The University collects and uses information about our students, staff, alumni, research participants, contractors, prospective students and other individuals who come into contact with us. This information is defined as personal data and the University is committed to use this information fairly and lawfully in line with our responsibilities under the General Data Protection Regulation and Data Protection Act 2018.
The University is the Data Controller for the personal information we collect and use (this is known as data processing). We process personal data for a variety of reasons in order to fulfil or academic, research, employer, administrative and charitable functions.
We process personal data in compliance with the data protection principles established under the General Data Protection Regulation (GDPR), that is
Personal data should be:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and where necessary kept up to date
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed
- processed in a manner that ensures appropriate security of the personal data
Accountability is central to data protection and as a Data Controller the University is responsible for compliance with these principles and must be able to demonstrate this to both you and the regulator, the Information Commissioner's Office (ICO). We are registered with the ICO as a Data Controller and our registration number is: Z6833827
You can find out more about how we use personal information and how you can exercise your rights below.