This is our general privacy notice and should be read alongside the privacy notice that best suits your relationship with City, University of London.
City, University of London (City, we, our, us) is committed to protecting the personal information provided to us and meeting our legal duties under the Data Protection Act 2018, the UK General Data Protection Regulation (GDPR), and any other applicable data protection laws.
This privacy notice explains how City uses, and shares your personal data, and your rights in relation the data that we hold. This notice should be read alongside the privacy notice that best suits your relationship with us and any information provided to you when your personal data is collected.
City is a data controller in terms of the Data Protection Act 2018 and the UK GDPR. City is registered with the Information Commissioner’s Office (ICO) with the registration number Z8947127.
City has appointed a Data Protection Officer, Dr Emma White, who can be contacted by email or by writing to her at our address:
City, University of London
Information Assurance Team
Northampton Square
London EC1V 0HB
United Kingdom
Website: https://www.city.ac.uk/
City collects many different types of personal information, depending on what it will be used for.
When we collect your personal information, we will explain to you what we will do with it.
Your personal information will never be sold and will not be used for any other purpose unless the law permits us to do so.
We may use external companies to help improve our efficiency or to carry out work on our behalf. When we do this, we will ensure that they only use your personal information for the purpose that we asked and not for anything else.
As a university, City has a duty to share personal information about our staff and our prospective, current, and alumni students with a number of public bodies. As an example, all UK universities are obliged to give contact details for a sample of recent graduates to the Higher Education Statistics Agency (HESA) to conduct a survey of graduate destinations.
The information that is provided helps to inform government policy. It is also used in calculations for university league tables and by the universities themselves to assess the longer-term impact of the student experience. The data is provided to HESA strictly and solely for this purpose.
City is a corporate body established by Royal Charter, and an exempt charity. To meet its duty to maintain effective control of its finances, the University’s financial affairs are subject to audit. This involves sharing details of financial transactions and governance information with external auditors and may contain personal data.
Further details can be found in our Financial summary.
Most of the personal information we process is provided to us directly by you for reasons that allow us to manage our relationship with you as a staff member, prospective, current or graduate student, research participant or member of the public.
Under the UK GDPR, depending on the purpose for which your data is being processed, we will rely on one of the following lawful bases:
(a) Your consent. You are able to remove your consent at any time.
You can do this by emailing or writing to us.
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
City also processes and stores CCTV footage for security and safety. For further information, please read our CCTV Policy [PDF].
City holds your personal information securely and in accordance with the law.
Your personal information will not be transferred to a country outside of the UK unless it has the same or better laws protecting your privacy or we have your consent to do so.
City has data deletion policies for different types of personal data.
Further and more detailed information about how we collect and use the information of Students, Staff, Alumni and supporters can be found on our website under legal documents and policies.
City also has a data protection policy that sets out how we process personal data to ensure that it is always kept secure and only used appropriately which can be found on our website.
The data protection legislation gives you several rights in relation to your personal data.
You have the right to:
(a) Request a copy of your personal data we hold
(b) Require us to correct any inaccuracies
You have the right to request a copy of the personal information that City holds. If the personal data that we hold is inaccurate or incomplete, you can request that any inaccuracies are rectified.
(a) Have your personal data erased
(b) To restrict processing
If you have contested the accuracy of the personal data held, you can restrict our use of it until the accuracy has been verified. If you object to us using your personal data, we must also stop while we decide whether we have a legitimate reason to do so.
If you were asked to agree to give us your personal information or provide consent, you may change your mind at any time and ask for it to be deleted. In most cases we will respect your wishes and the personal information held will be erased.
(a) To data portability
(b) To object
In certain circumstances, you may require the transfer of your personal data to another organisation in a machine-readable form.
You may object to City using your personal data for direct marketing at any time and we must stop as soon as your objection is received. You may object to City processing your personal data in certain other circumstances but may need to provide further details.
We must follow additional rules if we make decisions solely by automated means or use your personal information to determine something else about you. This is known as profiling.
If you wish to exercise any of these rights, please send your request to the Data Protection Officer via email. Your request will be dealt with within one calendar month.
Further information regarding your individual rights is available from the Information Commissioner’s website.
If you have any concerns about our use of your personal information, you can email us or write to us at the above address.
The Information Commissioner’s Office (ICO) is responsible for making sure that personal data is collected and processed in accordance with the UK GDPR and the Data Protection Act, 2018.
If you are dissatisfied with the way in which your personal data has been processed, you may lodge a complaint with them by contacting:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Revised 10th May 2021