Data Protection Policy
The SU has adopted a Data Protection Policy.
All SU staff receive role-specific training in data protection and undertake mandatory data protection training.
Student society committee members receive training relating to the use of their societies' data.
Suppliers, Contractors & Clients
The SU has a single point of contact for all data-related queries: email@example.com
Your Data Rights
The Information Commissioner provides good practice guidance and interpretation of the law for data controllers and advice to the public on how to access personal data.
The website of the ICO is www.ico.org.uk
Subject Access Requests
The SU is not a publicly funded body so not subject to Freedom of Information, requests however every individual has a right to control the data we hold on them. If you wish to make a request for your data you should complete the below Subject Access Request form providing the required information, copies of proof of identity (please do not send original documents as we cannot be held responsible for any loss of these) and details of the information desired.
These may be sent by email to firstname.lastname@example.org or by post to
Sunderland Students’ Union,
Ground Floor, Edinburgh Building,
Please note that while we may accept requests by email, establishing your identity may require documentation to be posted.
Subject Access Request Form
Data Rectification, Restriction, Objection or Erasure
The GDPR provides you with a right to erase all or part of any data/information we hold about you or object to, and restrict, the processing of any data/information we hold about you (also known as the right to be forgotten); to rectify any data/information we hold about you; or to authorise someone else to make these requests your behalf. You will also need to provide proof of your identity. Your request will be processed within 30 calendar days upon receipt of the adequate information to process your request and proof of identity.
The SU will not unreasonably prevent erasure, objection, restriction or rectification of data however we require an appropriate reason to make such amendments. Please ensure that you provide sufficient reasoning when making your request. There may be cases where we must retain some or all of your data when you make these requests in which case we will note your request and comments in the appropriate record.
Erasure of data may result in restrictions on the use of the SU’s services as we are required to process certain data to deliver those services.
Complete erasure of all data will result in revocation of SU Membership; it may also be necessary to retain details of your Student ID number and University of Sunderland username to ensure the SU does not process any data associated with these records.
The SU and our social enterprises carefully curate marketing and communications that might be relevant to you. Sometimes we need to send essential information where we believe there is a legitimate interest in you receiving this.
We always provide a way to opt out in our communications without affecting your membership and we will never sell your data to third parties.
Data Protection at the University of Sunderland
The University of Sunderland operate their own data protection policy and procedures, further details on these can be found on their website.
The CCTV system in the SU building is operated by the University of Sunderland.