The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

We process personal information to enable us to provide education and support servicesto our students and staff, including study needs assessments and personal support, counselling, career, legal and other advice; advertising and promoting the university and the services we offer; publication of the university magazine; alumni relations; undertaking research; fundraising; managing our accounts and records; and providing commercial activities and consultancy to our clients.  We also process personal information for the use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime.

We process information relevant to the above reasons/purposes. This may include:

• personal details
• family details
• lifestyle and social circumstances
• education details and student records
• education and employment details
• financial details
• disciplinary and attendance records
• vetting checks;
• goods or services provided
• visual images, personal appearance and behaviour
• information held in order to publish university publications

We also process sensitive classes of information that may include:

• racial or ethnic origin
• trade union membership
• religious or other similar beliefs
• physical or mental health details
• sexual life
• offences and alleged offences
• criminal proceedings, outcomes and sentences
• political opinions

We process personal information about:

• governors, members, trustees, honorands and associates (current and past)
• students and applicants (current and past)
• employees and applicants, contracted personnel and volunteers (current and past)
• suppliers, professional advisers and consultants
• business contacts
• landlords, tenants
• complainants, enquirers and correspondents
• donors, lenders, friends and associates of the university
• authors, publishers and other creators
• persons who may be the subject of enquiry
• third parties participating in course work
• health, welfare and social organisations
• individuals captured by CCTV images
• relatives, guardians and associates of the data subject
• visitors and attendees at events
• clients and customers
• offenders and suspected offenders
• users of University facilities and services

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

• family, associates and representatives of the person whose personal data we are processing
• formal sponsors/funders (employers, companies and and official bodies) of students
• current, past or prospective employers
• healthcare, social and welfare organisations
• educators and examining bodies, accrediting and professional bodies
• suppliers and service providers
• student union
• financial organisations and advisers
• debt collection, tracing agencies and private investigators
• auditors
• police forces, security organisations
• courts and tribunals
• prison and probation services
• legal representatives
• local and central government, including council tax and electoral registration offices 
• consultants, business associates and professional advisers
• trade union, professional bodies and staff associations
• survey and research organisations
• press and the media
• voluntary and charitable organisations
• landlords
• brokers and insurance companies
• employees and agents of the data controller
• other companies in the same group as the data controller
• credit reference agencies
• complainants and enquirers
• ombudsmen and regulatory authorities
• research and funding councils
• higher education statistics agency
• clubs, societies and sports organisations for staff and students
• regulatory/inspectory bodies, including QAA (Quality Assurance Agency for higher education)

It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the data protection act.