Pause carousel
Play carousel
Abertay University (the “University”/”we”) is committed to protecting the privacy and security of your personal data in accordance with the Data Protection Act 2018 (or any successor legislation) and (EU) 2016/679 the General Data Protection Regulation (“GDPR”) (and any other directly applicable EU regulation relating to privacy) (together “Data Protection Law”). This privacy policy (the “Policy”) sets out the personal information we hold about you, why we hold it, and how we use it. This Policy covers the key activities of the University in providing education and support to students (including prospective students), and applies to those students. If you choose to access other optional services, further information will then be provided to you that is specific to those services.
The University is the data controller of your personal data (as defined under the GDPR). This means that the University is responsible for deciding how your personal data is held and used. The University is required under Data Protection Law to notify you of the information contained in this Policy.
Further information is available from the University’s main Data Protection Policy, available at: https://www.abertay.ac.uk/legal/
Personal data or personal information means any information about an individual from which that person can be can be identified. The personal data the University processes about you, and the sources of it, are described below:
The University may hold the following sensitive personal data (termed ‘special categories’ of personal data under the GDPR):
You will not be subject to decisions that will have a significant impact on you based solely on automated decision making, unless the University has a lawful basis for doing so and we have notified you. The University does not currently use automated decision making.
Almost all of the personal data the University holds is processed to support the University’s contract with you, which is formed when you accept our offer of a place to study. This includes the University handling your application in order to enter into a contract, and then delivering that contract.
By entering into a contract with the University, you agree to the University processing your personal data for educational and administrative purposes. This data is essential to enable the University to deliver and assess your programme of study and to provide a supportive student experience. It also allows the University to meet its obligations to monitor diversity and equality, and to report on the student population overall.
Under the legal basis of contract, the University processes your personal data for the following purposes:
Under the legal basis of compliance with our legal obligations, we will process your personal data for the following purposes:
Under the legal basis of consent, where the University will ask for your specific consent for processing as and when required, we will process your personal data for the following purposes:
Where the processing of personal data is based on consent, you have the right to withdraw consent at any time without prejudice to your status within the University.
The University is obliged to disclose personal data to some external bodies. The main bodies to which the University discloses student personal data are given below.
Your HESA information is used by public authorities for their statutory and/or public functions including funding, statistical, regulation and policy-making purposes. These purposes include statistical research and publication by HESA (which is anonymous). Some sensitive personal data is used by HESA for monitoring equality and diversity.
To find out more about the types of information disclosed to HESA, what they use it for, and the justification for this work, please see the information on the HESA website published here:
https://www.hesa.ac.uk/about/regulation/data-protection/notices#student
The University has put in place appropriate security measures to prevent your personal data
from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, the University limits access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Your personal data is stored securely and confidentially, mainly electronically on the University’s systems, and occasionally on paper. Personal data may also be stored or used externally in certain circumstances as described in this Policy.
The University will only transfer your personal data to countries outside the EEA when
satisfied that both the party which handles the data and the country it is processing it in
provide adequate safeguards for personal privacy. To ensure that your personal data does
receive an adequate level of protection we have put in place the safeguards detailed in the
University’s main Data Protection Policy.
Examples of circumstances when your personal data may be transferred outside the EEA
include:
The University strives to ensure that all personal data remain current and accurate. If you
become aware of any incorrect personal data held by the University, you have the right to
request that this is rectified.
There are particularly some areas where the University relies upon you to inform it of any
changes to your personal data; for example, your contact and next-of-kin details. Any
changes to address details can be updated via the online student portal.
The University will retain your personal data only as long as is necessary for the purposes
for which we collected it.
To determine the appropriate retention period for personal data, the University considers the
amount, nature and sensitivity of the personal data, the potential risk of harm from
unauthorised use or disclosure of your personal data, the purposes for which we process
your personal data and whether we can achieve those purposes through other means and
the applicable legal requirements.
Much of your personal data will be deleted six years after you have left the University,
leaving a core record to satisfy record-keeping requirements in the public interest, including,
at your request, providing replacement certificates or transcripts, or verification to potential
employers or education providers of your qualifications.
In some circumstances the University may anonymise your personal data so that it can no
longer be associated with you, in which case we may use such data without further notice to
you.
Under certain circumstances, by law you have the right to:
If you would like to exercise any of your rights above or if you have any questions, please
contact the University’s Data Protection Officer (“DPO”):
Data Protection Officer
Academic Registry
Abertay University
Kydd Building
Bell Street
Dundee DD1 1HG
Tel: 01382 308000 email: dataprotectionofficer@abertay.ac.uk
You will not have to pay a fee to exercise any of your rights. However, the University may
charge a reasonable fee if your request for access is clearly unfounded or excessive.
Alternatively, we may refuse to comply with the request in such circumstances.
You are also entitled to contact the Information Commissioner’s Office (the “ICO”)
(www.ico.org.uk) about any concerns about the way the University has handled your
personal data. The University would, however, appreciate the chance to deal with your
concerns before you approach the ICO so please contact us in the first instance.
If we have asked for your consent in order to process your personal data, you have the right
to withdraw this consent in whole or part at any time. To withdraw your consent please
contact the University’s DPO using the details above. The DPO will explain the
consequences of doing so in any particular case if you contact us to withdraw consent.
If you would like to exercise any of your rights above or if you have any questions, please
contact the University’s Data Protection Officer (“DPO”):
Data Protection Officer
Academic Registry
Abertay University
Kydd Building
Bell Street
Dundee DD1 1HG
Tel: 01382 308000 email: dataprotectionofficer@abertay.ac.uk
You will not have to pay a fee to exercise any of your rights. However, the University may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. You are also entitled to contact the Information Commissioner’s Office (the “ICO”) (www.ico.org.uk) about any concerns about the way the University has handled your personal data. The University would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
The University reserves the right to update this Policy at any time, and we will provide you
with a new policy when we make substantial updates. We may also notify you in other ways
from time to time about the processing of your personal data.
Updated 8/08/2019