Privacy notice - St Peter's Gate

Home / Privacy & Cookies / Privacy notice - St Peter's Gate

Data Controller

 

Data Controller Name: University of Sunderland

Data Protection Officer: Sam Seldon

ICO Registration Number: Z6120473

Renewal Date: 10th January 2019

Registered Address:              

4th Floor Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD

Department Responsible      

for processing: Enterprise and Innovation

Contact email: spg@sunderland.ac.uk 

Overview

On the 25th May 2018, the new General Data Protection Regulations (GDPR) shall come into effect. Under this new law we have updated our Privacy Notice. This explains why we collect your personal data, how we use your personal data, what personal data we collect, reasons we may need to disclose your personal data to others and how we store your personal data securely.

Who are we?

St Peter’s Gate is part of the University of Sunderland’s Enterprise and Innovation Department (E&I). E&I offers a wide range of business support services; funded programmes, apprenticeships, work based learning, training, recruitment, internships, commercial space, space hire, events, specialist facilities and business expertise.

How we collect your personal data from you?

We receive information about you when you use our website, complete forms on our website, if you contact us by phone, e-mail, in person or otherwise in respect to any of our services or during the purchase of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party you warrant that you have obtained the express consent form the third party for the disclosure and use of their personal data.

Why we collect your personal data and how we use it

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data include, but is not limited to, your consent, performance of a contract, to enable billing and remittance and to contact you for customer service purposes.

What type of data do we collect from you?

The personal data that we may collect from you includes:


St Peter’s Gate also retain records of your queries and correspondence, in the event you contact us.

How do we use your data?

We use the data about you in the following ways:

Will your personal data be shared?

Your personal data will only be used for the purposes outlined in this notice and will not be shared with any 3rd party with the exception of The DCLG who part funded St Peter’s Gate. 

How your personal data is stored by the University

Your personal data is stored specifically by the University’s Enterprise and Innovation Department. The information is stored in a secured folder on Enterprise and Innovation shared drive. This is located on the University’s secured servers. We also keep historic paper files in a secured room within the University or offsite with the University’s secure offsite archive provider.

Who has access to your personal data?

Access to personal data is restricted to members of the University to whom this information is pertinent and The DCLG which audits us in relation to our funding regulations.  Access is controlled and all employees of the University of Sunderland that are given access understand that they have an obligation to maintain and uphold confidentiality at all times. 

Retention periods

Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information.

If you are a customer of St Peter’s Gate we will keep your personal data only for as long as necessary in accordance with our legal and accountancy obligations, the University’s retention policy and in accordance with applicable laws. The University of Sunderland retains records for 6 years and The DCLG require we keep records for 30 years.

Legal basis for processing your data

The GDPR regulations state that ‘personal data shall be processed lawfully, fairly and in a transparent matter in relation to the data subject’. In order to meet these requirements the University must have at least one legal basis to process your data. These are shown below

(as GDPR is a new law the conditions identified below may be subject to change. If changes are significant then we will communicate them to you).

 

Specific Activity

Legal Basis

 

Marketing to provide with information about products and services that you request from us or which we feel may interest you where you have consented to be contacted for such purpose.

Legitimate interest

 

To help us identify you and any business interests we have with you.

Legitimate interest

 

To enable us to review, develop and improve our services by means of survey.

Consent

 

To provide customer care, including to responding to your request if you contact us with a query.

Legitimate interest

 

To carry out marketing and statistical analysis.

Legitimate interest

 

To notify you about changes to our website and services.

Legitimate interest

 

To inform you of service and price changes.

Legitimate interest

 

In order to provide products and services

Performance of contract

 

To process orders for services that you have submitted to us.

Performance of contract

 

To comply with our contractual obligations we have with you.

Performance of contract

 

To administer accounts, process payments and keep a track of billing and payments.

Performance of contract 


Your rights under GDPR

Under the General Data Protection Regulations, you have 8 fundamental rights as follows:

1. The right to be informed 
The University is obliged to provide yous with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.

2. The right of access 
You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of processing undertaken.

3. The right to rectification 
If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.

4. The right to erase 
This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.

5. The right to restrict processing 
Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.

6. The right to data portability 
You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.

7. The right to object
You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific / historical research and statistics.

8. Rights in relation to automated decision making and profiling 
You have the right to object to your data being used in automated decision making or profiling.

In the first instance we would ask that you contact the department within the University that is processing your personal information.  The contact details for this department can be found in the first section of this notice. 

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post.  The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.

Should you still feel that you request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/.