Read about how we process personal data and find out about your rights.
This notice outlines the University’s processing activities relating to personal data and covers the following:
- the basis for processing your personal data
- personal data we collect about you and how we use it
- retention of personal data
- disclosure and transfer of personal data
- your rights including access to information and correction
- other websites
- changes to our privacy notice
- how to contact us.
The University of Sussex is registered as a data controller with the Information Commissioner’s Office (ICO). Our registration reference is Z6428144.
You can refer to the University’s Data Protection Policy for more information about our commitment to processing personal data in a way that is compliant with the General Data Protection Regulation.
The Data Protection Officer for the University of Sussex is Alexandra Elliott, Head of Information Management and Compliance. If you have any queries concerning your personal data and how it is processed, contact the Data Protection Officer at firstname.lastname@example.org.
We process personal information to enable us to provide education and support services to our students and staff; advertising and promoting the University and the services we offer; publication of the University magazine and alumni relations, undertaking research and fundraising; managing our accounts and records and providing commercial activities to our clients.
We also process personal information via the use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime, for disciplinary proceedings against staff and students, for monitoring security and for assisting in traffic management and parking enforcement.
We will collect and process personal data about you for the purposes described above. Personal data may include “special categories of data” as described under the General Data Protection Regulation, such as information about your racial or ethnic origin, religious beliefs or other beliefs, and physical or mental health.
When we process personal data, there needs to be a legal basis for doing so and, if we process special categories of data, we need to meet additional conditions too. Further information can be found on the ICO’s website.
The University processes personal data largely on the basis that it is necessary for the performance of our tasks carried out in the public interest or because it is necessary for our or a third party’s legitimate interests. The purpose of the University is to advance learning and knowledge by teaching and research to the benefit of the wider community and examples of processing on this basis include monitoring and evaluating the performance and effectiveness of the University and improving the academic, corporate, financial and human resource management of the University.
We may also process your personal data because it is necessary for the performance of a contract with you or in order to take steps at your request prior to entering a contact. For example, this may include interacting with individuals before they are enrolled as a student, as part of the admissions process, or dealing with any concerns a student may have.
We may also need to process personal data to comply with our legal obligations. This can include compliance and regulatory obligations, such as anti-money laundering laws, immigration obligations and safeguarding requirements, or to assist with investigations carried out by the police or other authorities. We may also process your personal data where it is necessary to protect your or another person’s vital interests, or in circumstances where we have your specific consent to do so.
Information is collected in several different ways dependent on your interaction with the University and personal data is processed for the purposes outlined below.
Website usage and enquiries
We collect personal data from visitors to this website through the use of online forms as well as when you email us with an enquiry. We also collect information about the transactions you undertake through this site including details of payment cards used. In addition, we collect information automatically about your visit to our website. Further information about ‘Cookies’ is set out below.
We may process information collected through this website or other electronic networks used by the University, for the purposes of advertising, marketing, public relations and general advice services as follows:
- the identification of recipients for University services and administration of promotional campaigns,
- the advertising and promotion of the University and its services including by direct marketing means,
- the advertisement and provision of general advice to members of the public about University services,
- the advertisement and promotion of the University through third party products and services, e.g. financial sponsorship,
- fundraising for the University and other organisations (excluding fundraising through alumni).
Applicants, students and staff
We collect personal data via student applications through the UCAS system and our own application systems. Should you subsequently enroll as a student at the University, a student record will be created for you.
The data collected from you as a prospective student or student is used by the University for the following:
Accounts and records
- the administration of student accounts and payments
- to maintain a central student record.
- administration of education and training such as registration
- calculation and publication of exam results, provision of references
- provision of education and training such as the planning and control of curricula and exams, and commissioning, validating and producing educational materials
- administration of applications, e.g. receipt and processing of UCAS forms, compilation of statistics, assessments including preliminary and confirmed offers, liaison with UCAS
- preparation of statutory returns
- administration of student awards and fees
- administration of the discipline and academic misconduct processes
- administration of the academic appeals process
- administration of visiting and exchange students and Study Abroad programme.
Student support services
- administration and management of University- and privately-owned property including accommodation services
- administration of grants and loans, e.g. student loans and access loans
- administration and provision of health care services
- administration and provision of library services including membership records, loan/hire records, information and databank administration
- ticket issue/reservation services
- administration and provision of a student card
- administration and provision of welfare and pastoral services
- careers guidance
- provision of creche facilities
- administration and provision of computing facilities
- administration and provision of student union services
- other commercial or information services, such as the University magazines.
