This website uses cookies to improve your experience. Read our cookie policy

Find your place through Clearing Take control of your future, Clearing is your chance to explore new options, find the right course, and make a confident choice with friendly support every step of the way. Find out more about Clearing

Privacy Notice for Students and Applicants

Privacy Statement

The General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 governs the way that organisations use personal data. Personal data is information relating to an identifiable living individual.

Transparency is a key element of GDPR, and this Privacy Notice is designed to inform you:

  • how and why the University uses your personal data,
  • what your rights are under GDPR, and
  • how to contact us so that you can exercise those rights.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and transparently.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

Introduction

At the University of Suffolk, we are committed to protecting the privacy and security of your personal data. This privacy notice explains how we collect, use, share, and protect personal data relating to applicants and students, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

University of Suffolk is the data controller for the personal data you provide to us. This means that we are responsible for determining how your personal data is processed and for what purposes. Our registered address is Waterfront Building, Neptune Quay, Ipswich, IP4 1QJ. For any queries regarding your data, you can contact us at datagovernance@uos.ac.uk 

We collect most of the information directly from you. This is through the application process, during enrolment and at other points during your time studying with us. Most of this data is provided and processed in line with your student contract. Additional information is collected from third parties such as UCAS, employers, current or former places of education, international agents/agencies, academic partners, sponsors and government departments. During your period of study, we will also generate and collect additional information about you, such as in connection with your attendance and engagement with university services and academic results.

For Applicants:

  • Identification details: name, date of birth, nationality, application history and passport, immigration permissions, where relevant, or ID numbers.
  • Contact information: postal address, email address, phone numbers and next of kin.
  • Health information: (where applicable) includes information about health conditions or disabilities, data about your ethnicity, gender, religious beliefs and sexual orientation. You may also provide this information to us as part of the equality monitoring we carry out pursuant to our legal obligations under the Equality Act 2010 and is only given voluntarily.
  • Educational background: academic qualifications, transcripts, references, personal statement, and relevant skills or work experience.
  • Financial information: funding applications, scholarships, and financial aid details.
  • Equal opportunities data (optional): ethnicity, disability status, and other Equality, Diversity and Inclusion-related information for monitoring purposes.
  • Criminal convictions: details of any relevant criminal convictions, allegations or charges that we ask you to declare to us either when you apply to us, or whilst you are a student, or which are reported to us, and of any Disclosure and Barring Service checks, overseas criminal record checks, Disclosure and Barring Service (DBS) agreements from employers, Annual Declarations and Online Update Service checks that we request
  • Safeguarding, suitability and declaration of good character and conduct: checks carried out with a local authority or external agency. Information about involvement with other bodies, such as social care services.
  • Communications: those you have with us and that we generate about or to you, including interview records.

For Students (in addition to the above):

  • Student records: course registration, attendance, progression, assessments, degree awards, breaks in study, time spent studying abroad or on placement.
  • Photographs and video recordings: for the purposes of recording lectures, assessments and examinations and the production of a Student ID.
  • CCTV and Bodycam recordings: Information related to the prevention and detection of crime and the safety and security of staff and students.
  • Health and wellbeing data: information related to disabilities or health conditions where support services are requested or required. Information you have directly provided for other services the University provides, such as Student Support (for the provision of advice, support and welfare, careers) and other opportunities which are likely to be provided under specific consent.
  • Financial transactions: tuition fees, bank details, accommodation fees, and other financial transactions.
  • Library and IT usage: data relating to your usage of university services, such as library access, IT systems, and virtual learning environments.
  • Visa and immigration status: for international students who require a visa to study or undertake an apprenticeship in the UK.
  • Disciplinary and complaint records: information about disciplinary actions, academic offences, breaches of conduct or complaints raised by or against students.

Your personal data is collected and used for the following purposes:

