We're a membership organisation which means at our heart is our students and the information process to make your University experience incredible. We also employ staff, work with suppliers and have customers for our commercial services so the information on this page is for those people too.
The way we manage and process your data is governed by the General Data Protection Regulations and Privacy of Electronic Communications Regulations, and these web pages aim to explain how we manage your information inline with the Regulations and what this means for you. We've been really open and transparent on these pages to help you be fully informed and understand your rights. Below you can see: how we access your data; our legal basis for processing your data and how you can change your preferences; who else processes data about you; and our policies for processing the data. Processing of personal data is also governed by the Data Protection Act 2018 and the codes of practice issued by the ICO.
We also have a document detailing our guidelines for all staff members and student volunteers. This can be viewed here. For student groups, you can find guidance and resources to help you understand your data protection responsibilities in our student group resources here.
Our legal basis for processing your data
Please be aware that while we have outlined the legal bases for processing your data, not all of these legal bases will apply to you. You should make sure you read each relevant privacy notice for further information.
Contract
As a student, customer or staff member you will likely have a contract with us when you use our services which allows us to facilitate our obligations to you.
Consent
In some cases, we may seek your consent for us to process your data for marketing purposes, prizes or competitions or engaging with our platforms.
Legal
We are obliged by various laws, inlcuding Education Act, Contracts Act and employment law to process certain data.
Legitimate Interest
We carefully balance your rights when we think there is a legitimate interest in us processing data to support you.
For example, to process your advertising enquiry with our media partner native, it is necessary for our legitimate interests to respond to your enquiry about advertising opportunities.
Purpose: To process your advertising enquiry with our media partner native
Lawful basis for processing including basis of legitimate interest: necessary for our legitimate interests (to respond to your enquiry about advertising opportunities.
The Students' Union carefully curate marketing and communications that might be relevant to you. Sometimes we need to send essential information where we believe there is a legitimate interest in you receiving this.
Our privacy statements detail more information about how we use your data to communicate with you or where you have given consent send you marketing. We use cookies to provide a tracking service of your usage with our website and recommend that you take the time to read our guidance on Cookies.
We also occasionally communicate with you through Durham University's platforms and media. The primary way we do this is through the weekly President's email, sent on our behalf to a Durham University student mailing list, so that we can keep you informed of the member benefits you are entitled to, and of what the Officers you’ve elected do in representing you. You can find out more about University mailing lists here, and how the University uses data here.
Freedom of information requests
The Freedom of Information Act 2000 gives individuals the right to know about the activities of public bodies and to request the disclosure of specific information about these activities. Durham Students’ Union is not a public body as defined in by the Act so does not have a legal responsibility to service Freedom of Information (FoI) requests. This means that when you engage with us (particularly relevant for employees or volunteers) your communications and information about your activity cannot be requested by FoI (this includes things like minutes of a student group meeting, group membership, group numbers).
Durham University is a public body and subject to Freedom of Information requests, so sometimes this can cause confusion for those who may not have realized Durham SU is a legally separate organisation. For the avoidance of doubt: the ICO is clear that while Durham University provides IT infrastructure for Durham SU, including @durham.ac.uk email addresses, this does not bring information held on behalf of Durham SU into the scope of FoI requests made to the University.
Durham SU wants to be open about our activities with students and the community, so even though we’re not subject to FOI requests we encourage people to ask when they have questions and our governance team can be reached on dsu.governance@durham.ac.uk. We recognize it will never be possible (or useful!) to publish everything about our activities on our website, so if you have a particular question about how we work or what we do then please contact us and ask. If it’s a complex or large request we may want to meet with you or chat to understand what information you’re looking for, or we may have to ask you to wait for us to have time to respond in depth. We might also, on occasion, have to explain why we can’t provide the information you’ve asked for. If we’re asked about activity of a student group or student initiative we will always seek to speak to the student organisers to make them aware before we share information, and will never include personal data in what we share.
Press requests, including from student press, should be handled by our communications team on dsu.marketing@durham.ac.uk rather than by our governance team.
reporting data protection breaches
If you become aware of or think a data protection breach may have occurred with data the students union (including any of our student groups) process, please email su.admin@durham.ac.uk to report the incident.
