Our data protection policy
The University takes its responsibilities seriously when processing the personal data it collects with regards to staff, students and all others with whom it interacts.
Cardiff University is a Data Controller for the purposes of data protection legislation and is registered with the Information Commissioner’s Office.
Personal data is any data from which a living individual can be identified. The processing of personal data is covered by data protection legislation which includes UK GDPR and the Data Protection Act 2018.
The legislation provides a framework to ensure that organisations process personal data in an open and transparent manner and with due regard to the rights and freedoms of individuals.
Our data protection policy
Data Protection Policy v2.1
Data Protection Policy
If this document cannot be read by your assistive software, you can request an accessible version by emailing web@cardiff.ac.uk. Please include the assistive tools you use and the format you require.
Our privacy notices
To help you understand how your personal data is being processed we have set out in our data protection notices:
- what information we hold
- why it is required
- the legal basis for processing it
- who that data may be passed to
You can also find out how your information is secured and how long it will be retained.
Your rights
The legislation also gives you the right to see what information an organisation stores about you and request copies of it as well as other rights in respect of the processing of your personal data.
You can find out more about these rights, when they might apply and how to exercise them in your data protection rights.
Data protection officer
The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed. The University’s Data Protection Officer is Andrew Lane.
Contact us
You can contact the data protection officer by writing to:
Data Protection Officer
Compliance and Risk, University Secretary's Office
Cardiff University
42 Park Place
Cathays, Cardiff
CF10 3BB
or at the below email
Information Requests Service
Information Commissioner's Office
The Information Commissioner’s office is responsible for regulating data protection in the UK. We hope to resolve any of your questions, queries or concerns but if you remain dissatisfied you can contact the Information Commissioner's Office.