Your data is important to us
We're a membership organisation which means at our heart is our students and the information process to make your University experience incredible. We also employ staff, work with suppliers and have customers for our commercial services so the information on this page is for those people too.
The way we manage and process your data is governed by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and this web page aims to explain how we manage your information in line with these pieces of legislation and what this means for you. We've been really open and transparent here to help you be fully informed and understand your rights - you can see: how we access your data; how we assess our processing activities; how we gain consent and how you can change your preferences; the training any data processors go through; who else processes data about you; and our policies for processing data. You can also find out how to make a Subject Access Request.
The SU has adopted a Data Protection Policy. All SU staff receive role-specific training in data protection and undertake mandatory data protection training. Student society committee members receive training relating to the use of their societies' data.
The Information Commissioner provides good practice guidance and interpretation of the law for data controllers and advice to the public on how to access personal data. The website of the ICO is www.ico.org.uk
The SU is not a publicly funded body so not subject to Freedom of Information, requests however every individual has a right to control the data we hold on them. If you wish to make a request for your data you should complete the below Subject Access Request form providing the required information, copies of proof of identity (please do not send original documents as we cannot be held responsible for any loss of these) and details of the information desired.
The GDPR provides you with a qualified right to erase all or part of any data/information we hold about you or object to, and restrict, the processing of any data/information we hold about you (also known as the right to be forgotten); to rectify any data/information we hold about you; or to authorise someone else to make these requests your behalf. You will also need to provide proof of your identity. Your request will be processed within 30 calendar days upon receipt of the adequate information to process your request and proof of identity.
The SU will not unreasonably prevent erasure, objection, restriction or rectification of data however we require an appropriate reason to make such amendments. Please ensure that you provide sufficient reasoning when making your request. There may be cases where we must retain some or all of your data when you make these requests in which case we will note your request and comments in the appropriate record.
Erasure of data may result in restrictions on the use of the SU’s services as we are required to process certain data to deliver those services. Complete erasure of all data will result in revocation of SU Membership; it may also be necessary to retain details of your Student ID number and University of Sunderland username to ensure the SU does not process any data associated with these records.
The SU and our social enterprises carefully curate marketing and communications that might be relevant to you. Sometimes we need to send essential information where we believe there is a legitimate interest in you receiving this and it is an integral part of your membership that you receive these.
Our privacy statements detail more information about how we use your data to communicate with you or where you have given consent send you marketing.
You can edit your own marketing preferences at any time by logging in to your account on the website.
The University of Sunderland operate their own data protection policy and procedures, further details on these can be found on their website. The CCTV system in the SU building is operated by the University of Sunderland.