Teesside University is a registered Data Controller and is subject to the UK General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA); two pieces of legislation that control the way organisations use personal data in order to protect the privacy of individuals. The legislation balances an individual's right to privacy with the need of organisations to use information about an individual for legitimate purposes.
Teesside University aims to process all personal data in accordance with the requirements and safeguards of Data Protection legislation. The University's approach to Data Protection is set out in our Data Protection Policy and Code of Practice . This Policy and Code of Practice contains links to other key Information Governance Policies, including Information Security which deals with how the University keeps your data safe.
The University has a wide range of functions and services which necessitate the processing of personal data. The University processes personal data of students, staff, alumni, research participants, visitors and individuals who work with the University.
We are committed to be open and transparent about how we deal with your information. You may have been given privacy information (in the form of privacy notices or fair processing notices) at various points in your contact with the University. The privacy notices below provide general privacy information for specific groups of individuals.
Data Protection legislation provides individuals (Data Subjects) with a number of rights with regard to their personal data. These are explained in our privacy notices and include a right to receive a copy of the personal data being processed, known as a Data Subject Access Request or DSAR.
To exercise any of your rights free of charge, you can send an email to dpo@tees.ac.uk, detailing the nature of your request, or complete our Data Subject Rights Request form.
To ensure compliance with legislation, and to maintain confidentiality, we may require proof of your identity. We may also require additional information from you to assist us in undertaking targeted searches for the information you require or to otherwise enact your rights. Once in receipt of this information, we will normally respond to you within one calendar month. However, requests to access personal data which are particularly complex or extensive, require us to extend the timeframe by up to two months (this will mean responding within a total of three months).
The right of subject access only applies to personal data relating to the data subject. As such, information relating to third parties or any information that does not relate to the data subject may be redacted (removed) from the information that is disclosed.
If you wish to make a subject access request or enact any of your data protection rights, please provide the details of your request, including information to assist us in identifying you, to the contact details below.
The University has appointed a Data Protection Officer (DPO) in compliance with Article 37 of the UK GDPR.
Our DPO can be contacted by email at dpo@tees.ac.uk by telephone on 01642 342093 or in writing to the following postal address:
The Data Protection Officer
Legal & Governance Services
Teesside University
Middlesbrough
TS1 3BX