  • Processing Applications: Assessing your suitability for your chosen course, assessing and issuing Confirmation of Acceptance for Studies (CAS) for student visa sponsorship, verifying qualifications, ensuring capability with Professional, Regulatory & Statutory Bodies (PSRB) requirements, assessing practical elements, and making admission decisions.
  • Fitness to Practise and Fitness to Study: Details of a case where a student has been or is currently subject to the fitness to practise or fitness to study procedures may be disclosed in the public interest to minimise risk to public safety or in line with any sharing agreement. This may include the disclosure of relevant information as part of references to other further or higher education providers and/or employers.
  • Enrolment and Registration: Facilitating enrolment, course registration, and academic administration.
  • Student Support Services: Providing academic, career, health, and pastoral support services, including disability accommodations.
  • Monitoring and Reporting: Monitoring academic performance, placement performance, attendance, and progression, and producing reports to regulatory bodies such as the Higher Education Statistics Agency (HESA), Office for Students (OfS), Department of Education (DfE), Higher Education Achievement Report (HEAR), Quality Assurance Agency for Higher Education (QAA), Department for Work and Pensions (DWP) and UK Visas and Immigration (UKVI).
  • Compliance with Legal Obligations: Meeting visa requirements for international students, safeguarding requirements, and fulfilling statutory obligations such as equal opportunities monitoring.
  • Financial Administration: Managing tuition fees, student loans, bursaries, and scholarships.
  • Research and Surveys: Conducting surveys and research to improve services, some of which may require anonymisation of data.
  • Disciplinary and Complaints Procedures: Managing disciplinary proceedings, fitness to study, student complaints, or appeals.
  • Security and Safety: Ensuring campus security through CCTV monitoring and access control systems, setting up self-service password reset, arranging a parking permit

We rely on the following legal grounds to process your personal data:

  • Contract: Processing is necessary for the performance of a contract (e.g., to manage your application, enrolment, and student services).
  • Legal Obligation: We may process your data to comply with legal obligations (e.g., immigration laws or equal opportunities legislation).
  • Consent: Where required, we will obtain your consent for specific uses of your data, such as marketing communications or optional surveys.
  • Legitimate Interests: Processing is necessary for the University's legitimate interests, such as managing academic services, providing support, or ensuring security, provided these interests do not override your rights and freedoms.
  • Public task: Carried out in the public interest or in the exercise of official authority vested in the controller. We may process your personal data for statistical and research purposes.
  • Vital Interests: We may use your personal information in situations where we need to protect your vital interests (or someone else’s interests). For example, the University could inform emergency services of known medical conditions of a student where they had lost consciousness.
  • Consent: may be required in some cases where other lawful bases do not apply. Where this is the case, you will be asked to provide your consent using a clear concise message and an opt in statement.

Where we process special category personal data or criminal convictions data, we are required to establish an additional legal basis for processing that data.

 

Applicants
Purpose Legal Basis

To process and manage your pre-application enquiries and your application

We will use your personal information to:

  • Give you advice on how to apply to study at University of Suffolk and communicate with you generally;
  • Tell you about the opportunities and support that are available to you, such as funding streams, induction and alternative programmes of study;
  • To provide feedback e.g. if you attend an open day;
  • Assess your application to study at University of Suffolk, including your fees status;
  • Create a student application record;
  • Form a decision about your application with a view to accepting or rejecting your application;
  • Assess your eligibility to study on your chosen course;
  • Assessing eligibility for a student visa.
  • Communicate with you about your application or with academic partners and international agents about your application; and
  • Administer our appeals and complaints process.

In some cases, the information processed will include special category personal data. For example, we may use disability information to help us make reasonable adjustments to meet your requirements during the application process e.g. at interviews.

We will also process criminal convictions data where you will be working with children or vulnerable adults, and/or because of fitness to practise requirements in certain regulated professions. For example, certain courses will require a DBS, overseas check or Online Update Service review to be carried out as part of the assessment of eligibility. You will be notified prior to the processing if this is a requirement for enrolment on the course that you have applied for.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we will enter with you if you become a student at the University of Suffolk.

For special category personal data

Equality of opportunity or treatment

We process special category personal data to monitor equality of opportunity or treatment.

Explicit consent

Where we use disability information to help us make reasonable adjustments to meet your support requirements during the application process, we will rely on your explicit consent.

For criminal convictions data

Regulatory requirements relating to unlawful acts

We may process your criminal convictions data to assist a third party to comply with a regulatory requirement.

Safeguarding of children and of individuals at risk

We may process your criminal convictions data to safeguard children or individuals at risk.

Protecting the public against dishonesty

We may process your criminal convictions data to protect the public against dishonesty, malpractice or other seriously improper conduct or unfitness.

Where we are relying on a legal basis other than those set out above in processing your criminal convictions data, we will inform you of the legal basis before we start processing your criminal convictions data based on that legal ground.

Internal and statutory reporting and other legal obligations, including monitoring equality of opportunity or treatment

We will use your personal information to:

Comply with our legal obligations; Produce statistics and research for internal and statutory reporting purposes. This may include the processing of special category personal data, e.g. information about disabilities or ethnicity.

