You have certain rights as a data subject under the GDPR.

This means that you have:

• The right to gain access to your personal data – You can ask us what information we hold on you.
• The right to rectification – You can ask us to put right any information that you believe is incorrect or where appropriate, given the purposes for which your data is processed, the right to have incomplete data completed.
• The right to erasure – You can ask for information to be removed, although this is a limited right which applies, among other circumstances, when the data is no longer required or the processing has no legal justification. There are also exceptions to this right, such as when the processing is required by law or in the public interest.
• The right to restrict processing – If you feel you are being disadvantaged by us holding information that is inaccurate, you can ask us to stop processing it until we fix it, or come to an agreement.
• The right to data portability – You can ask us to extract your information so that you can use it elsewhere.
• The right to object – You can object to us processing your data for marketing purposes. You can also object to us processing your data when such processing is based on the public interest or other legitimate interests, unless we have compelling legitimate grounds to continue with the processing.
• Where the legal basis for processing your personal data is based on your consent, the right to withdraw your consent at any time.
• Rights in relation to automated decision-making and profiling – However, the University will never make any decisions about you without human intervention.

For any information on your rights, or if you have questions or concerns, please contact the DPO. You also have the right to complain to the Information Commissioner’s Office (ICO) if you feel that the University is not processing data correctly. You can make a complaint on the ICO's website https://ico.org.uk/ 

What personal data do we hold?

Examples of the data that we collect from you through our application systems are as follows:

UCB Direct Application
Student ID number, name, address, email, phone numbers, date of birth, ethnic origin, country of permanent residence, nationality, health and wellbeing information, convictions, course applied for and relevant course details such as month and year of entry, letters relating to your application, decisions made, fees information, agent details, whether you have previously attended the University.

UCAS Application
ID numbers, unique learner number, title, name, date of birth, gender, course applied for and relevant course details such as month and year of entry, decisions, replies, conditions, address, email, phone numbers, previous school information, country of birth, nationality, care leaver information, disability, special needs, convictions.

UCB College Application
Student ID number, name, date of birth, address, parent name & contact details, additional learning needs, criminal convictions, health and wellbeing information, course applied for and relevant course details, offer made.

UCB Clearing Application
Student ID number, name, title, forenames, surname, email address, mobile number, postcode, course applied for and relevant course details such as month and year of entry, whether accommodation is required, Student Finance application.

Application Information and Entry Qualifications
Information on the qualifications you had when you applied to the University.  This may include the awarding body, the date achieved, the subject, the level, the grade.  Previous degree information for trainee teachers. Personal statements made through UCAS, or on your application form, offers made, interview invitations, your decision whether to accept the place and copies of certificates/transcripts.

International Student information
In order to comply with UK Visa and Immigration Department (UKVI) regulations, we hold the following for international students: Country of Birth, Place of Birth, Passport Number, Passport Issue Date, Passport expiry date, place of issue, ID card number, Visa information, Work permit Type, Visa Number, Visa Expiry Date.
Our International Office is required to share this information with the UK Border Agency and to inform them of any withdrawals or lapses in attendance.

UCB Proficiency Test
For students who take the UCB proficiency test, the University will be required to collect biometric data.  This will include photographic identification (for example an ID card or a passport) and a video recording of the speaking test.  The video recording will be stored in digital format for up to five years.  A hard copy of your test paper, along with a digital record of your name and test results will also be stored for up to five years.  This information is retained for UKVI inspection purposes.

CCTV
CCTV is used within the University for security reasons and your image may be recorded.

Third-Party Processing

The University may contract selected third-party service providers to process your personal data. These service providers are authorised to use your personal data only as necessary to provide the requested services to us. Unless described in this Privacy Policy, the University does not share, sell, rent, or trade any data with third parties for their promotional purposes. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit. The following is a list of purposes for which your personal data may be processed by third parties and the service providers by whom it may be processed on behalf of the University.

• Student CRM (Data Harvesting) – UCB use third-party data management providers for the purposes of storing personal data about you and your marketing preferences. Personal data may also be processed to support and improve the services that are offered.
• Email - UCB use third-party email providers for the purposes of sending emails relevant to your interests and application status. Personal data may also be processed for the purposes of personalising emails with your application details and other relevant information. Personal data may also be processed to track your behaviour relating to emails received, including whether you opened the email, and/or clicked any links. Service providers that may process personal data for the purposes of sending emails include: Student CRM, Dotmailer
• Events – UCB use third-party event management software for the purposes of managing bookings for events such as Open Days, Applicant Days and Campus Tours. Personal data will be processed and stored by these providers for making the booking, tracking attendance at events and sending event-based updates. Service providers that may process and store personal data for the purposes of event management include: Student CRM, Eventbrite
• Digital Asset Management - UCB use third-party digital asset management software for the purposes of storing images and videos. With your permission, these images may be used by us for the purposes of marketing and advertising. The service provider that may process personal data for the purposes of image processing is Canto.
• Market Research - UCB use a third-party survey software provider for the purposes of conducting market research. Personal data may be processed by this provider for the purposes of analysing feedback. The survey software provider that may process personal data for the purposes of market research is Survey Planet.
• Online Advertising - UCB use several advertising platforms to inform you about courses, events, news and other information that may be of interest to you. These providers may process personal data to better target our advertisements to you or other potential students. Personal data may also be processed to inform the University about the performance of advertising campaigns. Service providers that may process personal data for the purposes of advertising include: Bing, Google, IDP Connect, LinkedIn, Meta, Snap Inc, TikTok, UCAS, The Student Room, UniCompare, Twitter.
• Online Messaging Platforms - UCB use third-party service providers to enable prospective students and applicants to chat online to existing students and staff of the University. Personal data may be processed by these providers for the purposes of enabling these conversations to take place on these platforms, enabling the University to monitor and track these conversations, and also keep you updated on the University. The service provider that may process personal data for the purposes of online messaging services is Unibuddy; Click4Assistance
• Postal - UCB use third-party service providers for the purposes of sending postal communications. Personal data may be processed by these providers to send postal communications such as prospectuses, letters, postcards and other materials to you on behalf of the University. Service providers that may process personal data for the purposes of sending postal communications include: Data Bubble, Mailchimp, InLine Marketing.
• SMS/Text Messages - UCB use third-party service providers for the purposes of sending SMS/text messages. Personal data may be processed by these providers for the purposes of sending SMS/text message invitations to events or updates on applications on behalf of the University. Service providers that may process personal data for the purposes of SMS/text messages include: Click4Assistance, JanetText, Student CRM, PageOne
• Social Media/News Monitoring - MRA use third-party service providers for the purposes of sending, monitoring, and responding to social media messages. Personal data may be processed by these providers to collect, store and transmit messages to you that are posted either publicly on social media networks, or privately to the University by direct message. These providers may also monitor the wider internet, such as news websites, blogs and forums for mentions of University Customers for the purposes of news sourcing, alumni relations and reputation management. Service providers that may process personal data for the purposes of social media/news monitoring include: Orlo, Story Comms
• Cookies – Cookies are small pieces of information that a website can store on your computer in order for it to remember something about you at a later time. The information is in the form of a text file, which will only be understood by the web site that initially set the cookie. To find out more, see our Cookie Policy.