The Union is a "Data Controller". This means that we are responsible for deciding how we hold and use your data. This privacy notice is being made available to you because, in order to operate the SUSU.ORG website and fulfil your requests, we may collect and store personal information that you submit to the Union via this website. This notice informs you about how and why your personal data will be used and how long it will usually be retained by us. It provides you with certain information that must be provided under the General Data Protection Regulation (EU 2016/679) (GDPR 2016), the UK Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulation 2003 (PECR) and any other relevant data protection legislation that may apply (together "the Acts").
Our registration number with the Information Commissioner’s Office is Z3301920.
Gathering and Use of Personally Identifiable Information.
During the SUSU.ORG registration process we gather your name and email address. This personal information is held by us with care and security and is used by us in order to contact you with Students' Union news and information about website updates. You may opt-out of receiving future mailings at any time; see the Choice/Opt-Out section below. We do not share your personal data with any outside parties without your express authorization, except in the special circumstances described below.
Gathering and Use of Non-Personal Information.
The SUSU.ORG website also gathers non-personal information including your computer's IP address which may be used in diagnosing server problems and for administration of our website, as well as to provide an audit trail in the case of attempted illegal use of the site and to guard against spamming. Your IP address may also be used to help identify you and your shopping cart and to gather broad demographic information. SUSU does not track or monitor your individual surfing activities.
Sharing of Aggregate Information.
While we will not share personally identifiable data or information with third parties, some of your non-personal information may be shared on an aggregate or statistical basis, for example, statistics that indicate the number of users who registered in February, but such information will not be sufficient to permit the recipient to identify you.
Information Collected by Our Web Servers.
The SUSU.ORG website runs on web servers which compiles log files of visitors who visit our site so that we can monitor traffic to our site. Information collected is the standard kind of information collected by most web servers, including your IP address, incoming domain, time and date, pages viewed, length of time visiting the site and type of browser you are using.
|Cookie||First or Third Party||Purpose||Expiry|
|SUSU_ID||First party||Determines whether a user is logged in, and allows the website to permit access to certain information||1 year|
|unionuser||First party||Legacy cookie from older parts of susu.org, used for login||2 months|
|_stripe_mid||Third party||Stripe payments cookie - used for Fraud prevention and detection||1 year from set/update.|
|_ga||Third party||Google analytics cookie - determines unique visitor to our site||2 years from set/update.|
|_gid||Third party||Google analytics cookie - determines unique visitor to our site||24 hours from set/update.|
|_gat||Third party||Google analytics cookie - used to throttle request rates||1 minute|
|__utma||Third party||Google analytics cookie - determines unique visitor to our site||2 years from set/update.|
|__utmt||Third party||Google analytics cookie - used to throttle request rate.||10 minutes.|
|__utmb||Third party||Google analytics cookie - tracks the time spent and pages viewed on our site||30 minutes from set/update.|
|__utmc||Third party||Legacy Google analytics cookie used to determine whether a user was new or not||End of browser session|
|__utmz||Third party||Google analytics cookie - stores & tracks how you were referred to our site||6 months from set/update|
|__utmv||Third party||Google analytics cookie - stores visitor-level custom data||2 years from set/update|
Further information about the use of Google Analytics can be found here
We use session cookies on our sites. These are temporary cookies that remain in the cookie file on your computer until you close your browser, at which point they are deleted. They allow websites to link the actions of a user during a browser session.
For example, we use session cookies to allow us to recognize and count the number of visitors and to see how they move around the site.
We also use persistent cookies on our sites. These remain on your hard drive until you erase them or they expire. Persistent cookies allow the preferences or actions of a user on the website to be remembered across browser sessions.
For example, we use persistent cookies to store your log-in information (username, email and encrypted password) on your local machine. This allows you to stay logged in to all of the SUSU.ORG network websites. When you log out, the cookie is deleted.
To help us improve our sites we also use Google Analytics to track usage. Google Analytics provide us with statistical information, such as, which pages on our website are visited most frequently and how long visitors spend on them. None of the information can be traced to an individual - we do not know who you are, merely that there are a certain number of people using the website.
The web browsers of most computers are initially set up to accept cookies. If you prefer, you can set your web browser to disable cookies or to inform you when a website is attempting to add a cookie. You can also delete cookies that have previously been added to your computer's cookie file.
If you choose to withdraw consent for use of our cookies on your computer, please note this will impact your experience on using our site. This includes, but is not limited to, being unable to use online nominations and voting systems, use of the online box office / shop and access to information about your specific academic representatives.
Information Gathered by E-Commerce.
If you choose to purchase any products from our website, additional information may be gathered from you in order to complete the credit card transaction.
SUSU may disclose personally identifying information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) SUSU's rights or property, other SUSU.ORG users, or anyone else that could be harmed or affected by such activities. SUSU may disclose account information when we believe in good faith that the law requires it.
Links to Other Sites.
Our website and mailings contain links to various websites. Please be aware that these links and websites are not controlled by SUSU and that SUSU has no responsibility for the content, operation or privacy practices of the websites linked to by us. The websites linked to by SUSU.ORG are not covered by this privacy statement.
Security Measures to Protect Your Information.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, SUSU cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk. Once we receive your transmission, we make every reasonable effort to ensure its security on our systems.
When might SUSU contact me?
What about children's privacy?
SUSU does not attempt to collect personal information from children, and it is not our policy to allow children to use our services.
We encourage parents and other legal guardians to spend time online with their children to become familiar with the types of content available through SUSU.ORG and over the Internet in general, and to regularly oversee their children's use of online facilities. Children should always ask their parents' permission before sending any personal information to us, or anywhere on the Internet. If a child under 13 has in fact registered or begun using SUSU.ORG contrary to our policy, or for other privacy matters, a parent or guardian should contact us by sending email to email@example.com
When you complete the SUSU.ORG registration form, your email address will be added to our registered user database and you may infrequently be sent mailings, for instance, a welcome message to let you know that your registration was completed successfully, or for major announcements about the company or products. If you do not want to receive these messages, you can opt out at any time as described below. The SUSU.ORG registration process also lets you choose to receive the SUSU newsletter by checking the appropriate checkboxes on the registration form. If you do not check these checkboxes, your email address will not be added to these mailing lists and you will not receive these mailings.
Each of these mailing lists are maintained separately, and in order to stop receiving mailings from us you will need to unsubscribe from each of these lists individually. The easiest way to unsubscribe from these mailings is to follow the instructions in the most recent mailing and e-mail a specially coded email address back to the list server. This will automatically unsubscribe you from the mailing list. You can also send us a message at firstname.lastname@example.org for further assistance and we'll make every reasonable effort to remove you from the list. To change your name or email address in our mailing list database, just unsubscribe and then resubscribe by going through the SUSU.ORG registration again.