Privacy Notice

The University of London is the controller for the personal information we process, unless otherwise stated.

Our postal address:            

University of London
Senate House
Malet Street
London WC1E 7HU

For general contact for the University please use: https://london.ac.uk/contact-us 

The University’s Data Protection and Information Compliance Manager is our Data Protection Officer. You can contact the DPO at: data.protection@london.ac.uk or via our postal address. Please mark the envelope ‘Data Protection Officer’. Further information available at: https://london.ac.uk/about-us/how-university-run/policies/data-protection 

The University collects personal data in many different scenarios. Where data is provided to us directly by you the most common examples are: 

•    You are student registered with on one of our programmes
•    You have applied for a job with us
•    You have provided your personal data when participating in one of our academic research projects 
•    You have registered as a member at one of our libraries 
•    You have signed up to one of our mailing lists 
•    You wish to attend, or have attended, an event
•    You have accessed our website 
•    You have bought goods and services from us 

We also receive personal information indirectly. Examples of this may include: 

•    We hold personal data in collections and archives 
•    You are the focus of academic research, perhaps as a notable public figure 
•    You are an alumni of our University 
•    You have a public profile linked to the University 
•    You are a prospective employee, trustee or committee member of the University 
•    Your contact details have been provided by one of our employees as an emergency contact or a referee
•    A complainant refers to you in their complaint correspondence

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information. 
 

You have a number of rights under the General Data Protection Regulation, such as the right of access to your data (the 'Subject Access Right'). For more information please see the University's Data Protection page at the following link: 

https://london.ac.uk/about-us/how-university-run/policies/data-protection-policy 

As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act (2010) and according to our Diversity and Inclusion Strategy.

We can make arrangements for anyone with a disability who contacts us in any capacity, to help you access our services. Our legal basis for processing your data where it is necessary for a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9 (2) (b), where it is necessary for carrying out our obligations in social protection law, which includes health and safety legislation. 

We’ll create a record of your special requirements as appropriate to the nature of your visit or access to our services. This will be viewable by relevant staff and kept for 6 years. 
 

To fulfil our services we will need, where appropriate, to share relevant data with third parties. This will be outlined in the specific sections of the privacy notices about our services. 

The University may use an external contractor or 'data processor' to store or manage its data. It will process this data only for purposes specified by the University and will be bound by contract to meeting the University's obligations under the General Data Protection Regulation. Where data is passed outside the EEA, the University will take the relevant steps to ensure there is adequate protection in place. 

Your personal data will not be passed to any other third party without your consent, except where the University is required to do so by law.

Links to other websites of other organisations are not covered by this Privacy Notice. 
The University has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts and their relevant privacy policies.

You have the right to complain about how we process your data. Complaints about data protection should be made to the Data Protection Officer at the following link: data.protection@london.ac.uk

If you remain unsatisfied with our response, you can escalate your complaint to the Information Commissioner’s Office at the following link: https://ico.org.uk/make-a-complaint/ 

This page will be regularly reviewed and kept up to date.

The University does not provide services directly to children or collect their personal data. Where the data of children is collected through the provision of our services, this privacy notice applies to them as well as adults. If they require any assistance with the privacy notice, they can contact: data.protection@london.ac.uk

If your interactions with us include any unacceptable behaviour, by phone, online or in person, which puts our staff or other people at risk we will store a record of those interactions and share that information with relevant staff to avoid that risk in future. The legal grounds for this processing is, as we are a public authority, ‘necessary for task in the public interest’.

You have a right to object to us collecting and storing this data under GDPR though the University may refuse your request.

When you sign up to one of our mailing lists the University adds you to database and sends you emails to keep you updated with our latest courses, offers and events. 

When we are sending out direct marketing he University relies on your 'opt in' consent to do this, unless you are already an existing student or customer of our services. The University may also make contact with publicly available professional or work email addresses it researches online to support its legitimate interests to promote its courses, events and products. If you would like to unsubscribe please click the link provided on each email.

The University will use aggregated statistics from its marketing campaigns to analyse the progress and effectiveness of its campaigns. To carry out this processing the University relies on its legitimate interests to promote its course and business offerings with appropriate safeguards in place to protect the privacy and ensure the choice of those on its mailing list. 
 

For further information on visiting our website please see: 

https://london.ac.uk/about-us/how-university-run/policies/privacy-policy-and-cookies

The legal grounds for processing our web traffic and analysis information for is the legitimate interests of the maintenance and improvement of our website. Where we use cookies for other purposes we will obtain your content using a pop-up notice and provide information on how you can set your preferences. 

Many of our buildings are public access, but when you visit the premises of the University of London we may collect information in order to give you access to the building with a visitors pass and signing in and out where required.

CCTV operates in and outside the building and according to the University’s CCTV policy. Images are kept for 30 days. 

If you access our Wi-Fi networks we will monitor your usage in accordance with our Acceptable Use policy. 
 

The UK has left the EU. The EU data protection law, the General Data Protection Regulation (GDPR) becomes the 'UK GDPR' transitions into UK law alongside the UK Data Protection Act 2018. The Brexit trade deal has put in place a further transition period for EU-UK data transfers of up to six months to enable the European Commission to complete its adequacy assessment of the UK's data protection laws. EU-UK data flows continue as before without requiring additional safeguards.

In data protection terms our obligations to you as a student or customer to manage your data fairly, lawfully and securely remain unchanged. Your data protection rights - the right of access, the right to erasure etc. - also remain in force. Further information on this can be found on the University website at the "Your Rights" section on the data protection page.