The Data Protection Legislation (“the DP legislation”) regulates the use of personal data and sets requirements for protecting it.  It seeks to balance an individual’s right to privacy with the need of organisations to use information about individuals for legitimate purposes.

The DP Legislation refers to the General Data Protection Regulation (GDPR) which came into force on 25 May 2018 and additional UK data protection legislation which makes further provision about when and why personal data can be processed and the rights of individuals in relation to their personal data. Our approach to data protection compliance is set out in our Data Protection Policy for Staff and BU Representatives (docx, 127kb).   That Policy contains references to other key BU policies and processes relevant to data protection, including information security policies.

BU’s Data Protection Officer has overall responsibility for managing data protection within BU and communicating with individuals about our data protection compliance. He can be contacted on [email protected] or 01202 962472.

How we use information collected via our website

For details on this see our website privacy & cookies policy.

How we use information about our staff

For details on this see our Staff and Applicants privacy notice. In addition, the HESA Staff Collection Notice gives information about processing of staff information which we share with HESA (the Higher Education Statistics Agency).

How we use information about our students

For details on this see our Student privacy notice. In addition, the HESA Student Collection Notice gives information about processing of student information which we share with HESA (the Higher Education Statistics Agency).

BU contract with private accommodation operators to provide accommodation options for our first-year students. Our Accommodation Data Sharing Agreement (pdf 303kb) template includes detail on how we use student information as part of this provision and also to further support our students whilst they reside in this accommodation. To check which accommodation is covered by this agreement see our first-year accommodation portfolio web page (individual provider's agreements may vary).

Outside of our first-year student accommodation portfolio, most current, and some first-year students, choose to live in private accommodation that is not covered by our Accommodation Data Sharing Agreement. In our Accommodation Data Sharing Protocol (224kb), BU has set out how and when these private landlords can share student information with BU.

How we use information about other individuals

Please see our other privacy notices, which relate to:

Processing of personal data for the purposes of staff recruitment is covered in the Staff Privacy Notice.

Staff responsibilities when handling personal data

As set out in the Data Protection Policy for Staff and BU Representatives (docx, 127kb), all staff have responsibilities in relation to data protection compliance. These include mandatory data protection training. This document provides a summary of the key staff responsibilities in relation to data protection.

Students’ responsibilities when handling personal data

Students will, during their studies with us, come into contact with personal information from many sources (including that of their fellow students or interview and questionnaire participants). We expect students to handle information about other people responsibly. BU will issue further guidance on these expectations in the next few months.

We encourage the use of social media as it can be a valuable tool for communication and learning and can assist in the work of students and staff. Students are reminded that the usual standards of behaviour and conduct that we expect on a day-to-day basis apply equally to the use of social media. For further information on this, please see our Social Media Policy and Procedures for Students (doc, 145kb). Misuse of social media can cause significant distress to others, and we may take action against those responsible.

Individuals’ rights under the DP Legislation

The DP Legislation gives individuals (“data subjects”) a number of rights in relation to organisations who process their data. These include the right to ask for information about how we process your data and to see the data being processed (subject access rights).   Following changes to the DP Legislation the rights also include the right to ask for rectification/correction of any inaccurate personal data being processed, and in certain circumstances you will have the right to object to processing of your data and to ask for the processing to be restricted or stopped.

Further information about all of these data subject rights is set out in our Privacy Notices.

Information about how to make a subject access request is set out below. If you wish to exercise any of the other data subject rights, you should contact our Data Protection Officer on [email protected].

Making a request for a copy of your personal data

Under the DP Legislation, you can ask us to provide you with the personal information we hold about you. This is called a subject access request. To make a request, you can use our Subject Access Request Form (pdf 160kb) and send it to our Information Office. Alternatively, requests can be made by letter or email to the Information Office using the contact details on this page.

There is no fee for making a subject access request. 

To ensure compliance with the DP Legislation, and to maintain confidentiality, we will require proof of identity from those seeking to access their personal information. Failure to provide this will result in the information being withheld. Our Subject Access Request Form outlines the documentation we require to satisfy our identity check. Please don’t send any original documentation to us by post.

We will respond to your request within the applicable timeframe under the DPA. This is usually one month from the later of receipt of your request, proof of identity and any clarifications we require from you.

Some of your personal data may be exempt from the right of subject access and so we would not be able to provide it to you. For example, responding to a request may involve providing information that relates to both you and another individual. In these situations, we can only release this information to you if the other individual has consented to this, or it is reasonable in all the circumstances to do so without their consent.  The DP Legislation also sets out other specific exemptions from the subject access rights.

For information about the subject access exemptions under the DP Legislation, see the Information Commissioner’s Office webpage.

Requests for exam scripts

The subject access rights in the DP Legislation  allow students access to examiners’ comments written on examination scripts. We implement this right of access by allowing all students to obtain a copy of their exam scripts.

To obtain a copy of your own exam script, you should put your request in writing to your Programmes Administrator. Please note that, as with all other subject access requests, we will require proof of identity.

The normal timescales for responding to a subject access request may not apply in relation to requests for exam scripts.  If you have any questions about this, please contact the Data Protection Officer on [email protected]

It may also be possible for students to meet with their tutor to discuss their exam script if they are required to retake a particular examination. Providing a copy of the script is not required.