Privacy Policy

The University of Sunderland (the ‘University’) wishes to be open in the way we use cookies and help you make informed choices about the information you provide to us and third parties when you visit our website.

What are cookies?

Cookies are small, often encrypted, text files which are stored on your computer when you visit some websites. They are used to remember useful information which allows certain functionality within the website to work, for example, remembering where you have reached within an order process, or if you've logged in to a site. Cookies can't harm your computer.

How does the University use cookies?

We use different types of cookies for different things, such as:

• Analysing how you use the Sunderland website
• Giving you a better, more personalised experience
• Recognising when you’ve signed in
• Using geo-location for users outside the UK to provide entry requirements relevant to their country.

We use the following types of cookies:

Strictly necessary cookies

These are essential to enable you to move around the websites and use their features. Without these cookies, the services you have asked for, such as registering for an account, cannot be provided.

Functionality cookies

These cookies allow the website to remember choices you make and provide more personal features. For instance, a functional cookie can be used to remember the volume level you prefer to use when watching videos on our websites. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.

Performance cookies

These cookies collect information about how visitors use a website, for instance, which pages visitors go to most often. We use this information to improve our websites and to aid us in investigating problems raised by visitors.

You can opt out of providing us with this information if you wish, with no impact on your experience of our website.

Cookie preferences

Control your Cookie preferences.

Advertising or Targeting cookies

We use advertising-related cookies on our site.

We use 'Advertising' cookies on www.sunderland.ac.uk to:

• Link to social networks like Facebook, which may subsequently use information about your visit to target advertising to you on other websites.
• Used to identify that you have visited the Sunderland University website, so that we can show you relevant adverts.
• Provide advertising networks with information on your visit so that they can present you with adverts that you may be interested in.

These cookies are used to deliver adverts more relevant to you and your interests. They collect information about your browsing habits. Targeting cookies are linked to services provided by third parties, such as 'like' and 'share' buttons and advertisements.

Google advertising services

Google DoubleClick uses cookie IDs to show adverts relevant to a visitor's interests and browsing behaviour. They are also used to limit the number of times someone sees an advert, as well as helping to measure the effectiveness of our advertising campaigns. They remember that a browser visited a website, and this information is shared with other organisations, such as advertisers.

Opt out of Google Ad Services.

Bing

This code generates statistics from your searches and other online activity associated with your Microsoft account to show you ads that are more personalised.

Facebook

Parts of this website use Facebook cookies and pixels. Pixels are small blocks of code on webpages that do things like allow another server to measure viewing of a webpage, and are often used in connection with cookies. Cookies and pixels are used to understand and deliver ads and make them more relevant to you. The user ID collected relates to your Facebook account, and the data collected is used to advertise across Facebook, Messenger and Instagram. These pixels are also used to attribute website conversions back to advertising sources. The same privacy restrictions as AdWords Remarketing apply.

Further information can be found on Facebook's website.

TikTok

TikTok cookies allow us to serve adverts on social media platforms and to understand user actions made on our site once they have viewed or clicked on an advert. We use it to improve our content, retargeting and user experience. See TikTok's privacy information and opt-out options.

Cookies generated by embedded third-party content on our site:

Dynamics 365

Dynamics uses cookies for a variety of purposes, including:

• To track website visits, social media clicks, and banner clicks
• To enable the pre-fill feature for known contacts, log when a contact opens a marketing page, and enable contacts to sign in and register for events
• Marketing forms use three different types of cookies, including a short-term, single-visit cookie and a session cookie for the event website.

Live Chat

Some of the pages on our website include an option for you to chat with one of our advisers. If you choose to chat with us, cookies are set by LiveChat.

Google Maps

We use Google Maps to provide location information to users of our website. When a page containing a Google Maps is accessed, cookies are set by Google.

Rapidspike

We use Rapidspike to monitor the uptime and performance of our webpages. We also use Real User Monitoring to monitor performance for users outside the UK. We do not capture any personal identifying data.

YouTube

Some of the pages on our website contain videos from our YouTube channel, which are embedded on the page. When a page containing a YouTube video is accessed, cookies are set by YouTube.

X (Twitter)

Cookies are set by X when you load any of our pages that include a list of ‘latest posts’. Further information can be found on the X website.

Vimeo

Vimeo sets a number of cookies on any page that embeds a Vimeo video. While we have no control over these cookies, they appear to include a mixture of pieces of information to measure the number and behaviour of Vimeo viewers, to hold information about current viewing video settings, as well as a personal identification token, if you are logged into Vimeo. Furthermore, a set of cookies regarding Google AdSense advertising campaigns might be set, which contain identifiers that record user browsing behaviour.

AddToAny

We use AddToAny to allow visitors to share our news content on social media. AddToAny does not store personal data. Its technology vendors are compliant, and may temporarily store an IP address and set a client cookie for security purposes as regulations allow.

Cookies we use to track visits to our site

Google Analytics

We use Google Analytics to generate reports on the number of visits to pages on our websites. The resulting statistics help us to plan improvements to our websites. Google Analytics is also used by third-party widgets implemented on our website.

Opt out of Google Analytics cookies.

Google Tag Manager

We use Google Tag Manager to manage Google Analytics and other tracking cookies, which may be used for marketing purposes or evaluating the effectiveness of our website.

