Institute for Sustainability privacy notice
The University of Surrey is the “controller” of your personal data. We are registered with the Information Commissioner’s Office (our notification number is Z6346945) and we are committed to ensuring that the personal data we process is handled in accordance with data protection legislation.
We have a named Data Protection Officer who can be contacted via dataprotection@surrey.ac.uk.
One of our responsibilities is to tell you about the different ways we collect and use your personal data. This privacy notice provides details about these uses.
In addition to this statement, you may be given further information about the uses of your personal data when you use certain services offered by the University of Surrey.
Under UK data protection legislation, we are only allowed to collect the minimum amount of personal data that we need to carry out a specific purpose.
The aim of the University of Surrey’s Institute for Sustainability’ is to harness the power of collaboration across all disciplines (in the University of Surrey and beyond) to drive the transition to a sustainable world of long-term wellbeing for all.
The Institute is a synthesis platform, holistically bringing together education and research for action. By using systems thinking and disruptive innovation, the Institute can develop environmental, technological, social, economic and governance solutions.
We partner with real-world champions in the public, private and third sector to showcase how change can happen.
The Institute is committed to achieving our purpose in a way that protects and enhances the health of social and environmental systems.
The data we hold
The data we hold and process about you is the following.
- Name
- Job title and company name
- Email address
- Details on events you have enquired about or registered on
- Your dietary requirements if you have provided those on attending an event
- Whether you have registered an interest in learning more about a specific topic of research, programme, project, etc.
We only collect the data we need and keep that data up to date.
How we get this data
We receive this data from you when you:
- Complete our register for training form
- Take part in an event
- Attend an appointment/talk
- Consent to receiving our newsletter
- Contact us via our website.
We also receive data such as names/eligibility to take part in our services etc internally from other University of Surrey departments.
We may also analyse geographic/demographic/other information relating to you from publicly available sources, such as LinkedIn and other publicly available social media or through engagement with our digital assets, such as via our Linktree page.
The University collects only the data we need, and we keep the data up to date and only for as long as it is needed.
We take our obligations for handling your data very seriously and it is therefore important for you to know that we process your personal data on the following legal basis to:
- Send you regular newsletters to keep you up to date about what is happening at the Institute for Sustainability, among our partners and across the wider sustainability sector
- Invite you to online meetings, webinars and relevant in person events
- Register you for an event
- Send you information about future events that you may be interested in
- Ask for feedback on events that you have attended, which may include surveys
- Link you to partners interested in similar topics/projects/activities where you have given your consent
- Inform you about relevant products and services that may be of interest
- Promote funding opportunities and activities.
We do not use the data we collect to make decisions about individuals or to analyse information on an individual level.
The University processes personal data and special category data in accordance with data protection legislation and its own Data Protection Policy (PDF).
We keep your personal data for as long as it is required to perform its purpose or for as long as is required by law. These periods are defined in our retention management schedule.
We will review our contact list annually and will give you the opportunity to opt out at regular intervals, unless you advise us that you wish to be removed from our contact list outside of these review points.
We take the security of your data seriously. Details on University wide measures regarding IT security can be found in our Data Policy which is combined with our Data Protection Policy. This combined policy specifies regulations to be implemented to secure information and technology that the University manages and to protect against the consequences of breaches of confidentiality, failures of integrity and interruption of availability.
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Internally
Your information may be shared internally with other relevant departments.
External third parties
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions contained within a contract, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
As an individual whose data we process (a data subject), you have certain rights in relation to the processing. Find detailed information about your rights as a data subject.
You have the right to:
- Withdraw your consent for us to process your personal data where we have relied on that consent as our basis for processing your data.
- Ask us to confirm that your personal data is being processed and to access (i.e. have a copy) of that data as well as to be provided with supplemental information about the processing.
- Request that we rectify any inaccuracies where the data we hold on you is inaccurate or incomplete.
- Have your data erased by us, although in certain circumstances we may not be able to do this. The circumstances where this applies can be found in the guide to data subject rights information.
- Restrict the processing of your personal data in certain ways.
- Obtain your personal data for reuse.
- Object to certain processing of your personal data.
If you would like to exercise any of your rights please visit our make a privacy request section.
Make a complaint
If you have any concerns about the way that we have handled your personal data please email the Data Protection team as we would like to have the opportunity to resolve your concerns.
If you’re still unhappy, you have the right to complain to the Information Commissioner’s Office (an independent body set up to advise on information rights for the UK) about the way in which we process your personal data.