Record of Processing Activities - UoD

Record of Processing Activities - University of Derby

Registration Number: Z859984X

Date Registered: 24th May 2004

Registration Expires: 23rd May 2023

Data Controller: University of Derby

Address: Kedleston Road, Derby, DE22 1GB

Other Names: Buxton & Leek College, Buxton College, Leek College

This data controller states that it is a public authority under the Freedom of Information Act 2000 or a Scottish public authority under the Freedom of Information (Scotland) Act 2002.

This register entry describes, in very general terms, the personal data being processed by: University of Derby

Nature of Work: University

Description of Processing

The following is a broad description of the way this organisation / data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/Purposes for Processing Information

We process personal information to enable us to provide education and support services to our students and staff; staff, agent and contractor information; advertising and promoting the university and the services we offer; publication of the university magazine and alumni relations, undertaking research and fundraising; managing our accounts and records and providing commercial activities to our clients. We also process personal information for the use of CCTV systems to monitor and collect visual images for the purposes of security and the prevention and detection of crime.

Type/Classes of Information Processed

We process information relevant to the above reasons / purposes. This may include:

We also process sensitive classes of information that may include:

Who the Information is Processed About

We process personal information about:

Who the Information May be Shared With

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:


It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the Data Protection Act.

Statement of Exempt Processing

This data controller also processes personal data which is exempt from notification.

Need advice?

Contact or +44 (0)1332 592151.

Our Data Protection Officer is Mrs Helen Selby. You can contact her directly on +44 (0)1332 591954.