Skip to main content

Our data protection policy

The University takes its responsibilities seriously when processing the personal data it collects with regards to staff, students and all others with whom it interacts.

Cardiff University is a Data Controller for the purposes of data protection legislation and is registered with the Information Commissioner's Office.

Personal data is any data from which a living individual can be identified. The processing of personal data is covered by data protection legislation which includes the General Data Protection Regulation and Data Protection Act 2018.

The legislation provides a framework to ensure that organisations process personal data in an open and transparent manner and with due regard to the rights and freedoms of individuals.

Our data protection policy

Data Protection policy

The purpose of the Data Protection Policy is to clarify the requirements of the Data Protection legislation in the context of Cardiff University.

Our privacy notices

To help you understand how your personal data is being processed the University has set out in its data protection notices what information it holds, why it is required, the legal basis for processing and who that data may be passed to. You can also find out how your information is secured and how long it will be retained. Our notices:

Your rights

The legislation also gives you the right to see what information an organisation stores about you and request copies of it as well as other rights in respect of the processing of your personal data.

You can find out more about these rights, when they might apply and how to exercise them in your data protection rights.

Data protection officer

The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed. The University’s Data Protection Officer is Andrew Lane.

Contact us

You can contact the data protection officer by writing to:

Data Protection Officer
Compliance and Risk, University Secretary's Office
Cardiff University
McKenzie House
30-36 Newport Road 
CF24 0DE

or at the below email

Information Requests Service

Information Commissioner's Office

The Information Commissioner’s office is responsible for regulating data protection in the UK. We hope to resolve any of your questions, queries or concerns but if you remain dissatisfied you can contact the Information Commissioner's Office.