Privacy Notice
Introduction
Transparency is a key element of data protection legislation and this Privacy Notice is designed to inform you:
• how and why your personal data might be used,
• what your rights are in relation to the use of your personal data, and,
• how to contact us so that you can exercise those rights.
We keep our privacy policy under regular review. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by email.
Data Subject Rights
Data protection legislation gives you the following rights:
The right to be informed
The right of access
The right to rectification
The right to erase
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
How we get the personal information and why we have it
The personal information we process is provided to us directly by you for the following reason:
• To join our mailing list
Under the UK General Data Protection Regulation (UK GDPR), the lawful basis we rely on for processing this information is:
Your consent. You are able to remove your consent at any time. – All personal information held is collected through an opt-in process. Should you wish to know what information we hold, or withdraw this information from our systems, this can be done via email request at any point.
Which Personal Data do we Collect and Use?
If you choose to sign up to our mailing list we collect and process the following information:
Personal identifiers – name
Contact details – email address
We also capture web statistics using Google analytics. This is not linked to your name or email address but anonymously collects information linked to the device you are using, including usage time, broad geographical location and click-through rate. Google Analytics is a widely used and trusted analytics solution for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on cookies, see our cookies policy and the official Google Analytics page.
Who do we share your data with?
You should be aware that in order to provide our services we may need to share your personal data within the organisation or outside Sheffield Hallam University. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. Your personal data will NEVER be sold to third parties.
Your data may be shared with:
• University staff who need the information for administrative or research purposes.
• Contractors and suppliers, where the University uses external services or has outsourced work which involves the use of personal data on our behalf, e.g. IT services and support, mailing services, confidential waste services. The University will ensure that appropriate contracts and/or data sharing agreements are in place and that the contractors and suppliers process personal data in accordance with the GDPR and other applicable legislation.
Security
The University takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention tools on the University network and segregation of different types of device; the use of tools on University computers to detect and remove malicious software and regular assessment of the technical security of University systems. University staff monitor systems and respond to suspicious activity.
Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.
Retention
We will keep details such as names and email addresses for a period of up to two years. We will periodically ask you to confirm that you with to remain on the list, and in the absence of such confirmation we will then dispose of personal information by erasing relevant files. If you would like your data to be removed sooner, please get in touch via email at ncsem@shu.ac.uk
Contact Us
Please get in touch if:
• you would like to request copies of your personal data held by the University (a subject access request)
• you would like to exercise your other rights (e.g. to have inaccurate data rectified, to restrict or object to processing)
• you have a query about how your data is used by the University
• you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
• you would like to complain about how the University has used your personal data
In the first instance you can get in touch with us at: ncsem@shu.ac.uk
Alternatively, you can also contact Sheffield Hallam Universities Data Protection Officer at:
Data Protection Officer
Governance Services
City Campus
Howard Street
Sheffield
S1 1WB
DPO@shu.ac.uk
Telephone: 0114 225 5555
Further Information and Support
Please see more information about how the University uses personal data.
The Information Commissioner is the regulator for GDPR. The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public: https://ico.org.uk/for-the-public/
The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website: https://ico.org.uk/global/contact-us/