University of Sunderland Report + Support Privacy Notice  
  
Data Controller  
Data Controller Name: University of Sunderland  
Data Protection Officer: Sam Seldon  
ICO Registration Number: Z6120473  
Registered Address: 4th Floor Edinburgh Building, City Campus , Chester Road , Sunderland , SR1 3SD  
 
Department Responsible for processing: Sunderland - Student Journey, Human Resources. London - Human Resources, Student Administration and Systems.
  
Overview    
Report + Support will be used as a reporting mechanism for students and staff to self and proxy report harassment and misconduct. The reports can come in self-service with named individuals or as anonymous submissions. Alternatively reports can be submitted by proxy on behalf of an individual, e.g. Staff submitting on behalf of a student post consultation. The purpose of reporting is so that the individual can obtain support which will come in two forms, via automated resources based on responses and support via university support services, most notably Wellbeing. Decisions will be made from an initial assessment of the report submission by a professional support staff member. For reports from Sunderland students this will be managed within Wellbeing (Student Journey) For Sunderland Staff, this will be managed by Human Resources. For London Students, this will be managed by Student Administration and Systems. For London Staff, this will be managed by London Human Resources. If required decisions will be made from case conferences where relevant colleagues will discuss intervention actions and next steps for support that may also include contributions from other departments internal to the university. 
 
This supports the Universities ‘Preventing and Responding to Harassment and Sexual Misconduct Action Plan’ overseen by the Safeguarding and Prevent Group and ultimately derived and driven from an Office for Students regulation regarding harassment and sexual misconduct in higher education. 
  
Under Article 6 of the General Data Protection Regulation the legal basis for processing data is lawful to the extent that you as the data subject has provided consent by submitting a report.  
  
A condition of registration with Office for Students requires each registered university to create and publish a single document explaining: 
  • Our steps we will take to protect students from harassment and sexual misconduct  
  • Our arrangements for handling incidents of harassment or sexual misconduct 
  • The support we will provide to those involved in incidents 
  • The training that we will provide to all students and all staff about what constitutes harassment and sexual misconduct and, in the case of staff, how to handle disclosures, formal reports, and investigations 
  • The university will also be required to have the capacity and resources to deliver everything required by the condition of registration.  
Data will be collected on a voluntary basis within the Report + Support system. Only authorised personnel within the University will be able to access the information you provide to us, however where applicable, responses and information of the report may be shared with other organisations where those authorised personnel deem a relevant and appropriate safeguarding issue has been identified. Other organisations include but not limited to: Local authorities including NHS, Police & suppliers who process information on our behalf such as homegroup our out of hours support suppliers.  
 
We may disclose your personal information to third parties who supply services to us, or who process information on our behalf, but will always take steps to ensure their security measures are adequate to protect your information. 
  
Data relating to student reports will be retained in line with our current core student record retention periods as per the University Retention Policy and therefore will be set to be retained for the student graduation/departure dates + 6 years. For staff reports, data will be retained in the same schedule as staff welfare records and therefore will be set to be retained for the end of the academic year of the report + 3 years. Upon any termination of a contract with the Report + Support system, Culture Shift will delete any data stored within 30 days of the contract end date. 
  
Your rights under GDPR  
 Under the General Data Protection Regulations, you have 8 fundamental rights as follows:  

  1. The right to be informed  
    The University is obliged to provide you with information on how we plan to process your data, we do this by means of a privacy notice. The University does this in order to process your personal data in a transparent manner.  
  2. The right of access  
    You as the data subject have a right to access the personal (and supplementary) information that we hold, you also have the right to be made aware of and to verify the lawfulness of processing undertaken.  
  3. The right to rectification  
    If you find that we hold incorrect or incomplete data about you, then you have the right to request this information is rectified.  
  4. The right to erase  
    This right enables you to request deletion or removal of your personal data when there is no longer a compelling reason for its continued processing.  
  5. The right to restrict processing  
    Under certain (defined) circumstances you have the right to request that we restrict the processing we undertake using your personal data.  
  6. The right to data portability  
    You have the right to request your personal data, which is held electronically, to be provided to you in a reusable format, such as a .csv file.  
  7. The right to object  
    You have the right to object to processing based on legitimate interests or in the performance of a task in the public interest (including profiling). This also applies to direct marketing and purposes of scientific/historical research and statistics.  
  8. Rights in relation to automated decision-making and profiling  
    You have the right to object to your data being used in automated decision-making or profiling.  
  
In the first instance, we would ask that you contact the department within the University that is processing your personal information. The contact details for this department can be found in the first section of this notice.  
  
If you are unhappy with how your request has been handled, or have not received a response from the individual department, please contact the Data Protection Officer either by email or by post. The email address for the Data Protection Officer is dataprotection@sunderland.ac.uk.  
  
Should you still feel that your request has been handled inadequately, you have the right to complain to the supervisory authority in the UK, this is the Information Commissioners Office, details of how to complain can be found at https://ico.org.uk/concerns/

There are two ways you can tell us what happened

Report Anonymously or Report with your Contact Details