Google Optimise

We use Google Optimise cookies to test and analyse how audiences interact with the Sunderland University website. We do this to make informed decisions about how to provide a better experience for visitors to our website.

Hotjar

Hotjar is an analysis tool we use that records the online behaviour of a website's visitors. Hotjar sets persistent cookies (up to 365 days). Hotjar also records visitor information, including mouse clicks and movements, scrolling activity and user input on our website (for example, on a contact form) – this information is anonymous. Recordings are automatically destroyed after 365 days. You can opt out of Hotjar collecting your information at any time by following the instructions on Hotjar's website.

Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473

Registered address: 

4^th Floor Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD

Department responsible for processing: Student Administration
Email: admissions@sunderland.ac.uk

Overview

The University of Sunderland will process your personal data provided in the online form for the purposes of processing your application for a scholarship.

The legal basis for processing your personal data, which is obtained in the first section of this form, is necessary for the performance of a contract/legal obligation.

Your personal data will be shared with the Helen McArdle Trust for the purposes of allocating the scholarship. Your data will not be disclosed to any other third parties external to the University of Sunderland. We will not sell your data to any third party or marketing companies.

In order to process your data, it will be held on the server of the software provider, which is held in the UK., for the duration of your application and a further six years. Your personal data will be kept securely by the University of Sunderland and will be retained for a period of six years after the application cycle.

The University of Sunderland is the Data Controller of this information and is committed to protecting the rights of individuals under Data Protection Legislation. Please see our terms and conditions for further information in relation to your rights and how the University processes your personal data.

The University’s Data Protection Officer, Sam Seldon, can be contacted at dataprotection@sunderland.ac.uk, and any requests or complaints should be made in writing to:

Data Protection Officer
University of Sunderland
Room 202
St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473

Registered address:
4th Floor
Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD

Department responsible for processing: Widening Access and Participation.
Contact: pre16activities@sunderland.ac.uk.

Overview

The University of Sunderland undertakes outreach activities with schools, colleges, academies, and communities across the UK to support progression and widen participation in higher education. This is part of our commitment as a university to open opportunities and transform lives as part of government policy, as overseen by the Office for Students. The University of Sunderland’s outreach programme is funded by the Government to increase the number of young people from different backgrounds going into Higher Education (HE)/university, especially those groups who are currently under-represented in HE.

This privacy notice explains:

• Who we are, how and why we collect and use personal information about you
• What personal data is collected and held about you for the Higher Education Access Tracker (HEAT)
• Our purposes and lawful bases for processing
• Who we share your personal data with, and relevant retention periods
• And how you can exercise your privacy rights

HEAT is the system supplied, hosted, and operated by the University of Kent, which is used by over 80 higher education institutions to evaluate the effectiveness of their outreach and widening participation activities. The University has used the HEAT system for several years. The system links closely with government agencies such as the Office for Students (OfS), the Department for Education (DfE), and data custodians, including the Higher Education Statistics Agency (HESA) and the Universities and Colleges Admissions Service (UCAS), to establish which learners engaging with the University have progressed into higher education. For further information, see HEAT Privacy Notice and HESA Privacy Notice.

Please read this notice to understand our practices, and if you have any questions, please contact us using the department contact details provided above.

Who we are

Throughout this notice, ‘University’, ‘we’, ‘our’, and ‘us’ refer to the University of Sunderland. The University is the Controller in respect of the personal data you provide as part of this activity.

The personal data we process

If you attended an outreach event or activity organised by the University and supplied us with your personal data using our Activity Collection Form, we will process the following personal data about you:

• Name
• Gender
• Date of birth
• Postcode
• School
• Free school meal status
• Links to the activities you engaged with
• Links to Universities and College Admissions Service (UCAS) and Higher Education Statistics Agency (HESA) data.

Where does the University get your personal data from?

We obtain personal data about you from the following sources:

• Direct from you via the Activity Collection Form
• From third-party sources, where we will always try to ensure that the third party has lawful authority to provide us with the data, for example, from your school/college, with permission from you or your parent/carer (if under the age of 13) or as part of a data sharing agreement.

The purpose of the processing

As part of our activities to promote and widen access to higher education, we upload your personal data to the HEAT system so that it can be used for the following purposes:

• Monitoring and evaluating the effectiveness of our outreach and widening participation programmes
• Demonstrating the impact of our outreach and widening participation programmes
• Producing statistics, including event application and participation numbers, and participant outcomes
• Tracking future outcomes of event participants, including applications to the University and other higher education institutions
• Understanding the student journey through education and progression to Higher Education/future careers.

If you contact us, we may also keep a record of that correspondence as part of our legitimate interests.

Lawful bases for processing

As a public authority acting in the public interest, we rely upon the ‘public task’ lawful basis to process your personal data for these purposes. Our public interest is to promote and widen access to higher education, particularly among underrepresented groups.

Our clear basis in law is the Higher Education (Access and Participation Plans) (England) Regulations 2018. S2(1) (f) which states that Higher Education Institutions shall monitor and evaluate their compliance of its provisions set out in its access and participation plans, and its progress in achieving its access and participation objectives. Furthermore, s2(1)(g) states that Higher Education Institutions shall provide the Office for Students with such information as it may reasonably require from time to time regarding the contribution that the institution has made towards furthering equality of opportunity.

