Sexual Violence and harassment complaints privacy notice

Introduction

The Sexual Violence and Harassment formal complaint facility operates within the broader framework of Human Rights - Equality, Diversity and Inclusion Strategy.

It aims to uphold the fundamental rights of individuals to safety and dignity, ensuring that all complaints of sexual violence and harassment are treated with the utmost seriousness, confidentiality, and respect.

This facility underscores the institution’s duty to provide a safe and supportive environment free from harassment, where individuals can report incidents without fear of prejudice or retaliation, in line with legal obligations and ethical responsibilities to protect all individuals from harm.

We are committed to ensuring the privacy and security of all personal information provided in the course of submitting a formal complaint to the university.

This statement outlines how we collect, use, share and protect your personal information in relation to complaints of sexual violence and harassment.

Please be aware that we will also use your data to create reports and generate statistics on SVH. You will not be identifiable from these reports or statistics.

We hold personal data related to complaints where complaints are made. We use this data to:

Investigate the complaint thoroughly and fairly.

Communicate with you about the status and outcome of the investigation.

Provide necessary support services.

Information gathered may also be used to identify trends which enables us to develop targeted interventions in the future.

When you file a formal complaint, we collect the following personal information:

Your name and contact details (e.g., email address, phone number)

Details of the incident(s), including the date, time, and location.

Information about the individuals involved.

Any supporting documentation or evidence.

We also collect monitoring information (e.g., ethnic background, sexual orientation, race, etc.) which is optional.

This data is for statistical use only and allows us to identify trends which enables us to develop targeted interventions in the future.

Data Protection law requires that the University must have a valid lawful basis in order to process personal data. The University relies on a number of such bases as follows:

Consent - Where you make a report, you are providing your consent for the University to process your personal data.

Public Task - The University may need to process personal data received for the purposes of carrying out a task in the public interest in line with the National Policy Framework Safe, Respectful, Supportive and Positive: Ending Sexual Violence and Harassment in Irish Higher Education Institutions.

Legal Obligation – The University may be required to process your personal data in accordance with legal requirements e.g. where An Garda Síochána may require the data for the purposes of preventing, detecting, investigating or prosecuting criminal offences.

The University will employ reasonable and appropriate administrative, technical, personnel, procedural and physical measures to safeguard your information against loss, theft and unauthorised users’ access, uses or modifications.

The following principles apply:

Confidentiality - only people who are authorised to use the data will be authorised to access it e.g. Sexual Violence & Harassment Prevention and Response Manager, members of the Screening Panel. Staff are required to maintain the confidentiality of any of your data to which they have access.

Integrity – the University will make all reasonable efforts to ensure that your personal data is maintained accurately and remains suitable for the purpose for which it is processed.

Availability - that authorised users should be able to access the data if they need it for authorised purposes.

The University may disclose certain personal data to third parties.

These external organisations, and the purpose for sharing the information, are set out below (Please note that this list is not exhaustive).

The University will only share your personal data with external third parties where we are required to do so under a statutory or legal obligation, or we are required to do so under a contractual obligation or we have your consent, or we are otherwise permitted to do so in accordance with data protection legislation, but only to the extent necessary.

The disclosure of your data to third parties includes:

Designated members of university staff with responsibility for compiling and reviewing anonymised statistical reports relating to incidents of sexual violence & harassment for the University.

University officials involved in the investigation and resolution of the complaint.

Anonymised statistical data will be provided to relevant areas and committees of the university and will be published from time to time.

Anonymised data will be provided to Government bodies or agencies such as the Department of Education.

Higher Education Authority (HEA) Statutory annual anonymised statistical returns and optional student survey returns. See information regarding the HEA collection of student data from Third Level Institutions.

External Investigators or experts, if required

Legal Advisors, Courts, law enforcements, if the situation necessitates it.

Garda Síochána - prevention/detection of crime, apprehension and prosecution of offenders, protection of an individual’s vital interests/welfare or safeguarding national security; See Section 9 of the Sexual Violence & Harassment Policy for the UL’s reporting obligations.

Parents, guardians and other relatives The University will not disclose your personal data to parents or relatives without your consent, other than in exceptional circumstances.

Support Services (e.g. counselling, medical services) with your consent

The time period for which the University generally retains personal data varies according to use of the information. In some cases, there are legal requirements to keep personal data for a minimum period of time. Unless specific legal requirements dictate otherwise, the University will retain personal data for no longer than necessary for the purpose for which the personal data were collected or for which they are further processed.

The University retains all personal data in accordance with Records Classification & Retention Schedule

Your rights relating to your personal data include:

To be informed (via this privacy notice and other communications).

Your right to request access to Personal Data held by the University, and to have any incorrect Personal Data rectified;

Your right (where appropriate) to the restriction of processing concerning you or to object to processing;

Your right to have Personal Data erased (where appropriate); and

Your right to data portability regarding certain automated Personal Data

With regard to rights within the legislation relating to “automated decision- making”, the University does not use such processes and they do not arise.

Requests for any of the above should be addressed by email to dataprotection@ul.ie or in writing setting out your specific request to the University’s Data Protection Officer, Office of the Corporate Secretary, University of Limerick, Limerick. Your request will be processed within 30 days of receipt.

Updating your details: The GDPR requires that personal data is accurate. Please let the university know if your contact details change.

Further information on Data Protection at the University of Limerick may be viewed at www.ul.ie/dataprotection.

You can contact the University’s Data Protection Officer at dataprotection@ul.ie or by writing to Data Protection Officer, Room A1-073, University of Limerick, Limerick.

Review

This Privacy Notice will be reviewed and updated from time to time to take into account changes in the law and the experience gained from the Notice in practice.