from the following list to view the privacy policy of any additional data controllers or data processors which may also apply to you.