The recipients or categories for recipients of the personal data

Once uploaded to HEAT, your personal data is made available to the following third parties:

• The University of Kent, under the terms of a data processing agreement, as part of the HEAT service they provide for the University. They support the HEAT system and conduct monitoring and evaluation activities.
• Other third-party or charity organisations partnered with HEAT for the purpose of higher education outreach evaluation.
• HESA, UCAS, DfE and OfS to help determine whether our activities are helping participants move on from higher education and employment.

The right to withdraw consent, request erasure, or opt out of the processing

You can ask for your personal data to be withdrawn from the HEAT system at any time by writing to pre16activities@sunderland.ac.uk stating your name, date of birth, and the school you attended while participating in our outreach activities. If we relied upon your consent for our processing, withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal.

Data retention

Your personal data will only be retained for as long as it is necessary in accordance with the University’s Retention Schedule. Specifically, we will retain your HEAT personal data for:

• Activity Collection Form – for no longer than one academic year from the date you completed your form and volunteered your personal data to the University
• On the HEAT system until you reach 30 years of age, or if you go to university during this time for 15 years after you graduate from university
• Until you ask us to remove your personal data.

Your rights under GDPR

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

In the first instance, we would ask that you contact the Widening Access and Participation Team pre16activities@sunderland.ac.uk within the University.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, the Information Commissioner's Office. Visit their website to find out how to make a complaint.

Data Protection Officer: Sam Seldon
ICO registration number: Z6120473
Department responsible for processing: Marketing and Recruitment Services
Contact email: donna.beardmore@sunderland.ac.uk

Overview

The collection of personal data is used to communicate with the customer along different stages of their journey. The University will only communicate with those people via the channels they have specified on the form, or where the communication is relevant and necessary for the purpose that they have provided it, for example to communicate open day details to someone who has registered for that event. The subject’s data will be stored and used for statistical analysis, for example to see the effectiveness of forms of marketing and customer touch points across the website and recruitment events. The data will be segmented into relevant groups in order to provide the most relevant communications where someone has opted in or where statistical analysis is required – for example, grouping people into similar areas of interest, geographical locations and nationality. The website also uses a tool which recognises the location of website users and provides a more relevant browsing experience for those users.

	Specific activity	Legal basis
1	Provision of a prospectus, where the prospectus request form has been completed by the data subject.	Legitimate interest
2	Administration and management of open days, including communications relating to open days, where the open day registration form has been completed by the data subject.	Legitimate interest
3	Administration and management of the University Schemes (e.g. First Choice Scheme, MedStart Scheme) including communications relating to the schemes, where the scheme registration form has been completed by the data subject.	Legitimate interest
4	Administration and management of the Progression Scheme, including communications relating to the Progression Scheme, where the Progression Scheme registration form has been completed by the data subject.	Legitimate interest
5	Administration and management of Course Interest requests, including communications relating to Course Interest sign-up forms, where the Course Interest registration form has been completed by the data subject.	Legitimate interest
6	Administration and management of, and communications relating to Clearing, where the Clearing form has been completed by the data subject.	Legitimate interest
7	Administration and management of, and communications relating to, individual Tours, where the Individual Tour form has been completed by the data subject.	Legitimate interest
8	Administration and management of, and communications relating to Student Shadowing, where the Student Shadowing form has been completed by the data subject.	Legitimate interest
9	Administration and management of, and communications relating to, school liaison, where the expression of interest for the Schools and Colleges form has been completed by the data subject.	Legitimate interest
10	Administration and management of, and communications relating to a Live Chat transcript and associated data, where the data subject has used the Live Chat service and provided information.	Legitimate interest
11	Administration management and provision of communications relating to marketing, not specific to any of the above specific activities i.e. sending general University of Sunderland marketing emails to enquirers.	Consent
12	Administration and management of, and communications relating to the Video Builder platform transcript and associated data, where the data subject has used the Video Builder service and provided information.	Legitimate interest

Legitimate interests

The University has carried out a legitimate interest assessment and has concluded that legitimate interest can be applied to the specific processing activities, listed above, which cite legitimate interest as the legal basis for processing. The Data Protection Officer holds a copy of this assessment, which can be provided upon request.

The subject’s data may be shared with trusted partners for the purpose of fulfilling communications actions, including direct postal communications and, where consent has been given, digital advertising. Data will also be shared with Higher Education Access Tracker (HEAT) for more information; see the HEAT Privacy notice. Data will be transferred securely, with encryption techniques applied appropriately.

Enquirer data will be stored for three years after the subject’s desired Year of Entry, as expressed on the initial contact form, unless the subject becomes an applicant and/or a student.

Your rights under GDPR

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

In the first instance, we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority. In the UK, this is the Information Commissioner's Office. Visit their website to find out how to make a complaint.

University of Sunderland policy on recording, storing, and deleting interview recordings for Master of Pharmacy applicants.

Policy statement

This policy outlines the procedures for recording, storing, and securely deleting interview recordings for applicants to the Master of Pharmacy course. The University is committed to ensuring that all data collection and processing activities comply with the UK General Data Protection Regulation (UK GDPR) and respect the rights and privacy of applicants.

Scope

This policy applies to all staff members involved in the admissions process for the Master of Pharmacy course, as well as any third-party personnel authorised to assist with interviews.

