Data Controller
Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473
Registered Address:
4th Floor Edinburgh Building,
City Campus
Chester Road
Sunderland
SR1 3SD
Department Responsible for processing: Research and Innovation
Contact email: digitalskills@sunderland.ac.uk
Changes to this notice
From time to time the University will make minor modifications to this notice, where a more substantial change is required will we inform you of these changes and provide you with a link to the newest version of the notice.
Overview
Throughout this notice, “University”, “we”, “our” and “us” refer to the University of Sunderland and “you” and “your” refer to those expressing an interest in either becoming a student at the University or engaging with the University in a short course or funded project both prior to and at the formal applications stage, together with those who later become a registered student/learner or participant in a course or project at the University.
The University of Sunderland needs to collect and process personal data in order to provide services to students, learners and external clients, manage its operations and meet certain legal requirements. This notice explains how we collect and use your personal data to do so.
Who are we?
The University of Sunderland’s Research and Innovation Department (R&I) offers a wide range of business support services; funded programmes, apprenticeships, work-based learning, training, recruitment, consultancy, commercial space, space hire, events, specialist facilities and business expertise.
How we collect your personal data from you?
We receive information about you when you use our website; complete forms on our website or forms linked to our emails; if you contact us by phone, email, in person or otherwise, in respect to any of our services or during the purchase of any such product. Additionally, we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party, you warrant that you have obtained express consent from the third party for the disclosure and use of their personal data.
The University collects and processes a broad range of personal data about you in order to deliver our services to you, manage our operations effectively and meet certain legal requirements. Examples of this personal data will include name, address for correspondence, national insurance number, financial information, email address, contact telephone number, emergency contact details, date of birth, job title, department, place of work, employer name and contact details.
Personal data may also contain “Special Categories of data” as described under the UK GDPR. Such “Special Category Data” will include information about your racial or ethnic origin, religious beliefs, political opinions, membership of a trade union, and physical or mental health. When you register to enrol with us, you have the option not to provide certain types of “special category data”.
Why we collect your personal data and how we use it
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance and contact you for customer service purposes.
The University will handle personal data in accordance with the University’s Data Protection Policy.
The University shares your information with a number of organisations and third parties, a list of these along with our legal basis for processing your data in this way can be found in Table 1 (below).
How do we use your data?
We use the data about you in the following ways;
- To comply with our contractual or funding obligations we have with external funding bodies
- To capture progress and evaluation data on funded projects
- To inform you about products, services and prices
- To inform you of service and price changes
- To help us identify you and any business interests we have with you
- To provide customer care, including responding to your requests if you contact us with a query
- To notify you about changes to our products or services
- To carry out marketing and statistical analysis
- To enable us to review, develop and improve our services
- To provide you with information about products or services that you request from us or which we feel may interest you
- To process orders for services that you have submitted to us
- To comply with our contractual or funding obligations we have with you
- To administer accounts, process payments and keep track of billing and payments
How your personal data is stored by the University
Your personal data is stored specifically by the University’s Research and Innovation Department. The information is stored in a secured folder on the Research and Innovation Teams File. This is located on the University’s secured servers and access is restricted to approved staff members only.
If you are engaged with us as part of a Funded Project or Programme we are required to store your data in a secured folder on a Research and Innovation Teams site and may be required to share this data with external funding bodies as part of an external audit.
Who has access to your personal data?
Access to personal data is restricted to only members of the University to whom this information is pertinent or to external funding bodies. Access is controlled and all employees of the University of Sunderland that are given access understand that they have an obligation to maintain and uphold confidentiality at all times.
Retention periods
Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.
The University retains your personal data in accordance with the University retention schedule and in accordance with the retention policy of external funding partners.
Please note that some of the information you provide to us will be retained for a longer period of time to comply with external funding regulations. Steps will be taken to remove data which is no longer needed for specific purposes as soon as we identify the data is no longer required.
If you are a customer of Research and Innovation we will keep your personal data only for as long as necessary in accordance with our legal and accountancy obligations, the University’s retention policy and in accordance with applicable laws. The University of Sunderland retains records for 6 years.
If you are engaged with us via an eternally funded project, programme or scheme, the retention policy will be clearly stated in the privacy statement of the specific external funding body and a link to their privacy statement will be included in the individual project application forms.
Legal basis for processing your data
The UK GDPR regulations state that ‘personal data shall be processed lawfully, fairly and in a transparent matter in relation to the data subject’. In order to meet these requirements, the University must have at least one legal basis to process your data. These are shown below,
(The UK GDPR may be subject to change. If changes are significant then we will communicate them to you).
|
Specific Activity |
Legal Basis |
|
Marketing to provide information about products and services that you request from us or which we feel may interest you where you have consented to be contacted for such purpose. |
Legitimate interest |
|
To help us identify you and any business interests we have with you. |
Legitimate interest |
|
To enable us to review, develop and improve our services by means of survey. |
Consent |
|
To provide customer care, including to responding to your request if you contact us with a query. |
Legitimate interest |
|
To carry out marketing and statistical analysis. |
Legitimate interest |
|
To notify you about changes to our website and services. |
Legitimate interest |
|
To inform you of service and price changes. |
Legitimate interest |
|
In order to provide products and services |
Performance of contract |
|
To process orders for services that you have submitted to us. |
Performance of contract |
|
To comply with our contractual obligations we have with you. |
Performance of contract |
|
To administer accounts, process payments and keep track of billing and payments. |
Performance of contract |
| Personal Data released to Third Parties for the following purposes | Legal basis |
|---|---|
|
To an external funder – as the Data Controller providing funding for your funded training/employment opportunity The University of Sunderland is required to share information with the following funding provider(s): NTCA North of Tyne Combined Authority Sunderland City Council as part of the UKSPF Project Innovate and Grow Privacy notice – Sunderland City Council |
Performance of contract |
|
To your employer – as a stakeholder in your employment under a funded programme |
Performance of contract |
| General R&I Activity | Public activity |
Your rights under GDPR
Under the General Data Protection Regulations, you have 8 fundamental rights as follows:
- The right to be informed - The University is obliged to provide you with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
- The right of access - You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of the processing undertaken.
- The right to rectification - If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.
- The right to erase - This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
- The right to restrict processing - Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.
- The right to data portability - You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
- The right to object - You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific/historical research and statistics.
- Rights in relation to automated decision-making and profiling - You have the right to object to your data being used in automated decision-making or profiling.
In the first instance, we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.
Complaints
If you are unhappy with how your request has been handled or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post. The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.
Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/.