Click here to edit using the old editor Click here to edit page settings

Data Protection

The University of Cumbria General Privacy Notice

We are committed to protecting your personal information as required by the data protection laws, including the Data Protection Act 2018 and  UK General Data Protection Regulation (UK GDPR).

This Privacy Notice describes how, when and why the University of Cumbria process information about you also referred to as personal data.

"Personal data" is any information from which you can be identified. The personal data we collect, and how we process it, varies depending on your interactions with us. “Process” means anything we do with your personal data.   

We explain how we keep your personal data secure, who we share it with and what rights you have under data protection law.

We also process your data as  set out in our Data Protection Policy.


Who We Are

When we say “we”, “our” or “us” in this or any of our other Privacy Notices, we mean the University of Cumbria. We are a committed to ensure that all personal data is processed in accordance with the General Data Protection Regulations 2016 and Data Protection Act 2018.  We have separate Privacy Notices with more information depending on your relationship with us.

University of Cumbria Privacy Notices

Our privacy notices have more information about what we will do with your personal data, the right you have and how to exercise these rights.

Legal Basis for Processing

Under data protection law, we must have a legal basis to process your personal data and this will be one of the following:

  • We have your permission or consent to use it
  • We have a contract with you
  • We have a legal obligation
  • We have a vital interest
  • We need it to perform a Public Task
  • We have a legitimate interest.

In some cases, we process sensitive personal data also known a special category personal data and need an additional lawful basis for doing so. This includes data about your ethnicity, sexual orientation, political opinions, religious or philosophical beliefs, or health. This also includes personal data relating to criminal offences. We normally rely on the following lawful bases:

  • We have your consent,
  • We need it for substantial public interests e.g. to support you if you have a specific need or to keep you safe,
  • For the establishment, exercise or defence of legal claims,
  • For scientific or historical research or statistical purposes.

How We Keep Your Personal Data Secure

We have Information Security and Data Protection policies in place. All staff complete training in these areas and are responsible for handling your personal data securely.

When we share your personal data with third parties, we make sure we have data sharing agreements or contracts in place to make sure that these parties take care of your personal data. If we must transfer your personal data outside the European Economic Area (EEA) we make sure that we have the necessary safeguards as required under the data protection law.

We normally only keep your personal information for as long as we need it and in line with our Records Retention Schedule.

Your Rights

Under data protection law you have the following rights which you can exercise in some circumstances.

Right to Be Informed

Right of Access

Right to Erasure

Right to Restrict Processing

Right to Data Portability

Right to Object

Rights Related to Automated Decision-Making Including Profiling

How to Exercise Your Rights or Complain

If you have any questions about the way we handle your personal information, or would like to exercise any of your rights, or make a complaint, please contact our Data Protection Officer in the first instance.

The Data Protection Officer can be contacted via email at or via the following postal address:

Data Protection Officer,
Vice Chancellor’s Office,
University of Cumbria,
Bowerham Road,
Lancaster LA1 3JD.

You also have a right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint using the  ICO’s website.

This Privacy Notice was last updated on 25 September 2020.

Explore the topic