Data Protection

The following information is extracted from UCB’s Data Protection Policy Statement. If you have any query about how the University handles information that it holds about you, please contact the Pro-Vice-Chancellor (Information Services) in the Finance Office on the First Floor of the Summer Row Campus building.

1. It is UCB’s policy to take all necessary steps to ensure that personal data held by the University about its employees, students, customers, suppliers and all other individuals is processed fairly and lawfully.

2. It is the policy of UCB to ensure that all relevant statutory requirements are complied with and that internal procedures are monitored periodically to ensure compliance.

3. UCB will implement and comply with the eight Data Protection Principles contained in the Data Protection Act 1998 (“the Act”) which promote good conduct in relation to processing personal information. These Principles are:

i.  Personal data shall be processed fairly and lawfully.

ii. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

iii. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

iv. Personal data shall be accurate and, where necessary, kept up to date.

v. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

vi. Personal data shall be processed in accordance with the rights of data subjects under the Act.

vii. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction or, damage to, personal data.

viii. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

4. The person having overall responsibility for data protection will be the University Secretary.

The Assistant Principal (Information Services) will have delegated responsibility for student records.

Data Usage

The University is required to collect data from you, some of which may be personal. It will store this data carefully and will not disclose it to anyone without good reason.


There follows a list of purposes for which personal information relating to individual students may be processed by the University:

  • Placement providers
  • Promoting the University
  • References (e.g. to prospective employers)
  • Medical conditions which may affect your attendance on a course of study
  • Providing for specific learning needs
  • Assisting in finance and welfare activities
  • Reporting for Government statistical purposes
  • Discipline and grievance actions
  • Invoicing for fees etc.
  • Claiming funding from statutory bodies
  • Arrangements for travel/visits by students
  • Academic matters, e.g. registration, assessment, attendance, certification, etc.
  • Equal opportunities monitoring
  • Membership of library/loans
  • Counselling, guidance and careers
  • Health and safety compliance and liabilities
  • Site security (including ID cards and photographs)
  • Police requests/checks

This data may be passed (as appropriate) to:-

  • Awarding bodies
  • Student Loans Company
  • Statutory Government bodies
  • Local Authorities
  • College Medical Advisor
  • Internal and external auditors
  • Employers/sponsors
  • Placement providers
  • Franchise organisations
  • Parents/Guardians/Next of Kin
  • University and Colleges Admissions Service (UCAS)

The University's Data Protection Compliance Officer is the Pro-Vice-Chancellor (Information Services).

Declaration by the Higher Education Statistics Agency

The Higher Education Statistics Agency (HESA) collects student information on behalf of the Higher Education Funding Council. The data is processed in accordance with the Data Protection Act and further information about how the data is collected and used can be found here.