The University takes its responsibilities seriously when processing the personal data it collects with regards to staff, students and all others with whom it interacts.
Cardiff University is a Data Controller for the purposes of data protection legislation and is registered with the Information Commissioner's Office.
Personal data is any data from which a living individual can be identified. The processing of personal data is covered by data protection legislation which includes the General Data Protection Regulation and Data Protection Act 2018 (once enacted).
The legislation provides a framework to ensure that organisations process personal data in an open and transparent manner and with due regard to the rights and freedoms of individuals.
Our data protection policy
Our privacy notices
To help you understand how your personal data is being processed the University has set out in its data protection notices what information it holds, why it is required, the legal basis for processing and who that data may be passed to. You can also find out how your information is secured and how long it will be retained. Our notices:
The legislation also gives you the right to see what information an organisation stores about you and request copies of it as well as other rights in respect of the processing of your personal data.
You can find out more about these rights, when they might apply and how to exercise them in your data protection rights.
Data protection officer
The University is required to have a data protection officer who can be contacted if you have any queries, concerns or complaints about the way your personal data is processed.
You can contact the data protection officer by writing to:
Data Protection Officer
or at the below email
Information Commissioner's Office
The Information Commissioner’s office is responsible for regulating data protection in the UK. We hope to resolve any of your questions, queries or concerns but if you remain dissatisfied you can contact the Information Commissioner's Office.