Data Protection
Data Protection
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (“Data Protection Legislation”) gives individuals the right to know what information is held about them (as the ‘Data Subject’), and provides a framework to ensure that personal information is handled properly with regards to what data can be collected, how it is processed and to whom it can be disclosed.
The University is committed to the Data Protection Principles set out in the Data Protection Legislation and to ensuring that specific procedures, processes and mechanisms are in place and reviewed periodically so that these principles are complied with. The Principles make sure that personal information is:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
More details on the principles can be found at the Information Commissioner’s Office and for further information on how the University manages and deals with your data please see The University’s Data Protection Policy (IM08)
Making a request for your personal information (Subject access request)
We recognise the right of individuals to access information held about them by the University.
To request to access your personal information you should complete this form or submit a written request to:
Abigail Tomlinson
Data Protection Officer
Legal & Compliance Services
University of Hertfordshire
Hatfield
AL10 9AB
UK
or via email to dataprotection@herts.ac.uk.
Please enclose/attach a copy of the following ID when you submit your:
one of the following forms of photo ID:
- Passport
- Photo-card driving licence
- Birth or adoption certificate;
AND one of the following proofs of address:
- Household utility bill
- Bank, building society or credit card statement
- Council tax bill
- Mortgage statement
This is to ensure that we are only sending information to the data subject or their representative and not to a third party. If none of these are available, please contact dataprotection@herts.ac.uk for advice on other acceptable forms of identification.
The University aims to comply with all requests for access to personal information as quickly as possible within the statutory 30-day limit unless there is good reason for delay. The University reserves the right not to release any information, and the 30-day deadline period will not commence, until the University has received adequate information to identify the individual requesting the information and is satisfied that the request is a genuine one made by or with the knowledge and consent of the Data Subject.
Data Subjects are always informed about the progress of their request, including any decision not to release any data or any reason(s) for delaying a response.
For further information on Data Subjects’ Rights please see Appendix II of The University’s Data Protection Policy (IM08)
Governmental Returns
The University of Hertfordshire will collect data from applicants and student which will be used for a number of government returns the University has a statutory obligation to make. These include:
- The Higher Education Statistics Agency (HESA)
- UK Visas and Immigration (UKVI)
- Office for Students (OfS)
For more information about the information provided to HESA please visit: data protection and the HESA records. You can also email sre@herts.ac.uk if you require further information about how the University will manage your data.
Sharing Information with Third Parties
The University of Hertfordshire may hold the following information about you:
- Account details so that you to login easily to different University systems
- Basic contact details, such as: your name, email address, phone number and postal address so that you do not need to provide the information multiple times
- Personal data, such as: date of birth, gender, ethnicity, etc. which we need to use to report to various government bodies
- Course details, such as: your programme and modules, which systems need in order to deliver your course and provide appropriate resources
- Financial information, which we use to administer your registration and manage your fees and account
The University of Hertfordshire may share the information we hold about you with:
- Systems hosted on campus in our secure data centres
- Systems securely hosted by our suppliers and partners who deliver services on our behalf that support your education
- External agencies who receive your data in order to provide you with a service
- External agencies who we are legally obliged to provide your data to
For a full list of third parties and use of your information, please see the Sharing Information with Third Parties document.