Purpose

The purpose of recording interviews is to ensure a transparent, fair, and accurate applicant evaluation process; recordings will be used for moderation purposes only. This policy defines the responsibilities and procedures for handling interview recordings to protect applicant data and maintain compliance with UK GDPR.

Procedures

Consent and preparation

• Applicants must be provided with a UK GDPR-compliant consent form at least 48 hours before the interview; this would normally be provided to the applicant with all other interview communications.
• The consent form must clearly explain the purpose of the recording, how the data will be used, and the applicant's rights.
• The academic member of staff conducting the interview must confirm that the applicant has signed and submitted the consent form before beginning the interview; all consent information will be collated by the admissions tutor.
• All necessary recording equipment must be tested and functional prior to the interview.

Recording the interview

• At the start of the interview, the interviewer must verbally confirm that the applicant has provided consent for the recording.
• The recording must be focused on the interview and the applicant's responses.
• If an applicant withdraws consent during the interview, the recording must be immediately stopped, and the withdrawal of consent documented. In this case, any recording must be deleted as soon as possible.

Post-Interview Handling

• The recording must be transferred securely to a designated storage location immediately after the interview (this will be dependent on whether the interview has taken place on campus, face-to-face or online via Teams).
• Each recording must be labelled with the application number that does not contain personally identifiable information and the recording date.
• A log entry must document the transfer, including the date, time, and staff member responsible.

Secure storage

• For on-campus face-to-face interviews, recordings must be stored in a dedicated folder within the Sciences Recording Data Capture Drive, with access restricted to the admissions team responsible for evaluating applications and authorised personnel directly involved in the application process
• For online via Teams interviews, recordings must be downloaded and stored in a dedicated Teams channel with access restricted to the admissions team responsible for evaluating applications and authorised personnel directly involved in the application process
• Access controls to the storage areas must be implemented, and regular audits must be conducted to ensure data security.

Data retention

• Recordings must only be retained for the duration specified in the consent form (48h following the conclusion of the interview process).
• Reviews of stored recordings must be conducted to ensure recordings are deleted following their retention period.

Secure deletion

• Recordings must be securely deleted after the retention period using approved methods.
• The deletion process must be logged, including the date, method used, and staff member responsible.
• Periodic audits must confirm that no recordings remain beyond their retention period.

Review and continuous improvement

• The recording, storage, and deletion processes must be reviewed periodically to ensure compliance with UK GDPR and University policies.
• Feedback from staff or applicants following the interview must be addressed to improve the process; a log of actions taken should be maintained.

Incident management

• In the event of a data breach or unauthorised access, the University Data Controller must be informed immediately, and corrective actions taken.
• Affected applicants and relevant authorities must be notified as required by UK GDPR guidelines.

Roles and responsibilities

• Admissions Staff: Responsible for ensuring compliance with this policy during interviews.
• University Data Controller: Ensures UK GDPR compliance, oversees data security measures, and responds to applicant requests or data breaches.
• IT Technical Support: Provides technical support for secure storage, encryption as required, and deletion of recordings.

Review and approval

This policy will be reviewed annually by the Master of Pharmacy Admissions Team to ensure continued compliance and effectiveness.

Approved by: Adrian Moore in consultation with the compliance and admissions team.

Date: 24/01/2025

Effective date: 24/01/2025

Review date: 01/09/2025 (prior to commencement of 2025/26 admissions cycle).

Published: 4 November 2025

Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473

Registered address: 
4^th Floor Edinburgh Building
City Campus
Chester Road
Sunderland
SR1 3SD

Department Responsible for processing: Innovation and Enterprise
Contact email: business@sunderland.ac.uk

Changes to this notice

From time to time, the University will make minor modifications to this notice. If a more substantial change is required, we will inform you of these changes and provide you with a link to the newest version of the notice.

Overview

Throughout this notice, “University”, “we”, “our” and “us” refer to the University of Sunderland and “you” and “your” refer to those expressing an interest in either becoming a student at the University or engaging with the University in a short course or funded project both prior to and at the formal applications stage, together with those who later become a registered student/learner or participant in a course or project at the University.

The University of Sunderland needs to collect and process personal data in order to provide services to students, learners and external clients, manage its operations and meet certain legal requirements. This notice explains how we collect and use your personal data to do so.

Who are we?

Innovation and Enterprise offers a wide range of business support services; funded programmes, apprenticeships, work-based learning, training, recruitment, consultancy, commercial space, space hire, events, specialist facilities and business expertise.

How we collect your personal data from you

We receive information about you when you use our website; complete forms on our website or forms linked to our emails; if you contact us by phone, email, in person or otherwise, in respect to any of our services or during the purchase of any such product. Additionally, we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party, you warrant that you have obtained express consent from the third party for the disclosure and use of their personal data.

The University collects and processes a broad range of personal data about you in order to deliver our services to you, manage our operations effectively and meet certain legal requirements. Examples of this personal data will include name, address for correspondence, national insurance number, financial information, email address, contact telephone number, emergency contact details, date of birth, job title, department, place of work, employer name and contact details.

Personal data may also contain “Special Categories of data” as described under the UK GDPR. Such “Special Category Data” will include information about your racial or ethnic origin, religious beliefs, political opinions, membership of a trade union, and physical or mental health. When you register to enrol with us, you have the option not to provide certain types of “special category data”.

