Data protection/GDPR

You may have already been told about the specific purposes for which we are processing your personal information, as well as the ‘legal’ or ‘lawful’ basis for that processing (the justification under current data protection legislation).

More about ‘legal’/’lawful’ basis:

We can only process (collect, use, store etc) your personal information if one of the following applies:

  • We need your personal information to provide a service as part of a contract (for example, to enable you/us to fulfil your/our obligations under a student contract or employment contract). Note that in English law ‘contracts’ are not limited to those in writing, so this justification may also cover less formal agreements between you and the university.
  • We need your personal information to perform our official functions as a teaching and research institution, and those functions are in the public interest. Our official functions may derive from legislation or our  Charter. This justification also covers situations where we need to share information with other organisations in order for them to carry out their official functions (for example, taxation, reporting crimes, preventive and occupational medicine).
  • We need your personal information to comply with a legal obligation to which we are subject (for example, providing data about our staff and students to the Higher Education Statistics Agency (HESA) is a legal requirement for universities under the Further and Higher Education Act 1992).
  • We need your personal information for a legitimate interest of the university or a third party, provided that interest is not overridden by your interests and rights (for example, we may need to process your information to protect our network and information security). Note this justification cannot be used when we are carrying out our official functions.
  • We need your personal information to protect somebody’s life (a vital interest).
  • You provide consent for us to process your personal information, based on clear and specific information, with a genuine choice (without any pressure), and the ability to change your mind at any time.

How do we use your personal information?

We will generally use your personal information to provide you with the services, products or information you have requested from us. We may need to share your information with our service providers for these purposes, but we will ensure that appropriate contracts with these parties are in place and they only process your information in accordance with our instructions and data protection legislation. If we need to transfer any information to a country not recognised as providing equivalent protection, we will use additional safeguards approved by UK or EU regulators.

What are your rights?

By law, you have certain rights over your personal information:

  • To receive a copy of your information
  • To ask us to correct any errors
  • To delete it once we no longer need it
  • To ask us to stop using your information in a certain way
  • To ask for certain information in a portable, electronic format
  • To object to certain uses of your information (for example, marketing and automatic profiling or decision making)

To make a request for any of the above, please see our  Data Subject Rights page.