Everyone has rights with regard to the way in which their personal data are handled.

Bath Spa University is committed to a policy of protecting the rights and privacy of individuals (including students, staff and others) in accordance with Data Protection Laws. The University commits to:

  • Processing personal data fairly and legally by appropriately applying the Data Protection Principles;
  • Supporting and enabling the rights of individuals under Data Protection Laws;
  • Keeping personal data secure by implementing appropriate technical and organisation security measures; using appropriate contracts with third party organisations who may act as data processors on the University’s behalf or as separate data controllers; holding relevant records about the personal data we process; and ensuring adequate safeguards are in place whenever personal data is transferred to a third country.
  • Designing privacy into our systems and processes and conducting Data Protection Impact Assessments where necessary;
  • Cooperating with and being responsive to relevant guidance from the Information Commissioner’s Office (ICO).

Our Data Protection Policy sets out a summary of the University’s responsibilities under Data Protection Laws and makes clear the specific responsibilities for data protection compliance within the University.

To request your personal data, exercise your data protection rights, or make a data protection complaint, please see our Accessing information (including your personal data) page.