During office hours
+44 (0)1234 400 400
Outside office hours
+44 (0)1582 74 39 89
University of Bedfordshire
UK, LU1 3JU
This statement explains how the University of Bedfordshire (the University) handles and uses the data you provide during your time as a time as a student and after you have left the University. The University’s Data Protection Officer can be contacted at DPO@beds.ac.uk
The University is the ‘data controller’ as we collect and use information about you to carry out the services the University provides to you. The University is committed to protecting your data and being transparent about how we use your data, in line with the current Data Protection Act (2018), the General Data Protection Regulations (GDPR) and any resulting legislation.
The University will collect information about you in the course of its business in providing services to you as a current or former student. This includes details when you apply for a course at the University, when you enrol at the University and as you progress through your course. This will also include data received from external sources such as UCAS and external referees.
These details will include, but are not limited to, the following:
During the course of its activities, the University will use your data to carry out its functions and to provide services to you as part of your student journey. Due to the vast amount of activities the University undertakes, it is not possible to state every instance where your data will be used, however the University is committed to ensure your data is only used in carrying out the University’s business.
The University relies on different legal bases, as defined in the GDPR, to process your data. These are covered in the table below:
|Point||Legal basis for processing your information|
By commencing or enrolling as a University of Bedfordshire student, the University will be required to collect, store, use, and otherwise process information about you for any purposes connected with teaching, support,research, administration, your health and safety and for other reasons deemed necessary for the performance of your contractual agreement with the University. We will also use your information for certain purposes after you cease to be a student. See GDPR Article 6(1)(b)
The University will obtain consent for you in order to assist with your pastoral and welfare needs (e.g. the counselling service and services to students with disabilities). See GDPR Article (6)(1)(a)
Processing of your personal data may also be necessary for the pursuit of our legitimate interests or by a third party’s legitimate interests – but only where the processing does not fall within our core public function, is not unwarranted and will not cause a prejudicial effect on the rights on the rights and freedoms, or legitimate interests, of the student. See GDPR Article (6)(1)(f)
Processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the University (See GDPR Article 6(1)(e)) and for statistical research purposes (See GDPR Article 89)
Processing of special categories data is necessary for the statistical and research purposes in accordance with article 89(1) based on the duties in the Equality Act 2010 (see GDPR Article 9(2)(j)).
The below provides examples of how we use your information. Please note the numbers in brackets refers to the legal basis for processing:
Where necessary, personal information will be shared internally within and across other departments at the University. Personal information is protected by the University and may be shared with external parties, as required in the course of your studies.
The list below outlines the major organisations and most common circumstances in which the University will disclose your personal information. Where this is outside of the EEA, the University will only transfer information if it meets the conditions under the GDPR.
The University of Bedfordshire will hold your information in line with the University’s Records Management Policy.
After you have graduated, the University is required to retain some of your information to provide statutory analytical data and to verify awards, provide transcripts of marks and to provide academic references for career support.
The University is required under data protection legislation to keep your information secure, and measures are in place to prevent unauthorised access and disclosure of your information. Only relevant members of staff who require access to your records will be authorised to do so. Systems and electronic files are subject to password restrictions and other security measures. Paper files will be stored in secure areas with controlled access.
Some processing of your information may be undertaken on the University’s behalf by third party organisations. Organisations processing personal data on the University’s behalf are also bound by the GDPR and the University has sought assurances from these organisations they ensure they are aware of their obligations under the GDPR and resulting legislation.
You have the right to access your personal information, and where you have given direct consent to the University of Bedfordshire the right to object to the processing of your personal information, the right to withdraw that consent and the right to have your information deleted. Any requests or objections should be made in writing to:
Data Protection Officer
University of Bedfordshire
Throughout the course of your studies, you have a responsibility to keep your personal details up to date. You can update your details via e-vision. During your time as a student, you may have access to other individuals' personal data and you are legally obliged to handle this in a confidential, professional and responsible manner in line with data protection legislation and any other codes of conduct or ethics.
If you are made aware of an individual’s personal information then you are expected to keep this confidential and to not tell anyone without the individual’s prior consent (unless there is an exceptional circumstance). You should also not seek to actively obtain another individual's personal information to which you are not entitled.
In the instance where data protection legislation or a duty of confidence has been breached, disciplinary action will be considered.