Degree Apprenticeships Student Applicants Privacy Notice

This privacy notice is for individuals applying to study a Degree Apprenticeship at the University of York. It sets out the ways in which the University of York gathers, uses, stores and shares your data. It also sets out how long we keep your data and what rights you have in relation to your data under the General Data Protection Regulation (GDPR).

For the purposes of this privacy notice, University of York is the Data Controller as defined in the General Data Protection Regulation. We are registered with the Information Commissioner’s Office and our entry can be found here. Our registration number is: Z4855807.   

Where do we get your data from?

The organisation collects information about you in a variety of ways. These include:

  • information collected through application forms and documents provided as part of an application;
  • information collected through any correspondence with you during the application process;
  • through initial assessment interview;
  • from information provided to us by third parties, such as the Learning Records Service and the Disclosure and Barring Service (DBS).

What data do we have?

Personal data including:

  • your name, address, date of birth and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
  • details of your current employer;
  • information about your entitlement to study in the UK, if you are required to provide it;
  • proof of identity documents.

Special category data including information about disability, health, gender identity, ethnicity and racial origin. 

Criminal conviction and offences data including information about any relevant criminal convictions.

What is our legal basis for processing your data?

The University needs to process personal data during the admissions process and keep records of that process. Processing data from applicants allows the organisation to manage the admissions process, assess and confirm an applicant's suitability for a program of study and decide to whom to offer a program of study. The organisation may also need to process data from an admissions application to respond to and defend against legal claims.

Typically, data will be processed:

  • on the grounds of contractual requirement or to take steps to enter into a contract with you e.g. to offer you a place on a program of study at the University;
  • because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter which can be found here);
  • because it is necessary for our or a third party’s legitimate interests;
  • to allow us to comply with our legal obligations;
  • to protect your or another person’s vital interests;
  • to monitor equality and diversity;
  • because you have given us your consent or, in the case of special category data, your explicit consent. 

How do we use your data?

The University may process your personal data (including special category data) for the following purposes:

  • to operate admissions recruitment and selection processes;
  • to form the basis of a student record, should you be offered a place of study at the University;
  • to enable effective communication with you as an applicant;
  • to check, where necessary, that applicants are eligible to work with children, patients and other vulnerable adults;
  • to ensure effective general recruitment and admissions administration, including the analysis of applicant numbers and trends to improve our administrative processes;
  • to compile statistical and personal returns for reporting purposes;
  • to maintain and promote equality and diversity;
  • to respond to and defend against legal claims;
  • to meet the audit requirements of funding providers.

Criminal conviction and offences data will be processed to: 

  • provide a safe and secure environment for all staff, students and visitors who access its services, grounds and facilities. Safeguarding information can be found here.

Who do we share your data with?

The University may share your data with:

How do we keep your data secure?

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information please see, https://www.york.ac.uk/it-services/security/.  

How do we transfer your data safely internationally?

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the European Economic Area. In respect of such transfers, the University will comply with our obligations under GDPR and ensure an adequate level of protection for all transferred data. 

How long will we keep your data?

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.

What rights do you have in relation to your data?

Under the General Data Protection Regulation, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, please contact Partnership Admissions - partnership-admissions@york.ac.uk. For all other requests, please see https://www.york.ac.uk/records-management/dp/individualsrights/

Questions or concerns

If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.

Right to complain

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, please see www.ico.org.uk/concerns.