Privacy notices and Record of Processing Activities

The University of Brighton needs to collect and process personal data in order to provide services to students, manage its operations effectively, and meet legal requirements.

Personal data is information that relates to an identifiable individual. It can also include ‘special categories of data’, which is information about your racial or ethnic origin, religious or other beliefs, physical or mental health, the processing of which is subject to strict requirements. Similarly, information about criminal convictions and offences is also subject to strict requirements.

ICO Registration Number: Z5395727

Data Controller: University of Brighton, Mithras House, Lewes Road, Brighton BN2 4GJ

Data Protection Officer: The Data Protection Officer is responsible for advising the university on compliance with data protection legislation and monitoring its performance against it.

If you have any concerns regarding the way in which the university is processing your personal data, please contact Rachel Page, Head of Data Compliance and Records Management: dataprotection@brighton.ac.uk or 01273 642010.

Find out more

Data protection policy (pdf)

Requesting personal information

Record of Processing Activities

Why do we process personal data?

The University processes large volumes of personal data to enable us to communicate with and support our students, staff, alumni and others, to provide education and promote the university. Our processing activities take place across the institution, with our support departments controlling data in key areas such as academic services, human resources, finance, information services and student operations. In addition to day-to-day business, we may process data for the prevention and detection of crime and monitoring the security of our community.

Through all stages of our data processing we remain compliant with the Data Protection Act 2018 (‘DPA’).

Whose personal data do we process?

  • Students (current, prospective and unsuccessful applicants)
  • Staff (current, prospective and unsuccessful applicants)
  • Former staff
  • Alumni
  • Donors and business contacts
  • Professional, statutory and regulatory bodies
  • Contractors
  • Third parties participating in research, teaching or placements
  • Complainants, enquirers and persons who may be the subject of an enquiry
  • Individuals captured by CCTV or photography
  • Suppliers, professional advisers and consultants

What categories of personal data do we process?

  • Biographical information and contact details
  • Criminal conviction information (where required)
  • Education details and student records
  • Employment record and data
  • Equality information
  • Financial details
  • Health and disability data
  • Lifestyle and social circumstances
  • Misconduct, disciplinary and grievances investigations and outcomes
  • Next of kin and emergency contact information
  • Qualifications and professional memberships information
  • Student record and academic data
  • Survey/feedback information
  • Vetting and barring checks
  • Visual images (publicity and promotions)

We may also process the following special categories of personal data:

  • Racial or ethnic origin
  • Political opinion
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data (where used for the purpose of identifying a person)
  • Health data
  • Sex life or sexual orientation

Recipients of personal data

We will sometimes need to share the personal data we hold with other parties. The types of people and organisations that we may be required to share personal data with is as follows:

  • Auditors
  • Employers (previous and current)
  • Financial organisations, debt collection and tracing agencies
  • Governmental bodies including UKV&I, ESFA, OfS, Inland Revenue and DSA
  • Healthcare, social and welfare organisations
  • Local Councils
  • Official bodies requiring information for legal purposes (eg police, solicitors etc)
  • Professional and regulatory bodies, including examining and accreditation bodies
  • Students’ Union
  • Suppliers and service providers, including consultants and professional advisers
  • UCAS
  • Work experience or other placement providers

Your data rights

As a data subject, you have a number of rights. You can: · access and obtain a copy of your data via a subject access request

  • require the university to change incorrect or incomplete data
  • require the university to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
  • object to the processing of your data, in certain circumstances, for example, where the university is relying on its legitimate interests as the legal ground for processing; or for direct marketing purposes
  • ask the university to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the university's legitimate grounds for processing data
  • withdraw your consent at any time, where we have requested and obtained your consent
  • where our lawful basis is consent or performance of a contract we will allow portability of your data.

If you would like to exercise any of these rights – see our Requesting information page, or contact the data compliance team at 01273 642010 or dataprotection@brighton.ac.uk.

Transfers of data outside the UK

It may be necessary for us to transfer personal data outside the UK where our data processors hold servers in the European Economic Area (EEA) or where the university’s suppliers, service providers and research partners are based outside the EEA.

Where we transfer personal data outside of the UK as part of these relationships, we ensure appropriate contracts or other safeguards are in place, and ensure compliance with the UK GDPR and the Data protection Act (2018)

How long will we keep the personal data we process for?

The University only holds personal data for as long as is necessary for the purpose(s) for which it is collected and we have a detailed schedule of retention timeframes in place.

How does the university protect data?

The university takes the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

The right to complain to the ICO

If you are unsatisfied with the way the university has processed your personal data, or have any questions or concerns about your data please contact dataprotection@brighton.ac.uk. If we are not able to resolve the issue to your satisfaction, you have the right to apply to the Information Commissioner’s Office (ICO).

Privacy notices and policies

Alumni and friends privacy

This policy sets out how the University of Brighton uses your personal data for its charitable purposes and is provided in addition to the university’s data protection policy, privacy policy and website terms of use policy.

Applicant privacy notice

When you accept an offer of a place at Brighton, we will collect and use more information about you in connection with your application and future study.

Business and external stakeholder privacy notice

As part of business engagement activity the university collects and processes personal data relating to collaborative research and enterprise activity, the recruitment of our students and graduates, hiring university conference spaces and accommodation, news and events, community engagement, and supporting or studying with us.

Enquirer privacy notice

When you first contact us to ask a question about the university or our courses, we will create a record in your name. We will add information to this record whenever you contact us, so that we can respond to your enquiry and offer you appropriate services.

Event privacy policy

This policy sets out how any personal data we collect from you will be processed by us when you register online to attend an event at the University of Brighton.

Library Services Privacy Notice (pdf)

This policy sets out how your personal data is collected and used by the library to provide you with access to resources.

Prospective student privacy

When you book to come to an open day, request a prospectus, meet us at a HE fair, or register for updates from us, we will create a record in your name. We will add information to this record whenever you contact us, so that we can respond to your enquiries and offer you appropriate services. You can also opt in to receiving extra information about Brighton.

Research privacy notice (pdf)

If you agree to participate in a research project being undertaken by one of our members of staff or students, we may need to collect personal data. This privacy notice provides information about use of your personal data for research. Depending on the project you will separately be provided with information about what data will be collected and how it will be used.

Student privacy notice

When you enrol as a student, we will collect and use more information about you in connection with your study, and we will keep long-term academic transcript data.

Staff privacy notice

When you apply to work with us, and when you accept an employment offer and become a member of staff, we will collect and use more information about you in connection with your employment.

Visiting Research Fellows privacy notice

As part of the arrangements for Visiting Research Fellows, the University of Brighton collects and processes personal data relating to your application. The University is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

Website privacy

Website privacy notice

Cookies

Terms of use