°×С½ãÂÛ̳

The General Data Protection Regulation (GDPR) came into force on the 25 May 2018. °×С½ãÂÛ̳ has designed a comprehensive Programme of work designed to deliver the changes necessary for GDPR compliance. We will continue to update this statement as the work develops and progresses. 

As part of our legal obligations we have published Staff, Student and General Privacy notices. Where required local privacy notices will be issued to inform individuals about what personal data is gathered, how it is used, stored and retained.

°×С½ãÂÛ̳ also has a data protection policy that sets out our commitment to the safeguarding of personal data processed by its staff and students and our stances on compliance with data protection legislation. This policy describes how °×С½ãÂÛ̳ will discharge its duties in order to ensure compliance with the data protection principles and rights of data subjects in particular and will be updated for GDPR in due course.

You can find information about the changes from the Information Commissioner's Office (ICO). The ICO is the UK regulator who oversees compliance with data protection legislation. .

°×С½ãÂÛ̳ Privacy Notices

• General privacy notice
• Privacy notice for COVID-19 NHS Test & Trace data collection
• Staff privacy notice
• Prospective students privacy notice
• Student privacy notice
• Student Support and Wellbeing Privacy Notice
• Alumni privacy notice
• °×С½ãÂÛ̳ General Privacy Notice for Participants and Researchers in Health and Care Research Studies
• °×С½ãÂÛ̳ general research participant privacy notice
• °×С½ãÂÛ̳ Subsidiaries - °×С½ãÂÛ̳ Consultants Privacy Policy Sept 2018
• °×С½ãÂÛ̳ Data Protection Policy 
• Children's privacy notice (under 13 years)
• °×С½ãÂÛ̳ Library Services Privacy Notice: External Users
• °×С½ãÂÛ̳ Visitors general registration privacy notice

Further guidance on writing a privacy notice.

There may be instances where local privacy notices are used to provide additional information about a °×С½ãÂÛ̳ service. Please check these as you engage with them.

°×С½ãÂÛ̳ Statement on the use of 'Public Task' as a lawful basis for processing

Where °×С½ãÂÛ̳ processes personal data in connection with the carrying out of tasks in the public interest in its capacity as a public authority, °×С½ãÂÛ̳ may rely on the 'public task' ground as its lawful basis for processing that personal data.

Where the processing of personal data by °×С½ãÂÛ̳ is separate from °×С½ãÂÛ̳'s tasks as a public authority, a separate basis for processing that personal data will be established.

Please note that where °×С½ãÂÛ̳ processes 'special categories of personal data' or criminal convictions data in its capacity as a public authority then a legal basis for processing that personal data will need to be found in line with the GDPR in addition to the 'public task' ground.

For more details on °×С½ãÂÛ̳s use of ‘Public Task’ please see the document:

• °×С½ãÂÛ̳ statement of tasks in the public interest August 2018