Compliance with a legal obligation

Much of our processing of your personal data in this context will be to comply with our legal obligations, e.g.  UK equal opportunities monitoring.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

For special category personal data

Reasons of substantial public interest

Equality of opportunity or treatment

We process special category personal data for reasons of substantial public interest, including to monitor equality of opportunity or treatment.

Fees and Funding

We will use your personal information to administer the financial aspects of your relationship with us and any funders/sponsors.


We will not generally process special category personal data or criminal convictions data in this context.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we will enter into with you if you become a student at the University of Suffolk.

Marketing/publicity materials

If you attend an open day or other event at the University of Suffolk, we may take photographs or videos at that event which may include images of you. These images will generally be used for University of Suffolk's marketing/publicity materials. Please refer to the Photography and Video Privacy Statement for more information.

Consent

Where appropriate, when you are the subject of a photo or video, we will seek your consent to photograph / film you. This will be done with specific electronic consent forms.

Legitimate interests

When using your personal data for the purpose of marketing or publicity materials, we will generally rely on our legitimate interests in promoting the University of Suffolk, including our courses, our activities and our overall aims and objectives.

Research

We may use your personal information for research purposes.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in its capacity as a public authority in connection with its purposes of education or research.

For special category personal data

Reasons of substantial public interest

We process special category personal data for reasons of substantial public interest, including to monitor equality of opportunity or treatment.

Research

We may process special category data for the purposes of research.

 

Students
Purpose Legal Basis

To process and manage your University of Suffolk enrolment

We will use your personal information to:

  • Enrol you as a student, where your application is successful and you accept our offer; and
  • Communicate with you about the enrolment process.

In some cases, the information processed will include special category personal data.

We will also process criminal convictions data where you are working with children or vulnerable adults, and/or because of fitness to practise requirements in certain regulated professions. For example, certain courses will require a DBS or overseas check, processing of DBS certificates or review of the Online Update Service to be carried out as part of the assessment of eligibility. You will be notified prior to the processing if this is a requirement for enrolment on your course.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we have entered into with you as a student at the University of Suffolk

For special category personal data

Reasons of substantial public interest

Equality of opportunity or treatment

We process special category personal data to monitor equality of opportunity or treatment.

For criminal convictions data

Regulatory requirements relating to unlawful acts and dishonesty 

We may process your criminal convictions data to assist a third party to comply with a regulatory or legal requirement.

Safeguarding of children and of individuals at risk

We may process your criminal convictions data to safeguard children or individuals at risk.

Protecting the public against dishonesty

We may process your criminal convictions data to protect the public against dishonesty, malpractice or other seriously improper conduct; and unfitness or incompetence.

Where we are relying on a legal basis other than those set out above in processing your criminal convictions data, we will inform you of the legal basis before we start processing your criminal convictions data based on that legal ground.

To deliver and administer your education

We will use your personal information to:

  • Facilitate your education;
  • Record the details of your previous academic studies (including any placements with external organisations);
  • Determine your academic achievements; and
  • Communicate with you about your education.

Special category personal data and criminal convictions data may be processed in certain circumstances, where NHS healthcare placements are undertaken. This processing will generally be to ensure that you are fit to practise and to work with persons in healthcare situations.

Performance of a task in the public interest

The University will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we have entered with you as a student at the University.

For special category personal data

Management of health care systems / services

We may process your special category personal data where this is necessary for health and social care purposes (e.g. occupational health provider to assess fitness to attend placement, patient contact and vaccination requirements)

Employment and social security and social protection law

Where obligations or rights exist in the field of employment or social protection law we may rely on this condition.

Equality of opportunity or treatment and/or consent

There may be occasions when we need to process your personal data relating to health to facilitate your education, e.g. administering our extenuating circumstances procedures, or ensure the equality of opportunity or treatment.

For criminal convictions data

Management of health care systems / services

We may process your criminal convictions data where this is necessary for health and social care purposes (e.g. occupational health provider to assess fitness to attend placement, patient contact and vaccination requirements).

To manage the student experience

We will use your personal information to:

  • Manage your use of facilities and participation at events (e.g. computing, libraries, accommodation, functions, graduation, careers);
  • Support your training, health, safety and wellbeing requirements;
  • Operate security, disciplinary, complaint, and quality assurance processes and arrangements;
  • Monitor compliance by you with the University of Suffolk policies and your other contractual and legal obligations.
  • Monitor your use of our networks to protect the security and integrity of the University’s Digital and IT network and information and electronic communications systems. Please also see the Cookie Information on our website.
  • Allow your achievements to be accredited, for example by inclusion in the Higher Education Achievement Report.

