Core Privacy Notice for the University of Northampton

Who we are?

We are the University of Northampton and we process your personal data to provide you with University services, to undertake our responsibilities and legal/statutory obligations, and to monitor our own performance. The University of Northampton is a data controller, registered with the Information Commissioner’s Office, and for the purposes of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), we have appointed a Data Protection Officer who has formal responsibility for data protection compliance within the organisation.

Our Data Protection Officer is currently Phil Oakman and he can be contacted at:

Or by writing to:

The Data Protection Officer, Records Management Office, University of Northampton (Park Campus), Boughton Green Road, Northampton NN2 7AL

01604 892823

What data do we hold about you?

The type of data the University of Northampton holds about you will be dependent on which process within the University use your data (please see the more specific Notices here for details).  In general terms we will be processing which is necessary to:

  • carry out our obligations to you,
  • deliver your chosen course as a student,
  • to manage your employment as a member of staff
  • maintaining the interests of the public
  • uphold the law including our statutory obligations.

Some main examples of personal data which we might process are detailed below (such a list is not exhaustive):

  • Your name
  • Contact details
  • Date of birth
  • Nationality
  • Ethnic origin
  • Academic history inc. qualifications
  • Disabilities
  • Medical information as appropriate to maintaining wellbeing
  • Financial information
  • Your use of UoN facilities such as the library
  • Disciplinary action
  • Digital photograph for ID, security and in production of your student ID card.

How do we collect your data?

Direct Collection

We collect data to operate effectively and provide you the best experience at this University.  You may provide some of this data directly to us, such as when you apply for a University place or begin as a member of staff.

In-direct Collection

We also obtain data from third parties.  A good example of this as regards student data is UCAS (Universities and Colleges Admissions Service). UCAS collect your personal information to manage and support your application to higher education, which they then share with prospective universities. In terms of staff the University may for example get information from a previous pension provider to transfer your provision to a University scheme.

Why do we process your data?

We may process your personal data because it is necessary for the performance of a contract with you. In this respect, some of the reasons we use your personal data may be for the following:

  • To interact with you before you are enrolled as a student, as part of the admissions process.  Or as a prospective member of staff before appointment,
  • once you have enrolled or been appointed, to provide you with the services as set out in our Student Agreement or your employment contract,
  • to deal with any concerns or feedback you may have,
  • for any other purpose for which you provide us with your personal data,
  • for administration of disciplinary processes,
  • to pay staff and administer pension rights.

We may also process your personal data because it is necessary for the performance of our tasks carried out in the public interest or because it is necessary for our or a third party’s legitimate interests. In this respect, we may use your personal data for example the following:

  • to provide you with educational services which may not be set out in our Student Agreement but which are nevertheless a part of our academic and educational mission;
  • to monitor and evaluate the performance and effectiveness of the university, including by training our staff or monitoring their performance;
  • to maintain and improve the academic, corporate, financial, estate and human resource management of the university;
  • to promote equality and diversity throughout the university;
  • to seek advice on our rights and obligations, such as where we require legal advice;
  • recovering money you owe to us.

We may also process your personal data for our compliance with our legal obligations. In this respect, we may use your personal data for the following:

  • to meet our compliance and regulatory obligations, such as compliance with anti-money laundering laws and safeguarding requirements;
  • for the prevention and detection of crime;
  • in order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.

We may also process your personal data where:

  • it is necessary for medical purposes,
  • it is necessary to protect your or another person’s vital interests; or
  • we have your specific or, where necessary, explicit consent to do so.

Who do we share your data with?

The University may share your data with:

  • Other public authorities or public partnerships, such as schools, hospitals, police as the law requires,
  • Government departments such as HESA (Higher Education Statistics Agency),
  • Student Union,
  • business we hold contracts with to help deliver our services to you,
  • non-commercial organisations that may also help with service delivery.

How long do we keep your data for?

In regard to students UoN continues to hold some data about you even once you have completed your studies at the university. This may be used as evidence of your academic achievements, to supply statistics, or to provide information to regulatory bodies and other agencies to whom we are legally required to supply data.

As regard to staff, we have statutory obligations to permanently retain certain record types for example any contact with hazardous materials or relating to your pension.

Details of the University’s Retention and Disposal Schedule is available here

Periodically some data may be securely disposed of in line with the University’s retention schedule. This ensures that the data retained is proportionate and necessary to the role of the University and its purpose for processing.

Your rights

Under the Data Protection Act you have the following rights:

  • to obtain access to, and copies of, the personal data that we hold about you;
  • to require that we cease processing your personal data if the processing is causing you substantial damage or distress;

Once the General Data Protection Regulation (GDPR) comes into force in May 2018, you will also have the following additional rights:

  • to require us to correct the personal data we hold about you if it is incorrect;
  • in some cases to require us to erase your personal data;
  • to require us to restrict our data processing activities (and, where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal);
  • to receive from us the personal data we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on your rights.

Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.

For more information on these rights contact the Records Management team at

How do we keep your data secure?

The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. The university takes all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Where the University transfers your data to any organisation in a third country or international organisation (e.g. using Cloud storage) appropriate or suitable safeguards will be written into the contract.

Profiling and automated decisions

Large volumes of information, from a range of sources can be processed using algorithms to detect trends and correlations. Occasionally your data may be processed in this way to help identify students when extra support may be needed, for example if you are at risk of failing in an aspect of your course.

No decision made by the university is based solely on such automated processing.

If your data is to be processed in this way, you will be asked for your explicit consent.

How to complain

If you have a complaint about the way you believe your data is being processed, in the first instance, a discussion with the records management team may resolve things and they can be contacted by emailing:

If you remain dissatisfied you can take your complaint to the Information Commissioner’s Office (ICO) for a review:

How we use “cookies”

Most of our web pages use “cookies”. A cookie is a small file of letters and numbers that we place on your computer or mobile device if you agree. These cookies allow us to distinguish you from other users of our website, which helps us to provide you with a good experience when you browse our website and also allow us to improve our website.

For more detailed information on the cookies we use on the University’s main web pages (i.e. those in and the purposes for which we use them, please see our Cookie Statement. Please refer to individual web pages for further information about the use of cookies on other web pages on the domain.

Access to information

The Data Protection Act 1998 gives you the right to access information held about you. For further information about this right and how to exercise it, please see the University’s Policy on Data Protection.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.


This website contains links to other sites. Please be aware that the University does not claim any responsibility for the privacy practices of such other sites. The University encourages users to be aware and read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by this website.


Any queries or concerns about privacy on this website should be sent by email to or addressed to the Records Management Office, University of Northampton, Park Campus, Boughton Green Road, Northampton NN2 7AL.