The University is obliged to comply with the eight principles of the Data Protection Act for handling personal data as follows:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be processed for one or more specified and lawful purpose.
- Personal data shall be adequate, relevant and not excessive to the purpose of processing.
- Personal data shall be accurate and up-to-date.
- Personal data shall not be kept longer than is necessary.
- Personal data shall be processed in accordance with the individual's rights under the Act.
- Appropriate measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage.
- Personal data shall not be transferred to a country outside the EEA without adequate protection for the rights and freedoms of data subjects.
Staff can find details of how the University handles their data in the terms and conditions of employment provided with their contract. For students, the details are in the student handbook in the Personal Information and Data Protection section.Further information about subject access requests can be obtained from the Information Commissioner's Office.