Skip to main content

Our data protection policy

The University takes its responsibilities seriously when processing the personal data it collects with regards to staff, students and all others with whom it interacts.

Cardiff University is a Data Controller for the purposes of data protection legislation and is registered with the Information Commissioner’s Office.

Personal data is any data from which a living individual can be identified. The processing of personal data is covered by data protection legislation which includes UK GDPR and the Data Protection Act 2018.

The legislation provides a framework to ensure that organisations process personal data in an open and transparent manner and with due regard to the rights and freedoms of individuals.

Our data protection policy

Data Protection Policy v2.1

Data Protection Policy

Our privacy notices

To help you understand how your personal data is being processed we have set out in our data protection notices:

  • what information we hold
  • why it is required
  • the legal basis for processing it
  • who that data may be passed to

You can also find out how your information is secured and how long it will be retained.

Your data protection rights

Your data protection rights

If you would like to see the personal data that Cardiff University holds about you, you can apply under the Data Protection Act.

Staff data protection notice

Staff data protection notice

During the recruitment process and throughout your employment with us, Cardiff University collects, uses and stores (i.e. processes) your personal data.

Student and applicant data protection notice

Student and applicant data protection notice

As a student with us, some of your personal data will be stored and processed by the University.

Enquirers and professional partners data protection notice

Enquirers and professional partners data protection notice

Information about data protection when you make an enquiry with Cardiff University.

Research participants data protection notice

Research participants data protection notice

The research participants data protection notice sets out how the University deals with the personal data of individuals participating in research

Data protection notices for specific activities

Data protection notices that tell you how we process personal data for specific activities the University engages in.

Your rights

The legislation also gives you the right to see what information an organisation stores about you and request copies of it as well as other rights in respect of the processing of your personal data.

You can find out more about these rights, when they might apply and how to exercise them in your data protection rights.

Data protection officer

The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed. The University’s Data Protection Officer is Andrew Lane.

Contact us

You can contact the data protection officer by writing to:

Data Protection Officer
Compliance and Risk, University Secretary's Office
Cardiff University
42 Park Place
Cathays, Cardiff
CF10 3BB

or at the below email

Information Requests Service

Information Commissioner's Office

The Information Commissioner’s office is responsible for regulating data protection in the UK. We hope to resolve any of your questions, queries or concerns but if you remain dissatisfied you can contact the Information Commissioner's Office.