Business and external stakeholder privacy notice

We collect and process personal data as part of our business engagement activity. This relates to collaborative research and enterprise activity, the recruitment of our students and graduates, hiring university conference spaces and accommodation, news and events, community engagement, and supporting or studying with us.

The University is committed to being transparent about how it collects and uses that data meeting its data protection obligations and is the Data Controller in this scenario.

What information does the University collect?

The University collects a range of information about you. It is likely that you will give us information when you make an enquiry to the University, share a business card or if you book to attend an event.

This includes:

Why do we collect your data?

We use your data so that we can deliver the services you have accessed/enquired about – this could include:

Who has access to the data?

Your information will be shared internally to enable us to best deliver the services you have enquired about. Where consent is needed we will obtain this.

How does the University protect data?

We take the security of your data seriously. It has internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed and is not accessed except by our employees in the proper performance of their duties.

Where is your data held?

Your data is held on our CRM system and our email system.

How long we will keep your data?

We will retain your data for two years from the last point of activity with us, after which point it will be deleted.

There is no statutory or contractual requirement to provide your personal data to us, we are processing it under legitimate interest as you have indicated that you are interested to receive information on one of our business services.

Find out more about how we handle your information

Data Controller

The Data Controller is the University of Derby, Kedleston Road, Derby. If you would like information about how the University uses your personal data please email us at

Data Protection Officer

The Data Protection Officer is responsible for advising the University on compliance with Data Protection legislation and monitoring its performance against it. 

Contact our Data Protection Officer at

February 2019
  • We have updated this privacy notice to make some sections clearer and easier to understand
  • The data controller section has been moved for consistency.
June 2020
  • Data Protection Officer - Updated.
January 2021
  • Data Protection Officer - Updated.