Privacy Notice - Report and Support
Introduction
Data protection laws govern the way that organisations use personal data. Personal data is information relating to an identifiable living individual.
Transparency is a key element of the legislation and this Privacy Notice is designed to inform you:
· how and why the University uses your personal data,
· what your rights are under GDPR, and,
· how to contact us so that you can exercise those rights.
Data Subject Rights
One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data.
The GDPR gives you the following rights:
· The right to be informed
· The right of access
· The right to rectification
· The right to erase
· The right to restrict processing
· The right to data portability
· The right to object
· Rights in relation to automated decision making and profiling
· The right to complain to the Information Commissioner
For more information about these rights please see here and the Contact Us section at the end of this Privacy Notice.
Why are we processing your personal data?
You may choose to provide your personal details when you make a report to Report and Support. University staff may make a report to Report and Support on your behalf. Third parties outside the University (e.g. parents, friends, and members of the public) may also provide your personal details when making a report. We process this personal data as part of our duty of care exercised in the public interest (UK GDPR Article 6(1)(e)) for the following purposes:
· to provide support and wellbeing services
· to make risk assessments
· to ensure the health, safety and security of our students, staff and others
· to monitor, review and evaluate the quality and effectiveness of our services and facilities
· to monitor and promote equality and diversity within the University.
Anonymised data and statistics (from which individuals cannot be identified) will be used:
· to plan, monitor and improve our services and facilities and to inform the development of policies and services
· for reporting purposes and to promote awareness of issues and University services.
Which Personal Data do we Collect and Use?
In order to provide our services we need to collect and use your personal data. Below is a list of what this may include.
* denotes data which is classified as sensitive personal data/special categories of personal data under data protection laws and as such is subject to a greater level of control, care, and protection.
| Personal and Contact Details | Equality and Diversity Information
| · Name(s) | · Gender / sex
| · Contact details (telephone, email) | · Age
| | · Disability*
| Relationship with University | · Religion/belief*
| · Relationship with the University (student, staff, other) | · Sexual Orientation*
| · Faculty/College/subject area | · Race/Ethnicity*
| · Staff or student number | · Transgender/non-binary identity
| | · Marriage or civil partnership
| Incident and Report Details | · Pregnancy*, maternity*, paternity
| · Details of the incident as provided by you or the person reporting the incident | · Other characteristics which you choose to disclose*
| · The outcomes that you would like from the report |
| · Name(s) | · Gender / sex
| · Contact details (telephone, email) | · Age
| | · Disability*
| Relationship with University | · Religion/belief*
| · Relationship with the University (student, staff, other) | · Sexual Orientation*
| · Faculty/College/subject area | · Race/Ethnicity*
| · Staff or student number | · Transgender/non-binary identity
| | · Marriage or civil partnership
| Incident and Report Details | · Pregnancy*, maternity*, paternity
| · Details of the incident as provided by you or the person reporting the incident | · Other characteristics which you choose to disclose*
| · The outcomes that you would like from the report |
Who do we share your data with?
A limited number of staff within Student and Academic Services are able to view the reports submitted to Report and Support.
Your personal data will normally only be shared with your consent. Where we believe that there is a genuine threat to a person's safety we may share your details without your consent for safeguarding purposes or to protect your vital interests.
We may share data with:
· other University staff who need the information to provide administrative, risk management and wellbeing/support services.
- the police and/or other organisations responsible for safeguarding or investigating a crime
· external specialist support services and public authorities (e.g., safeguarding teams, rape crisis).
· student medical centre or GP
· the Students Union and accommodation providers/landlords.
· Contractors and suppliers, where the University uses external services or has outsourced work which involves the use of personal data on our behalf. The University will ensure that appropriate contracts and/or data sharing agreements are in place and that the contractors and suppliers process personal data in accordance with data protection and other applicable legislation. Culture Shift runs and hosts the Report and Support website on behalf of the University.
· Parents, guardians and other family members only where you have given your consent or in the event of an emergency where the disclosure of personal data is considered in your vital interests or pertinent to your safety and well-being.
Please be assured that the privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so.
If you have submitted a report on behalf of someone else, we will only contact them if they have given consent for the report to be made and you have provided your name and contact details. We will only contact you if you have given us permission to do so.
The University NEVER sells personal data to third parties
Security
The University takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention tools on the University network and segregation of different types of device; the use of tools on University computers to detect and remove malicious software and regular assessment of the technical security of University systems. University staff monitor systems and respond to suspicious activity. The University has Cyber Essentials certification.
Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.
Retention
Reports submitted to Report and Support will be retained for 6 years.
Contact Us
You may contact the University's Data Protection Officer if:
· you would like to request copies of your personal data held by the University (a subject access request
· you would like to exercise your other rights (e.g. to have inaccurate data rectified, to restrict or object to processing)
· you have a query about how your data is used by the University
· you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
· you would like to complain about how the University has used your personal data
Data Protection Officer
Governance, Legal and Sector Regulation
City Campus
Howard Street
Sheffield
S1 1WB
DPO@shu.ac.uk
Telephone: 0114 225 5555
If you would like more information about Report and Support please contact reportandsupport@shu.ac.uk.
Further Information and Support
For more information about how the University uses personal data please see the Privacy and GDPR pages of the University’s website: https://www.shu.ac.uk/about-this-website/privacy-policy.
The Information Commissioner is the regulator for GDPR. The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public:
https://ico.org.uk/for-the-public/
The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website:
https://ico.org.uk/global/contact-us/