Applicant privacy notice

As part of the application process, we (the University of Derby) collect and process personal data relating to you. The University is committed to being transparent about how we collect and use that data to meet our data protection obligations.

What information does the University collect?

Information held about you may include:

The University also needs to collect and process personal ‘special categories of data’ under the GDPR including:

You can access the data we have about you by logging in to your applicant area and viewing the information you have submitted.

Why do we collect your data?

The University needs to collect, maintain and use your personal data in order to administer your course, facilitate your education and to deliver and improve services and facilities during your time as a student. It also helps us to work with you for example providing disability support and support for students from overseas.

We may collect your personal data in a number of ways, for example:

Legal basis for holding your data

We collect your data on the basis of 'legitimate interest' to enable us to provide you with the information you have requested in your enquiry.

By accepting an offer, we will rely on legitimate interest to collect your data as well as your explicit consent where the University is processing special category data, as per Schedule 1 of the Data Protection Act 2008, for the purposes and in the manner set out in this notice.

How your data is held?

Your personal data is held within our University records database and accessed by staff within admissions and by admissions staff within the academic school.

All data relating to applicants is held within the European Economic Area and will not be transferred outside of this area.

Who has access to data?

We may share your data with a number of internal departments to ensure fair assessment of your application and as part of the normal processing of your application. This may include:

We may disclose certain personal information to external organisations to carry out our legal responsibilities, functions and manage our operations, or because you asked us to. These may include:

We will not normally disclose any other personal information about you to other external organisations without your consent unless it is in your vital interests to do so (for example an emergency situation).

How does the University protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

How long we will keep your data?

We keep personal data for as long as it is needed for the purpose for which it was originally collected. We keep applicant data for one year after the end of the recruitment cycle in which you applied, though if you become a student your data will be kept according to the Records Retention Policy.

Data subject's rights

As a data subject, you have a number of rights. You can:

If you would like to exercise any of these rights, please contact us at

Use of automated decision making and profiling

The University does not currently undertake any profiling activities or make automated decisions about you.

The right to complain to the Information Commissioners Office

If you are unsatisfied with the way the university has processed your personal data, we ask that you let us know so that we can try and put things right, or if you have any questions or concerns about your data please contact us at

If we are not able to resolve the issue to your satisfaction, you have the right to complain to the Information Commissioner’s Office.

Data Controller

The Data Controller is the University of Derby, Kedleston Road, Derby. If you would like information about how the university uses your personal data please email us at

Data Protection Officer

The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. Contact our Data Protection Officer at

Other privacy notices

We do our utmost to protect your privacy. Please be aware that other privacy notices exist within the University in respect of data held, including but not limited, to activities in relation to your enquiries, application, current students, alumni and use of our website.

February 2019
  • We have updated this privacy notice to make some sections clearer and easier to understand
  • The data controller section has been moved for consistency.
September 2019
  • Reviewed and confirmed as up to date.
June 2020
  • Data Protection Officer - Updated.
January 2021
  • Data Protection Officer - Updated.
September 2021
  • 'Who has access to data?' - Amendment made to the Library bullet point.
  • 'Why do we collect your data?' - Addition of DfE.
February 2022
  • 'Who has access to data?' - Amendment made to the Student Living bullet point.
May 2022
  • 'Who has access to data?' - Addition - TP Health.