University of Cumbria General Privacy Notice

University of Cumbria Privacy Notice

We are committed to protecting your personal information as required by the data protection laws, including the Data Protection Act 2018 and General Data Protection Regulation.


This Privacy Notice describes how, when and why the University of Cumbria process information about you also referred to as personal data 

"Personal data" is any information from which you can be identified. The personal data we collect, and how we process it, varies depending on your interactions with us. “Process” means anything we do with your personal data.  

We also explain how we keep your personal data secure, who we share it with and what rights you have under data protection law.  

Who we are:

When we say “we”, “our” or “us” in this or any of our other Privacy Notices, we mean the University of Cumbria. We are a committed to ensure that all personal data is processed in accordance with the General Data Protection Regulations 2016 and Data Protection Act 2018.  We have separate Privacy Notices with more information depending on your relationship with us. 

University of Cumbria Privacy Notices 

Our privacy notices have more information about what we will do with your personal datathe right you have and how to exercise these rights.


Legal basis for processing

Under data protection law, we must have a legal basis to process your personal data and this will be one of the following:

In some cases, we process sensitive personal data also known a special category personal data and need an additional lawful basis for doing so. This includes data about your ethnicity, sexual orientation, political opinions, religious or philosophical beliefs, or health. This also includes personal data relating to criminal offences. We normally rely on the following lawful bases:

How we keep your personal data secure

We have Information Security and Data Protection policies in place. All staff complete training in these areas and are responsible for handling your personal data securely.  

When we share your personal data with third parties, we make sure we have data sharing agreements or contracts in place to make sure that these parties take care of your personal data. If we must transfer your personal data outside the European Economic Area (EEA) we make sure that we have the necessary safeguards as required under the data law.   

We normally only keep your personal information for as long as we need it and in line with our Records Retention Schedule. 

Your Rights

Under data protection law you have the following rights which you can exercise in some circumstances.

Right to be informed

You have the right know how and why we use your personal data, and how to exercise your rights. This is contained in our privacy notices. 

Right of access

You have a right to see all the information we hold about you.  To make a request for a copy of this information please complete thSubject Access Request Form

Right to erasure

In some cases, you can ask us to delete your personal data. Where this is appropriate, we will take reasonable steps to do so.

Right to restrict processing

If you think the personal data we hold about you is not accurate, or we're using data about you unlawfully, you can request that any current processing is suspended until a resolution is agreed.

Right to data portability

Where data is held electronically in a structured form, such as in a database, you have a right to receive that data in a common electronic format that allows you to supply that data to a third party - this is called "data portability".

Right to object  

You have a right to opt out of direct marketing.  

You can also object to how we use your personal data if we rely based on "legitimate interests" or "Public Task". Unless we can show a compelling case why our use of data is justified, we must stop using your data in the way that you've objected to. 

Rights related to automated decision-making including profiling

You have the right not to be subject to a decision based only on automated processing, including profiling, which affects you in a significant way. 

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time. 

Further information about your rights can be found on the Information Commissioner’s website at: 

How to exercise your rights or complain

If you have any questions about the way we handle your personal information, or would like to exercise any of your rights, or make a complaint, please contact our Data Protection Officer in the first instance. 

The Data Protection Officer can be contacted via email at or via the following postal address: 

Data Protection Officer,  
Vice Chancellor’s Office,  
University of Cumbria,  
Bowerham Road,  
Lancaster LA1 3JD.  

You also have a right to complain to theInformation Commissioner's Office (ICO) about the way in which we process your personal data. You can make a complaint using the ICO’s website. 

 This Privacy Notice was last updated on 25 September 2020 



Edit Page