This Privacy Notice sets out how we use the personal data of website users, enquirers, and visitors collected by phone, email, live chat, social media, post, and voicemail in line with Data Protection legislation (GDPR and DPA 18).
Sheffield Hallam University is the lead partner for the Sheffield Innovation Programme Continuation (SIP), a 3-year initiative delivered in partnership with The University of Sheffield and SCR Growth Hub which aims to stimulate company growth by encouraging product, process and service innovation and by addressing key business challenges.
The General Data Protection Regulation (GDPR) and the Data Protection Act 18 govern the way that organisations use personal data. Personal data is information relating to an identifiable living individual.
Transparency is a key element of the Data Protection Legislation and this Privacy Notice is designed to inform you:
- how and why the University uses your personal data,
- what your rights are under GDPR, and,
- how to contact us so that you can exercise those rights.
Who we share your data with
This Privacy Notice is for businesses and other organisations engaging with the University under SIP.
Data Subject Rights
One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For more information about these rights please see here and the Contact Us section at the end of this Privacy Notice.
Why are we processing your personal data?
It is a contractual obligation for the University to process your personal data in order to fulfil the requirements of our European Region Development Fund (ERDF) Funding Agreement with the Ministry of Housing, Communities and Local Government:
- To provide evidence of delivery and outputs; maintain records for audit; produce reports and funding claims for the managing authority, ERDF, project partners and public bodies.
- To monitor, review and evaluate the quality, standards and effectiveness of our service delivery against programme objectives and contractual targets
There are also a number of legitimate business purposes for which the University processes your data
- To plan, deliver and review our services and facilities
- To provide you with information and updates about our services, facilities, and engagement opportunities
- To monitor and manage Internet use
We may also ask for your consent to use your personal data for other purposes. You will be given additional information for each purpose and have the right to withdraw your consent at any time.
Where we process sensitive personal data, we will rely on the conditions in Article 9 of the GDPR: explicit consent, vital interests, legal claims, substantial public interest, occupational medicine, archiving/research.
Which Personal Data do we Collect and Use?
In order to provide our services, we need to collect and use your personal data. Below is a list of what this may include:
- Company Details including name, address and contact information
- Party Resources employed (Staff name/activity/time)
- Details of Jobs created
- Job title
- Job type
- Duration of contract
- Start date of employment
- Hours per week
- Region of job creation
- Gender
- Age
- Disability
- Ethnicity
For the purposes of programme delivery and to satisfy record retention requirements imposed by ERDF, we may collect information from the SIP engagement activity which includes potentially commercially sensitive and confidential business information. Although this information is not subject to the Data Protection Act or the GPDR, we will treat it appropriately.
Who do we share your data with?
You should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the organisation or outside Sheffield Hallam University. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The University NEVER sells personal data to third parties.
Your data may be shared with:
- University staff who need the information for administrative and programme delivery purposes.
- The programme partners, The University of Sheffield and Sheffield City Region Growth Hub.
- The Ministry of Housing, Communities and Local Government, ERDF and EU auditors responsible for the management and administration of the ERDF programme.
- Contractors and suppliers, where the University uses external services or has outsourced work which involves the use of business contact personal data on our behalf. The University will ensure that appropriate contracts and/or data sharing agreements are in place and that the contractors and suppliers process personal data in accordance with the GDPR and other applicable legislation. An example of suppliers includes consultants contracted to undertake third party evaluation of the programme, confidential waste disposal, mailing services. If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ‘adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.
- government bodies and departments, in the UK and EU, responsible for: public funding, statistical analysis, monitoring and auditing, regulatory matters
Security
The University takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention tools on the University network and segregation of different types of device; the use of tools on University computers to detect and remove malicious software and regular assessment of the technical security of University systems. University staff monitor systems and respond to suspicious activity. The University has Cyber Essentials certification.
Alongside these technical measures, there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.
Retention
The University is required by EU regulation to retain all project documents evidencing ERDF compliance, achievement of outputs, and financial claim records until 31st December 2033.
Contact Us
If you have a general question about the personal data required for SIP and how it is used by the University, please contact:
SIP Project Manager
Research and Innovation Services
Sheffield Hallam University
City Campus
Howard Street
Sheffield
S1 1WB
innovation@shu.ac.uk
Telephone: 0114 225 5000
If you would like to request copies of your personal data held by the University, please see our info about SARs (a subject access request).
If you would like to exercise your other rights (e.g. to have inaccurate data rectified, to restrict or object to processing) please contact our Data Protection Officer.
You should also contact the Data Protection Officer if:
- you have a query about how your data is used by the University
- you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
- you would like to complain about how the University has used your personal data
Data Protection Officer
Governance Services
City Campus
Howard Street
Sheffield
S1 1WB
DPO@shu.ac.uk
Telephone: 0114 225 5555
Further Information and Support
For more information about how Sheffield Hallam University uses personal data please see here
For more information about how the University of Sheffield uses personal data please see here
For more information about how SCR Growth Hub uses personal data please see here
The Information Commissioner is the regulator for GDPR. The Information Commissioner’s Office (ICO) has a website with information and guidance for members of the public:
https://ico.org.uk/for-the-public/
The Information Commissioner’s Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website: