Privacy notice - higher and degree apprenticeships enquirers

The organisation collects information about you in a variety of ways. These include:

• information collected through York’s online application form that has not been officially submitted;
• information collected through any correspondence (phone, email, post)  with an enquirer during the enquiry process; 
• information provided to us by third parties, such as  the Learning Records Service;
• information collected through University enquiry web forms;
• information collected through virtual online events; 
• information collected at UK external events;
• QS Enrolment Solutions (QSES)for the purposes of providing support to enquirers. This includes the QSES CRM, Acoustic and Twilio software.

Personal data including:

• your name, address, date of birth and contact details, including email address and telephone number, employer.

If you commence a Higher or Degree Apprenticeship online application form and do not officially submit it, we may also hold personal data including:

Personal data including:

• your name, address, date of birth, National Insurance number and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history, including start and end dates, with previous employers;
• information about your entitlement to study in the UK, if you are required to provide it
• proof of identity documents.

Special category data including information about disability, health, gender identity, ethnicity and racial origin. 

The University needs to process personal data during the enquiry process and keep records of that correspondence. Processing data from enquirers allows the organisation to provide information to enquirers regarding the admissions process, suitability for a program of study and to decide to whom to offer a program of study. 

Typically, data will be processed:

• on the grounds of contractual requirement or to take steps to enter into a contract with you eg to offer you a place on a program of study at the University;
• because it is necessary for the performance of a task carried out in the public interest (for information on our public task see our function as set out in our charter;
• because it is necessary for our or a third party’s legitimate interests;
• to allow us to comply with our legal obligations; 
• to protect your or another person’s vital interests;
• to monitor equality and diversity; 
• because you have given us your consent or, in the case of special category data, your explicit consent. 

The University may process your personal data for the following purposes:

• to enable effective communication with you regarding your enquiry; 
• to tell you about the University, the city and the experience of studying here and to make you aware of relevant upcoming events; 
• to respond to and defend against legal claims.

The University may share your data with:

• QS Enrolment Solutions (QSES) for the purposes of enquiry management. This includes the QSES CRM, Acoustic and Twilio software;
• third parties that process data on behalf of the University to support it in fulfilling its obligations and responsibilities to and relationship with you (e.g. software and system providers) including; Qualtrics, Formstack, Dynamics 365, ClickDimensions and Dotmailer.

The University takes information security extremely seriously and has implemented appropriate technical and organisational measures to protect personal data and special category data. Access to information is restricted on a need-to-know basis and security arrangements are regularly reviewed to ensure their continued suitability. For further information please see our IT Security webpages.

In certain circumstances, it is necessary to transfer your Personal Data (including Special Category Data) outside the UK. In respect of such transfers, the University will comply with our obligations under UK GDPR and ensure an adequate level of protection for all transferred data.

The University will retain your data in line with legal requirements or where there is a business need. Retention timeframes will be determined in line with the University’s Records Retention Schedule.

Under the UK GDPR, you have a right of access to your data, a right to rectification, erasure (in certain circumstances), restriction, objection or portability (in certain circumstances). You also have a right to withdraw consent. If you would like to exercise any of these rights, please contact Partnership Admissions - partnership-admissions@york.ac.uk. For further information see our guidance on your rights under UK GDPR.

If you have any questions about this privacy notice or concerns about how your data is being processed, please contact the University’s Data Protection Officer at dataprotection@york.ac.uk.

If you are unhappy with the way in which the University has handled your personal data, you have a right to complain to the Information Commissioner’s Office. For information on reporting a concern to the Information Commissioner’s Office, see their complaints guidance. 

We keep our privacy notice under regular review. This notice was last updated on 6th July, 2021.