- the promotion of the relationship between the University and its alumni
- University-related fundraising initiatives involving alumni
- advertising and promotion of alumni events and reunions
- distribution of University mailings, e.g. alumni magazines, newsletters, annual reports, and message forwarding (without disclosure of data)
- the promotion of benefits and services available to alumni from third parties
- eliciting non-financial support, such as careers advice to students and help with student recruitment
- advertising, marketing and public relations for others.
For more detailed information about how we use personal data as part of our alumni relations, see our alumni services privacy notice.
Your information may be used to send you details of products or services that we offer that we have identified as likely to be of interest to you, but you will only be contacted according to the preferences you submit when providing your personal data. If you would like to change these preferences (e.g. opt out of receiving some communications or change channels used for contact) at any point, you can:
- use the link on the bottom of the last email you received from us
- use Study/Sussex Direct to update preferences
- email email@example.com if you are a former student.
Employment applications and staff
We collect personal data via the employment application and recruitment process, and when you enter into a contract as an employee of the University. This data is used by the University for:
- administration of payroll and pensions
- provision of occupational health services
- management of absence records
- administration of flexible working arrangements
- providing access to secured buildings and to parking facilities
- ensuring compliance with the University’s Equality and Diversity Policy
- reviewing performance and facilitating promotion and reward
- processing expenses and administrating corporate spending accounts.
Basic personal details can be maintained via Sussex Direct and MyView, and/or by contacting your Human Resources representative.
We may process your personal data for the purpose of research. Further information can be found within our Research policies.
The University will only keep your personal data for as long as is necessary for the purpose for which it is processed.
Personal data is processed and stored in line with the University’s Master Records Retention Schedule which sets out how long different categories of personal data should be held by the University.
We will only disclose your personal data to a third party when we are required to by law, where we have your specific consent, or to the following:
- companies or suppliers with whom we engage to process data on our behalf – if so, we will ensure adequate arrangements are in place to protect your personal data, such as a data sharing agreement
- relevant government departments and agencies such as the Higher Education Funding Council for England, the Home Office (in connection with visas and immigration) and local authorities (for Council Tax and Electoral Registration purposes)
- professional and regulatory bodies in relation to confirmation of qualifications, professional conduct and the accreditation of courses
- legal representatives
- internal and external auditors.
We are also required to send personal data to the Higher Education Statistics Agency (HESA). HESA collects personal data relating to staff, students and leavers from Higher Education. Details of how HESA will process your personal data.
From time to time, the University will transfer limited personal data outside the European Economic Area. Where this does occur, the University will adhere to the requirements of the General Data Protection Regulation and ensure that adequate technical and organisational controls are in place.
You have a number of rights under the General Data Protection Regulation, including the right:
- to rectify inaccuracies in personal data that we hold about you
- to be forgotten in some circumstances, that is your details to be removed form systems that we use to process your personal data
- to restrict the processing of your personal data in certain ways
- to obtain a copy of your data in a commonly used electronic form
- to withdraw consent where that is the legal basis of our processing
- to object to certain processing of your personal data by us.
Further information about your rights can be found on the ICO’s website.You may also contact the Data Protection Officer for further information.
You have the right to ask to see what personal data we hold about you, known as a subject access request. For more information, refer to our Data Protection pages for guidance on how to submit subject access requests.
You have a right to complain to the ICO about the way in which we process your personal data. Information on how to report concerns to the ICO.
Cookies are files placed on your computer to collect standard internet log information and visitor behaviour information. This helps us to understand visitor behaviour, to remember your preferences and improve user experience.
Our website may contain links to other websites that are outside our control and are not covered by this privacy notice. Our notice only applies to the University of Sussex’s website so when you link to other websites, you should read their own privacy policies.
We keep our privacy notice under regular review and the notice was last updated on 18 May 2018.
In particular, as the General Data Protection Regulation is new law and the extent of the lawful grounds for processing data has yet to be fully understood, the University may review and update this notice. Any updates will be placed on this webpage.
If you have any questions about our privacy notice or the information we hold about you, you can contact the University’s Data Protection Officer by email at firstname.lastname@example.org or you can write to Alexandra Elliott, Data Protection Officer, University of Sussex, Sussex House, Falmer, Brighton, BN1 9RH.