Privacy Notice for SRAC users (non-Sheffield Hallam students)
The Sheffield Regional Assessment Centre is an externally accredited, Disabled Students Allowances' Assessment Centre. It is based at Sheffield Hallam University City Campus and has an outreach centre at Collegiate Campus. The Sheffield Regional Assessment Centre is responsible for conducting Needs Assessments and producing reports for funding bodies and universities, recommending study support strategies and outlining individual impacts on study. The Sheffield Regional Assessment centre is audited for quality assurance annually by the external auditing body DSA-QAG.
Data Subject Rights
One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data. The GDPR gives you the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erase
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
For more information about these rights please see here and the 'Contact Us' section at the end of this Privacy Notice.
Why are we processing your personal data?
It is necessary for The Sheffield Regional Assessment Centre to process your personal data in order to fulfil all aspects of our contract with you:
- To manage all the elements of our service with you including pre-assessment information, your Needs Assessment interview, Needs Assessment Report, additional recommendations and as part of the fully inclusive assessment any further reviews of your support
- To process payment of our services to DSA on your behalf
- For identification purposes to manage access to our facilities and services
- To enable us to investigate, consider, respond to and monitor complaints and to provide information to professional and regulatory bodies which deal with such matters
It is necessary for The Sheffield Regional Assessment Centre to process your personal data in order to protect your vital interests or those of another individual
- To protect the vital interests of students and others, i.e. in emergencies/life or death situations/where we believe that a student or another individual is at significant risk of harm
There are also a number of legitimate business purposes for which The Sheffield Regional Assessment Centre processes your data
- To monitor, review and evaluate the quality, standards and effectiveness of our services and facilities
We may also ask for your consent to use your personal data for other purposes. You will be given additional information for each purpose and have the right to withdraw your consent at any time.
Where we process sensitive personal data, we will rely on the conditions in Article 9 of the GDPR: explicit consent.
Which Personal Data do we Collect and Use?
In order to provide our services we need to collect and use your personal data. Below is a list of what this may include:
Contact information and personal details
- Email address(es)
- Age / Date of Birth
- Gender / sex
- Telephone number(s)
- Level of study
- Diagnostic assessments and/or other medical evidence
- Disabled Students Allowances Documents*
The data that we hold is collected directly from you as the data subject.
* Denotes information which may contain data classified as sensitive personal data/special categories of personal data under the GDPR and as such is subject to a greater level of control, care, and protection.
^ Denotes information which you provide on a voluntary basis or where you are given the option of “prefer not to say” or "information refused".
Who do we share your data with?
You should be aware that in order to provide our services we may need to share your personal or sensitive personal data within the organisation or outside Sheffield Hallam University. The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The University NEVER sells personal data to third parties.
Your data may be shared with:
- Parents, guardians and other family members only where you have given your written consent or in the event of an emergency where the disclosure of personal data is considered in your vital interests or pertinent to your safety and well-being. Please see statement to family members.
- Contractors and suppliers, where the University uses external services or has outsourced work which involves the use of Students' personal data on our behalf. The University will ensure that appropriate contracts and/or data sharing agreements are in place and that the contractors and suppliers process personal data in accordance with the GDPR and other applicable legislation. Examples of suppliers include IT services and support, confidential waste disposal, mailing services.
- Government bodies and departments, in the UK responsible for:
- public funding
- statistical analysis, monitoring and auditing
- the University's insurers, legal advisers and DSA-QAG
The Sheffield Regional Assessment Centre hold records for its students in a separate, secure location, which is provided by the University. The University takes a robust approach to protecting the information it holds. This includes the installation and use of technical measures including firewalls and intrusion detection and prevention tools on the University network and segregation of different types of device; the use of tools on University computers to detect and remove malicious software and regular assessment of the technical security of University systems. University staff monitor systems and respond to suspicious activity. The University has Cyber Essentials certification.
Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.
Most student data is held for the duration of your course plus one further academic year. Some data is held for audit purposes beyond this time and the retention period depends on the type of audit (up to 7 years). Some data is held for statistical reporting purposes and analysis for a further 6 years. Data from complaints are kept for 6 years in case of further queries or actions.
- If you would like to request copies of your personal data held by the University please see our info about SARs (a subject access request)
- If you would like to exercise your other rights (e.g. to have inaccurate data rectified, to restrict or object to processing) please contact our Data Protection Officer.
You should also contact the Data Protection Officer if:
- you have a query about how your data is used by the University
- you would like to report a data security breach (e.g. if you think your personal data has been lost or disclosed inappropriately)
- you would like to complain about how the University has used your personal data
Data Protection Officer
Telephone: 0114 225 5555