Your Rights

Chapter 3 of the GDPR outlines the rights of Data Subjects and the University will ensure that personal data is processed in accordance with those rights.  An individual has the right to:

  • receive certain information about the University’s processing activities in a Privacy Notice 
  • request access to their personal data that the University holds, via a subject access request
  • ask the University to erase personal data if it is no longer necessary in relation to the purposes for which it was collected or processed
  • rectify inaccurate data or to complete incomplete data
  • restrict processing in specific circumstances
  • in limited circumstances, receive or ask for their personal data to be transferred to a Third Party in a structured, commonly used and machine-readable format
  • withdraw Consent to Processing at any time
  • prevent the University’s use of their personal data for direct marketing purposes
  • to challenge processing which has been justified on the basis of the University’s legitimate interests or in the public interest
  • request a copy of an agreement under which personal data is transferred outside of the EU 
  • object to decisions based solely on automated processing, which produces legal effects or significantly affects an individual
  • prevent processing that is likely to cause damage or distress to the individual or anyone else
  • be notified of a Personal Data Breach which is likely to result in high risk to their rights and freedom
  • make a complaint to the supervisory authority.


All rights must, by and large, be responded to within one month. You can make your request by telephone or in person, as well as in writing for example by email. Please note the University cannot guarantee secure transfer over email so attaching a password protected document containing your request and ID is advised.