We may process special category personal data, such as data relating to your health and your religious beliefs for this purpose. For example, we may use disability information to help us make reasonable adjustments to meet your health and wellbeing requirements.


Please see our Student Life Privacy Notice and Communication with Families information.

Performance of a task in the public interest

The University will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we have entered into with you as a student at the University.

Vital interests

Your personal data may be processed by the University and transferred to the emergency services where this is required to protect your, or others vital interests.

Consent

In relation to managing participation at events, where we cannot rely upon public interest or performance of a contract legal bases we will generally seek to obtain your consent to the processing of your personal data.

For special category personal data

Vital interests

Your special category personal data may be processed by the University of Suffolk 

and transferred to the emergency services where this is required to protect your vital interests.

Consent

Where we cannot rely upon protecting your vital interests, we will generally seek to obtain your consent to the processing of your special category personal data, e.g. data relating to your health, in this context.

Where we are relying on a legal basis that is not consent or your vital interests in processing your special category personal data, we will inform you of the legal basis before we start processing your special category personal data based on that legal ground.

Internal and statutory reporting and other legal obligations, including compliance with health and safety law, data protection law and monitoring equality of opportunity or treatment

We will use your personal information to:

Comply with our legal obligations.

Produce statistics and research for internal and statutory reporting purposes; and

Monitor our compliance with our responsibilities under equalities legislation.

 

This may include the processing of special category personal data, e.g. information about disabilities or ethnicity.

Compliance with a legal obligation

Much of our processing of your personal data in this context will be to comply with our legal obligations, e.g. health and safety legislation through recording details of accidents and responding to requests under Freedom of Information Act 2000 and General Data Protection Regulation (UK GDPR).

Performance of a task in the public interest

The University will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

For special category personal data

Equality of opportunity or treatment

We process special category personal data for reasons of substantial public interest, including to monitor equality of opportunity or treatment.

Employment law obligations

We may also process certain special category personal data where this is necessary so that we can meet our obligations in the field of employment law.

Fees and funding

We will use your personal information to administer the financial aspects of your relationship with us and any funders/sponsors.

We will not generally process special category personal data or criminal convictions data in this context.

Performance of a task in the public interest

The University will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Performance of contract

The processing of your personal data may be necessary in relation to the contract we have entered into with you as a student at the University.

Alumni

Following your graduation, your student record will be used by the Alumni and Relations Development (ARD) team to keep you in touch with the University and the Alumni Network. Further details about how ARD may use your information can be viewed in the separate ARD Privacy Notice.

Performance of a task in the public interest

For some of our alumni activities, the University will be processing personal data in its capacity as a public authority in connection with its purposes of education, research and innovation.

Legitimate interests

For some of our alumni activities, we rely upon our legitimate interests in communicating with our alumni as part of the extended University of Suffolk community.

Consent

In certain circumstances, where we cannot rely upon our legitimate interests or performance of a task in the public interest, we will seek to obtain your consent to the processing of your personal data for our alumni programme.

Marketing and publicity materials

While you are at the University of Suffolk, we may take photographs or videos at an event or while you are participating in student life which may include images of you. These images will generally be used for university marketing/publicity materials. Please refer to the Photography and Video Privacy Statement for more information.

Legitimate interests

When using your personal data for the purpose of marketing or publicity materials, we will generally rely on our legitimate interests in promoting the University, including our courses, our activities and our overall aims and objectives. However, if feasible, we may also seek your consent to the use of your image etc for the purposes specified. 

 

Research

We may use your personal information for research purposes.

Performance of a task in the public interest

The University of Suffolk will be processing personal data in its capacity as a public authority in connection with its purposes of education or research.

For special category personal data and criminal convictions data

Reasons of substantial public interest

We process special category personal data for reasons of substantial public interest, including to monitor equality of opportunity or treatment.

Research

We may process special category data and criminal convictions data for the purposes of research.

Within the University, access to student data is restricted to those who need it in order to carry out their role. This may include personal academic tutors, other teaching staff and professional services staff who support the delivery of university services.

