Devised: 21st May 2018
Review Date: 1st July 2020
Nottingham Trent Students’ Union (“NTSU”, “we”, “our” or “us”) promises to respect any personal data you share with us, or that we get from other organisations, and keep it safe and in line with data protection laws and best practice. We aim to be clear when we collect your data and not do anything you wouldn’t reasonably expect. Developing a better understanding of our members through your personal data allows us deliver better services and communicate with you effectively.
Facilitating our legal requirements, organisation policy and services to our suppliers, contractors and clients through using your personal data allows us make better decisions, communicate more efficiently and, ultimately, ensure you receive the services required.
We collect information in the following ways;
2.i When you register as a supplier or contractor
When you register as a supplier with the NTSU you provide us with certain personal data, for example this may be through emails, letters, quotes, references, contracts.
2.ii When you register a client
When you register as a client with the NTSU you provide us with certain personal data relating to our arrangement.
The type and quantity of information we collect and how we use it depends on why you are providing it.
3.i Suppliers and contractors
In registering as a supplier, we will normally ask you to provide us with the following personal information:
We will mainly use your data to administer our contracted duties with you.
In establishing a contract with us as a client we will normally ask you to provide us with the following personal information:
We will mainly use your data to administer our contracted duties with you and undertake credit reference checks where appropriate.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
Some of our suppliers may run their operations outside the European Economic Area (EEA). We will always ensure they provide an equal or greater level of protection in accordance with UK data protection law. By submitting your personal information to any of these systems, you agree to this transfer, storing or processing at a location outside the EEA.
We may need to disclose your details if required by law to the police, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.
We request that suppliers, contractors and clients make best attempts to ensure data held by us is up to date and accurate. In the event of any changes to data or the discovery of any inaccuracies please contact the NTSU service you are dealing with.
When we process your data, we will have already carefully assessed the lawful justification for doing so, the parameters in which the data is processed, the length of time the data is held for, the secure storage of your data and undertaken impact assessments to ensure your rights are delivered.
NTSU operates a Data Protection and Information Security Policy and supplements this with a Data Protection Handbook for our employees, contractors and volunteers. All employees and volunteers handling data are required to undertake data protection training and third parties handling data are required to provide a contract which meets the requirements of the Information Commissioner's Office.
NTSU uses NTU Information systems to store and process all information. NTU keeps these systems safe and secure in line with industry best practice, you can access their policies here. NTSU and NTU have a legal data sharing agreement which covers all information shared.
NTSU uses Machforms to collect and process information through online forms. The type of data you submit on these forms collect will vary depending on the purpose however the data is kept securely on NTU servers and we have a legal data sharing agreement which covers this system.
NTSU does not store any sensitive card data on our systems following online transactions. We use payment processor contracted through our website provider One Voice Digital to handle these matters. Payments taken in store are handled through worldpay.
The General Data Protection Regulations sets out the following rights for individuals
7.i The right to be informed
This statement and associated documents set out what data we collect and how we process it. At the point of collection, we will direct you to these documents and inform you of why we are collecting data.
7.ii The right of access
You have a right to ask for a copy of the information we hold about you, you can do this by contacting us on email@example.com .
7.iii The right to rectification
If your data is inaccurate or incomplete and you have not been able to rectify it with the area of NTSU responsible, or you don’t know who to contact to rectify this information please contact firstname.lastname@example.org .
7.iv The right to erasure
If you would like us to erase all data we hold on you then you must contact us on email@example.com. This right of erasure does not cover some data which is required to be kept by law, this may include for example accident reports, HR records, contracts, finance records.
7.v The right to restrict processing
You have a right to ask us to stop processing your personal data, and if it’s not necessary for the purpose you provided it to us for (e.g. contractual services) we will do so.
7.vi The right to data portability
We work with our suppliers to ensure any data you request from us will be in an easily readable electronic format.
7.vii The right to object
If you would like to object about any of our data processing please contact us on firstname.lastname@example.org.
The NTSU Data Protection Officer is currently Phil Kynaston and can be contacted on email@example.com
We may change this Privacy Statement from time to time in line with new or updated policies, procedures or legislation. If we make any significant changes in the way we treat your personal information we will make this clear in our contractual relationship or by contacting you directly.
If you have any questions, comments or suggestions, please let us know by contacting: