This privacy notice is for the Cardiff University website only (www.cardiff.ac.uk, blogs.cardiff.ac.uk, sites.cardiff.ac.uk and campaigns.cardiff.ac.uk).
For information about data protection in general and privacy notices for enquirers, students and staff, please see our Data Protection pages.
The personal data we collect
The Cardiff University website collects personal data from you in two ways:
- data you provide yourself
- data collected automatically.
The personal information collected is not sold to third-parties.
Data you provide yourself
Our website includes several different types of online form, as explained below. The data gathered through online forms will only be used for the purpose described on collection unless you also consent to other defined uses.
When you make an enquiry about studying with us or the support we offer, the data you provide is sent to Gecko Engage and is stored on their servers within the EU, in Dublin and London. Your data will then be managed in line with Cardiff University’s data protection policy. To request your data or ask for it to be deleted, contact email@example.com.
When you submit an enquiry to our Student Support and Wellbeing teams, the data you provide is sent to Engage2Serve and is stored on their servers within the EU, in Dublin and London. Your data will then be managed in line with Cardiff University’s data protection policy. To request your data or ask for it to be deleted, contact firstname.lastname@example.org.
When you complete an online form on www.cardiff.ac.uk, blogs.cardiff.ac.uk or sites.cardiff.ac.uk, the personal data you provide is sent to Cardiff University.
The information you submit via www.cardiff.ac.uk is hosted in the UK by Squiz, the company that provides our hosting services. Squiz operates as our data processor, processing personal data on our behalf. Your data is deleted within 60 days.
The information may then be passed to trusted partners under contract to help us do what you requested (such as sending you a printed prospectus).
Open day booking forms
Our open day booking forms are hosted on Gecko Engage and your data is stored on their servers within the EU, in Dublin and London. It will then be managed in line with Cardiff University’s data protection policy. To request your data or ask for it to be deleted, contact email@example.com.
Your data may also be provided to NHS Test, Trace, Protect service, if requested under COVID-19 requirements.
Data collected automatically
The data collected automatically by our website helps us understand which parts of it are most popular, where visitors are coming from and how they are using it. This allows us to make improvements in future.
As you use our website, data about the pages visited is sent to Google Analytics so that we know how many people are using it. This includes the individual pages visited, an anonymised IP address, the device, browser and the website you came from. Google can also collect demographic and interests information from the DoubleClick cookie, if it's present on your device. Google relies on Standard Contractual Clauses for the transfer of advertising and measurement data outside of the European Economic Area, the UK or Switzerland.
You also have the right to object to the processing of your information or export your information to another service. To request this data or ask for it to be deleted contact firstname.lastname@example.org
We also partner with Microsoft Clarity to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of website pages and online activity.
Whilst we are unable to identify individuals from the data collected through this partnership, if you have agreed to share such data with Microsoft through other services and products, it is possible they may correlate user behaviour information collected via these services/products with existing data they have associated with you.
This will be for the purposes of improving Microsoft’s fraud/security practices and for advertising purposes, Microsoft will not share this information with Cardiff University. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
On parts of our website, we use code provided by Google, Facebook, Twitter, Snapchat, TikTok or LinkedIn to serve adverts based on someone’s past visit (retargeting) and to measure the effectiveness of our advertising campaigns. This code sends data to Google, Facebook, Twitter, Snapchat, TikTok or LinkedIn about the individual pages visited, actions completed on the page, IP address, device and browser.
When we use interactive maps that show your position, we will do so only with your consent. If you provide consent, the map will use the coordinates of your current location but this data will not be sent to us or stored.
On some parts of our website we use Hotjar to record anonymous data about how specific pages are used (such as clicks or mouse movements). This does not collect or store any personal data.
On pages that have embedded Twitter content, we instruct Twitter not to record any information about you. You can opt-out of all Twitter tracking from the Twitter Personalisation settings page.
Our website detects the country you are in, based on your IP address. This allows us to personalise parts of our website for international visitors.
Our web servers record requests for web pages (URLs) but no personal data is collected or stored.
Do not track
Our website does not currently support the “Do not track” browser setting.
Changes to this privacy notice
We reserve the right to change this information without notice.