Data Protection Policy
Everyone has rights with regard to the way in which their personal data are handled.
Bath Spa University is committed to a policy of protecting the rights and privacy of individuals (including students, staff and others) in accordance with Data Protection Laws. The University commits to:
- Processing personal data fairly and legally by appropriately applying the Data Protection Principles;
- Supporting and enabling the rights of individuals under Data Protection Laws;
- Keeping personal data secure by implementing appropriate technical and organisation security measures; using appropriate contracts with third party organisations who may act as data processors on the University’s behalf or as separate data controllers; holding relevant records about the personal data we process; and ensuring adequate safeguards are in place whenever personal data is transferred to a third country.
- Designing privacy into our systems and processes and conducting Data Protection Impact Assessments where necessary;
- Cooperating with and being responsive to relevant guidance from the Information Commissioner’s Office (ICO).
Our Data Protection Policy sets out a summary of the University’s responsibilities under Data Protection Laws and makes clear the specific responsibilities for data protection compliance within the University.