Devised: 21st May 2018

Review Date: 1st July 2020

Supplier, Contractor & Client Data Privacy Statement

 

1. Introduction

Nottingham Trent Students’ Union (“NTSU”, “we”, “our” or “us”) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe and in line with data protection laws and best practice.  We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect.  Developing a better understanding of our members through your personal data allows us deliver better services and communicate with you effectively.

 Facilitating our legal requirements, organisation policy and services to our suppliers, contractors and clients through using your personal data allows us make better decisions, communicate more efficiently and, ultimately, ensure you receive the services required.

2. Where we collect information about you from

We collect information in the following ways;

2.i When you register as a supplier or contractor

When you register as a supplier with the NTSU you provide us with certain personal data, for example this may be through emails, letters, quotes, references, contracts.

2.ii When you register a client

When you register as a client with the NTSU you provide us with certain personal data relating to our arrangement.

3. What personal data we collect and how we use it

The type and quantity of information we collect and how we use it depends on why you are providing it.

3.i Suppliers and contractors

In registering as a supplier, we will normally ask you to provide us with the following personal information:

 

  • Name
  • Address
  • Email
  • Telephone number
  • Bank Details
  • Job Title

We will mainly use your data to administer our contracted duties with you.

 

3.ii Clients

In establishing a contract with us as a client we will normally ask you to provide us with the following personal information:

 

  • Name
  • Address
  • Email
  • Telephone number
  • Job Title & Organisation

 

We will mainly use your data to administer our contracted duties with you and undertake credit reference checks where appropriate.

4.How we keep your data safe and who has access

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.

 

Some of our suppliers may run their operations outside the European Economic Area (EEA).  We will always ensure they provide an equal or greater level of protection in accordance with UK data protection law. By submitting your personal information to any of these systems, you agree to this transfer, storing or processing at a location outside the EEA.

 

We may need to disclose your details if required by law to the police, regulatory bodies or legal advisors.  We will only ever share your data in other circumstances if we have your explicit and informed consent.

5. Keeping your information up to date

We request that suppliers, contractors and clients make best attempts to ensure data held by us is up to date and accurate. In the event of any changes to data or the discovery of any inaccuracies please contact the NTSU service you are dealing with. 

5. Understanding the detail of our data security measures

When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.

 

NTSU operates a Data Protection and Information Security Policy and supplements this with a Data Protection Handbook for our employees, contractors and volunteers.  All employees and volunteers handling data are required to undertake data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.

 

NTSU uses NTU Information systems to store and process all information.  NTU keeps these systems safe and secure in line with industry best practice, you can access their policies here.  NTSU and NTU have a legal data sharing agreement which covers all information shared. 

NTSU uses Machforms to collect and process information through online forms.  The type of data you submit on these forms collect will vary depending on the purpose however the data is kept securely on NTU servers and we have a legal data sharing agreement which covers this system.  

 

NTSU uses Customer Relationship Management software Insightly and E-Sign software PandaDoc to store and process all information for a sales process. Insightly and PandaDoc keep these systems safe and secure in line with GDPR.  NTSU has legal data sharing agreements which covers all information shared, to view Insightly’s Privacy policy click here and to view PandaDoc’s Privacy policy click here.

NTSU does not store any sensitive card data on our systems following online transactions. We use payment processor contracted through our website provider One Voice Digital to handle these matters.  Payments taken in store are handled through worldpay. 

7. Your rights

The General Data Protection Regulations sets out the following rights for individuals

7.i The right to be informed

This statement and associated documents set out what data we collect and how we process it.  At the point of collection, we will direct you to these documents and inform you of why we are collecting data.

7.ii The right of access

You have a right to ask for a copy of the information we hold about you, you can do this by contacting us on dataprotection@su.ntu.ac.uk  .

7.iii The right to rectification

If your data is inaccurate or incomplete and you have not been able to rectify it with the area of NTSU responsible, or you don’t know who to contact to rectify this information please contact dataprotection@su.ntu.ac.uk .

7.iv The right to erasure

If you would like us to erase all data we hold on you then you must contact us on dataprotection@su.ntu.ac.uk.  This right of erasure does not cover some data which is required to be kept by law, this may include for example accident reports, HR records, contracts, finance records.

7.v The right to restrict processing

You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. contractual services) we will do so.  

7.vi The right to data portability

We work with our suppliers to ensure any data you request from us will be in an easily readable electronic format. 

7.vii The right to object

If you would like to object about any of our data processing please contact us on dataprotection@su.ntu.ac.uk.

8. Our data protection officer?

The NTSU Data Protection Officer is currently Phil Kynaston and can be contacted on dataprotection@su.ntu.ac.uk

 9. Communicating changes to this statement

We may change this Privacy Statement from time to time in line with new or updated policies, procedures or legislation.  If we make any significant changes in the way we treat your personal information we will make this clear in our contractual relationship or by contacting you directly.

 

If you have any questions, comments or suggestions, please let us know by contacting:

dataprotection@su.ntu.ac.uk