Why we collect your personal data and how we use it

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, enabling billing and remittance, and contacting you for customer service purposes.

The University will handle personal data in accordance with the University’s Data Protection Policy.

The University shares your information with a number of organisations and third parties; a list of these, along with our legal basis for processing your data in this way, can be found in Table 1.

How we use your data

We use the data about you in the following ways;

• To comply with our contractual or funding obligations, we have with external funding bodies
• To capture progress and evaluation data on funded projects
• To inform you about products, services and prices
• To inform you of service and price changes
• To help us identify you and any business interests we have with you
• To provide customer care, including responding to your requests if you contact us with a query
• To notify you about changes to our products or services
• To carry out marketing and statistical analysis
• To enable us to review, develop and improve our services
• To provide you with information about products or services that you request from us or which we feel may interest you
• To process orders for services that you have submitted to us
• To comply with our contractual or funding obligations we have with you
• To administer accounts, process payments, and keep track of billing and payments.

How your personal data is stored by the University

Your personal data is stored specifically by the Innovation and Enterprise Team. The information is stored in a secure folder on the Innovation and Enterprise Teams File. This is located on the University’s secured servers, and access is restricted to approved staff members only.

If you are engaged with us as part of a Funded Project or Programme, we are required to store your data in a secure folder on an Innovation and Enterprise Teams site and may be required to share this data with external funding bodies as part of an external audit.

Who has access to your personal data?

Access to personal data is restricted to only members of the University to whom this information is pertinent or to external funding bodies. Access is controlled, and all employees of the University of Sunderland who are given access understand that they have an obligation to maintain and uphold confidentiality at all times.

Retention periods

Any personal data held by us for marketing and service update notifications will be kept by us until such time as you notify us that you no longer wish to receive this information.

The University retains your personal data in accordance with the University retention schedule and in accordance with the retention policy of external funding partners.

Please note that some of the information you provide to us will be retained for a longer period of time to comply with external funding regulations. Steps will be taken to remove data which is no longer needed for specific purposes as soon as we identify that the data is no longer required.

If you are a customer of Innovation and Enterprise, we will keep your personal data only for as long as necessary in accordance with our legal and accountancy obligations, the University’s retention policy and in accordance with applicable laws. The University of Sunderland retains records for six years.

If you are engaged with us via an eternally funded project, programme or scheme, the retention policy will be clearly stated in the privacy statement of the specific external funding body, and a link to their privacy statement will be included in the individual project application forms.

Legal basis for processing your data

UK GDPR states that ‘personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject’. In order to meet these requirements, the University must have at least one legal basis to process your data. These are shown below.

The UK GDPR may be subject to change. If changes are significant, then we will communicate them to you.

Specific activity	Legal basis
Marketing to provide information about products and services that you request from us or which we feel may interest you, where you have consented to be contacted for such purpose.	Legitimate interest.
To help us identify you and any business interests we have with you.	Legitimate interest.
To enable us to review, develop and improve our services by means of a survey.	Consent.
To provide customer care, including responding to your request if you contact us with a query.	Legitimate interest.
To carry out marketing and statistical analysis.	Legitimate interest.
To notify you about changes to our website and services.	Legitimate interest.
To inform you of service and price changes.	Legitimate interest.
To provide products and services.	Performance of contract.
To process orders for services that you have submitted to us.	Performance of contract.
To comply with our contractual obligations we have with you.	Performance of contract.
To administer accounts, process payments, and keep track of billing and payments.	Performance of contract.

Personal Data released to Third Parties for the following purposes: 

To an external funder, as the Data Controller, providing funding for your funded training/employment opportunity. The University of Sunderland is required to share information with the following funding provider(s): NTCA North of Tyne Combined Authority More information about how and why NTCA uses your personal information, including how to ask for a copy of the personal information NTCA holds about you. Sunderland City Council, as part of the UKSPF Project Innovate and Grow Privacy notice – Sunderland City Council.	Performance of contract.
To your employer, as a stakeholder in your employment under a funded programme.	Performance of contract.
General E&I Activity.	Public activity.

Your rights under GDPR

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

If you wish to exercise one or more of your rights under GDPR, in the first instance, we would ask that you contact the department within the University that is processing your personal information.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority. In the UK, this is the Information Commissioner's Office. Visit their website to find out how to make a complaint.

 

Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473

Changes to this notice

From time to time, the University will make minor modifications to this notice. Where a more substantial change is required, we will inform you of these changes and provide you with a link to the newest version of the notice.

Overview

Throughout this notice, “University”, “we”, “our” and “us” refer to the University of Sunderland and “you” and “your” refer to those expressing an interest in becoming a student at the University, both prior to and at the formal applications stage, together with those who later become a registered student at the University.

The University of Sunderland needs to collect and process personal data in order to provide services to students, manage its operations and meet certain legal requirements. This notice explains how we collect and use your personal data to do so.

The University obtains personal data about you from the following sources:

• From when you provide your contact details for open day activities, or to request further information from us, make an application or enrol as a student;
• From third-party sources (such as UCAS, other institutions involved in the delivery of collaborative programmes, Government Departments such as the Home Office or the Student Loans Company). Where we obtain personal data from third-party sources, we will look to ensure that the third party has lawful authority to provide us with your personal data.
• From you when you disclose personal data during the course of your studies or when accessing services or resources (e.g. counselling, financial support, accommodation services).

