The University is the Data Controller for the personal information we collect and use (this is known as data processing). We process personal data for a variety of reasons in order to fulfil or academic, research, employer, administrative and charitable functions.

We process personal data in compliance with the data protection principles established under the General Data Protection Regulation (GDPR), that is

Personal data should be:

• processed lawfully, fairly and in a transparent manner
• collected for specified, explicit and legitimate purposes
• adequate, relevant and limited to what is necessary
• accurate and where necessary kept up to date
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed
• processed in a manner that ensures appropriate security of the personal data

Accountability is central to data protection and as a Data Controller the University is responsible for compliance with these principles and must be able to demonstrate this to both you and the regulator, the Information Commissioner's Office (ICO).  We are registered with the ICO as a Data Controller and our registration number is: Z6833827

You can find out more about how we use personal information and how you can exercise your rights below.