Privacy Notices

A Privacy Notice informs data subjects (people about whom personal data is held) when, why and how their personal data is used by the University.


The GDPR requires that the University must inform data subjects when, why and how their personal data is used by the University.  Privacy notices should include the following information:

  1. name and contact details of the University, its representative (as applicable) and Data Protection Officer
  2. purpose of the processing of personal data
  3. lawful basis for processing personal data and the legitimate interests for processing (if applicable)
  4. the categories of personal data obtained (if the personal details not obtained from the individual)
  5. who the data subject's personal data is shared with, the recipients or categories of recipients of the personal data
  6. details of international personal data transfers to any third countries or international organisations (if applicable)
  7. how long the individual's personal data is held (retention periods)
  8. rights of the individual as a data subject
  9. right to withdraw consent (if applicable)
  10. right to lodge a complaint with the ICO
  11. the source of the personal data (if it is not obtained from the individual)
  12. the details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if it is collected from the individual)
  13. the details of the existence of automated decision-making, including profiling (if applicable)

Find out more about the right to be informed