The University collects and processes a broad range of personal data about you in order to deliver our services to you as a student, manage our operations effectively and meet certain legal requirements. Examples of this personal data will include your name, student ID number, application information, attendance, assessment marks, address for correspondence, national insurance number, financial information, email address, contact telephone number, emergency contact details, and date of birth.

Personal data may also contain “Special Categories of data” as described under the GDPR. Such “Special Category Data” will include information about your racial or ethnic origin, religious beliefs, political opinions, membership of a trade union, and physical or mental health. When you register to enrol with us, you have the option not to provide certain types of “special category data”.

The University will handle personal data in accordance with the University’s Data Protection Policy.

Please see Table 1 for a full list of the specific processing activities undertaken, along with our legal basis for doing so.

The University shares your information with a number of organisations and third parties; a list of these, along with our legal basis for processing your data in this way, can be found in Table 2.

We may share your personal data with organisations within and outside of the European Union. Where we share your personal data with countries outside of the European Union, we will ensure that there are appropriate safeguards in place to protect your personal data.

The University retains your personal data in accordance with the University’s Retention Schedule.

Please note that some of the information you provide to us will be retained long after your studies have ended, for example, so that we can verify your award. Steps will be taken to remove data which is no longer needed for specific purposes as soon as we identify that the data is no longer required.

Your rights under GDPR

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

If you wish to exercise one or more of your rights under GDPR, in the first instance, we would ask that you contact the department within the University that is processing your personal information.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority. In the UK, this is the Information Commissioner's Office. Visit their website to find out how to make a complaint.

Table 1 – Legal Basis for Processing Student and Potential Student Personal Data

	Specific purpose	Legal basis
1	Management of enquiries and communications with prospective students regarding our services, events and activities.	Consent.
2	Communicating with offer holder regarding the application and enrolment processes, including communicating information and services pertinent to their offer of study.	Necessary for the purpose of entering into a contract.
3	Processing applications of study and enrolment as a student, which can include the processing of criminal conviction data, DBS checking and health information.	Necessary for the performance of a contract.
4	Administration of induction events, registration of students on courses and transfers to new courses.	Necessary for the performance of a contract.
5	Evaluation of academic assessment and other coursework.	Necessary for the performance of a contract.
6	The provision of University accommodation, which may include processing special category information if this is relevant to your accommodation, for example, meeting the needs of health conditions or disabilities.	Necessary for the performance of a contract. Explicit consent when processing special category information.
7	Administration and management of your interactions with additional support services such as careers advice, counselling services, financial advice and access to sporting activities and car parking.	Access is optional; therefore, consent will be gained, and this will be explicit consent in relation to special category data. Consent Notices will be issued upon first contact with the relevant service.
8	The provision of career advice and student employability initiatives via service management systems.	Legitimate interest.
9	Processing safeguarding concerns to ensure the safety and wellbeing of our students.	Legitimate interest.
10	Monitoring student attendance at lessons, the submission of assessments and engagement with course material available on Canvas.	Necessary for the performance of a contract.
11	To offer facilities and services central to your studies, such as library access and access to IT equipment.	Necessary for the performance of a contract.
12	Granting of awards.	Necessary for the performance of a contract.
13	Processing and recovery of University fees, including course and accommodation fees.	Necessary for the performance of a contract.
14	Administration and management of job applications and employment contracts where the student is employed by the University in schemes such as Student Ambassadors or Residential Support Assistants.	Necessary for the purpose of entering into and performing a contract.
15	To monitor our compliance with equality legislation.	Necessary for the performance of a task in the public interest.
16	Registration as a member of the University alumni upon graduation. Your data as an alumnus will be processed in accordance with the University’s alumni data protection notice.	Legitimate interest.
17	Monitoring the use of IT services in accordance with our Acceptable Use Policy.	Legitimate interest
18	Administration of financial awards and prizes such as scholarships, bursaries and grants, including grants and scholarships provided by third parties.	Legitimate interest.
19	Provision of immigration welfare services for international students, including applications for visa extensions.	Legitimate interest.
20	Administration of external and internal student surveys, including the collection of feedback on distinct services such as Library services and careers services.	Consent.
21	Administration of complaints (including those complaints escalated to the University by partner institutions and Students' Union), investigations and disciplinary proceedings concerning student misconduct, including investigations into academic misconduct in accordance with the University’s procedure for handling academic misconduct, fitness to practice and fitness to study.	Legitimate interest.
22	Administration of academic appeals issued by students against the University.	Necessary for the performance of a contract.
23	For research and statistical analysis into Learner Analytics.	Legitimate interest.
24	Production of statistical returns required by certain third-party bodies, e.g. Higher Education Statistics Agency (HESA).	Necessary for the performance of a task in the public interest, or legitimate interest or necessary to comply with a legal obligation.
25	Production of student identification cards.	Necessary for the performance of a contract.
26	Administration of the University CCTV system and Body Worn Cameras in accordance with the University’s Body Worn CCTV policy.	Legitimate interest.

