This is a summary of the SUSI Data Protection Statement.
- SUSI is a Unit of CDETB which is a joint data controller with the Department of Further and Higher Education, Research, Innovation and Science for student grant applications under the Student Grant Schemes.
- SUSI retains and processes data securely and confidentially and takes appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of, data and against their accidental loss or destruction.
- SUSI retains personal data, including phone call records, for no longer than is necessary for the purpose of processing grant applications or as otherwise required by law.
- SUSI shares data provided in grant applications with other Government bodies and agencies for the purpose of processing grant applications.
- SUSI communicates directly with applicants about their applications.
- SUSI also discusses with other parties to an application the status of the application and any documentary evidence or actions required to progress it. Applicants may inform SUSI that they do not wish this to happen.
- SUSI will not discuss personal data of a party to an application with other parties to the application, or with a third party outside the application without their authority.
- Applicants and other parties to grant applications may also cross-authorise each other to discuss their personal data with SUSI on their behalf.
- Where one or more applicants mutually identify relationships to other applicants, their applications may be cross-referenced by SUSI to ensure consistency and efficiency in processing.
- Pursuant to data protection legislation, persons may request access to their data held by SUSI and exercise their data protection rights as set out in the SUSI Data Protection Statement.