We may share your personal data with the following third parties, where necessary:

  • Regulatory Bodies: Organisations such as the Office for Students (OfS), the Higher Education Statistics Agency (HESA), Office of the Independent Adjudicator (OIA), Department for Education (DfE), Ofsted, and UK Visas and Immigration (UKVI).
  • Partner Institutions: For joint programs, placements, academic partners, or exchange programs
  • Service Providers: External Information Technology (IT) services, accommodation providers, Local Authority, external Occupational Health providers to assess fitness to attend placement and for patient contact, Customer Relationship Management solutions and other service providers who help us deliver university services.
  • Financial Sponsors: Including the Student Loans Company, scholarship bodies, and funding agencies.
  • Fitness to Practise/Support to Study outcomes: This may include the disclosure of relevant information to other further or higher education providers and/or employers.
  • Law Enforcement and Safeguarding Authorities: Where necessary to comply with legal obligations or for the protection of individuals' safety and welfare.
Individual/Category of Recipient Details and/or linked documents

Professional Statutory Regulatory Bodies (PSRBs) e.g. Nursing and Midwifery Council

 Professional Statutory Regulatory Bodies (PSRBs) Register
Sponsors e.g. Local Education Authorities, The Student Loans Company Student Finance Privacy Notice
Higher Education Statistics Authority (HESA)  Higher Education Statistics Authority (HESA) Privacy Notice
The Office for Students (OfS) The Office for Student (OfS) Privacy Notice
Government Agencies e.g. Department for Work and Pensions and HM Revenue and Customs

Department for Work and Pensions Privacy Notice

HM Revenue and Customs Privacy Notice
University of Suffolk Students' Union  Students' Union Data Sharing Agreement
University of Suffolk Alumni Association  Alumni Relations and Development Team

Work Placement sites or educational partners

 For some courses students undertake a work placement, or are taught by an academic partner, and relevant student details are shared to facilitate this.
Uniform Fittings For some courses students undertake a work placement that requires a uniform. Relevant student details are provided to facilitate this. 
Potential employers or providers of education who you have approached Students naming the University/it’s employees as references can provide  these if approached. We will seek consent from students before sharing DBS details for references.

Plagiarism detection service providers

 Turnitin Privacy
Internal and External Auditors or Regulators During monitoring procedures, the University undertakes audits assessing the quality and reliability of processes and procedures. 
Debt Collection Agencies Failure to pay tuition fees may result in data being shared to data collection agencies.

Some of the data we collect may be transferred to, and stored in, countries outside the UK and the European Economic Area (EEA). When we transfer your data internationally, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent measures, to protect your data.

We retain personal data only for as long as it is necessary to fulfil the purposes for which it was collected or to comply with legal or regulatory requirements. Each School and Professional Service area of the Institution holds a Data Retention Schedule which specifies the nature of the data retained, the retention period, the reason for retention, and the action to be taken at the end of the retention period, including how the data are to be disposed of.

Generally, information you provide to us is stored on our secure servers, or on our cloud-based systems. These are located within the UK or in countries/areas which are considered to have adequate privacy and information security provisions, such as the European Economic Area (EEA). However, there are times when we will need to store information outside these locations to fulfil our purposes and where we do, we will carry out transfer risk assessments to ensure that appropriate security measures are taken to protect your privacy rights. This may mean imposing contractual obligations on the recipient of your personal information where no other relevant safeguards exist. Technical measures such as encryption will also be considered.

The University is required under data protection legislation to keep your information secure, and measures are in place to prevent unauthorised access and disclosure of your information. Only relevant members of staff who require access to your records will be authorised to do so. Systems and electronic files are subject to password restrictions and other security measures. Any paper files will be stored in secure areas with controlled access.

Some processing of your information may be undertaken on the University’s behalf by third party organisations. Organisations processing personal data on the University’s behalf are also bound by the GDPR and the University has sought assurances from these organisations to ensure they are aware of their obligations under the GDPR and resulting legislation.

We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include encryption, secure access controls, and regular monitoring of our IT systems.

Under the UK GDPR, you have the following rights regarding your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data.
  • Right to Erasure: You can request the deletion of your data where it is no longer necessary or where you have withdrawn consent. This right is not absolute and in many cases it will not apply. For example, we must retain a ‘core student record’ for every person who has studied at the University of Suffolk.
  • Right to Restrict Processing: You can ask us to restrict how we use your data in certain circumstances.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used format.
  • Right to Object: You can object to the processing of your data, including for direct marketing purposes.

If you wish to exercise any of these rights, please contact the Data Governance team on datagovernance@uos.ac.uk.

Updates to this Privacy Notice

This notice was updated in September 2025.

We may update this privacy notice from time to time in response to legal, regulatory, or operational requirements. 

Contact Us

If you have any questions about this privacy notice or how your data is processed, please contact:

Data Governance and Legal Services Team

Address: University of Suffolk, Waterfront Building, Neptune Quay, Ipswich, IP41QJ

Email: datagovernance@uos.ac.uk

Phone: 01473 338240 

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you have any concerns about your Data Protection Rights.