Table 2 – Legal Basis for Transfer of Personal Data Released to Third Parties

1	To UCAS to administer the applications and clearing process.	Necessary for the performance of a contract.
2	To the Students' Union for student details for registration of students as members of the Union and provision of Union benefits and services.	Legitimate interest.
3	To international Agents and consultants employed by the University or contracted to recruit students to the University, where there is a need for management information or to guide those students with whom they have a relationship through the application process.	Necessary for the performance of a contract or legitimate interest.
4	To the Higher Education Statistics Agency (HESA), the Office for Students (OfS) and Government Departments such as the Department for Education (DfE), for the analysis of student statistics and/or to enable them to carry out their statutory functions as applicable. For more information on the information shared with HESA, please refer to HESA's privacy notice (this disclosure may include special category personal data about ethnicity, sexual orientation, gender reassignment and religion).	Necessary for the performance of a task in the public interest, or legitimate interest or necessary to comply with a legal obligation.
5	To close family or next of kin and emergency services where there is an emergency situation, such as illness or serious injury.	Processing necessary to protect vital or legitimate interests.
6	To HESA for the purpose of conducting the Graduates Outcomes Survey, this transfer will occur approximately 15 months after you graduate. Please refer to the HESA Graduate Outcomes Privacy notice relating to the Graduate Outcomes Survey.	Necessary for the performance of a task in the public interest, or legitimate interest, or necessary to comply with a legal obligation.
7	To other UK-based and international educational institutions with which the University partners or collaborates to deliver placements, exchange programmes, joint or dual awards or franchised or validated awards.	Processing necessary for the performance of a contract or legitimate interest.
8	To the police or other regulatory bodies, where, pursuant to the investigation or disclosure of a potential crime or national security matters, such as Benefits or Tax Inspectors, UK Visas and Immigration and the Foreign and Commonwealth Office	Processing necessary for the performance of a task in the public interest.
9	To external examiners for the purpose of assessment.	Processing necessary for the performance of a contract.
10	To direct mail and marketing and events agencies who may assist the University in the administration of mailing to enquirers, applicants, offer holders, students and our alumni and the booking of events. Examples of such agencies include Eventbrite, Hotcourses, Sterling, and Alto Digital.	Legitimate interest.
11	To professional and industrial bodies (such as the Law Society and the General Pharmaceutical Council) wishing to communicate with students about career opportunities and membership of the body, including fitness to practice assessments and also where relevant to confirm your qualifications and accredit your course.	Consent or necessary for the performance of a contract or legitimate interest.
12	To external agents of the University in relation to the repayment of student debts, where internal recovery attempts have proven unsuccessful.	Legitimate interest.
13	To any third party wishing to access a catalogue within the University’s library containing reference to student work.	Consent or necessary for the performance of a contract or legitimate interest.
14	To the Home Office and other international and national government and regulatory bodies in connection with the assessment of students' immigration status.	Necessary for compliance with legal obligations or for the performance of a public task.
15	To other institutions, the University jointly conducts research work with or contracts to conduct research work on behalf of the University.	Necessary for scientific research or statistical purposes.
16	To the University’s insurers in respect of accidents or incidents occurring within the institution, and external auditors and external regulators such as the Health and Safety Executive.	Legitimate interestexplicit consent, or where there is a substantial public interest or necessary for the establishment, exercise or defence of a legal claim in relation to special category data.
17	Disclosures to grant funding bodies to evidence allocation of grant funding payments, including payments of salaries and contact details of students undertaking grant funding work (examples of grant funding organisations will include Erasmus, the European Commission and International Embassies).	Legitimate interest.
18	Disclosure to the Student Loans Company and Student Finance to administer student fees and confirm enrolment on courses and payment.	Necessary for the performance of a contract or legitimate interest.
19	Disclosure of apprentices’ attendance, conduct and progress data to Employers and organisations with which the University works to deliver our apprenticeship programmes.	Legitimate interest.
20	Disclosure of apprentice data to the Education and Skills Funding Agency (ESFA) and the Skills Funding Agency (SFA). More information about the data shared with the SFA is published in the ESFA Privacy Notice.	Legitimate interest.
21	To local authorities for council tax assessment purposes, or electoral purposes and for processing of care leaver bursaries.	Legitimate interest.
22	To organisations providing banking and online payment processing services, such as Barclays and WPM.	Legitimate interest.
23	To IT providers delivering externally hosted IT services or products to the University, such as Microsoft Office, Google and Instructure.	Legitimate interest.
24	To external agencies offering plagiarism checking services, such as TurnItIn and other academic institutions, to identify instances of collusion in relation to plagiarism misconduct.	Legitimate interest.
25	To fulfil requests for references regarding our students or graduates to external requesters.	Consent.

Notice last updated: 31 July 2024
Full review due: July 2026

Department Responsible for processing: Home Recruitment
Contact email: student.recruitment@sunderland.ac.uk

Overview

We collect your information on our travel bursary form in order to reimburse you for some of the costs of your travel to our Applicant Experience Events and/or interviews in accordance with the terms and conditions set out in the travel bursary document. Home Recruitment will receive your information and send your details to our finance department to input and authorise payment.

The legal basis for processing this personal data is that it is necessary for the performance of a contract/legal obligation or consent, which is obtained through your submission of this online form.

