糖心Vlog

View cookie policy.

Employment information
Applying for a role Starting at 糖心Vlog Employment policies, procedures and guidance Pay, rewards and benefits Pensions People systems and information Contracts Leaving the University Sickness absence Taking leave Working flexibly PDR and reviews UECS and Wivenhoe House employees Information and data
Information for managers
Managing recruitment Compliance Managing new employees Managing flexible working Leave Sickness absence Employment, policies and procedures Managing pay and reward Resolving problems Managing performance and development Change management
Health, safety and wellbeing
Emergencies, security and safety Safeguarding Fire safety Health and safety policies and procedures Health and safety responsibilities and support Working safely Assessing risks Occupational health services Supporting health and wellbeing
Professional development and training
Development at 糖心Vlog Essential training Professional development Educator development Research development People management development Leadership programmes Digital skills
Equality, diversity and inclusion
Our commitment to diversity and inclusion Inclusive 糖心Vlog EDI resources, training and support EDI calendar Report and Support service
Our University
Brand Departments and schools Faculty support Forums and networks Freedom of information Governance Graduation Sustainability and biodiversity University partnerships
Services and facilities
Buildings, grounds and maintenance Crowdfunding Childcare Design, print and copy services Events, meetings and conferences Faith Centre Finance, planning and data insight Food and drink IT services Marketing and communications support Media Centre Parking Post and property services Professional Services teams Sport and recreation Strategic project delivery Student work experience and volunteering Theatre and arts on campus Travel, transport and accommodation Web support
Research
Funding sources Making a funding application Research impact Promoting your research and research visibility Research governance Take part in research Managing an award Planning and assessment Knowledge exchange and commercialisation Research systems Repository and publishing Research management information Celebrating Excellence Awards
Education services
Academic standards and quality DBS checks for students Department student support roles Developing student success Exams and assessment Heads of Department Learning technologies Reading lists Staff awards and funding Student feedback Student wellbeing support and signposting Supporting students with disabilities and health conditions Supporting and welcoming new students Timetables
Online services
People and Culture
Homepage
Academic
Academic departments FASER
Info and help
IT services Key dates Staff blog
Staff Directory Home Working with information and data Data Protection and GDPR Data protection and third-party suppliers

Data protection and third-party suppliers

There are many situations where the University might engage a third party to carry out activities on their behalf, perhaps some specialist expertise or a software platform. 

Data processors and data controllers 

Where the third party will be collecting or storing the personal data of our staff, students, or customers on our behalf they are acting as 鈥榙ata processors.鈥 The University is the 鈥榙ata controller鈥 and determining how the data is used; the supplier or 鈥榙ata processor鈥 is carrying out our instructions. If the data processor is using its own processors, such as a hosting provider, these are called 鈥榮ubprocessors.鈥

In data protection law both 鈥榗ontrollers鈥 and 鈥榩rocessors鈥 have obligations under data protection law. If a processor suffers a data breach, the University could be liable for substantial monetary penalties.

Contract with the supplier

Whenever the University as 鈥榗ontroller鈥 uses a processor it needs to ensure that there is a formal written contract in place with the supplier. The contract needs to cover a range of standard provisions stating that the processor must:

  • process data only on instructions from the University
  • ensure that their staff accessing the data are under an obligation of confidentiality
  • have appropriate security measures in place
  • assist the University with any data protection impact assessments for the University in relation to the system
  • only appoint their own third parties (鈥渟ubprocessors鈥) on the University鈥檚 authorisation, who will process data at the same level of protection as they will   
  • demonstrate their compliance to the controller
  • take appropriate measures to help the controller respond to requests from individuals to exercise their rights
  • assist the controller in meeting its UK GDPR obligations in relation to the security of processing and the notification of data breaches
  • delete or return all personal data to the controller at the end of the contract, and also delete existing personal data unless the law requires its storage
  • submit to audits and inspections, providing the controller with whatever information it needs to ensure they are both meeting their Article 28 obligations

You can assess this in the contract checker document (.docx).

Arrow symbol
Contact us
Information Assurance Manager
Telephone: 01206 872285

  • 糖心Vlog
  • Wivenhoe Park
  • Colchester CO4 3SQ

 

CONNECT WITH US
© 2025 糖心Vlog. All rights reserved