Privacy notice - Enterprise Place

Home / Privacy & Cookies / Privacy notice - Enterprise Place

Data Controller

 

Data Controller Name: University of Sunderland

Data Protection Officer: Sam Seldon

ICO Registration Number: Z6120473

Renewal Date: 10th January 2019

Registered Address:              

4th Floor Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD

Department Responsible for processing: Enterprise and Innovation

Contact email: enterprise@sunderland.ac.uk

Overview

On the 25th May 2018, the new General Data Protection Regulations (GDPR) shall come into effect. Under this new law we have updated our Privacy Notice. This explains why we collect your personal data, how we use your personal data, what personal data we collect, reasons we may need to disclose your personal data to others and how we store your personal data securely. 

Who are we?

The Enterprise Place is part of the University of Sunderland’s Enterprise and Innovation Department (E&I). E&I offers a wide range of business support services; funded programmes, apprenticeships, work based learning, training, recruitment, internships, commercial space, space hire, events, specialist facilities and business expertise.

How we collect your personal data from you?s

We receive information about you when you use our website, complete forms on our website, if you contact us by phone, e-mail, in person or otherwise in respect to any of our services. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party you warrant that you have obtained the express consent form the third party for the disclosure and use of their personal data.

Why we collect your personal data and how we use it

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data include, but is not limited to, your consent, performance of a contract and to contact you for customer service purposes.

What type of data do we collect from you?

The personal data that we may collect from you includes: 

We also retain records of your queries and correspondence, in the event you contact us.

How do we use your data?

We use the data about you in the following ways;

Will your personal data be shared?

Your personal data will only be used for the purposes outlined in this notice and will not be shared with any 3rd party unless you are contracted with us under our ERDF Enterprise Place  Programme or an alternative project, programme or scheme.

In this instance this Data Protection Regulations will be clearly stated in the Licence Agreement.

How your personal data is stored by the University

Your personal data is stored specifically by the University’s Enterprise and Innovation Department. The information is stored in a secured folder on Enterprise and Innovation shared drive. This is located on the University’s secured servers and access is restricted to approved staff members only.

If you are engaged with us under our ERDF Enterprise Place Programme or other projects, programmes or schemes, we are also obliged under this contract to keep some historic paper files in a secured room within the University or offsite with the University’s secure offsite archive provider.

Who has access to your personal data?

Access to personal data is restricted to only members of the University to whom this information is pertinent. Access is controlled and all employees of the University of Sunderland that are given access understand that they have an obligation to maintain and uphold confidentiality at all times. 

Retention periodsa

Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

If you are engaged with us under the ERDF Enterprise Place Programme we will store your information at least for the duration of any relationship we have with you and for an undetermined period after in accordance with ERDF guidelines. The length of this period is subject to change in line with ERDF policy. 

Legal basis for processing your data

The GDPR regulations state that ‘personal data shall be processed lawfully, fairly and in a transparent matter in relation to the data subject’. In order to meet these requirements the University must have at least one legal basis to process your data. These are shown below,

(As GDPR is a new law the conditions identified below may be subject to change. If changes are significant then we will communicate them to you). 

 

Specific Activity

Legal Basis

 

Marketing to provide with information about products and services that you request from us or which we feel may interest you where you have consented to be contacted for such purpose.

Legitimate interest

 

To help us identify you and any business interests we have with you.

Legitimate interest

 

To enable us to review, develop and improve our services by means of survey.

Consent

 

To provide customer care, including to responding to your request if you contact us with a query.

Legitimate interest

 

To carry out marketing and statistical analysis.

Legitimate interest

 

To notify you about changes to our website and services.

Legitimate interest

 

To inform you of service changes.

Legitimate interest

 

In order to provide products and services

Performance of contract

 

To process orders for services that you have submitted to us.

Performance of contract

 

To comply with our contractual obligations we have with you.

Performance of contracta

 

Personal data released to third parties for the following purposes

 

 

To funder -  as the provider of funding for your employment opportunity

 

Performance of contract

Public interest

Legitimate interest 


Your rights under GDPRa

Under the General Data Protection Regulations, you have 8 fundamental rights as follows:

The right to be informed:

The University is obliged to provide you with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.

The right of access:
You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of processing undertaken.

The right to rectification:
If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.

The right to erase:
This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.

The right to restrict processing:

Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.

The right to data portability:
You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.

The right to object:

You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific / historical research and statistics.

Rights in relation to automated decision making and profiling:
You have the right to object to your data being used in automated decision making or profiling. 

In the first instance we would ask that you contact the department within the University that is processing your personal information.  The contact details for this department can be found in the first section of this notice.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post.  The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.

Should you still feel that you request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/.