Data Controller
Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473
Registered Address:
4th Floor Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD
Department Responsible
for processing: Enterprise and Innovation
Contact email: cape@sunderland.ac.uk
Overview
On the 25th May 2018, the new General Data Protection Regulations (GDPR) shall come into effect. Under this new law we have updated our Privacy Notice. This explains why we collect your personal data, how we use your personal data, what personal data we collect, reasons we may need to disclose your personal data to others and how we store your personal data securely.
Who are we?
The Work Based Learning (WBL) team (which includes Corporate and Professional Education (CAPE)) is part of the University of Sunderland’s Enterprise and Innovation Department (E&I). E&I offers a wide range of business support services; funded programmes, apprenticeships, work based learning, training, recruitment, internships, commercial space, space hire, events, specialist facilities and business expertise.
How we collect your personal data from you?
We receive information about you when you use our website, complete forms on our website, if you contact us by phone, e-mail, in person or otherwise in respect to any of our services or during the purchase of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party you warrant that you have obtained the express consent form the third party for the disclosure and use of their personal data.
Why we collect your personal data and how we use it
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data include, but is not limited to, your consent, performance of a contract, to enable billing and remittance and to contact you for customer service purposes.
What type of data do we collect from you?
The personal data that we may collect from you includes:
- Name
- Address
- Email address
- Phone numbers
- Payment information
- Employer
- Employer Address
- Staff Profession/Group
- Job Title
- Department
- Employment Type
- Gender
- Date of Birth
We also retain records of your queries and correspondence, in the event you contact us.
How do we use your data?
We use the data about you in the following ways;
- To inform you about products and services and prices
- To inform you of service and prices changes
- To help us identify you and any business interests we have with you
- To provide customer care, including responding to your requests if you contact us with a query
- To notify you about changes to or website and services
- To carry out marketing and statistical analysis
- To enable us to review, develop and improve our services
- To provide you with information about products or services that you request from us or which we feel may interest you; and
- To process orders for services that you have submitted to us
- To comply with our contractual obligations we have with you
- To administer accounts, process payments and keep a track of billing and payments
Will your personal data be shared?
Your personal data will only be used for the purposes outlined in this notice and will not be shared with any 3rd party with the exception of circumstances under which we are contractually bound by a funder to share information directly with them or a stakeholder of the funded programme.
How your personal data is stored by the University
Your Personal data stored specifically by the Work Based Learning Team in the University of Sunderland’s E&I CRM and / or on shared drives located on our secure servers.
Who has access to your personal data?
Access to personal data is restricted to only members of the University to whom this information is pertinent. Access is controlled and all employees of the University of Sunderland that are given access understand that they have an obligation to maintain and uphold confidentiality at all times.
Retention periods
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
Legal basis for processing your data
The GDPR regulations state that ‘personal data shall be processed lawfully, fairly and in a transparent matter in relation to the data subject’. In order to meet these requirements the University must have at least one legal basis to process your data. These are shown below,
(As GDPR is a new law the conditions identified below may be subject to change. If changes are significant then we will communicate them to you).
|
Specific Activity |
Legal Basis |
|
Marketing to provide with information about products and services that you request from us or which we feel may interest you where you have consented to be contacted for such purpose. |
Legitimate interest |
|
To help us identify you and any business interests we have with you. |
Legitimate interest |
|
To enable us to review, develop and improve our services by means of survey. |
Consent |
|
To provide customer care, including to responding to your request if you contact us with a query. |
Legitimate interest |
|
To carry out marketing and statistical analysis. |
Legitimate interest |
|
To notify you about changes to our website and services. |
Legitimate interest |
|
To inform you of service and price changes. |
Legitimate interest |
|
In order to provide products and services |
Performance of contract |
|
To process orders for services that you have submitted to us.
|
Performance of contract |
|
To comply with our contractual obligations we have with you.
|
Performance of contract |
|
To administer accounts, process payments and keep a track of billing and payments.
|
Performance of contract |
|
To notify you about changes to our website and services |
Consent |
|
To inform you of service and price changes |
Consent Performance of contract |
Your rights under GDPR
Under the General Data Protection Regulations, you have 8 fundamental rights as follows:
1. The right to be informed
The University is obliged to provide you with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access
You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification
If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.
4. The right to erase
This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing
Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability
You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object
You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific / historical research and statistics.
8. Rights in relation to automated decision making and profiling
You have the right to object to your data being used in automated decision making or profiling.
In the first instance we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.
If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post. The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.
Should you still feel that you request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/