The University of London is the controller for the personal information we process, unless otherwise stated.
Our postal address:
University of London
London WC1E 7HU
For general contact information for the University please use: https://london.ac.uk/contact-us
The University’s Data Protection and Information Compliance Manager is our Data Protection Officer. You can contact the DPO at: email@example.com or via our postal address. Please mark the envelope ‘Data Protection Officer’. Further information is available on our Data Protection policy page.
The University collects personal data in many different scenarios. Where data is provided to us directly by you the most common examples are:
- You are student registered with on one of our programmes
- You have applied for a job with us
- You have provided your personal data when participating in one of our academic research projects
- You have registered as a member at one of our libraries
- You have signed up to one of our mailing lists
- You wish to attend, or have attended, an event
- You have accessed our website
- You have bought goods and services from us
We also receive personal information indirectly. Examples of this may include:
- We hold personal data in collections and archives
- You are the focus of academic research, perhaps as a notable public figure
- You are an alumni of our University
- You have a public profile linked to the University
- You are a prospective employee, trustee or committee member of the University
- Your contact details have been provided by one of our employees as an emergency contact or a referee
- A complainant refers to you in their complaint correspondence
If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information.
You have a number of rights under the General Data Protection Regulation, such as the right of access to your data (the 'Subject Access Right'). For more information please see the University's Data Protection page.
As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act (2010) and according to our Diversity and Inclusion Strategy.
We can make arrangements for anyone with a disability who contacts us in any capacity, to help you access our services. Our legal basis for processing your data where it is necessary for a legal obligation to provide this. Our processing of special category data, such as health information you give us, will be based on article 9 (2) (b), where it is necessary for carrying out our obligations in social protection law, which includes health and safety legislation.
We’ll create a record of your special requirements as appropriate to the nature of your visit or access to our services. This will be viewable by relevant staff and kept for 6 years.
To fulfil our services we will need, where appropriate, to share relevant data with third parties. This will be outlined in the specific sections of the privacy notices about our services.
The University may use an external contractor or 'data processor' to store or manage its data. It will process this data only for purposes specified by the University and will be bound by contract to meeting the University's obligations under the General Data Protection Regulation. Where data is passed outside the EEA, the University will take the relevant steps to ensure there is adequate protection in place.
Your personal data will not be passed to any other third party without your consent, except where the University is required to do so by law.
Links to other websites of other organisations are not covered by this Privacy Notice.
The University has a presence on social media (Facebook, Twitter, YouTube etc.) and you can interact with us through your existing social media accounts and their relevant privacy policies.