Your personal information will not be shared with any third party external to the University of Sunderland. Your personal information will not be transferred internationally.

Your personal information will be stored securely on the University-provided storage. This information will be administered by Home Recruitment for one year and will then be destroyed.

Your rights under GDPR

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

If you wish to exercise one or more of your rights under GDPR, in the first instance, we would ask that you contact the department within the University that is processing your personal information.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority. In the UK, this is the Information Commissioner's Office. Visit their website to find out how to make a complaint.

Data Controller Name: University of Sunderland
Data Protection Officer: Sam Seldon
ICO Registration Number: Z6120473

Registered address: 
Data Protection Officer
University of Sunderland
Room 202
St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Department responsible for processing: Innovation and Enterprise
Contact: venue@sunderland.ac.uk

Overview

This privacy notice explains why we collect your personal data, how we use your personal data, what personal data we collect, reasons we may need to disclose your personal data to others and how we store your personal data securely.

Who are we?

Venue Sunderland is part of the University of Sunderland’s Innovation and Enterprise Department (I&E). I&E offers a wide range of business support services; funded programmes, apprenticeships, work-based learning, training, recruitment, internships, commercial space, space hire, events, specialist facilities and business expertise.

How we collect your personal data from you?

We receive information about you when you use our website, complete forms on our website, if you contact us by phone, e-mail, in person or otherwise in respect to any of our services or during the purchase of any such product. Additionally, we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter. If you provide us with personal data about a third party, you warrant that you have obtained the express consent form the third party for the disclosure and use of their personal data.

Why we collect your personal data and how we use it

Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, enabling billing and remittance and to contact you for customer service purposes.

What type of data do we collect from you?

The personal data that we may collect from you includes:

• Name
• Address
• Email address
• Phone numbers
• Payment information
• Employer
• Employer address.

We also retain records of your queries and correspondence, in the event you contact us.

How do we use your data?

We use the data about you in the following ways

• To inform you about products and services, and prices
• To inform you of service and price changes
• To help us identify you and any business interests we have with you
• To provide customer care, including responding to your requests if you contact us with a query
• To notify you about changes to our website and services
• To carry out marketing and statistical analysis
• To enable us to review, develop and improve our services
• To provide you with information about products or services that you request from us or which we feel may interest you; and
• To process orders for services that you have submitted to us
• To comply with our contractual obligations we have with you
• To administer accounts, process payments and keep a track of billing and payments.

Will your personal data be shared?

Your personal data will only be used for the purposes outlined in this notice and will not be shared with any third party.

How your personal data is stored by the University

Your personal data is stored specifically by the I&E Department. The information is stored in a secure folder on the I&E shared storage. This is located on the University’s secure servers.

Who has access to your personal data?

Access to personal data is restricted to members of the University to whom this information is pertinent and Elior, our catering partner. Access is controlled, and all employees of the University of Sunderland who are given access understand that they have an obligation to maintain and uphold confidentiality at all times.

Retention periods

Any personal data held by us for marketing and service update notifications will be kept by us until such time as you notify us that you no longer wish to receive this information.

If you are a customer of Venue Sunderland, we will keep your personal data only for as long as necessary in accordance with our legal and accountancy obligations, the University’s retention policy and in accordance with applicable laws. The University of Sunderland retains records for six years.

Legal basis for processing your data

UK GDPR states that ‘personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject’. In order to meet these requirements, the University must have at least one legal basis to process your data. These are as follows:

Specific activity	Legal basis
Marketing to provide information about products and services that you request from us or which we feel may interest you, where you have consented to be contacted for such purpose.	Legitimate interest.
To help us identify you and any business interests we have with you.	Legitimate interest.
To enable us to review, develop and improve our services by means of surveys.	Consent.
To provide customer care, including responding to your request if you contact us with a query.	Legitimate interest.
To carry out marketing and statistical analysis.	Legitimate interest.
To notify you about changes to our website and services.	Legitimate interest.
To inform you of service and price changes.	Legitimate interest.
To provide products and services	Performance of contract.
To process orders for services that you have submitted to us.	Performance of contract.
To comply with our contractual obligations we have with you.	Performance of contract.
To administer accounts, process payments and keep a track of billing and payments.	Performance of contract.

Under the General Data Protection Regulations, you have eight fundamental rights as follows:

1. The right to be informed – The University is obliged to provide you with information on how we plan to process your data. We do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.
2. The right of access – You, as the data subject, have a right to access the personal (and supplementary) information that we hold; you also have the right to be made aware of and to verify the lawfulness of processing undertaken.
3. The right to rectification – If you find that we hold incorrect or incomplete data about you, then you have the right to request that this information be rectified.
4. The right to erase – This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.
5. The right to restrict processing – Under certain (defined) circumstances, you have the right to request that we restrict the processing we undertake using your personal data.
6. The right to data portability – You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.
7. The right to object – You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and the purposes of scientific/historical research and statistics.
8. Rights in relation to automated decision making and profiling – You have the right to object to your data being used in automated decision making or profiling.

In the first instance, we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.

If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email at dataprotection@sunderland.ac.uk or by post:

Data Protection Officer
University of Sunderland
Room 202, St Peter's Gate
Charles Street
Sunderland
SR6 0AN

Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, the Information Commissioner's Office. Visit their website to find out how to make a complaint.